3e28db2362
In the public comments to draft version of NIST Special Publication 800-208, ETSI TC CYBER WG QSC identified a multi-target attack against the method of pseudorandom key generation used in this referrence implementation. ETSI TC CYBER WG QSC suggested using the pseudorandom key generation method from SPHINCS+, however, there is still a multi-user attack against that key generation method. This commit revises the pseudorandom key generation method by using the method from SPINCS+, but adding SEED as an input in order to protect against multi-user attacks. Since prf() only accepts 32-byte inputs, the new key generation method uses a new PRF. The resulting key generation method is sk[i] = prf_keygen(sk_seed, pub_seed || adrs).
34 lines
1.3 KiB
C
34 lines
1.3 KiB
C
#ifndef XMSS_COMMONS_H
|
|
#define XMSS_COMMONS_H
|
|
|
|
#include <stdint.h>
|
|
#include "params.h"
|
|
|
|
/**
|
|
* Computes the leaf at a given address. First generates the WOTS key pair,
|
|
* then computes leaf using l_tree. As this happens position independent, we
|
|
* only require that addr encodes the right ltree-address.
|
|
*/
|
|
void gen_leaf_wots(const xmss_params *params, unsigned char *leaf,
|
|
const unsigned char *sk_seed, const unsigned char *pub_seed,
|
|
uint32_t ltree_addr[8], uint32_t ots_addr[8]);
|
|
|
|
/**
|
|
* Verifies a given message signature pair under a given public key.
|
|
* Note that this assumes a pk without an OID, i.e. [root || PUB_SEED]
|
|
*/
|
|
int xmss_core_sign_open(const xmss_params *params,
|
|
unsigned char *m, unsigned long long *mlen,
|
|
const unsigned char *sm, unsigned long long smlen,
|
|
const unsigned char *pk);
|
|
|
|
/**
|
|
* Verifies a given message signature pair under a given public key.
|
|
* Note that this assumes a pk without an OID, i.e. [root || PUB_SEED]
|
|
*/
|
|
int xmssmt_core_sign_open(const xmss_params *params,
|
|
unsigned char *m, unsigned long long *mlen,
|
|
const unsigned char *sm, unsigned long long smlen,
|
|
const unsigned char *pk);
|
|
#endif
|