@noble/post-quantum 0.1.0 â 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +154 -179
- package/_crystals.d.ts +0 -1
- package/_crystals.d.ts.map +1 -1
- package/_crystals.js +1 -31
- package/_crystals.js.map +1 -1
- package/esm/_crystals.d.ts +33 -0
- package/esm/_crystals.d.ts.map +1 -0
- package/esm/_crystals.js +0 -30
- package/esm/_crystals.js.map +1 -1
- package/esm/index.d.ts +2 -0
- package/esm/index.d.ts.map +1 -0
- package/esm/ml-dsa.d.ts +17 -0
- package/esm/ml-dsa.d.ts.map +1 -0
- package/esm/ml-dsa.js +35 -84
- package/esm/ml-dsa.js.map +1 -1
- package/esm/ml-kem.d.ts +55 -0
- package/esm/ml-kem.d.ts.map +1 -0
- package/esm/ml-kem.js +26 -83
- package/esm/ml-kem.js.map +1 -1
- package/esm/slh-dsa.d.ts +46 -0
- package/esm/slh-dsa.d.ts.map +1 -0
- package/esm/slh-dsa.js +26 -109
- package/esm/slh-dsa.js.map +1 -1
- package/esm/utils.d.ts +38 -0
- package/esm/utils.d.ts.map +1 -0
- package/ml-dsa.d.ts +0 -20
- package/ml-dsa.d.ts.map +1 -1
- package/ml-dsa.js +35 -84
- package/ml-dsa.js.map +1 -1
- package/ml-kem.d.ts +1 -80
- package/ml-kem.d.ts.map +1 -1
- package/ml-kem.js +26 -83
- package/ml-kem.js.map +1 -1
- package/package.json +13 -21
- package/slh-dsa.d.ts +0 -24
- package/slh-dsa.d.ts.map +1 -1
- package/slh-dsa.js +26 -109
- package/slh-dsa.js.map +1 -1
- package/src/_crystals.ts +0 -33
- package/src/ml-dsa.ts +36 -88
- package/src/ml-kem.ts +28 -87
- package/src/slh-dsa.ts +26 -119
- package/utils.js +6 -6
- package/utils.js.map +1 -1
package/README.md
CHANGED
@@ -3,17 +3,17 @@
|
|
3
3
|
Auditable & minimal JS implementation of public-key post-quantum cryptography.
|
4
4
|
|
5
5
|
- ð Auditable
|
6
|
-
- ðŧ Tree-
|
7
|
-
-
|
8
|
-
-
|
9
|
-
-
|
10
|
-
-
|
11
|
-
- ðŠķ
|
12
|
-
|
13
|
-
|
14
|
-
and algorithm selection guidance. For discussions, questions and support, visit
|
6
|
+
- ðŧ Tree-shakeable: unused code is excluded from your builds
|
7
|
+
- ð Reliable: tests ensure correctness
|
8
|
+
- ðĶū ML-KEM & CRYSTALS-Kyber: lattice-based kem from FIPS-203
|
9
|
+
- ð ML-DSA & CRYSTALS-Dilithium: lattice-based signatures from FIPS-204
|
10
|
+
- ð SLH-DSA & SPHINCS+: hash-based signatures from FIPS-205
|
11
|
+
- ðŠķ 77KB (15KB gzipped) for everything including bundled hashes
|
12
|
+
|
13
|
+
For discussions, questions and support, visit
|
15
14
|
[GitHub Discussions](https://github.com/paulmillr/noble-post-quantum/discussions)
|
16
|
-
section of the repository.
|
15
|
+
section of the repository. Check out [What should I use](#what-should-i-use) section for benchmarks
|
16
|
+
and algorithm selection guidance.
|
17
17
|
|
18
18
|
### This library belongs to _noble_ cryptography
|
19
19
|
|
@@ -45,114 +45,47 @@ A standalone file
|
|
45
45
|
[noble-post-quantum.js](https://github.com/paulmillr/noble-post-quantum/releases) is also available.
|
46
46
|
|
47
47
|
```js
|
48
|
-
// import * from '@noble/post-quantum'; // Error: use sub-imports
|
49
|
-
import { ml_kem768,
|
50
|
-
|
48
|
+
// import * from '@noble/post-quantum'; // Error: use sub-imports instead
|
49
|
+
import { ml_kem512, ml_kem768, ml_kem1024 } from '@noble/post-quantum/ml-kem';
|
50
|
+
import { ml_dsa44, ml_dsa65, ml_dsa87 } from '@noble/post-quantum/ml-dsa';
|
51
|
+
import {
|
52
|
+
slh_dsa_sha2_128f, slh_dsa_sha2_128s,
|
53
|
+
slh_dsa_sha2_192f, slh_dsa_sha2_192s,
|
54
|
+
slh_dsa_sha2_256f, slh_dsa_sha2_256s,
|
55
|
+
slh_dsa_shake_128f, slh_dsa_shake_128s,
|
56
|
+
slh_dsa_shake_192f, slh_dsa_shake_192s,
|
57
|
+
slh_dsa_shake_256f, slh_dsa_shake_256s,
|
58
|
+
} from '@noble/post-quantum/slh-dsa';
|
59
|
+
// import { ml_kem768 } from 'npm:@noble/post-quantum@0.1.0/ml-kem'; // Deno
|
51
60
|
```
|
52
61
|
|
53
|
-
- [What should I use?](#what-should-i-use)
|
54
62
|
- [ML-KEM / Kyber](#ml-kem--kyber-shared-secrets)
|
55
63
|
- [ML-DSA / Dilithium](#ml-dsa--dilithium-signatures)
|
56
64
|
- [SLH-DSA / SPHINCS+](#slh-dsa--sphincs-signatures)
|
65
|
+
- [What should I use?](#what-should-i-use)
|
57
66
|
- [Security](#security)
|
58
67
|
- [Speed](#speed)
|
59
68
|
- [Contributing & testing](#contributing--testing)
|
60
69
|
- [Resources](#resources)
|
61
70
|
- [License](#license)
