2019-04-16 14:15:03 +01:00
|
|
|
#ifndef SPX_FORS_H
|
|
|
|
#define SPX_FORS_H
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
|
|
|
#include "params.h"
|
2019-06-21 13:34:36 +01:00
|
|
|
#include "primitive.h"
|
2019-04-16 14:15:03 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Signs a message m, deriving the secret key from sk_seed and the FTS address.
|
|
|
|
* Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits.
|
|
|
|
*/
|
|
|
|
void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_fors_sign(
|
|
|
|
unsigned char *sig, unsigned char *pk,
|
|
|
|
const unsigned char *m,
|
|
|
|
const unsigned char *sk_seed, const unsigned char *pub_seed,
|
2019-06-21 13:34:36 +01:00
|
|
|
const uint32_t fors_addr[8], hash_state *state_seeded);
|
2019-04-16 14:15:03 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Derives the FORS public key from a signature.
|
|
|
|
* This can be used for verification by comparing to a known public key, or to
|
|
|
|
* subsequently verify a signature on the derived public key. The latter is the
|
|
|
|
* typical use-case when used as an FTS below an OTS in a hypertree.
|
|
|
|
* Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits.
|
|
|
|
*/
|
|
|
|
void PQCLEAN_SPHINCSSHA256256FROBUST_CLEAN_fors_pk_from_sig(
|
|
|
|
unsigned char *pk,
|
|
|
|
const unsigned char *sig, const unsigned char *m,
|
2019-06-21 13:34:36 +01:00
|
|
|
const unsigned char *pub_seed, const uint32_t fors_addr[8],
|
|
|
|
hash_state *state_seeded);
|
2019-04-16 14:15:03 +01:00
|
|
|
|
|
|
|
#endif
|