Expand description
SLH-DSA: Stateless Hash-Based Digital Signature Standard (FIPS 205).
This crate provides a pure-Rust implementation of SLH-DSA (formerly known as SPHINCS+), a post-quantum digital signature scheme standardized in FIPS 205. SLH-DSA is purely hash-based: its security relies only on the properties of cryptographic hash functions, with no algebraic structure (lattices, codes, etc.) that could be exploited by quantum or classical algorithms beyond generic attacks.
§Architecture
SLH-DSA is built from a hierarchy of hash-based primitives:
- WOTS+ – A one-time signature scheme that signs a single n-byte message using
hash chains (see
wots). - XMSS – An eXtended Merkle Signature Scheme that authenticates 2^h’ WOTS+ keys
via a binary Merkle tree, producing a few-time signature (see
xmss). - Hypertree – A tree of XMSS trees stacked in
dlayers, giving a many-time signature scheme with a total tree height ofh = d * h'(seehypertree). - FORS – A Forest of Random Subsets, a few-time signature used to sign the
message digest before passing it to the hypertree (see
fors). - SLH-DSA – The top-level scheme that combines FORS + Hypertree to produce a
stateless, many-time signature (see
slh).
§Supported parameter sets
This crate implements all six SHAKE-based parameter sets defined in FIPS 205 Section 11:
The “s” variants produce smaller signatures; the “f” variants are faster to sign and verify.
§Examples
use quantica::slh_dsa::{SlhDsa, Shake128f, OsRng};
// Generate a key pair
let mut rng = OsRng;
let (secret_key, public_key) = SlhDsa::<Shake128f>::keygen(&mut rng).unwrap();
// Sign a message
let message = b"hello, post-quantum world!";
let signature = SlhDsa::<Shake128f>::sign(message, &secret_key, &mut rng).unwrap();
// Verify the signature
let valid = SlhDsa::<Shake128f>::verify(message, &signature, &public_key).unwrap();
assert!(valid);Re-exports§
pub use params::Params;pub use params::Shake128f;pub use params::Shake128s;pub use params::Shake192f;pub use params::Shake192s;pub use params::Shake256f;pub use params::Shake256s;pub use rng::CryptoRng;pub use rng::OsRng;
Modules§
- address
- Address structure used to domain-separate hash calls throughout SLH-DSA. ADRS (Address) structure for SLH-DSA (FIPS 205, Section 4.2).
- fors
- FORS: Forest of Random Subsets few-time signature scheme. FORS: Forest of Random Subsets (FIPS 205, Algorithms 14-17).
- hash
- SHAKE-based tweakable hash function wrappers (H_msg, PRF, PRF_msg, T_l, H, F). SHAKE-based tweakable hash function wrappers for SLH-DSA (FIPS 205, Section 11.1).
- hypertree
- Hypertree: a d-layer tree of XMSS trees for many-time signing. Hypertree: a multi-layer tree-of-XMSS-trees structure (FIPS 205, Algorithms 12-13).
- params
- SLH-DSA parameter set definitions and the
Paramstrait. SLH-DSA parameter sets (FIPS 205, Section 11). - rng
- Minimal cryptographic RNG trait and OS-backed implementation. Minimal cryptographic RNG trait and OS-backed implementation.
- sha3
Keccak-f[1600]based SHAKE256 implementation (FIPS 202). SHA-3 / SHAKE high-level wrappers used by SLH-DSA (FIPS 205).- slh
- Top-level SLH-DSA key generation, signing, and verification algorithms. Top-level SLH-DSA algorithms (FIPS 205, Algorithms 18-22, 24).
- wots
- WOTS+ one-time signature scheme based on hash chains. WOTS+ one-time signature scheme (FIPS 205, Algorithms 1, 4-8).
- xmss
- XMSS: eXtended Merkle Signature Scheme combining WOTS+ with a Merkle tree. XMSS: eXtended Merkle Signature Scheme (FIPS 205, Algorithms 9-11).
Structs§
- Signature
- SLH-DSA signature. Type-tagged with
P. - Signing
Key - SLH-DSA signing key (secret key,
4 * P::Nbytes). - SlhDsa
- Verifying
Key - SLH-DSA verifying key (public key,
2 * P::Nbytes).
Enums§
- SlhDsa
Error - Errors that can occur in SLH-DSA operations.