|
62
71
|
|
63
|
-
### What should I use?
|
64
|
-
|
65
|
-
| | Speed | Key size | Sig size | Created in | Popularized in | Post-quantum? |
|
66
|
-
|-----------|--------|-------------|-------------|------------|----------------|---------------|
|
67
|
-
| RSA | Normal | 256B - 2KB | 256B - 2KB | 1970s | 1990s | No |
|
68
|
-
| ECC | Normal | 32 - 256B | 48 - 128B | 1980s | 2010s | No |
|
69
|
-
| Kyber | Fast | 1.6 - 31KB | 1KB | 1990s | 2020s | Yes |
|
70
|
-
| Dilithium | Normal | 1.3 - 2.5KB | 2.5 - 4.5KB | 1990s | 2020s | Yes |
|
71
|
-
| SPHINCS | Slow | 32 - 128B | 17 - 50KB | 1970s | 2020s | Yes |
|
72
|
-
|
73
|
-
Speed (higher is better):
|
74
|
-
|
75
|
-
| OPs/sec | Keygen | Signing | Verification | Shared secret |
|
76
|
-
|--------------|--------|---------|--------------|---------------|
|
77
|
-
| ECC ed25519 | 10270 | 5110 | 1050 | 1470 |
|
78
|
-
| Kyber-512 | 3050 | | | 2090 |
|
79
|
-
| Dilithium-2 | 580 | 170 | 550 | |
|
80
|
-
| SPHINCS-128f | 200 | 8 | 140 | |
|
81
|
-
|
82
|
-
tl;dr: ECC + ML-KEM for key agreement, SLH-DSA for pq signatures.
|
83
|
-
|
84
|
-
It's recommended to use SPHINCS, which is built on
|
85
|
-
top of older, conservative primitives.
|
86
|
-
|
87
|
-
Kyber and Dilithium are lattice-based, so they're less "proven".
|
88
|
-
There's some chance of advancement, which will break this algorithm class.
|
89
|
-
|
90
|
-
FIPS wants to release final standards in 2024.
|
91
|
-
Until then, they provide no test vectors, meaning
|
92
|
-
implementations could be producing invalid output.
|
93
|
-
Moreover, if you'll use non-FIPS versions, or even FIPS
|
94
|
-
versions today, it's possible the final spec will be
|
95
|
-
incompatible, and you'll be stuck with old implementations.
|
96
|
-
Similar to what happened to Keccak and SHA-3.
|
97
|
-
|
98
|
-
Symmetrical algorithms like AES and ChaCha (available in [noble-ciphers](https://github.com/paulmillr/noble-ciphers))
|
99
|
-
suffer less from quantum computers. For AES, simply update from AES-128 to AES-256.
|
100
|
-
|
101
72
|
### ML-KEM / Kyber shared secrets
|
102
73
|
|
103
74
|
```ts
|
104
75
|
import { ml_kem512, ml_kem768, ml_kem1024 } from '@noble/post-quantum/ml-kem';
|
105
|
-
//
|
106
|
-
// import { kyber512_90s, kyber768_90s, kyber1024_90s } from '@noble/post-quantum/ml-kem';
|
76
|
+
// [Alice] generates secret & public keys, then sends publicKey to Bob
|
107
77
|
const aliceKeys = ml_kem768.keygen();
|
108
78
|
const alicePub = aliceKeys.publicKey;
|
109
|
-
const { cipherText, sharedSecret: bobShared } = ml_kem768.encapsulate(alicePub);
|
110
|
-
const aliceShared = ml_kem768.decapsulate(cipherText, aliceKeys.secretKey); // [Alice] decrypts sharedSecret from Bob
|
111
|
-
// aliceShared == bobShared
|
112
|
-
```
|
113
|
-
|
114
|
-
Lattice-based key encapsulation mechanism.
|
115
|
-
See [official site](https://www.pq-crystals.org/kyber/resources.shtml),
|
116
|
-
[repo](https://github.com/pq-crystals/kyber),
|
117
|
-
[spec](https://datatracker.ietf.org/doc/draft-cfrg-schwabe-kyber/).
|
118
|
-
|
119
|
-
Key encapsulation is similar to DH / ECDH (think X25519), with important differences:
|
120
79
|
|
121
|
-
- We can't verify if it was "Bob" who've sent the shared secret.
|
122
|
-
In ECDH, it's always verified
|
123
|
-
- It is probabalistic and relies on quality of randomness (CSPRNG).
|
124
|
-
ECDH doesn't (to this extent).
|
125
|
-
- Kyber decapsulation never throws an error, even when shared secret was
|
126
|
-
encrypted by a different public key. It will just return a different
|
127
|
-
shared secret
|
128
|
-
|
129
|
-
There are some concerns with regards to security: see
|
130
|
-
[djb blog](https://blog.cr.yp.to/20231003-countcorrectly.html) and
|
131
|
-
[mailing list](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E).
