Crate slh_dsa

Source
Expand description

§RustCrypto: SLH-DSA

crate Docs Build Status Apache2/MIT licensed MSRV Project Chat

Pure Rust implementation of the SLH-DSA (aka SPHINCS+) signature scheme.

Implemented based on the FIPS-205 Standard.

§⚠️ Security Warning

The implementation contained in this crate has never been independently audited!

USE AT YOUR OWN RISK!

§Minimum Supported Rust Version

This crate requires Rust 1.75 at a minimum.

We may change the MSRV in the future, but it will be accompanied by a minor version bump.

§License

All crates licensed under either of

at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

§Usage

This crate implements the Stateless Hash-based Digital Signature Algorithm (SLH-DSA) based on the finalized standard by NIST in FIPS-205. SLH-DSA (based on the SPHINCS+ submission) is a signature algorithm designed to be resistant to quantum computers.

While the API exposed by SLH-DSA is the same as conventional signature schemes, it is important to note that the signatures produced by the algorithm are much larger than classical schemes like EdDSA, ranging from over 7KB for the smallest parameter set to nearly 50KB at the largest

This crate currently allocates signatures and intermediate values on the stack, which may cause problems for environments with limited stack space.

use slh_dsa::*;
use signature::*;

let mut rng = rand::thread_rng();

// Generate a signing key using the SHAKE128f parameter set
let sk = SigningKey::<Shake128f>::new(&mut rng);

// Generate the corresponding public key
let vk = sk.verifying_key();

// Serialize the verifying key and distribute
let vk_bytes = vk.to_bytes();

// Sign a message
let message = b"Hello world";
let sig = sk.sign_with_rng(&mut rng, message); // .sign() can be used for deterministic signatures

// Deserialize a verifying key
let vk_deserialized = vk_bytes.try_into().unwrap();
assert_eq!(vk, vk_deserialized);

assert!(vk_deserialized.verify(message, &sig).is_ok())

Re-exports§

pub use signature;

Structs§

Sha2L1
Implementation of the component hash functions using SHA2 at Security Category 1
Sha2L35
Implementation of the component hash functions using SHA2 at Security Category 3 and 5
Shake
Implementation of the component hash functions using SHAKE256
Signature
A parsed SLH-DSA signature for a given parameter set
SigningKey
A SigningKey allows signing messages with a fixed parameter set
VerifyingKey
A VerifyingKey is an SLH-DSA public key, allowing verification of signatures created with the corresponding SigningKey

Traits§

ParameterSet
Specific parameters for each of the 12 FIPS parameter sets
SignatureLen
A trait specifying the length of a serialized signature for a given parameter set
SigningKeyLen
A trait specifying the length of a serialized signing key for a given parameter set
VerifyingKeyLen
A trait specifying the length of a serialized verifying key for a given parameter set

Type Aliases§

Sha2_128f
SHA2 at L1 security with fast signatures
Sha2_128s
SHA2 at L1 security with small signatures
Sha2_192f
SHA2 at L3 security with fast signatures
Sha2_192s
SHA2 at L3 security with small signatures
Sha2_256f
SHA2 at L5 security with fast signatures
Sha2_256s
SHA2 at L5 security with small signatures
Shake128f
SHAKE256 at L1 security with fast signatures
Shake128s
SHAKE256 at L1 security with small signatures
Shake192f
SHAKE256 at L3 security with fast signatures
Shake192s
SHAKE256 at L3 security with small signatures
Shake256f
SHAKE256 at L5 security with fast signatures
Shake256s
SHAKE256 at L5 security with small signatures