您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
Andreas f56dc0e8a7 Ensure that sign deletes key after 2^h signatures and returns -2 3 年前
test Ensure that sign deletes key after 2^h signatures and returns -2 3 年前
ui Fix OID parsing 6 年前
.gitignore Clean up tests 7 年前
.travis.yml Add TravisCI configuration 7 年前
LICENSE Simplify licensing using LICENSE file 7 年前
Makefile Ensure that sign deletes key after 2^h signatures and returns -2 3 年前
README.md Add note on deploying reference code 5 年前
fips202.c Clean up includes 7 年前
fips202.h Perform various reformatting / renaming 7 年前
hash.c Fix prefix space for hash_message wrt padding_len 4 年前
hash.h Improved key generation 4 年前
hash_address.c Make addr type switching not zero out remainder 7 年前
hash_address.h Rename parameters for readability and consistency 7 年前
params.c Add NIST Special Publication 800-208 parameter sets 4 年前
params.h Add NIST Special Publication 800-208 parameter sets 4 年前
randombytes.c Refactor for more consistent style and readability 7 年前
randombytes.h Perform various reformatting / renaming 7 年前
utils.c Move ull-byte-conversions to separate utils file 7 年前
utils.h Move ull-byte-conversions to separate utils file 7 年前
wots.c Improved key generation 4 年前
wots.h Fix typo in WOTS comments: n-byte messages, not m 7 年前
xmss.c Store OID in bigendian notation in pk and sk 6 年前
xmss.h Perform various reformatting / renaming 7 年前
xmss_commons.c Fix prefix space for hash_message wrt padding_len 4 年前
xmss_commons.h Improved key generation 4 年前
xmss_core.c Ensure that sign deletes key after 2^h signatures and returns -2 3 年前
xmss_core.h Unify keypair and seed_keypair 4 年前
xmss_core_fast.c Ensure that sign deletes key after 2^h signatures and returns -2 3 年前

README.md

XMSS reference code Build Status

This repository contains the reference implementation that accompanies RFC 8391: “XMSS: eXtended Merkle Signature Scheme”.

This reference implementation supports all parameter sets as defined in the RFC at run-time (specified by prefixing the public and private keys with a 32-bit oid). Implementations that want to use compile-time parameter sets can remove the struct xmss_params function parameter, and globally replace the use of its attributes by compile-time constants.

Please note that this reference implementation is intended for cross-validation and experimenting. Deploying cryptographic code in practice requires careful consideration of the specific deployment scenario and relevant threat model. This holds perhaps doubly so for stateful signature schemes such as XMSS.

When using the current code base, please be careful, expect changes and watch this document for further documentation. In particular, xmss_core_fast.c is long due for a serious clean-up. While this will not change its public API or output, it may affect the storage format of the BDS state (i.e. part of the secret key).

Dependencies

For the SHA-2 hash functions (i.e. SHA-256 and SHA-512), we rely on OpenSSL. Make sure to install the OpenSSL development headers. On Debian-based systems, this is achieved by installing the OpenSSL development package libssl-dev.

License

This reference implementation was written by Andreas Hülsing and Joost Rijneveld. All included code is available under the CC0 1.0 Universal Public Domain Dedication.