|
132
|
-
|
133
|
-
Three versions are provided:
|
134
|
-
|
135
|
-
1. Kyber
|
136
|
-
2. Kyber-90s, using algorithms from 1990s
|
137
|
-
3. ML-KEM aka [FIPS-203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf)
|
138
|
-
|
139
|
-
```ts
|
140
|
-
// Alice generates keys
|
141
|
-
const aliceKeys = kyber1024.keygen(); // [Alice] generates key pair (secret and public key)
|
142
|
-
const alicePub = aliceKeys.publicKey; // [Alice] sends public key to Bob (somehow)
|
143
|
-
// aliceKeys.secretKey never leaves [Alice] system and unknown to other parties
|
144
|
-
|
145
|
-
// Bob creates cipherText for Alice
|
146
80
|
// [Bob] generates shared secret for Alice publicKey
|
147
|
-
|
148
|
-
|
81
|
+
// bobShared never leaves [Bob] system and is unknown to other parties
|
82
|
+
const { cipherText, sharedSecret: bobShared } = ml_kem768.encapsulate(alicePub);
|
149
83
|
|
150
|
-
// Alice gets cipherText from Bob
|
151
|
-
|
152
|
-
const aliceShared = kyber1024.decapsulate(cipherText, aliceKeys.secretKey);
|
84
|
+
// Alice gets and decrypts cipherText from Bob
|
85
|
+
const aliceShared = ml_kem768.decapsulate(cipherText, aliceKeys.secretKey);
|
153
86
|
|
154
|
-
// Now, both Alice and Both have same sharedSecret key
|
155
|
-
|
87
|
+
// Now, both Alice and Both have same sharedSecret key
|
88
|
+
// without exchanging in plainText: aliceShared == bobShared
|
156
89
|
|
157
90
|
// Warning: Can be MITM-ed
|
158
91
|
const carolKeys = kyber1024.keygen();
|
@@ -160,123 +93,165 @@ const carolShared = kyber1024.decapsulate(cipherText, carolKeys.secretKey); // N
|
|
160
93
|
notDeepStrictEqual(aliceShared, carolShared); // Different key!
|
161
94
|
```
|
162
95
|
|
96
|
+
Lattice-based key encapsulation mechanism, defined in [FIPS-203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf).
|
97
|
+
|
98
|
+
See [website](https://www.pq-crystals.org/kyber/resources.shtml) and [repo](https://github.com/pq-crystals/kyber).
|
99
|
+
There are some concerns with regards to security: see
|
100
|
+
[djb blog](https://blog.cr.yp.to/20231003-countcorrectly.html) and
|
101
|
+
[mailing list](https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E).
|
102
|
+
Old, incompatible version (Kyber) is not provided. Open an issue if you need it.
|
103
|
+
|
104
|
+
> [!WARNING]
|
105
|
+
> Unlike ECDH, KEM doesn't verify whether it was "Bob" who've sent the ciphertext.
|
106
|
+
> Instead of throwing an error when the ciphertext is encrypted by a different pubkey,
|
107
|
+
> `decapsulate` will simply return a different shared secret.
|
108
|
+
> ML-KEM is also probabilistic and relies on quality of CSPRNG.
|
109
|
+
|
163
110
|
### ML-DSA / Dilithium signatures
|
164
111
|
|
165
112
|
```ts
|
166
113
|
import { ml_dsa44, ml_dsa65, ml_dsa87 } from '@noble/post-quantum/ml-dsa';
|
167
|
-
|
168
|
-
|
169
|
-
const aliceKeys = ml_dsa65.keygen();
|
114
|
+
const seed = new TextEncoder().encode('not a safe seed');
|
115
|
+
const aliceKeys = ml_dsa65.keygen(seed);
|
170
116
|
const msg = new Uint8Array(1);
|
171
117
|
const sig = ml_dsa65.sign(aliceKeys.secretKey, msg);
|
172
|
-
const isValid = ml_dsa65.verify(aliceKeys.publicKey, msg, sig)
|
118
|
+
const isValid = ml_dsa65.verify(aliceKeys.publicKey, msg, sig);
|
173
119
|
```
|
174
120
|
|
175
|
-
Lattice-based digital signature algorithm. See
|
176
|
-
[
|
121
|
+
Lattice-based digital signature algorithm, defined in [FIPS-204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf). See
|
122
|
+
[website](https://www.pq-crystals.org/dilithium/index.shtml) and
|
177
123
|
[repo](https://github.com/pq-crystals/dilithium).
|
178
|
-
|
179
|
-
|
180
|
-
Three versions are provided:
|
181
|
-
|
182
|
-
1. Dilithium v3.0, v3.0 AES
|
183
|
-
2. Dilithium v3.1, v3.1 AES
|
184
|
-
3. ML-DSA aka [FIPS-204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf)
|
124
|
+
The internals are similar to ML-KEM, but keys and params are different.
|
185
125
|
|
186
126
|
### SLH-DSA / SPHINCS+ signatures
|
187
127
|
|
188
128
|
```ts
|
189
|
-
import {
|
190
|
-
|
191
|
-
|
192
|
-
|
129
|
+
import {
|
130
|
+
slh_dsa_sha2_128f, slh_dsa_sha2_128s,
|
131
|
+
slh_dsa_sha2_192f, slh_dsa_sha2_192s,
|
132
|
+
slh_dsa_sha2_256f, slh_dsa_sha2_256s,
|
133
|
+
slh_dsa_shake_128f, slh_dsa_shake_128s,
|
134
|
+
slh_dsa_shake_192f, slh_dsa_shake_192s,
|
135
|
+
slh_dsa_shake_256f, slh_dsa_shake_256s,
|
136
|
+
} from '@noble/post-quantum/slh-dsa';
|
137
|
+
|
193
138
|
const aliceKeys = sph.keygen();
|
194
139
|
const msg = new Uint8Array(1);
|
195
140
|
const sig = sph.sign(aliceKeys.secretKey, msg);
|
196
141
|
const isValid = sph.verify(aliceKeys.publicKey, msg, sig);
|
197
142
|
```
|
198
143
|
|
199
|
-
Hash-based digital signature algorithm
|
200
|
-
|
201
|
-
|
202
|
-
Some wasm libraries use older specs.
