瀏覽代碼

Allow more flexible parameter selection

This also reduces some duplication between XMSS and XMSSMT
master
Joost Rijneveld 6 年之前
父節點
當前提交
75a42a86a6
沒有發現已知的金鑰在資料庫的簽署中 GPG 金鑰 ID: A4FE39CF49CBC553
共有 5 個檔案被更改,包括 84 行新增67 行删除
  1. +54
    -25
      params.c
  2. +11
    -0
      params.h
  3. +1
    -11
      xmss_core.c
  4. +3
    -8
      xmss_core.h
  5. +15
    -23
      xmss_core_fast.c

+ 54
- 25
params.c 查看文件

@@ -225,26 +225,14 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid)
default:
return -1;
}

params->d = 1;
params->tree_height = params->full_height / params->d;
params->wots_w = 16;
params->wots_log_w = 4;
params->wots_len1 = 8 * params->n / params->wots_log_w;
/* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */
params->wots_len2 = 3;
params->wots_len = params->wots_len1 + params->wots_len2;
params->wots_sig_bytes = params->wots_len * params->n;
params->index_bytes = 4;
params->sig_bytes = (params->index_bytes + params->n
+ params->d * params->wots_sig_bytes
+ params->full_height * params->n);

// TODO figure out sensible and legal values for this based on the above
params->bds_k = 0;

params->pk_bytes = 2 * params->n;
params->sk_bytes = xmss_core_sk_bytes(params);
return 0;
return xmss_xmssmt_initialize_params(params);
}

int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
@@ -444,24 +432,65 @@ int xmssmt_parse_oid(xmss_params *params, const uint32_t oid)
return -1;
}

params->tree_height = params->full_height / params->d;
params->wots_w = 16;
params->wots_log_w = 4;
params->wots_len1 = 8 * params->n / params->wots_log_w;
/* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */
params->wots_len2 = 3;

// TODO figure out sensible and legal values for this based on the above
params->bds_k = 0;

return xmss_xmssmt_initialize_params(params);
}

/**
* Given a params struct where the following properties have been initialized;
* - full_height; the height of the complete (hyper)tree
* - n; the number of bytes of hash function output
* - d; the number of layers (d > 1 implies XMSSMT)
* - func; one of {XMSS_SHA2, XMSS_SHAKE}
* - wots_w; the Winternitz parameter
* - optionally, bds_k; the BDS traversal trade-off parameter,
* this function initializes the remainder of the params structure.
*/
int xmss_xmssmt_initialize_params(xmss_params *params)
{
params->tree_height = params->full_height / params->d;
if (params->wots_w == 4) {
params->wots_log_w = 2;
params->wots_len1 = 8 * params->n / params->wots_log_w;
/* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */
params->wots_len2 = 5;
}
else if (params->wots_w == 16) {
params->wots_log_w = 4;
params->wots_len1 = 8 * params->n / params->wots_log_w;
/* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */
params->wots_len2 = 3;
}
else if (params->wots_w == 256) {
params->wots_log_w = 8;
params->wots_len1 = 8 * params->n / params->wots_log_w;
/* len_2 = floor(log(len_1 * (w - 1)) / log(w)) + 1 */
params->wots_len2 = 2;
}
else {
return -1;
}
params->wots_len = params->wots_len1 + params->wots_len2;
params->wots_sig_bytes = params->wots_len * params->n;
/* Round index_bytes up to nearest byte. */
params->index_bytes = (params->full_height + 7) / 8;

if (params->d == 1) { // Assume this is XMSS, not XMSS^MT
/* In XMSS, always use fixed 4 bytes for index_bytes */
params->index_bytes = 4;
}
else {
/* In XMSS^MT, round index_bytes up to nearest byte. */
params->index_bytes = (params->full_height + 7) / 8;
}
params->sig_bytes = (params->index_bytes + params->n
+ params->d * params->wots_sig_bytes
+ params->full_height * params->n);

// TODO figure out sensible and legal values for this based on the above
params->bds_k = 0;

params->pk_bytes = 2 * params->n;
params->sk_bytes = xmssmt_core_sk_bytes(params);
params->sk_bytes = xmss_xmssmt_core_sk_bytes(params);

return 0;
}

+ 11
- 0
params.h 查看文件

@@ -56,4 +56,15 @@ int xmss_parse_oid(xmss_params *params, const uint32_t oid);
*/
int xmssmt_parse_oid(xmss_params *params, const uint32_t oid);


