Skip to content

Commit

Permalink
Merge pull request #609 from cryspen/jonas/mldsa-keygen-domain-separa…
Browse files Browse the repository at this point in the history 
…tion

[ML-DSA] Add domain separation for key generation
  • Loading branch information
@jschneider-bensch
jschneider-bensch authored Oct 1, 2024
2 parents fd43045 + 960df59 commit 8f4efd8
Show file tree
Hide file tree
Showing 9 changed files with 2,115 additions and 2,109 deletions.
5 changes: 4 additions & 1 deletion libcrux-ml-dsa/src/ml_dsa_generic.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,10 @@ pub(crate) fn generate_key_pair<
) -> ([u8; SIGNING_KEY_SIZE], [u8; VERIFICATION_KEY_SIZE]) {
// 128 = SEED_FOR_A_SIZE + SEED_FOR_ERROR_VECTORS_SIZE + SEED_FOR_SIGNING_SIZE
let mut seed_expanded = [0; 128];
Shake256::shake256::<128>(&randomness, &mut seed_expanded);
let mut shake = Shake256Absorb::new();
shake.absorb(&randomness);
let mut shake = shake.absorb_final(&[ROWS_IN_A as u8, COLUMNS_IN_A as u8]);
shake.squeeze(&mut seed_expanded);

let (seed_for_a, seed_expanded) = seed_expanded.split_at(SEED_FOR_A_SIZE);
let (seed_for_error_vectors, seed_for_signing) =
Expand Down
16 changes: 8 additions & 8 deletions libcrux-ml-dsa/tests/kats/dilithium.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -433,12 +433,12 @@ def _unpack_sig(self, sig_bytes):
return c_tilde, z, h

def keygen(self):
# Random seed
# Random seed (with domain separation)
zeta = self.random_bytes(32)
domain_separated_zeta = zeta + self.k.to_bytes(1, "little") + self.l.to_bytes(1, "little")
self.keygen_seed = zeta

# Expand with an XOF (SHAKE256)
seed_bytes = self._h(zeta, 128)
seed_bytes = self._h(domain_separated_zeta, 128)

# Split bytes into suitable chunks
rho, rho_prime, K = seed_bytes[:32], seed_bytes[32:96], seed_bytes[96:]
Expand Down Expand Up @@ -466,13 +466,13 @@ def sign_pre_hashed_shake128(self, sk_bytes, m, ctx=b"", rnd=None):
shake128_oid = b'\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x0B'
m_hashed = Shake128.digest(m, 256)
m_prime = b'\x01' + len(ctx).to_bytes(1, "little") + ctx + shake128_oid + m_hashed

return self.sign_internal(sk_bytes, m_prime, rnd)

def sign(self, sk_bytes, m, ctx=b"", rnd=None):
m_prime = b'\x00' + len(ctx).to_bytes(1, "little") + ctx + m
return self.sign_internal(sk_bytes, m_prime, rnd)

def sign_internal(self, sk_bytes, m, rnd):
# unpack the secret key
rho, K, tr, s1, s2, t0 = self._unpack_sk(sk_bytes)
Expand Down Expand Up @@ -542,11 +542,11 @@ def verify_pre_hashed(self, pk_bytes, m, sig_bytes, ctx=b""):
m_prime = b'\x01' + len(ctx).to_bytes(1, "little") + ctx + shake128_oid + m_hashed

return self.verify_internal(sk_bytes, m_prime, rnd)

def verify(self, pk_bytes, m, sig_bytes, ctx=b""):
m_prime = b'\x00' + len(ctx).to_bytes(1, "little") + ctx + m
return self.verify_internal(sk_bytes, m_prime, rnd)

def verify_internal(self, pk_bytes, m, sig_bytes):
rho, t1 = self._unpack_pk(pk_bytes)
c_tilde, z, h = self._unpack_sig(sig_bytes)
Expand Down
3 changes: 3 additions & 0 deletions libcrux-ml-dsa/tests/kats/generate_kats.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ def generate_nistkats(algorithm):
).hex(),
}
)
with open("nistkats-{}{}.json".format(algorithm.k, algorithm.l), "w") as f:
json.dump(kats_formatted, f, ensure_ascii=False, indent=4)


for i in range(100):
seed = rng.random_bytes(48)
Expand Down
800 changes: 400 additions & 400 deletions libcrux-ml-dsa/tests/kats/nistkats-44.json
View file

Large diffs are not rendered by default.

800 changes: 400 additions & 400 deletions libcrux-ml-dsa/tests/kats/nistkats-65.json
View file

Large diffs are not rendered by default.

800 changes: 400 additions & 400 deletions libcrux-ml-dsa/tests/kats/nistkats-87.json
View file

Large diffs are not rendered by default.

600 changes: 300 additions & 300 deletions libcrux-ml-dsa/tests/kats/nistkats_pre_hashed-44.json
View file

Large diffs are not rendered by default.

600 changes: 300 additions & 300 deletions libcrux-ml-dsa/tests/kats/nistkats_pre_hashed-65.json
View file

Large diffs are not rendered by default.

600 changes: 300 additions & 300 deletions libcrux-ml-dsa/tests/kats/nistkats_pre_hashed-87.json
View file

Large diffs are not rendered by default.

0 comments on commit 8f4efd8

Please sign in to comment.