cloudflare · bwesterb · Feb 15, 2024 · Feb 28, 2024 · Aug 20, 2024
diff --git a/README.md b/README.md
@@ -82,7 +82,7 @@ Alternatively, look at the [Cloudflare Go](https://github.com/cloudflare/go/tree
 |:---:|
 
  - [CSIDH](./dh/csidh): Post-Quantum Commutative Group Action ([CSIDH](https://csidh.isogeny.org/)).
- - [ML-KEM](./kem/mlkem): modes 512, 768, 1024 ([ML-KEM](https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.203.pdf)).
+ - [ML-KEM](./kem/mlkem): modes 512, 768, 1024 ([FIPS 203](https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.203.pdf)).
  - [Kyber KEM](./kem/kyber): modes 512, 768, 1024 ([KYBER](https://pq-crystals.org/kyber/)).
  - [FrodoKEM](./kem/frodo): modes 640-SHAKE. ([FrodoKEM](https://frodokem.org/))
  - (**insecure, deprecated**) ~~[SIDH/SIKE](./kem/sike)~~: Supersingular Key Encapsulation with primes p434, p503, p751 ([SIKE](https://sike.org/)).
@@ -91,6 +91,7 @@ Alternatively, look at the [Cloudflare Go](https://github.com/cloudflare/go/tree
 |:---:|
 
  - [Dilithium](./sign/dilithium): modes 2, 3, 5 ([Dilithium](https://pq-crystals.org/dilithium/)).
+ - [ML-DSA](./sign/mldsa): modes 44, 65, 87 ([FIPS 204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf)).
 
 ### Zero-knowledge Proofs
 

diff --git a/sign/dilithium/dilithium.go b/sign/dilithium/dilithium.go
@@ -25,87 +25,3 @@
 // Dilithium3 with Ed448.  These packages are a drop in replacements for the
 // mode subpackages of this package.
 package dilithium
-
-import (
-	"crypto"
-	"io"
-)
-
-// PublicKey is a Dilithium public key.
-//
-// The structure contains values precomputed during unpacking/key generation
-// and is therefore significantly larger than a packed public key.
-type PublicKey interface {
-	// Packs public key
-	Bytes() []byte
-}
-
-// PrivateKey is a Dilithium private key.
-//
-// The structure contains values precomputed during unpacking/key generation
-// and is therefore significantly larger than a packed private key.
-type PrivateKey interface {
-	// Packs private key
-	Bytes() []byte
-
-	crypto.Signer
-}
-
-// Mode is a certain configuration of the Dilithium signature scheme.
-type Mode interface {
-	// GenerateKey generates a public/private key pair using entropy from rand.
-	// If rand is nil, crypto/rand.Reader will be used.
-	GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
-
-	// NewKeyFromSeed derives a public/private key pair using the given seed.
-	// Panics if len(seed) != SeedSize()
-	NewKeyFromSeed(seed []byte) (PublicKey, PrivateKey)
-
-	// Sign signs the given message and returns the signature.
-	// It will panic if sk has not been generated for this mode.
-	Sign(sk PrivateKey, msg []byte) []byte
-
-	// Verify checks whether the given signature by pk on msg is valid.
-	// It will panic if pk is of the wrong mode.
-	Verify(pk PublicKey, msg []byte, signature []byte) bool
-
-	// Unpacks a public key.  Panics if the buffer is not of PublicKeySize()
-	// length.  Precomputes values to speed up subsequent calls to Verify.
-	PublicKeyFromBytes([]byte) PublicKey
-
-	// Unpacks a private key.  Panics if the buffer is not
-	// of PrivateKeySize() length.  Precomputes values to speed up subsequent
-	// calls to Sign(To).
-	PrivateKeyFromBytes([]byte) PrivateKey
-
-	// SeedSize returns the size of the seed for NewKeyFromSeed
-	SeedSize() int
-
-	// PublicKeySize returns the size of a packed PublicKey
-	PublicKeySize() int
-
-	// PrivateKeySize returns the size  of a packed PrivateKey
-	PrivateKeySize() int
-
-	// SignatureSize returns the size  of a signature
-	SignatureSize() int
-
-	// Name returns the name of this mode
-	Name() string
-}
-
-var modes = make(map[string]Mode)
-
-// ModeNames returns the list of supported modes.
-func ModeNames() []string {
-	names := []string{}
-	for name := range modes {
-		names = append(names, name)
-	}
-	return names
-}
-
-// ModeByName returns the mode with the given name or nil when not supported.
-func ModeByName(name string) Mode {
-	return modes[name]
-}
diff --git a/sign/dilithium/dilithium_test.go b/sign/dilithium/dilithium_test.go
@@ -4,6 +4,8 @@ import (
 	"encoding/hex"
 	"testing"
 
+	"github.com/cloudflare/circl/sign/schemes"
+
 	"github.com/cloudflare/circl/internal/sha3"
 )
 
@@ -34,29 +36,26 @@ func TestNewKeyFromSeed(t *testing.T) {
 			"Dilithium5", "3956d812a7961af6e5dad16af15c736c",
 			"665388291aa01e12e7f94bdc7769db18",
 		},
-		{
-			"Dilithium2-AES", "8466a752b0a09e63e42f66d3174a6471",
-			"c3f8e705a0d8dfd489b98b205670f393",
-		},
-		{
-			"Dilithium3-AES", "2bb713ba7cb15f3ebf05c4c1fbb1b03c",
-			"eb2bd8d98630835a3b18594ac436368b",
-		},
-		{
-			"Dilithium5-AES", "a613a08b564ee8717ba4f5ccfddc2693",
-			"2f541bf6fedd12854d06a6b80090932a",
-		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
-			mode := ModeByName(tc.name)
+			mode := schemes.ByName(tc.name)
 			if mode == nil {
 				t.Fatal()
 			}
 			var seed [32]byte
-			pk, sk := mode.NewKeyFromSeed(seed[:])
+			pk, sk := mode.DeriveKey(seed[:])
+
+			ppk, err := pk.MarshalBinary()
+			if err != nil {
+				t.Fatal(err)
+			}
+			psk, err := sk.MarshalBinary()
+			if err != nil {
+				t.Fatal(err)
+			}
 
-			pkh := hexHash(pk.Bytes())
-			skh := hexHash(sk.Bytes())
+			pkh := hexHash(ppk)
+			skh := hexHash(psk)
 			if pkh != tc.epk {
 				t.Fatalf("%s expected pk %s, got %s", tc.name, tc.epk, pkh)
 			}

diff --git a/sign/dilithium/example_test.go b/sign/dilithium/example_test.go