mldsa

package module
v0.0.0-...-0cc960e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 12, 2025 License: BSD-3-Clause Imports: 7 Imported by: 0

README

This repo is in its infancy

But, the implementation should be complete as per NIST.

It's possible there are a few timing vulnerabilities, and I've only just learned these ML-DSA concepts.

I may have done some silly things to try and prevent optimization without understanding the go compiler when I can likely use a flag or something.

Makefile

Roundtrip happy/sad and KAT (Known Answer Tests)

make test

Using NEON instructions

make test-neon

Performance benchmarks

make benchmarks

Formatting

make format

Future improvements

  • Stop using Sha256 to provide entropy, use Sha3-256 or Blake3 or something approved and better (chose SHA3-512, I dunno I don't think it's necessary to use 512 but meh)
  • Use hardware for NTT math
    • NEON (arm) update: partial implementation sees negative performance gain, but maybe I'm just doing it wrong. if you want to try building it, just build with -tags=neon. not planning on investing more time here.
    • AVX (x86)
  • Audit for side channel attacks
    • I've done a bit of this now, I added some else clauses and tried to make everything constant time but there are a couple TODOs remaining that require some thought
  • Zero sensitive data containers

Documentation

Index

Constants

View Source 
const SEEDLENGTH = 32

Variables

View Source 
var (
	ML_DSA_44_Parameters = ParameterSet{
		Q:      8380417,
		Zeta:   1753,
		D:      13,
		Tau:    39,
		Lambda: 128,
		Gamma1: 131072,
		Gamma2: 95232,
		K:      4,
		L:      4,
		Eta:    2,
		Beta:   78,
		Omega:  80,
	}

	ML_DSA_65_Parameters = ParameterSet{
		Q:      8380417,
		Zeta:   1753,
		D:      13,
		Tau:    49,
		Lambda: 192,
		Gamma1: 524288,
		Gamma2: 261888,
		K:      6,
		L:      5,
		Eta:    4,
		Beta:   196,
		Omega:  55,
	}

	ML_DSA_87_Parameters = ParameterSet{
		Q:      8380417,
		Zeta:   1753,
		D:      13,
		Tau:    60,
		Lambda: 256,
		Gamma1: 524288,
		Gamma2: 261888,
		K:      8,
		L:      7,
		Eta:    2,
		Beta:   120,
		Omega:  75,
	}
)

Functions

This section is empty.

Types

type DRBG 

type DRBG struct {
	V []byte
	C []byte
	// contains filtered or unexported fields
}

func (*DRBG) Generate 

func (drbg *DRBG) Generate(numberOfBits int32) ([]byte, error)

func (*DRBG) Init 

func (drbg *DRBG) Init(entropy []byte, personalizationString []byte)

func (*DRBG) Reseed 

func (drbg *DRBG) Reseed(entropy []byte)

type MLDSA 

type MLDSA struct {
	// contains filtered or unexported fields
}

func Init 

func Init(parameters ParameterSet) *MLDSA

func (*MLDSA) KeyGen 

func (dsa *MLDSA) KeyGen() (public []byte, private []byte, err error)

func (*MLDSA) KeyGenWithSeed 

func (dsa *MLDSA) KeyGenWithSeed(rnd []byte) (public []byte, private []byte, err error)

func (*MLDSA) Sign 

func (dsa *MLDSA) Sign(sk, message, ctx []byte) ([]byte, error)

hedged signing

func (*MLDSA) SignDeterministically 

func (dsa *MLDSA) SignDeterministically(sk, message, ctx []byte) ([]byte, error)

deterministic signing

func (*MLDSA) Verify 

func (dsa *MLDSA) Verify(pk, message, signature, ctx []byte) (bool, error)

type ParameterSet 

type ParameterSet struct {
	Q      int32 // modulus
	Zeta   int32 // a 512th root of unity in Zq
	D      int32 // # of dropped bits from t
	Tau    int32 // # of +/-1s in polynomial c
	Lambda int32 // collision strength of c~
	Gamma1 int32 // coefficient range of y
	Gamma2 int32 // low order rounding range
	K      int32 // rows in A
	L      int32 // columns in A
	Eta    int32 // private key range
	Beta   int32 // Tau * Eta
	Omega  int32 // max # of 1s in the hint h
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.