1
0
Gráfico de commits

20 Commits

Autor SHA1 Mensagem Data
David Cooper
3e28db2362 Improved key generation
In the public comments to draft version of NIST Special Publication 800-208, ETSI TC CYBER WG QSC identified a multi-target attack against the method of pseudorandom key generation used in this referrence implementation. ETSI TC CYBER WG QSC suggested using the pseudorandom key generation method from SPHINCS+, however, there is still a multi-user attack against that key generation method.

This commit revises the pseudorandom key generation method by using the method from SPINCS+, but adding SEED as an input in order to protect against multi-user attacks. Since prf() only accepts 32-byte inputs, the new key generation method uses a new PRF. The resulting key generation method is sk[i] = prf_keygen(sk_seed, pub_seed || adrs).
2020-04-30 12:43:36 -04:00
Joost Rijneveld
758a6349fc
Do not expose l_tree function
It's not used outside xmss_commons
2017-12-06 15:13:07 +01:00
Joost Rijneveld
fe252b8093
Move ull-byte-conversions to separate utils file 2017-11-01 14:59:33 +01:00
Joost Rijneveld
384b228c58
Support messages that exceed the stack size
Previous code allocated an array on the stack of mlen bytes, but
it should be possible to also sign heap-space messages. By relying
on the fact that sm and m fit the message + signature, we move
the message so that 4*n bytes of prefix can be added.
2017-10-31 17:21:27 +01:00
Joost Rijneveld
ae49c04807
Clean up signing functions
As a result, performs various refactors that also impact the verification
function, since cleaner signing functions exposed more overlap.
2017-10-24 16:23:51 +02:00
Joost Rijneveld
270e6cd753
Reorder ull_to_bytes parameters to group output 2017-10-23 16:19:16 +02:00
Joost Rijneveld
305bd614bb
Perform various reformatting / renaming 2017-10-23 14:10:39 +02:00
Joost Rijneveld
f3bad4a272
Simplify licensing using LICENSE file 2017-10-19 17:38:34 +02:00
Joost Rijneveld
dce1a1acda
Clean up includes 2017-10-19 17:38:26 +02:00
Joost Rijneveld
6a8571d880
Revert to using runtime-only parameter struct
Using global defines for parameters (as seems to be typical in
academic crypto code) does not play nice with multithreading at all.
2017-10-16 12:09:07 +02:00
Joost Rijneveld
9d5884e120
Refactor for more consistent style and readability 2017-08-03 17:39:37 +02:00
Joost Rijneveld
65ee8202d8
Refactor to prepare for runtime parameters 2017-08-01 16:18:09 +02:00
Joost Rijneveld
5122ac6f73
Reduce code duplication
A large number of functions was repeated in xmss_fast; these are now
shared between the two implementations via the xmss_commons file.
Notably, we ensure compatability by sharing the verification functions.
2017-06-02 14:46:30 +02:00
Andreas
9f512fa8dc v06 2016-09-22 16:31:41 +02:00
Andreas
2c290d39be upgraded to draft-06 2016-07-11 11:15:16 +02:00
Andreas
c37b9dcfca SWITCH from v01 to v03
Versions are incompatible due to different address formats and differing message compression!
2016-02-16 16:31:18 +01:00
Andreas
622a9513b1 local changes 2016-02-10 15:57:16 +01:00
Joost Rijneveld
71da95c8b4 Change 'uint' to standard 'unsigned int' 2015-08-12 15:30:01 +02:00
Andreas
d80a463e53 added copyright notes for publishing. Removed unused file. 2015-08-11 12:23:30 +02:00
Andreas
1826fb26ff Initial commit 2015-08-11 12:08:27 +02:00