xmss-KAT-generator/hash.h
David Cooper 3e28db2362 Improved key generation
In the public comments to draft version of NIST Special Publication 800-208, ETSI TC CYBER WG QSC identified a multi-target attack against the method of pseudorandom key generation used in this referrence implementation. ETSI TC CYBER WG QSC suggested using the pseudorandom key generation method from SPHINCS+, however, there is still a multi-user attack against that key generation method.

This commit revises the pseudorandom key generation method by using the method from SPINCS+, but adding SEED as an input in order to protect against multi-user attacks. Since prf() only accepts 32-byte inputs, the new key generation method uses a new PRF. The resulting key generation method is sk[i] = prf_keygen(sk_seed, pub_seed || adrs).
2020-04-30 12:43:36 -04:00

36 rivejä
1.1 KiB
C

#ifndef XMSS_HASH_H
#define XMSS_HASH_H
#include <stdint.h>
#include "params.h"
void addr_to_bytes(unsigned char *bytes, const uint32_t addr[8]);
int prf(const xmss_params *params,
unsigned char *out, const unsigned char in[32],
const unsigned char *key);
int prf_keygen(const xmss_params *params,
unsigned char *out, const unsigned char *in,
const unsigned char *key);
int h_msg(const xmss_params *params,
unsigned char *out,
const unsigned char *in, unsigned long long inlen,
const unsigned char *key, const unsigned int keylen);
int thash_h(const xmss_params *params,
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8]);
int thash_f(const xmss_params *params,
unsigned char *out, const unsigned char *in,
const unsigned char *pub_seed, uint32_t addr[8]);
int hash_message(const xmss_params *params, unsigned char *out,
const unsigned char *R, const unsigned char *root,
unsigned long long idx,
unsigned char *m_with_prefix, unsigned long long mlen);
#endif