|
144
|
+
Hash-based digital signature algorithm, defined in [FIPS-205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf).
|
145
|
+
See [website](https://sphincs.org) and [repo](https://github.com/sphincs/sphincsplus).
|
146
|
+
We implement spec v3.1 with FIPS adjustments. Some wasm libraries use older specs.
|
203
147
|
|
204
|
-
|
148
|
+
> [!NOTE]
|
149
|
+
> SLH-DSA is slow: see benchmarks below
|
205
150
|
|
206
|
-
|
207
|
-
2. SHA2-based
|
208
|
-
3. SLH-DSA aka [FIPS-205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.ipd.pdf)
|
209
|
-
|
210
|
-
The pattern for exported name is:
|
211
|
-
|
212
|
-
```
|
213
|
-
sphincs_{HASH}_{BITS}{SIZE}_{KIND}
|
214
|
-
|
215
|
-
where
|
216
|
-
HASH: shake | sha2
|
217
|
-
BITS: 128 | 192 | 256
|
218
|
-
SIZE: f | s (full, short)
|
219
|
-
KIND: simple | robust
|
151
|
+
### What should I use?
|
220
152
|
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
153
|
+
| | Speed | Key size | Sig size | Created in | Popularized in | Post-quantum? |
|
154
|
+
| --------- | ------ | ----------- | ----------- | ---------- | -------------- | ------------- |
|
155
|
+
| RSA | Normal | 256B - 2KB | 256B - 2KB | 1970s | 1990s | No |
|
156
|
+
| ECC | Normal | 32 - 256B | 48 - 128B | 1980s | 2010s | No |
|
157
|
+
| ML-KEM | Fast | 1.6 - 31KB | 1KB | 1990s | 2020s | Yes |
|
158
|
+
| ML-DSA | Normal | 1.3 - 2.5KB | 2.5 - 4.5KB | 1990s | 2020s | Yes |
|
159
|
+
| SLH-DSA | Slow | 32 - 128B | 17 - 50KB | 1970s | 2020s | Yes |
|
225
160
|
|
226
|
-
|
161
|
+
We suggest to use ECC + ML-KEM for key agreement, SLH-DSA for signatures.
|
227
162
|
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
sphincs_shake_128f_robust,
|
232
|
-
sphincs_shake_128s_simple,
|
233
|
-
sphincs_shake_128s_robust,
|
234
|
-
sphincs_shake_192f_simple,
|
235
|
-
sphincs_shake_192f_robust,
|
236
|
-
sphincs_shake_192s_simple,
|
237
|
-
sphincs_shake_192s_robust,
|
238
|
-
sphincs_shake_256f_simple,
|
239
|
-
sphincs_shake_256f_robust,
|
240
|
-
sphincs_shake_256s_simple,
|
241
|
-
sphincs_shake_256s_robust,
|
242
|
-
} from '@noble/post-quantum/slh-dsa';
|
243
|
-
|
244
|
-
import {
|
245
|
-
sphincs_sha2_128f_simple,
|
246
|
-
sphincs_sha2_128f_robust,
|
247
|
-
sphincs_sha2_128s_simple,
|
248
|
-
sphincs_sha2_128s_robust,
|
249
|
-
sphincs_sha2_192f_simple,
|
250
|
-
sphincs_sha2_192f_robust,
|
251
|
-
sphincs_sha2_192s_simple,
|
252
|
-
sphincs_sha2_192s_robust,
|
253
|
-
sphincs_sha2_256f_simple,
|
254
|
-
sphincs_sha2_256f_robust,
|
255
|
-
sphincs_sha2_256s_simple,
|
256
|
-
sphincs_sha2_256s_robust,
|
257
|
-
} from '@noble/post-quantum/slh-dsa';
|
163
|
+
ML-KEM and ML-DSA are lattice-based, so they're less "proven".
|
164
|
+
There's some chance of advancement, which will break this algorithm class.
|
165
|
+
SLH-DSA, while being slow, is built on top of older, conservative primitives.
|
258
166
|
|
259
|
-
|
260
|
-
|
261
|
-
slh_dsa_sha2_128s,
|
262
|
-
slh_dsa_sha2_192f,
|
263
|
-
slh_dsa_sha2_192s,
|
264
|
-
slh_dsa_sha2_256f,
|
265
|
-
slh_dsa_sha2_256s,
|
266
|
-
} from '@noble/post-quantum/slh-dsa';
|
267
|
-
```
|
167
|
+
Symmetrical algorithms like AES and ChaCha (available in [noble-ciphers](https://github.com/paulmillr/noble-ciphers))
|
168
|
+
suffer less from quantum computers. For AES, simply update from AES-128 to AES-256.
|
268
169
|
|
269
170
|
## Security
|
270
171
|
|
271
172
|
The library has not been independently audited yet.
|
272
173
|
|
174
|
+
There is no protection against side-channel attacks.
