pub fn fors_sign<P: Params>(
md: &[u8],
sk_seed: &[u8],
pk_seed: &[u8],
adrs_template: &Adrs,
) -> Result<Vec<u8>, SlhDsaError>Expand description
Sign a message digest using FORS.
Implements Algorithm 16 of FIPS 205. The message digest md contains k * a bits,
which are split into k indices of a bits each. For each of the k FORS trees,
the signature includes:
- The secret leaf value at the selected index (n bytes)
- An authentication path of
asibling nodes (a * n bytes)
The total FORS signature is k * (1 + a) * n bytes.
adrs_template is read-only — a local clone is taken internally for the
scratch state mutated during signing. Returns
Err(SlhDsaError::FaultDetected) only when sca-fors-indices-check
(T1-E) is enabled and the integrity check on the FORS index vector
fails; otherwise always Ok.