pub struct SlhDsa<P: Params> { /* private fields */ }Implementations§
Source§impl<P: Params> SlhDsa<P>
impl<P: Params> SlhDsa<P>
Sourcepub fn keygen(
rng: &mut dyn CryptoRng,
) -> Result<(SigningKey<P>, VerifyingKey<P>), SlhDsaError>
pub fn keygen( rng: &mut dyn CryptoRng, ) -> Result<(SigningKey<P>, VerifyingKey<P>), SlhDsaError>
Generate a new SLH-DSA key pair using the provided RNG.
Returns (secret_key, public_key) as byte vectors. The secret key is 4*n bytes
and the public key is 2*n bytes, where n = P::N.
Implements Algorithm 21 of FIPS 205.
Sourcepub fn keygen_internal(
sk_seed: &[u8],
sk_prf: &[u8],
pk_seed: &[u8],
) -> (Vec<u8>, Vec<u8>)
pub fn keygen_internal( sk_seed: &[u8], sk_prf: &[u8], pk_seed: &[u8], ) -> (Vec<u8>, Vec<u8>)
Generate a key pair deterministically from explicit seed material.
This is the internal/deterministic variant (Algorithm 18 of FIPS 205). Each of
sk_seed, sk_prf, and pk_seed must be exactly P::N bytes.
Returns (secret_key, public_key).
Sourcepub fn sign(
message: &[u8],
secret_key: &SigningKey<P>,
rng: &mut dyn CryptoRng,
) -> Result<Signature<P>, SlhDsaError>
pub fn sign( message: &[u8], secret_key: &SigningKey<P>, rng: &mut dyn CryptoRng, ) -> Result<Signature<P>, SlhDsaError>
Sign a message using randomized (hedged) signing.
Produces a signature over message using the given secret_key and fresh randomness
from rng. The randomness provides hedged signing: even if the RNG is weak, security
degrades gracefully.
Implements Algorithm 22 of FIPS 205.
Sourcepub fn sign_internal(
message: &[u8],
secret_key: &[u8],
addrnd: &[u8],
) -> Result<Vec<u8>, SlhDsaError>
pub fn sign_internal( message: &[u8], secret_key: &[u8], addrnd: &[u8], ) -> Result<Vec<u8>, SlhDsaError>
Sign a message with explicit additional randomness (internal variant).
This is Algorithm 19 of FIPS 205. The addrnd parameter is P::N bytes of
optional randomness; passing pk_seed here yields deterministic signing.
Without the sca-fors-redundancy feature this is always Ok. With it,
the T1-C FORS recompute-and-compare check can return
Err(SlhDsaError::FaultDetected).
Sourcepub fn verify(
message: &[u8],
signature: &Signature<P>,
public_key: &VerifyingKey<P>,
) -> Result<bool, SlhDsaError>
pub fn verify( message: &[u8], signature: &Signature<P>, public_key: &VerifyingKey<P>, ) -> Result<bool, SlhDsaError>
Verify a signature on a message against a public key.
Returns Ok(true) if the signature is valid, Ok(false) if the signature is
well-formed but does not verify, or an Err if the key or signature has an
invalid length.
Implements Algorithm 24 of FIPS 205.
Sourcepub fn signature_size() -> usize
pub fn signature_size() -> usize
Returns the expected signature size in bytes for this parameter set.
The signature consists of a randomizer R (n bytes), a FORS signature, and a
hypertree signature: n + k*(1+a)*n + (h + d*len)*n.
Sourcepub fn public_key_size() -> usize
pub fn public_key_size() -> usize
Returns the expected public key size in bytes (2*n).
Sourcepub fn secret_key_size() -> usize
pub fn secret_key_size() -> usize
Returns the expected secret key size in bytes (4*n).