|
175
|
+
|
273
176
|
If you see anything unusual: investigate and report.
|
274
177
|
|
275
178
|
## Speed
|
276
179
|
|
277
|
-
|
180
|
+
Noble is the fastest JS implementation of post-quantum algorithms.
|
181
|
+
WASM libraries can be faster.
|
182
|
+
|
183
|
+
| OPs/sec | Keygen | Signing | Verification | Shared secret |
|
184
|
+
| ------------ | ------ | ------- | ------------ | ------------- |
|
185
|
+
| ECC ed25519 | 10270 | 5110 | 1050 | 1470 |
|
186
|
+
| ML-KEM-768 | 2300 | | | 2000 |
|
187
|
+
| ML-DSA44 | 670 | 120 | 620 | |
|
188
|
+
| SLH-DSA-SHA2-128f | 250 | 10 | 167 | |
|
278
189
|
|
279
|
-
|
190
|
+
For SLH-DSA, SHAKE slows everything down 8x, and -s versions do another 20-50x slowdown.
|
191
|
+
|
192
|
+
Detailed benchmarks on Apple M2:
|
193
|
+
|
194
|
+
```
|
195
|
+
ML-KEM
|
196
|
+
keygen
|
197
|
+
ââML-KEM-512 x 3,784 ops/sec @ 264Ξs/op
|
198
|
+
ââML-KEM-768 x 2,305 ops/sec @ 433Ξs/op
|
199
|
+
ââML-KEM-1024 x 1,510 ops/sec @ 662Ξs/op
|
200
|
+
encrypt
|
201
|
+
ââML-KEM-512 x 3,283 ops/sec @ 304Ξs/op
|
202
|
+
ââML-KEM-768 x 1,993 ops/sec @ 501Ξs/op
|
203
|
+
ââML-KEM-1024 x 1,366 ops/sec @ 731Ξs/op
|
204
|
+
decrypt
|
205
|
+
ââML-KEM-512 x 3,450 ops/sec @ 289Ξs/op
|
206
|
+
ââML-KEM-768 x 2,035 ops/sec @ 491Ξs/op
|
207
|
+
ââML-KEM-1024 x 1,343 ops/sec @ 744Ξs/op
|
208
|
+
|
209
|
+
ML-DSA
|
210
|
+
keygen
|
211
|
+
ââML-DSA44 x 669 ops/sec @ 1ms/op
|
212
|
+
ââML-DSA65 x 386 ops/sec @ 2ms/op
|
213
|
+
ââML-DSA87 x 236 ops/sec @ 4ms/op
|
214
|
+
sign
|
215
|
+
ââML-DSA44 x 123 ops/sec @ 8ms/op
|
216
|
+
ââML-DSA65 x 120 ops/sec @ 8ms/op
|
217
|
+
ââML-DSA87 x 78 ops/sec @ 12ms/op
|
218
|
+
verify
|
219
|
+
ââML-DSA44 x 618 ops/sec @ 1ms/op
|
220
|
+
ââML-DSA65 x 367 ops/sec @ 2ms/op
|
221
|
+
ââML-DSA87 x 220 ops/sec @ 4ms/op
|
222
|
+
|
223
|
+
SLH-DSA
|
224
|
+
keygen
|
225
|
+
ââslh_dsa_sha2_128f x 245 ops/sec @ 4ms/op
|
226
|
+
ââslh_dsa_sha2_192f x 166 ops/sec @ 6ms/op
|
227
|
+
ââslh_dsa_sha2_256f x 64 ops/sec @ 15ms/op
|
228
|
+
ââslh_dsa_shake_128f x 35 ops/sec @ 28ms/op
|
229
|
+
ââslh_dsa_shake_192f x 23 ops/sec @ 41ms/op
|
230
|
+
ââslh_dsa_shake_256f x 9 ops/sec @ 110ms/op
|
231
|
+
ââslh_dsa_sha2_128s x 3 ops/sec @ 257ms/op
|
232
|
+
ââslh_dsa_sha2_192s x 2 ops/sec @ 381ms/op
|
233
|
+
ââslh_dsa_sha2_256s x 3 ops/sec @ 250ms/op
|
234
|
+
sign
|
235
|
+
ââslh_dsa_sha2_128f x 10 ops/sec @ 94ms/op
|
236
|
+
ââslh_dsa_sha2_192f x 6 ops/sec @ 163ms/op
|
237
|
+
ââslh_dsa_sha2_256f x 2 ops/sec @ 338ms/op
|
238
|
+
ââslh_dsa_shake_128f x 1 ops/sec @ 671ms/op
|
239
|
+
ââslh_dsa_shake_192f x 0 ops/sec @ 1088ms/op
|
240
|
+
ââslh_dsa_shake_256f x 0 ops/sec @ 2219ms/op
|
241
|
+
ââslh_dsa_sha2_128s x 0 ops/sec @ 1954ms/op
|
242
|
+
ââslh_dsa_sha2_192s x 0 ops/sec @ 3789ms/op
|
243
|
+
ââslh_dsa_sha2_256s x 0 ops/sec @ 3404ms/op
|
244
|
+
verify
|
245
|
+
ââslh_dsa_sha2_128f x 162 ops/sec @ 6ms/op
|
246
|
+
ââslh_dsa_sha2_192f x 111 ops/sec @ 9ms/op
|
247
|
+
ââslh_dsa_sha2_256f x 105 ops/sec @ 9ms/op
|
248
|
+
ââslh_dsa_shake_128f x 24 ops/sec @ 40ms/op
|
249
|
+
ââslh_dsa_shake_192f x 17 ops/sec @ 58ms/op
|
250
|
+
ââslh_dsa_shake_256f x 16 ops/sec @ 59ms/op
|
251
|
+
ââslh_dsa_sha2_128s x 495 ops/sec @ 2ms/op
|
252
|
+
ââslh_dsa_sha2_192s x 293 ops/sec @ 3ms/op
|
253
|
+
ââslh_dsa_sha2_256s x 220 ops/sec @ 4ms/op
|
254
|
+
```
|
280
255
|
|
281
256
|
## Contributing & testing
|
282
257
|
|
package/_crystals.d.ts
CHANGED
package/_crystals.d.ts.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"_crystals.d.ts","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":"
|
1
|
+
{"version":3,"file":"_crystals.d.ts","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAW,MAAM,YAAY,CAAC;AAE3D,MAAM,MAAM,GAAG,GAAG,CAChB,IAAI,EAAE,UAAU,EAChB,QAAQ,CAAC,EAAE,MAAM,KACd;IACH,KAAK,EAAE,MAAM;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7C,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,MAAM,UAAU,CAAC;IAChD,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,WAAW,CAAC,CAAC,SAAS,UAAU,IAAI;IAC9C,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,UAAU,IAAI,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,CAAC;AAU/D,eAAO,MAAM,WAAW,GAAI,CAAC,SAAS,UAAU,QAAQ,WAAW,CAAC,CAAC,CAAC;aAGpD,MAAM,sBAAe,MAAM;cAK1B,MAAM,sBAAe,MAAM;;;oBAyB9B,CAAC;oBAaD,CAAC;;mBAgBO,MAAM,KAAK,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,KAAG,aAAa,CAAC,CAAC,CAAC;CA2B1E,CAAC;AAuCF,eAAO,MAAM,MAAM,KAA2C,CAAC;AAC/D,eAAO,MAAM,MAAM,KAA2C,CAAC"}
|
package/_crystals.js
CHANGED
@@ -1,8 +1,7 @@
|
|
1
1
|
"use strict";
