Skip to content

Commit

Permalink
Add SST impl
Browse files Browse the repository at this point in the history
  • Loading branch information
aewag committed Sep 11, 2024
1 parent 568655d commit 2ad918d
Show file tree
Hide file tree
Showing 22 changed files with 1,265 additions and 94 deletions.
35 changes: 35 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,41 @@ HBS_LMS_MAX_HASH_OPTIMIZATIONS=1000 HBS_LMS_THREADS=2 cargo run --release --exam
cargo run --release --example lms-demo -- verify mykey message.txt
```

The SST extension can be used as follows:

```
# Key generation: prepare
# Generates intermediate node, generates or reads the tree identifier (init_tree_ident 1/0), and uses "mykey" as filename base.
# One dedicated signing entity has to create the common L-0 tree identifier (--init_tree_ident=1) before other signing entities
# can generate their subtrees.
#
# The following example uses two HSS levels, first with tree height = 10 / Winternitz = 8, second with 5 / 2.
# First, a signing entity (here: 1 of 8) creates the tree identifier
cargo run --release --example sst-demo -- prepare_keygen mykey 10/8,5/2 --ssts=1/8 --auxsize=2048 \
--seed=c912a74bc8c5fc1b2a73b96e6ce1eb2317dc9aa49806b30e --init_tree_ident
# The signing instance index is 3 of total 8, and this signing entity will use the tree identifier and use another secret seed.
# This will use "mykey.5.prv" and "mykey.5.aux" for private key and aux data, and "mykey_treeident.bin" to write the tree identifier
seq 2 8 | xargs -i{} cargo run --release --example sst-demo -- prepare_keygen mykey 10/8,5/2 --ssts={}/8 --auxsize=2048 \
--seed=1eb2317dc9aa49806b30e578436d0f659b1f5c912a74bc8c
# Key generation: finalize
# After all signing entities have created their intermediate node values, the public key can be generated.
# This will use mykey.5.pub to write the public key for signing entity index 5.
cargo run --release --example sst-demo -- finalize_keygen mykey 5
# Signing
# Generates `message.txt.sig` using mykey.5.prv
cargo run --release --example sst-demo -- sign mykey 5 message.txt
# Verification
# Verifies `message.txt` with `message.txt.sig` against `mykey.5.pub`
cargo run --release --example sst-demo -- verify mykey.5 message.txt
# Verification can as well performed with lms-demo
# Verifies `message.txt` with `message.txt.sig` against `mykey.5.pub`
cargo run --release --example lms-demo -- verify mykey.5 message.txt
```

## Naming conventions wrt to the IETF RFC
The naming in the RFC is done by using a single character.
To allow for a better understanding of the implementation, we have decided to use more descriptive designations.
Expand Down
8 changes: 4 additions & 4 deletions benches/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ mod tests {
b.iter(|| {
let mut signing_key = signing_key.clone();
signing_key
.try_sign_with_aux(&MESSAGE, Some(aux_slice))
.try_sign_with_aux(&MESSAGE, Some(aux_slice), None)
.unwrap()
});
}
Expand All @@ -153,7 +153,7 @@ mod tests {
b.iter(|| {
let mut signing_key = signing_key.clone();
signing_key
.try_sign_with_aux(&MESSAGE, Some(aux_slice))
.try_sign_with_aux(&MESSAGE, Some(aux_slice), None)
.unwrap()
});
}
Expand All @@ -171,7 +171,7 @@ mod tests {
b.iter(|| {
let mut signing_key = signing_key.clone();
signing_key
.try_sign_with_aux(&MESSAGE, Some(aux_slice))
.try_sign_with_aux(&MESSAGE, Some(aux_slice), None)
.unwrap()
});
}
Expand Down Expand Up @@ -203,7 +203,7 @@ mod tests {
b.iter(|| {
let mut signing_key = signing_key.clone();
signing_key
.try_sign_with_aux(&MESSAGE, Some(aux_slice))
.try_sign_with_aux(&MESSAGE, Some(aux_slice), None)
.unwrap()
});
}
Expand Down
6 changes: 4 additions & 2 deletions examples/lms-demo.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ impl DemoError {
}
}

type Hasher = Sha256_256;
type Hasher = Sha256_192;

struct GenKeyParameter {
parameter: Vec<HssParameter<Hasher>>,
Expand Down Expand Up @@ -95,7 +95,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
if let Some(args) = matches.subcommand_matches(VERIFY_COMMAND) {
let result = verify(args);
if result {
println!("Successful!");
println!("Verification successful!");
exit(0);
} else {
println!("Wrong signature");
Expand Down Expand Up @@ -146,13 +146,15 @@ fn sign(args: &ArgMatches) -> Result<(), std::io::Error> {
&private_key_data,
&mut private_key_update_function,
Some(aux_slice),
None,
)
} else {
hbs_lms::sign::<Hasher>(
&message_data,
&private_key_data,
&mut private_key_update_function,
None,
None,
)
};

Expand Down
Loading

0 comments on commit 2ad918d

Please sign in to comment.