3e28db2362
In the public comments to draft version of NIST Special Publication 800-208, ETSI TC CYBER WG QSC identified a multi-target attack against the method of pseudorandom key generation used in this referrence implementation. ETSI TC CYBER WG QSC suggested using the pseudorandom key generation method from SPHINCS+, however, there is still a multi-user attack against that key generation method. This commit revises the pseudorandom key generation method by using the method from SPINCS+, but adding SEED as an input in order to protect against multi-user attacks. Since prf() only accepts 32-byte inputs, the new key generation method uses a new PRF. The resulting key generation method is sk[i] = prf_keygen(sk_seed, pub_seed || adrs).
36 righe
1.1 KiB
C
36 righe
1.1 KiB
C
#ifndef XMSS_HASH_H
|
|
#define XMSS_HASH_H
|
|
|
|
#include <stdint.h>
|
|
#include "params.h"
|
|
|
|
void addr_to_bytes(unsigned char *bytes, const uint32_t addr[8]);
|
|
|
|
int prf(const xmss_params *params,
|
|
unsigned char *out, const unsigned char in[32],
|
|
const unsigned char *key);
|
|
|
|
int prf_keygen(const xmss_params *params,
|
|
unsigned char *out, const unsigned char *in,
|
|
const unsigned char *key);
|
|
|
|
int h_msg(const xmss_params *params,
|
|
unsigned char *out,
|
|
const unsigned char *in, unsigned long long inlen,
|
|
const unsigned char *key, const unsigned int keylen);
|
|
|
|
int thash_h(const xmss_params *params,
|
|
unsigned char *out, const unsigned char *in,
|
|
const unsigned char *pub_seed, uint32_t addr[8]);
|
|
|
|
int thash_f(const xmss_params *params,
|
|
unsigned char *out, const unsigned char *in,
|
|
const unsigned char *pub_seed, uint32_t addr[8]);
|
|
|
|
int hash_message(const xmss_params *params, unsigned char *out,
|
|
const unsigned char *R, const unsigned char *root,
|
|
unsigned long long idx,
|
|
unsigned char *m_with_prefix, unsigned long long mlen);
|
|
|
|
#endif
|