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
3
|
-
exports.
|
3
|
+
exports.XOF256 = exports.XOF128 = exports.genCrystals = void 0;
|
4
4
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
5
|
-
const aes_1 = require("@noble/ciphers/aes");
|
6
5
|
const sha3_1 = require("@noble/hashes/sha3");
|
7
6
|
const utils_js_1 = require("./utils.js");
|
8
7
|
// TODO: benchmark
|
@@ -139,33 +138,4 @@ const createXofShake = (shake) => (seed, blockLen) => {
|
|
139
138
|
};
|
140
139
|
exports.XOF128 = createXofShake(sha3_1.shake128);
|
141
140
|
exports.XOF256 = createXofShake(sha3_1.shake256);
|
142
|
-
const createXofAes = (aes) => (seed, blockLen) => {
|
143
|
-
if (!blockLen)
|
144
|
-
blockLen = 16 * 3; // 288
|
145
|
-
const nonce = new Uint8Array(16);
|
146
|
-
const xk = aes.expandKeyLE(seed.subarray(0, 32));
|
147
|
-
const block = new Uint8Array(blockLen);
|
148
|
-
const out = block.slice();
|
149
|
-
let calls = 0;
|
150
|
-
let xofs = 0;
|
151
|
-
return {
|
152
|
-
stats: () => ({ calls, xofs }),
|
153
|
-
get: (x, y) => {
|
154
|
-
nonce.fill(0); // clean counter
|
155
|
-
nonce[0] = x;
|
156
|
-
nonce[1] = y;
|
157
|
-
calls++;
|
158
|
-
return () => {
|
159
|
-
xofs++;
|
160
|
-
return aes.ctrCounter(xk, nonce, block, out);
|
161
|
-
};
|
162
|
-
},
|
163
|
-
clean: () => {
|
164
|
-
nonce.fill(0);
|
165
|
-
xk.fill(0);
|
166
|
-
out.fill(0);
|
167
|
-
},
|
168
|
-
};
|
169
|
-
};
|
170
|
-
exports.XOF_AES = createXofAes(aes_1.unsafe);
|
171
141
|
//# sourceMappingURL=_crystals.js.map
|
package/_crystals.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"_crystals.js","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":";;;AAAA,4EAA4E;AAC5E,
|
1
|
+
{"version":3,"file":"_crystals.js","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":";;;AAAA,4EAA4E;AAC5E,6CAAwD;AAExD,yCAA2D;AAuB3D,kBAAkB;AAClB,SAAS,WAAW,CAAC,CAAS,EAAE,OAAe,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAEM,MAAM,WAAW,GAAG,CAAuB,IAAoB,EAAE,EAAE;IACxE,mDAAmD;IACnD,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnE,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC5C,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC9B,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC;IACF,0BAA0B;IAC1B,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC7C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC,CAAC;IACF,kBAAkB;IAClB,SAAS,SAAS;QAChB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACzD,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;IAE7B,6BAA6B;IAC7B,+CAA+C;IAE/C,8FAA8F;IAC9F,8EAA8E;IAC9E,sDAAsD;IACtD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG;QACV,MAAM,EAAE,CAAC,CAAI,EAAE,EAAE;YACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;gBACjD,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3B,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,KAAK,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBACzC,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;wBACjC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;wBAC/B,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;oBAC3B,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,MAAM,EAAE,CAAC,CAAI,EAAE,EAAE;YACf,KAAK,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;gBACpE,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3B,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,KAAK,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBACzC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;wBACf,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;wBAC3B,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;IACF,6BAA6B;IAC7B,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,CAAwB,EAAoB,EAAE;QAC1E,MAAM,IAAI,GAAG,IAAA,kBAAO,EAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,CAAC,IAAO,EAAc,EAAE;gBAC9B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACnE,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,MAAM,CAAC;oBAC5C,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,GAAG,IAAA,kBAAO,EAAC,MAAM,CAAC,CAAC;gBAC/E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,EAAE,CAAC,KAAiB,EAAK,EAAE;gBAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACpE,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;oBAC1B,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;gBAC9E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;AACjD,CAAC,CAAC;AAzFW,QAAA,WAAW,eAyFtB;AAEF,MAAM,cAAc,GAClB,CAAC,KAAsB,EAAO,EAAE,CAChC,CAAC,IAAgB,EAAE,QAAiB,EAAE,EAAE;IACtC,IAAI,CAAC,QAAQ;QAAE,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IACzC,kCAAkC;IAClC,gEAAgE;IAChE,iDAAiD;IAEjD,8DAA8D;IAC9D,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,uBAAuB;IAC7D,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9B,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;YAC5B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnC,KAAK,EAAE,CAAC;YACR,OAAO,GAAG,EAAE;gBACV,IAAI,EAAE,CAAC;gBACP,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC,CAAC;QACJ,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACV,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAES,QAAA,MAAM,GAAmB,cAAc,CAAC,eAAQ,CAAC,CAAC;AAClD,QAAA,MAAM,GAAmB,cAAc,CAAC,eAAQ,CAAC,CAAC"}