/* Given a params struct where the following properties have been initialized;
- full_height; the height of the complete (hyper)tree
- n; the number of bytes of hash function output
- d; the number of layers (d > 1 implies XMSSMT)
- func; one of {XMSS_SHA2, XMSS_SHAKE}
- wots_w; the Winternitz parameter
- optionally, bds_k; the BDS traversal trade-off parameter,
this function initializes the remainder of the params structure. */
int xmss_xmssmt_initialize_params(xmss_params *params);

#endif

+ 1
- 11
xmss_core.c 查看文件

@@ -90,7 +90,7 @@ static void treehash(const xmss_params *params,
* This is implementation specific, as varying choices in tree traversal will
* result in varying requirements for state storage.
*/
unsigned long long xmss_core_sk_bytes(const xmss_params *params)
unsigned long long xmss_xmssmt_core_sk_bytes(const xmss_params *params)
{
return params->index_bytes + 4 * params->n;
}
@@ -125,16 +125,6 @@ int xmss_core_sign(const xmss_params *params,
return xmssmt_core_sign(params, sk, sm, smlen, m, mlen);
}

/**
* Given a set of parameters, this function returns the size of the secret key.
* This is implementation specific, as varying choices in tree traversal will
* result in varying requirements for state storage.
*/
unsigned long long xmssmt_core_sk_bytes(const xmss_params *params)
{
return params->index_bytes + 4 * params->n;
}

/*
* Generates a XMSSMT key pair for a given parameter set.
* Format sk: [(ceil(h/8) bit) index || SK_SEED || SK_PRF || PUB_SEED || root]


+ 3
- 8
xmss_core.h 查看文件

@@ -7,8 +7,10 @@
* Given a set of parameters, this function returns the size of the secret key.
* This is implementation specific, as varying choices in tree traversal will
* result in varying requirements for state storage.
*
* This function handles both XMSS and XMSSMT parameter sets.
*/
unsigned long long xmss_core_sk_bytes(const xmss_params *params);
unsigned long long xmss_xmssmt_core_sk_bytes(const xmss_params *params);

/*
* Generates a XMSS key pair for a given parameter set.
@@ -36,13 +38,6 @@ int xmss_core_sign_open(const xmss_params *params,
const unsigned char *sm, unsigned long long smlen,
const unsigned char *pk);

/**
* Given a set of parameters, this function returns the size of the secret key.
* This is implementation specific, as varying choices in tree traversal will
* result in varying requirements for state storage.
*/
unsigned long long xmssmt_core_sk_bytes(const xmss_params *params);

/*
* Generates a XMSSMT key pair for a given parameter set.
* Format sk: [(ceil(h/8) bit) index || SK_SEED || SK_PRF || PUB_SEED || root]


+ 15
- 23
xmss_core_fast.c 查看文件

@@ -511,10 +511,23 @@ static void bds_round(const xmss_params *params,
* Given a set of parameters, this function returns the size of the secret key.
* This is implementation specific, as varying choices in tree traversal will
* result in varying requirements for state storage.
*
* This function handles both XMSS and XMSSMT parameter sets.
*/
unsigned long long xmss_core_sk_bytes(const xmss_params *params)
unsigned long long xmss_xmssmt_core_sk_bytes(const xmss_params *params)
{
return xmssmt_core_sk_bytes(params);
return params->index_bytes + 4 * params->n
+ (2 * params->d - 1) * (
(params->tree_height + 1) * params->n
+ 4
+ params->tree_height + 1
+ params->tree_height * params->n
+ (params->tree_height >> 1) * params->n
+ (params->tree_height - params->bds_k) * (7 + params->n)
+ ((1 << params->bds_k) - params->bds_k - 1) * params->n
+ 4
)
+ (params->d - 1) * params->wots_sig_bytes;
}

/*
@@ -683,27 +696,6 @@ int xmss_core_sign(const xmss_params *params,
return 0;
}

/**
* Given a set of parameters, this function returns the size of the secret key.
* This is implementation specific, as varying choices in tree traversal will
* result in varying requirements for state storage.
*/
unsigned long long xmssmt_core_sk_bytes(const xmss_params *params)
{
return params->index_bytes + 4 * params->n
+ (2 * params->d - 1) * (
(params->tree_height + 1) * params->n
+ 4
+ params->tree_height + 1
+ params->tree_height * params->n
+ (params->tree_height >> 1) * params->n
+ (params->tree_height - params->bds_k) * (7 + params->n)
+ ((1 << params->bds_k) - params->bds_k - 1) * params->n
+ 4
)
+ (params->d - 1) * params->wots_sig_bytes;
}

/*
* Generates a XMSSMT key pair for a given parameter set.
* Format sk: [(ceil(h/8) bit) idx || SK_SEED || SK_PRF || PUB_SEED || root]


Loading…
取消
儲存