info.txt |
|
432 |
slh_dsa.h |
|
928 |
sp_address.h |
Representation of a SLH-DSA hash function address as specified in
FIPS 205, Section 4.2
|
5607 |
sp_fors.cpp |
|
7149 |
sp_fors.h |
@brief FIPS 205, Algorithm 16: fors_sign (with simultaneous FORS pk generation)
Implements a domain specific wrapper for the few-times signature scheme
FORS (Forest of Random Subsets). It is meant to be used inside SLH-DSA
and does not aim to be applicable for other use cases.
|
2146 |
sp_hash.cpp |
|
3582 |
sp_hash.h |
A collection of pseudorandom hash functions required for SLH-DSA
computations. See FIPS 205, Section 11.2.1 and 11.2.2.
|
4270 |
sp_hypertree.cpp |
|
4858 |
sp_hypertree.h |
@brief FIPS 205, Algorithm 12: ht_sign
Creates a SLH-DSA XMSS hypertree signature of @p message_to_sign. The signature is written
into the buffer defined by @p out_sig. @p tree_index_in_layer and @p idx_leaf define which
XMSS tree of the hypertree and which leaf of this XMSS tree is used for signing.
|
1978 |
sp_parameters.cpp |
|
16414 |
sp_parameters.h |
Container for all SLH-DSA parameters defined by a specific instance (see
FIPS 205, Table 2). Also contains getters for various
parameters that are derived from the given parameters.
|
7342 |
sp_treehash.cpp |
Traverse the tree from the left-most leaf, matching siblings and up until
the root (Post-order traversal). Collect the adjacent nodes (A) to build
the authentication path (X) along the way.
7R
/ \
3X 6A
/ \ / \
1X 2A 4 5
|
5683 |
sp_treehash.h |
leaf out parameter |
2544 |
sp_types.h |
The following gives an overview about the different building blocks of
SLH-DSA and how they are connected. In general, we always consider sequences of bytes
that are interpreted in the following manner (flattening the || operation, i.e.,
mapping the byte sequence of a strong type onto the underlying byte sequence of the containing strong type).
Only FORS indices are not seen as byte sequences.
SLH-DSA secret key is built up like the following:
[SphincsSecretSeed || SphincsSecretPRF || SphincsPublicSeed || SphincsTreeNode] (the last chunk is the root node of SLH-DSA' topmost XMSS tree)
SLH-DSA public key is built up like the following:
[SphincsPublicSeed || SphincsTreeNode] (the last chunk is the root node of SLH-DSA's topmost XMSS tree)]
SLH-DSA signature is built up like the following:
[SphincsMessageRandomness (n bytes) || ForsSignature (k(a+1)*n = fors_signature_bytes bytes) || SphincsHypertreeSignature]. SphincsHypertreeSignature contains a total of
d SphincsXMSSSignatures, with (h+d*len)*n = xmss_signature_bytes bytes each.
ForsSignature is built up like the following:
[<Leaf Secret of FORS Subtree 1>(n bytes) || SphincsAuthenticationPath (Subtree 1, a*n bytes) || ... || <Leaf Secret of FORS Subtree k>(n bytes) || SphincsAuthenticationPath (Subtree k, a*n bytes)]
We define no special type for the leaf secret. The leaf secret is the secret PRF output that is hashed to create a FORS subtree's leaf.
SphincsXmssSignature is built up like the following:
[WotsSignature || SphincsAuthenticationPath]
WotsSignature is built up like the following:
[WotsNode || ... || WotsNode] contains len WotsNodes, each of length n bytes.
|
5190 |
sp_wots.cpp |
@brief FIPS 205, Algorithm 5: chain
Computes a WOTS+ hash chain for @p steps steps beginning with value
@p wots_chain_key at index @p start.
|
7117 |
sp_wots.h |
@brief FIPS 205, Algorithm 6 and 7: wots_pkGen and wots_sign
Implements a domain specific wrapper for the one-time signature scheme WOTS+
(Winternitz OTS). It is meant to be used inside SLH-DSA and does not aim to
be applicable for other use cases. If this function is not used in a signing
operation (i.e. @p sign_leaf_idx is not set), @p wots_steps may be empty.
|
2800 |
sp_xmss.cpp |
|
3330 |
sp_xmss.h |
@brief FIPS 205, Algorithm 10: xmss_sign
This generates a Merkle signature of @p message (i.e. a FORS public key
(bottom layer) or an XMSS root node). The Merkle authentication path logic
is mostly hidden in treehash_spec. The WOTS signature followed by the Merkle
authentication path are stored in @p out_sig.
Set @p idx_leaf to `std::nullopt` if no signature is
desired.
@returns the XMSS public key (i.e. the root of the XMSS merkle tree)
|
1972 |
sphincsplus.cpp |
|
19571 |
sphincsplus.h |
@brief An SLH-DSA (or SPHINCS+ Round 3.1) public key.
For more information see the documentation of SphincsPlus_PrivateKey.
|
4932 |
sphincsplus_sha2_base |
|
|
sphincsplus_shake_base |
|
|