Expand description
FORS: Forest of Random Subsets few-time signature scheme. FORS: Forest of Random Subsets (FIPS 205, Algorithms 14-17).
FORS is a few-time signature scheme that signs the message digest by selecting one
leaf from each of k independent binary trees of height a. Each tree has 2^a
leaves; the message digest is split into k indices of a bits each, and the
signature reveals the secret leaf value plus an authentication path for each tree.
In the SLH-DSA hierarchy, FORS sits between the message hash and the hypertree:
the FORS public key (a compression of the k tree roots) becomes the message
that the hypertree signs. This two-level structure is what makes SLH-DSA stateless
– FORS absorbs the message entropy, and the hypertree provides many-time security.
Functions§
- fors_
node - Compute the root of a FORS subtree of height
zat leaf indexi. - fors_
pk_ from_ sig - Compute a FORS public key from a FORS signature — constant-time.
- fors_
sign - Sign a message digest using FORS.
- fors_
sign_ into - Streaming variant of
fors_sign— writes theK * (1 + A) * Nbyte FORS signature directly into the start ofout(which must be at least that size). - fors_
sign_ into_ redundant - Recompute-and-compare FORS signing — T1-C redundancy against single-fault grafting-tree forgery.