sign: Adding SLH-DSA signature #512
Conversation
|
there is a timeout happening on the ARM build because tests are running in parallel, but it doesn't seems to be related to a failure in the code. |
| } | ||
|
|
||
| // See FIPS 205 -- Section 6.1 -- Algorithm 9 -- Iterative version. | ||
| func (s *statePriv) xmssNodeIter( |
There was a problem hiding this comment.
Similar thing. I had trouble following along with this algorithm, since it differs so much from the paper. Also why is i a parameter at all if it's not a recursive algorithm?
There was a problem hiding this comment.
Internally, the index of each node is used as part of the hash parameters. So, i denotes the first index of a sub-tree.
sign/slhdsa/internal.go
Outdated
| defer s.Clear() | ||
|
|
||
| s.forsSign(sig.forsSig, md, addr) | ||
| pkFors := s.forsPkFromSig(md, sig.forsSig, addr) |
There was a problem hiding this comment.
Would it be possible to compute pkFors as a side effect of forsSign? Can save a few hashes if so. Similarly might be able to do this in the htSign function
There was a problem hiding this comment.
I've tried to coalesce these functions, but didn't found any savings on the number of hashes.
armfazh
force-pushed
the
adding_slhdsa
branch
3 times, most recently
from
12020e3
to
32046e4
Compare
Passes Test vectors from ACVP for internal functions.
armfazh
force-pushed
the
adding_slhdsa
branch
from
32046e4
to
c74a2d3
Compare
This implementation supports the twelve parameter sets approved at FIPS 205
Test vectors match the ones at ACVP-Server version 1.1.0.35. These test vectors only target the internal functions.
Pure and Prehash-based signatures are supported, but no known test vectors are available.
The last commit adds the twelve instances to the generic signing
Schemeinterface.Implementation makes a good effort to avoid heap allocations that usually add a significant overhead.