|
@@ -0,0 +1,33 @@
|
|
1
|
+
import type { TypedArray } from '@noble/hashes/utils';
|
2
|
+
import { BytesCoderLen, Coder } from './utils.js';
|
3
|
+
export type XOF = (seed: Uint8Array, blockLen?: number) => {
|
4
|
+
stats: () => {
|
5
|
+
calls: number;
|
6
|
+
xofs: number;
|
7
|
+
};
|
8
|
+
get: (x: number, y: number) => () => Uint8Array;
|
9
|
+
clean: () => void;
|
10
|
+
};
|
11
|
+
export type CrystalOpts<T extends TypedArray> = {
|
12
|
+
newPoly: TypedCons<T>;
|
13
|
+
N: number;
|
14
|
+
Q: number;
|
15
|
+
F: number;
|
16
|
+
ROOT_OF_UNITY: number;
|
17
|
+
brvBits: number;
|
18
|
+
isKyber: boolean;
|
19
|
+
};
|
20
|
+
export type TypedCons<T extends TypedArray> = (n: number) => T;
|
21
|
+
export declare const genCrystals: <T extends TypedArray>(opts: CrystalOpts<T>) => {
|
22
|
+
mod: (a: number, modulo?: number) => number;
|
23
|
+
smod: (a: number, modulo?: number) => number;
|
24
|
+
nttZetas: T;
|
25
|
+
NTT: {
|
26
|
+
encode: (r: T) => T;
|
27
|
+
decode: (r: T) => T;
|
28
|
+
};
|
29
|
+
bitsCoder: (d: number, c: Coder<number, number>) => BytesCoderLen<T>;
|
30
|
+
};
|
31
|
+
export declare const XOF128: XOF;
|
32
|
+
export declare const XOF256: XOF;
|
33
|
+
//# sourceMappingURL=_crystals.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"_crystals.d.ts","sourceRoot":"","sources":["../src/_crystals.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,KAAK,EAAW,MAAM,YAAY,CAAC;AAE3D,MAAM,MAAM,GAAG,GAAG,CAChB,IAAI,EAAE,UAAU,EAChB,QAAQ,CAAC,EAAE,MAAM,KACd;IACH,KAAK,EAAE,MAAM;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7C,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,MAAM,UAAU,CAAC;IAChD,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,WAAW,CAAC,CAAC,SAAS,UAAU,IAAI;IAC9C,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,UAAU,IAAI,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,CAAC;AAU/D,eAAO,MAAM,WAAW,GAAI,CAAC,SAAS,UAAU,QAAQ,WAAW,CAAC,CAAC,CAAC;aAGpD,MAAM,sBAAe,MAAM;cAK1B,MAAM,sBAAe,MAAM;;;oBAyB9B,CAAC;oBAaD,CAAC;;mBAgBO,MAAM,KAAK,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,KAAG,aAAa,CAAC,CAAC,CAAC;CA2B1E,CAAC;AAuCF,eAAO,MAAM,MAAM,KAA2C,CAAC;AAC/D,eAAO,MAAM,MAAM,KAA2C,CAAC"}
|
package/esm/_crystals.js
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
|
2
|
-
import { unsafe } from '@noble/ciphers/aes';
|
3
2
|
import { shake128, shake256 } from '@noble/hashes/sha3';
|
4
3
|
import { getMask } from './utils.js';
|
5
4
|
// TODO: benchmark
|
@@ -135,33 +134,4 @@ const createXofShake = (shake) => (seed, blockLen) => {
|
|
135
134
|
};
|
136
135
|
export const XOF128 = /* @__PURE__ */ createXofShake(shake128);
|
137
136
|
export const XOF256 = /* @__PURE__ */ createXofShake(shake256);
|
138
|
-
const createXofAes = (aes) => (seed, blockLen) => {
|
139
|
-
if (!blockLen)
|
140
|
-
blockLen = 16 * 3; // 288
|
141
|
-
const nonce = new Uint8Array(16);
|
142
|
-
const xk = aes.expandKeyLE(seed.subarray(0, 32));
|
143
|
-
const block = new Uint8Array(blockLen);
|
144
|
-
const out = block.slice();
|
145
|
-
let calls = 0;
|
146
|
-
let xofs = 0;
|
147
|
-
return {
|
148
|
-
stats: () => ({ calls, xofs }),
|
149
|
-
get: (x, y) => {
|
150
|
-
nonce.fill(0); // clean counter
|
151
|
-
nonce[0] = x;
|
152
|
-
nonce[1] = y;
|
153
|
-
calls++;
|
154
|
-
return () => {
|
155
|
-
xofs++;
|
156
|
-
return aes.ctrCounter(xk, nonce, block, out);
|
157
|
-
};
|
158
|
-
},
|
159
|
-
clean: () => {
|
160
|
-
nonce.fill(0);
|
161
|
-
xk.fill(0);
|
162
|
-
out.fill(0);
|
163
|
-
},
|
164
|
-
};
|
165
|
-
};
|
166
|
-
export const XOF_AES = /* @__PURE__ */ createXofAes(unsafe);
|
167
137
|
//# sourceMappingURL=_crystals.js.map
|
package/esm/_crystals.js.map
CHANGED
@@ -1 +1 @@
|
|
1
|
-
{"version":3,"file":"_crystals.js","sourceRoot":"","sources":["../src/_crystals.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,OAAO,EAAE,
|
1
|
+
