Crate slh_dsa

source ·
Expand description

§RustCrypto: SLH-DSA

crate Docs Build Status Apache2/MIT licensed MSRV Project Chat

Pure Rust implementation of the SLH-DSA (aka SPHINCS+) signature scheme.

Implemented based on the FIPS-205 Inital Public Draft.

§⚠️ Security Warning

The implementation contained in this crate has never been independently audited!

USE AT YOUR OWN RISK!

§Minimum Supported Rust Version

This crate requires Rust 1.75 at a minimum.

We may change the MSRV in the future, but it will be accompanied by a minor version bump.

§License

All crates licensed under either of

at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

§Usage

This crate implements the Stateless Hash-based Digital Signature Algorithm (SLH-DSA) based on the draft standard by NIST in FIPS-205. SLH-DSA (based on the SPHINCS+ submission) is a signature algorithm designed to be resistant to quantum computers.

While the API exposed by SLH-DSA is the same as conventional signature schemes, it is important to note that the signatures produced by the algorithm are much larger than classical schemes like EdDSA, ranging from over 7KB for the smallest parameter set to nearly 50KB at the largest

This crate currently allocates signatures and intermediate values on the stack, which may cause problems for environments with limited stack space.

use slh_dsa::*;
use signature::*;

let mut rng = rand::thread_rng();

// Generate a signing key using the SHAKE128f parameter set
let sk = SigningKey::<Shake128f>::new(&mut rng);

// Generate the corresponding public key
let vk = sk.verifying_key();

// Serialize the verifying key and distribute
let vk_bytes = vk.to_bytes();

// Sign a message
let message = b"Hello world";
let sig = sk.sign_with_rng(&mut rng, message); // .sign() can be used for deterministic signatures

// Deserialize a verifying key
let vk_deserialized = vk_bytes.try_into().unwrap();
assert_eq!(vk, vk_deserialized);

assert!(vk_deserialized.verify(message, &sig).is_ok())

Re-exports§

Structs§

  • Sha2L1
    Implementation of the component hash functions using SHA2 at Security Category 1
  • Sha2L35
    Implementation of the component hash functions using SHA2 at Security Category 3 and 5
  • Shake
    Implementation of the component hash functions using SHAKE256
  • Signature
    A parsed SLH-DSA signature for a given parameter set
  • SigningKey
    A SigningKey allows signing messages with a fixed parameter set
  • VerifyingKey
    A VerifyingKey is an SLH-DSA public key, allowing verification of signatures created with the corresponding SigningKey

Traits§

  • ParameterSet
    Specific parameters for each of the 12 FIPS parameter sets
  • SignatureLen
    A trait specifying the length of a serialized signature for a given parameter set
  • SigningKeyLen
    A trait specifying the length of a serialized signing key for a given parameter set
  • VerifyingKeyLen
    A trait specifying the length of a serialized verifying key for a given parameter set

Type Aliases§

  • Sha2_128f
    SHA2 at L1 security with fast signatures
  • Sha2_128s
    SHA2 at L1 security with small signatures
  • Sha2_192f
    SHA2 at L3 security with fast signatures
  • Sha2_192s
    SHA2 at L3 security with small signatures
  • Sha2_256f
    SHA2 at L5 security with fast signatures
  • Sha2_256s
    SHA2 at L5 security with small signatures
  • Shake128f
    SHAKE256 at L1 security with fast signatures
  • Shake128s
    SHAKE256 at L1 security with small signatures
  • Shake192f
    SHAKE256 at L3 security with fast signatures
  • Shake192s
    SHAKE256 at L3 security with small signatures
  • Shake256f
    SHAKE256 at L5 security with fast signatures
  • Shake256s
    SHAKE256 at L5 security with small signatures