#signature #post-quantum #sphincsplus #sphincs #sphincs

nightly pqc_sphincsplus

Sphincs+ is a post-quantum signature scheme

1 unstable release

Uses new Rust 2021

0.1.0 Sep 14, 2022

#756 in Cryptography

22 downloads per month

MIT/Apache

105KB
2.5K SLoC

SPHINCS+

Build Status Crates License

A rust implementation of the SPHINCS+ stateless hash-based signature scheme, which has been included in NIST's post-quantum cryptographic standard.

It is highly recommended to use SPHINCS+ in a hybrid system alongside a traditional signature algorithm such as RSA or ed25519.


Usage

To compile this library needs one from each of the following categories to be enabled, using more than one from each group will result in a compile error.

For example in Cargo.toml:

[dependencies]
pqc_sphincsplus = {version = "0.1.0", features = ["haraka", "f128", "simple"]}

To generate a keypair and sign a msg:

 let keys = keypair();
 let msg = [0u8; 32];
 let sig = sign(&msg, &keys);
 let sig_verify = verify(&sig, &msg, &keys);
 assert(sig_verify.is_ok());

The security levels target 128, 192 and 256 bit equivalents, corresponding to NIST levels 1,3,5 respectively. They are also separated into fast (f) and small (s) subtypes, which make the tradeoff between either quicker signing or smaller signatures sizes.

SPHINCS+ introduces a split of the signature schemes into a simple and a robust variant for each choice of hash function. The robust variant is from the original NIST PQC first round submission and comes with all the conservative security guarantees given before. The simple variants are pure random oracle instantiations. These instantiations achieve about a factor three speed-up compared to the robust counterparts. This comes at the cost of a purely heuristic security argument.

  • Hash

    • haraka
    • sha2
    • shake
  • Security Level

    • f128
    • f192
    • f256
    • s128
    • s192
    • s256
  • TreeHash

    • simple
    • robust

A comparison of the different security levels is below.

n h d log(t) k w bit security pk bytes sk bytes sig bytes
SPHINCS+-128s 16 63 7 12 14 16 133 32 64 7,856
SPHINCS+-128f 16 66 22 6 33 16 128 32 64 17,088
SPHINCS+-192s 24 63 7 14 17 16 193 48 96 16,224
SPHINCS+-192f 24 66 22 8 33 16 194 48 96 35,664
SPHINCS+-256s 32 64 8 14 22 16 255 64 128 29,792
SPHINCS+-256f 32 68 17 9 35 16 255 64 128 49,856

Testing

The run_all_tests script will traverse all valid feature sets by running a matrix of the security levels and variants.

The test vectors are pre-built and located in the KAT folder. There is a bash script to generate these locally.

See the testing readme for more comprehensive info.


Contributing

For pull requests create a feature fork and submit it to the development branch. By contributing to this crate you agree for it to be dual licensed under MIT/Apache 2.0

More information is available on the contributing page


About

The official website: https://sphincs.org/

The Sphincs+ Team:

  • Jean-Philippe Aumasson
  • Daniel J. Bernstein
  • Ward Beullens
  • Christoph Dobraunig
  • Maria Eichlseder
  • Scott Fluhrer
  • Stefan-Lukas Gazdag
  • Andreas Hülsing
  • Panos Kampanakis
  • Stefan Kölbl
  • Tanja Lange
  • Martin M. Lauridsen
  • Florian Mendel
  • Ruben Niederhagen
  • Christian Rechberger
  • Joost Rijneveld
  • Peter Schwabe
  • Bas Westerbaan

Dependencies

~315–620KB