{"version":3,"file":"_crystals.js","sourceRoot":"","sources":["../src/_crystals.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAwB,OAAO,EAAE,MAAM,YAAY,CAAC;AAuB3D,kBAAkB;AAClB,SAAS,WAAW,CAAC,CAAS,EAAE,OAAe,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,CAAuB,IAAoB,EAAE,EAAE;IACxE,mDAAmD;IACnD,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnE,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC5C,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC9B,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC;IACF,0BAA0B;IAC1B,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC7C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC,CAAC;IACF,kBAAkB;IAClB,SAAS,SAAS;QAChB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACzD,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;IAE7B,6BAA6B;IAC7B,+CAA+C;IAE/C,8FAA8F;IAC9F,8EAA8E;IAC9E,sDAAsD;IACtD,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG;QACV,MAAM,EAAE,CAAC,CAAI,EAAE,EAAE;YACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,GAAG,EAAE,GAAG,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;gBACjD,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3B,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,KAAK,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBACzC,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;wBACjC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;wBAC/B,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;oBAC3B,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,MAAM,EAAE,CAAC,CAAI,EAAE,EAAE;YACf,KAAK,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;gBACpE,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;oBAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC3B,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,KAAK,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBACzC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;wBACf,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;wBAC3B,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;YACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;IACF,6BAA6B;IAC7B,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,CAAwB,EAAoB,EAAE;QAC1E,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,CAAC,IAAO,EAAc,EAAE;gBAC9B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACnE,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,MAAM,CAAC;oBAC5C,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC/E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,EAAE,CAAC,KAAiB,EAAK,EAAE;gBAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACpE,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;oBAC1B,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;gBAC9E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,cAAc,GAClB,CAAC,KAAsB,EAAO,EAAE,CAChC,CAAC,IAAgB,EAAE,QAAiB,EAAE,EAAE;IACtC,IAAI,CAAC,QAAQ;QAAE,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IACzC,kCAAkC;IAClC,gEAAgE;IAChE,iDAAiD;IAEjD,8DAA8D;IAC9D,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,uBAAuB;IAC7D,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9B,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;YAC5B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnC,KAAK,EAAE,CAAC;YACR,OAAO,GAAG,EAAE;gBACV,IAAI,EAAE,CAAC;gBACP,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC,CAAC;QACJ,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACV,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;AAC/D,MAAM,CAAC,MAAM,MAAM,GAAG,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC"}
|
package/esm/index.d.ts
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}
|
package/esm/ml-dsa.d.ts
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
import { Signer } from './utils.js';
|
2
|
+
type Param = {
|
3
|
+
K: number;
|
4
|
+
L: number;
|
5
|
+
D: number;
|
6
|
+
GAMMA1: number;
|
7
|
+
GAMMA2: number;
|
8
|
+
TAU: number;
|
9
|
+
ETA: number;
|
10
|
+
OMEGA: number;
|
11
|
+
};
|
12
|
+
export declare const PARAMS: Record<string, Param>;
|
13
|
+
export declare const ml_dsa44: Signer;
|
14
|
+
export declare const ml_dsa65: Signer;
|
15
|
+
export declare const ml_dsa87: Signer;
|
16
|
+
export {};
|
17
|
+
//# sourceMappingURL=ml-dsa.d.ts.map
|
@@ -0,0 +1 @@
|
|
1
|
+
{"version":3,"file":"ml-dsa.d.ts","sourceRoot":"","sources":["../src/ml-dsa.ts"],"names":[],"mappings":"AAGA,OAAO,EAEL,MAAM,EAOP,MAAM,YAAY,CAAC;AAwBpB,KAAK,KAAK,GAAG;IACX,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,eAAO,MAAM,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAI/B,CAAC;AAwbX,eAAO,MAAM,QAAQ,QAOnB,CAAC;AAEH,eAAO,MAAM,QAAQ,QAOnB,CAAC;AAEH,eAAO,MAAM,QAAQ,QAOnB,CAAC"}
|