Name Description Size
info.txt 432
slh_dsa.h 928
sp_address.h Representation of a SLH-DSA hash function address as specified in FIPS 205, Section 4.2 5607
sp_fors.cpp 7149
sp_fors.h @brief FIPS 205, Algorithm 16: fors_sign (with simultaneous FORS pk generation) Implements a domain specific wrapper for the few-times signature scheme FORS (Forest of Random Subsets). It is meant to be used inside SLH-DSA and does not aim to be applicable for other use cases. 2146
sp_hash.cpp 3582
sp_hash.h A collection of pseudorandom hash functions required for SLH-DSA computations. See FIPS 205, Section 11.2.1 and 11.2.2. 4270
sp_hypertree.cpp 4858
sp_hypertree.h @brief FIPS 205, Algorithm 12: ht_sign Creates a SLH-DSA XMSS hypertree signature of @p message_to_sign. The signature is written into the buffer defined by @p out_sig. @p tree_index_in_layer and @p idx_leaf define which XMSS tree of the hypertree and which leaf of this XMSS tree is used for signing. 1978
sp_parameters.cpp 16414
sp_parameters.h Container for all SLH-DSA parameters defined by a specific instance (see FIPS 205, Table 2). Also contains getters for various parameters that are derived from the given parameters. 7342
sp_treehash.cpp Traverse the tree from the left-most leaf, matching siblings and up until the root (Post-order traversal). Collect the adjacent nodes (A) to build the authentication path (X) along the way. 7R / \ 3X 6A / \ / \ 1X 2A 4 5 5683
sp_treehash.h leaf out parameter 2544
sp_types.h The following gives an overview about the different building blocks of SLH-DSA and how they are connected. In general, we always consider sequences of bytes that are interpreted in the following manner (flattening the || operation, i.e., mapping the byte sequence of a strong type onto the underlying byte sequence of the containing strong type). Only FORS indices are not seen as byte sequences. SLH-DSA secret key is built up like the following: [SphincsSecretSeed || SphincsSecretPRF || SphincsPublicSeed || SphincsTreeNode] (the last chunk is the root node of SLH-DSA' topmost XMSS tree) SLH-DSA public key is built up like the following: [SphincsPublicSeed || SphincsTreeNode] (the last chunk is the root node of SLH-DSA's topmost XMSS tree)] SLH-DSA signature is built up like the following: [SphincsMessageRandomness (n bytes) || ForsSignature (k(a+1)*n = fors_signature_bytes bytes) || SphincsHypertreeSignature]. SphincsHypertreeSignature contains a total of d SphincsXMSSSignatures, with (h+d*len)*n = xmss_signature_bytes bytes each. ForsSignature is built up like the following: [<Leaf Secret of FORS Subtree 1>(n bytes) || SphincsAuthenticationPath (Subtree 1, a*n bytes) || ... || <Leaf Secret of FORS Subtree k>(n bytes) || SphincsAuthenticationPath (Subtree k, a*n bytes)] We define no special type for the leaf secret. The leaf secret is the secret PRF output that is hashed to create a FORS subtree's leaf. SphincsXmssSignature is built up like the following: [WotsSignature || SphincsAuthenticationPath] WotsSignature is built up like the following: [WotsNode || ... || WotsNode] contains len WotsNodes, each of length n bytes. 5190
sp_wots.cpp @brief FIPS 205, Algorithm 5: chain Computes a WOTS+ hash chain for @p steps steps beginning with value @p wots_chain_key at index @p start. 7117
sp_wots.h @brief FIPS 205, Algorithm 6 and 7: wots_pkGen and wots_sign Implements a domain specific wrapper for the one-time signature scheme WOTS+ (Winternitz OTS). It is meant to be used inside SLH-DSA and does not aim to be applicable for other use cases. If this function is not used in a signing operation (i.e. @p sign_leaf_idx is not set), @p wots_steps may be empty. 2800
sp_xmss.cpp 3330
sp_xmss.h @brief FIPS 205, Algorithm 10: xmss_sign This generates a Merkle signature of @p message (i.e. a FORS public key (bottom layer) or an XMSS root node). The Merkle authentication path logic is mostly hidden in treehash_spec. The WOTS signature followed by the Merkle authentication path are stored in @p out_sig. Set @p idx_leaf to `std::nullopt` if no signature is desired. @returns the XMSS public key (i.e. the root of the XMSS merkle tree) 1972
sphincsplus.cpp 19571
sphincsplus.h @brief An SLH-DSA (or SPHINCS+ Round 3.1) public key. For more information see the documentation of SphincsPlus_PrivateKey. 4932
sphincsplus_sha2_base
sphincsplus_shake_base