@theqrl/dilithium5 0.0.2 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/package.json +6 -2
- package/src/index.js +1 -1
- package/src/sign.js +37 -27
package/README.md
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@theqrl/dilithium5",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.4",
|
|
4
4
|
"description": "Dilithium-5 cryptography",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"dilithium",
|
|
@@ -36,6 +36,7 @@
|
|
|
36
36
|
"url": "https://github.com/theQRL/qrypto.js/issues"
|
|
37
37
|
},
|
|
38
38
|
"devDependencies": {
|
|
39
|
+
"c8": "^7.13.0",
|
|
39
40
|
"chai": "^4.3.7",
|
|
40
41
|
"codecov": "^3.8.3",
|
|
41
42
|
"eslint": "^8.33.0",
|
|
@@ -45,7 +46,10 @@
|
|
|
45
46
|
"eslint-plugin-prettier": "^4.2.1",
|
|
46
47
|
"esm": "^3.2.25",
|
|
47
48
|
"mocha": "^10.2.0",
|
|
48
|
-
"c8": "^7.13.0",
|
|
49
49
|
"prettier": "^2.8.3"
|
|
50
|
+
},
|
|
51
|
+
"dependencies": {
|
|
52
|
+
"randombytes": "^2.1.0",
|
|
53
|
+
"sha3": "^2.1.4"
|
|
50
54
|
}
|
|
51
55
|
}
|
package/src/index.js
CHANGED
package/src/sign.js
CHANGED
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { randomBytes } from 'randombytes'; // eslint-disable-line import/no-extraneous-dependencies
|
|
2
|
+
import { SHAKE } from 'sha3'; // eslint-disable-line import/no-extraneous-dependencies
|
|
3
|
+
|
|
2
4
|
import {
|
|
3
5
|
PolyVecK,
|
|
4
6
|
polyVecKAdd,
|
|
@@ -70,9 +72,10 @@ export function cryptoSignKeypair(passedSeed, pk, sk) {
|
|
|
70
72
|
// Get randomness for rho, rhoPrime and key
|
|
71
73
|
const seed = passedSeed || new Uint8Array(randomBytes(SeedBytes));
|
|
72
74
|
|
|
73
|
-
const state =
|
|
75
|
+
const state = new SHAKE(256);
|
|
76
|
+
let outputLength = 2 * SeedBytes + CRHBytes;
|
|
74
77
|
state.update(seed);
|
|
75
|
-
const seedBuf = state.digest();
|
|
78
|
+
const seedBuf = state.digest({ buffer: Buffer.alloc(outputLength) });
|
|
76
79
|
const rho = seedBuf.slice(0, SeedBytes);
|
|
77
80
|
const rhoPrime = seedBuf.slice(SeedBytes, SeedBytes + CRHBytes);
|
|
78
81
|
const key = seedBuf.slice(SeedBytes + CRHBytes);
|
|
@@ -101,8 +104,9 @@ export function cryptoSignKeypair(passedSeed, pk, sk) {
|
|
|
101
104
|
packPk(pk, rho, t1);
|
|
102
105
|
|
|
103
106
|
// Compute H(rho, t1) and write secret key
|
|
104
|
-
const hasher =
|
|
105
|
-
|
|
107
|
+
const hasher = new SHAKE(256);
|
|
108
|
+
outputLength = SeedBytes;
|
|
109
|
+
hasher.update(Buffer.from(pk, 'hex'));
|
|
106
110
|
const tr = new Uint8Array(hasher.digest());
|
|
107
111
|
packSk(sk, rho, tr, key, t0, s1, s2);
|
|
108
112
|
|
|
@@ -136,17 +140,19 @@ export function cryptoSignSignature(sig, m, sk, randomizedSigning) {
|
|
|
136
140
|
|
|
137
141
|
unpackSk(rho, tr, key, t0, s1, s2, sk);
|
|
138
142
|
|
|
139
|
-
state =
|
|
140
|
-
|
|
141
|
-
state.update(
|
|
142
|
-
|
|
143
|
+
state = new SHAKE(256);
|
|
144
|
+
