Lib.rs

CryptographyPQC
#signature-scheme #signature #post-quantum-cryptography #post-quantum #sphincs #sphincsplus

nightly no-std pqc_sphincsplus

Sphincs+ is a post-quantum signature scheme

by Mitchell Berry

1 unstable release

0.2.0 Jun 25, 2023
0.1.0 Sep 14, 2022

#2170 in Cryptography

42 downloads per month

MIT/Apache

110KB
2.5K SLoC

SPHINCS+

Build Status Crates License

A rust implementation of the SPHINCS+ stateless hash-based signature scheme, which has been included in NIST's post-quantum cryptographic standard.

It is highly recommended to use SPHINCS+ in a hybrid system alongside a traditional signature algorithm such as RSA or Ed25519.

Usage

To compile, this library needs one from each of the below three categories (Hash, Security Level, Treehash) needs to be enabled, using more than one from each group will result in a compile error.

For example in Cargo.toml:

[dependencies]
pqc_sphincsplus = {version = "0.1.0", features = ["haraka", "f128", "simple"]}

To generate a keypair and sign some arbitrary bytes:

 let keys = keypair();
 let some_msg = [1u8; 42];
 let sig = sign(&some_msg, &keys);
 let sig_verify = verify(&sig, &some_msg, &keys);
 assert(sig_verify.is_ok());

The security levels target 128, 192 and 256 bit equivalents, corresponding to NIST levels 1,3,5 respectively. They are also separated into fast (f) and small (s) subtypes, which make the tradeoff between either quicker signing or smaller signatures sizes.

SPHINCS+ introduces a split of the signature schemes into a simple and a robust variant for each choice of hash function. The robust variant is from the original NIST PQC first round submission and comes with all the conservative security guarantees given before. The simple variants are pure random oracle instantiations. These instantiations achieve about a factor three speed-up compared to the robust counterparts. This comes at the cost of a purely heuristic security argument.

  • Hash

    • haraka
    • sha2
    • shake

  • Security Level

    • f128
    • f192
    • f256
    • s128
    • s192
    • s256

  • TreeHash

    • simple
    • robust

A comparison of the different security levels:

bit security public key bytes secret key bytes signature bytes
SPHINCS+-128s 133 32 64 7,856
SPHINCS+-128f 128 32 64 17,088
SPHINCS+-192s 193 48 96 16,224
SPHINCS+-192f 194 48 96 35,664
SPHINCS+-256s 255 64 128 29,792
SPHINCS+-256f 255 64 128 49,856

Testing

The test_matrix script will traverse all valid feature sets.

The test vectors are pre-built and located in the KAT folder. There is a bash script to generate these locally.

See the testing readme for more comprehensive info.

Contributing

For pull requests create a feature fork and submit it to the development branch. By contributing to this crate you agree for it to be dual licensed under MIT/Apache 2.0

More information is available on the contributing page

About

The official website: https://sphincs.org/

The Sphincs+ Team:

  • Jean-Philippe Aumasson
  • Daniel J. Bernstein
  • Ward Beullens
  • Christoph Dobraunig
  • Maria Eichlseder
  • Scott Fluhrer
  • Stefan-Lukas Gazdag
  • Andreas Hülsing
  • Panos Kampanakis
  • Stefan Kölbl
  • Tanja Lange
  • Martin M. Lauridsen
  • Florian Mendel
  • Ruben Niederhagen
  • Christian Rechberger
  • Joost Rijneveld
  • Peter Schwabe
  • Bas Westerbaan

Dependencies

~250–600KB