let outputLength = CRHBytes;
|
|
145
|
+
state.update(Buffer.from(tr, 'hex'));
|
|
146
|
+
state.update(Buffer.from(m, 'hex'));
|
|
147
|
+
const mu = new Uint8Array(state.digest({ buffer: Buffer.alloc(outputLength) }));
|
|
143
148
|
|
|
144
149
|
if (randomizedSigning) rhoPrime = new Uint8Array(randomBytes(CRHBytes));
|
|
145
150
|
else {
|
|
146
|
-
state =
|
|
147
|
-
|
|
148
|
-
state.update(
|
|
149
|
-
|
|
151
|
+
state = new SHAKE(256);
|
|
152
|
+
outputLength = CRHBytes;
|
|
153
|
+
state.update(Buffer.from(key, 'hex'));
|
|
154
|
+
state.update(Buffer.from(mu, 'hex'));
|
|
155
|
+
rhoPrime.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
|
|
150
156
|
}
|
|
151
157
|
|
|
152
158
|
polyVecMatrixExpand(mat, rho);
|
|
@@ -169,10 +175,11 @@ export function cryptoSignSignature(sig, m, sk, randomizedSigning) {
|
|
|
169
175
|
polyVecKDecompose(w1, w0, w1);
|
|
170
176
|
polyVecKPackW1(sig, w1);
|
|
171
177
|
|
|
172
|
-
state =
|
|
173
|
-
|
|
174
|
-
state.update(
|
|
175
|
-
|
|
178
|
+
state = new SHAKE(256);
|
|
179
|
+
outputLength = SeedBytes;
|
|
180
|
+
state.update(Buffer.from(mu, 'hex'));
|
|
181
|
+
state.update(Buffer.from(sig.slice(0, K * PolyW1PackedBytes)), 'hex');
|
|
182
|
+
sig.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
|
|
176
183
|
|
|
177
184
|
polyChallenge(cp, sig);
|
|
178
185
|
polyNTT(cp);
|
|
@@ -257,14 +264,16 @@ export function cryptoSignVerify(sig, m, pk) {
|
|
|
257
264
|
}
|
|
258
265
|
|
|
259
266
|
/* Compute CRH(H(rho, t1), msg) */
|
|
260
|
-
let state =
|
|
267
|
+
let state = new SHAKE(256);
|
|
268
|
+
let outputLength = SeedBytes;
|
|
261
269
|
state.update(pk.slice(0, CryptoPublicKeyBytes));
|
|
262
|
-
mu.set(state.digest());
|
|
270
|
+
mu.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
|
|
263
271
|
|
|
264
|
-
state =
|
|
265
|
-
|
|
266
|
-
state.update(
|
|
267
|
-
|
|
272
|
+
state = new SHAKE(256);
|
|
273
|
+
outputLength = CRHBytes;
|
|
274
|
+
state.update(Buffer.from(mu.slice(0, SeedBytes), 'hex'));
|
|
275
|
+
state.update(Buffer.from(m, 'hex'));
|
|
276
|
+
mu.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
|
|
268
277
|
|
|
269
278
|
/* Matrix-vector multiplication; compute Az - c2^dt1 */
|
|
270
279
|
polyChallenge(cp, c);
|
|
@@ -288,10 +297,11 @@ export function cryptoSignVerify(sig, m, pk) {
|
|
|
288
297
|
polyVecKPackW1(buf, w1);
|
|
289
298
|
|
|
290
299
|
/* Call random oracle and verify challenge */
|
|
291
|
-
state =
|
|
292
|
-
|
|
293
|
-
state.update(
|
|
294
|
-
|
|
300
|
+
state = new SHAKE(256);
|
|
301
|
+
outputLength = SeedBytes;
|
|
302
|
+
state.update(Buffer.from(mu, 'hex'));
|
|
303
|
+
state.update(Buffer.from(buf, 'hex'));
|
|
304
|
+
c2.set(state.digest({ buffer: Buffer.alloc(outputLength) }));
|
|
295
305
|
|
|
296
306
|
for (i = 0; i < SeedBytes; ++i) if (c[i] !== c2[i]) return false;
|
|
297
307
|
return true;
|