@theqrl/dilithium5 1.1.2 → 1.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/cjs/dilithium5.d.cts +309 -0
- package/dist/cjs/dilithium5.js +6 -0
- package/dist/mjs/dilithium5.d.mts +309 -0
- package/dist/mjs/dilithium5.js +6 -0
- package/package.json +9 -3
- package/src/index.d.ts +115 -0
package/README.md
CHANGED
|
@@ -144,6 +144,7 @@ See [SECURITY.md](../../SECURITY.md) for important information about:
|
|
|
144
144
|
|
|
145
145
|
- JavaScript memory security limitations
|
|
146
146
|
- Constant-time verification
|
|
147
|
+
- **Signing timing variability** — signing is not constant-time due to the algorithm's rejection sampling loop; see SECURITY.md for measured impact and deployment mitigations
|
|
147
148
|
- Secure key handling recommendations
|
|
148
149
|
|
|
149
150
|
## Requirements
|
|
@@ -0,0 +1,309 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TypeScript definitions for @theqrl/dilithium5
|
|
3
|
+
* Dilithium-5 post-quantum digital signature scheme
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
// Constants
|
|
7
|
+
export const Shake128Rate: number;
|
|
8
|
+
export const Shake256Rate: number;
|
|
9
|
+
export const Stream128BlockBytes: number;
|
|
10
|
+
export const Stream256BlockBytes: number;
|
|
11
|
+
export const SeedBytes: number;
|
|
12
|
+
export const CRHBytes: number;
|
|
13
|
+
export const TRBytes: number;
|
|
14
|
+
export const N: number;
|
|
15
|
+
export const Q: number;
|
|
16
|
+
export const QInv: number;
|
|
17
|
+
export const D: number;
|
|
18
|
+
export const K: number;
|
|
19
|
+
export const L: number;
|
|
20
|
+
export const ETA: number;
|
|
21
|
+
export const TAU: number;
|
|
22
|
+
export const BETA: number;
|
|
23
|
+
export const GAMMA1: number;
|
|
24
|
+
export const GAMMA2: number;
|
|
25
|
+
export const OMEGA: number;
|
|
26
|
+
export const PolyT1PackedBytes: number;
|
|
27
|
+
export const PolyT0PackedBytes: number;
|
|
28
|
+
export const PolyETAPackedBytes: number;
|
|
29
|
+
export const PolyZPackedBytes: number;
|
|
30
|
+
export const PolyVecHPackedBytes: number;
|
|
31
|
+
export const PolyW1PackedBytes: number;
|
|
32
|
+
export const CryptoPublicKeyBytes: number;
|
|
33
|
+
export const CryptoSecretKeyBytes: number;
|
|
34
|
+
export const CryptoBytes: number;
|
|
35
|
+
export const PolyUniformNBlocks: number;
|
|
36
|
+
export const PolyUniformETANBlocks: number;
|
|
37
|
+
export const PolyUniformGamma1NBlocks: number;
|
|
38
|
+
export const zetas: readonly number[];
|
|
39
|
+
|
|
40
|
+
// Core signing functions
|
|
41
|
+
|
|
42
|
+
/**
|
|
43
|
+
* Generate a Dilithium-5 key pair
|
|
44
|
+
* @param seed - Optional 32-byte seed for deterministic key generation (null for random)
|
|
45
|
+
* @param pk - Output buffer for public key (must be CryptoPublicKeyBytes length)
|
|
46
|
+
* @param sk - Output buffer for secret key (must be CryptoSecretKeyBytes length)
|
|
47
|
+
* @returns The seed used for key generation
|
|
48
|
+
* @throws Error if pk/sk buffers are wrong size or null
|
|
49
|
+
*/
|
|
50
|
+
export function cryptoSignKeypair(
|
|
51
|
+
seed: Uint8Array | null,
|
|
52
|
+
pk: Uint8Array,
|
|
53
|
+
sk: Uint8Array
|
|
54
|
+
): Uint8Array;
|
|
55
|
+
|
|
56
|
+
/**
|
|
57
|
+
* Create a signature for a message
|
|
58
|
+
* @param sig - Output buffer for signature (must be CryptoBytes length minimum)
|
|
59
|
+
* @param m - Message to sign (hex string or Uint8Array; strings are parsed as hex only)
|
|
60
|
+
* @param sk - Secret key
|
|
61
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
62
|
+
* @returns 0 on success
|
|
63
|
+
* @throws Error if sk is wrong size
|
|
64
|
+
*/
|
|
65
|
+
export function cryptoSignSignature(
|
|
66
|
+
sig: Uint8Array,
|
|
67
|
+
m: Uint8Array | string,
|
|
68
|
+
sk: Uint8Array,
|
|
69
|
+
randomizedSigning: boolean
|
|
70
|
+
): number;
|
|
71
|
+
|
|
72
|
+
/**
|
|
73
|
+
* Sign a message, returning signature concatenated with message
|
|
74
|
+
* @param msg - Message to sign
|
|
75
|
+
* @param sk - Secret key
|
|
76
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
77
|
+
* @returns Signed message (signature || message)
|
|
78
|
+
* @throws Error if signing fails
|
|
79
|
+
*/
|
|
80
|
+
export function cryptoSign(
|
|
81
|
+
msg: Uint8Array | string,
|
|
82
|
+
sk: Uint8Array,
|
|
83
|
+
randomizedSigning: boolean
|
|
84
|
+
): Uint8Array;
|
|
85
|
+
|
|
86
|
+
/**
|
|
87
|
+
* Verify a signature
|
|
88
|
+
* @param sig - Signature to verify
|
|
89
|
+
* @param m - Message that was signed (hex string or Uint8Array; strings are parsed as hex only)
|
|
90
|
+
* @param pk - Public key
|
|
91
|
+
* @returns true if signature is valid, false otherwise
|
|
92
|
+
*/
|
|
93
|
+
export function cryptoSignVerify(
|
|
94
|
+
sig: Uint8Array,
|
|
95
|
+
m: Uint8Array | string,
|
|
96
|
+
pk: Uint8Array
|
|
97
|
+
): boolean;
|
|
98
|
+
|
|
99
|
+
/**
|
|
100
|
+
* Open a signed message (verify and extract message)
|
|
101
|
+
* @param sm - Signed message (signature || message)
|
|
102
|
+
* @param pk - Public key
|
|
103
|
+
* @returns Message if valid, undefined if verification fails
|
|
104
|
+
*/
|
|
105
|
+
export function cryptoSignOpen(
|
|
106
|
+
sm: Uint8Array,
|
|
107
|
+
pk: Uint8Array
|
|
108
|
+
): Uint8Array | undefined;
|
|
109
|
+
|
|
110
|
+
// Utility functions
|
|
111
|
+
|
|
112
|
+
/**
|
|
113
|
+
* Zero out a buffer (best-effort, see SECURITY.md for limitations)
|
|
114
|
+
* @param buffer - Buffer to zero
|
|
115
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
116
|
+
*/
|
|
117
|
+
export function zeroize(buffer: Uint8Array): void;
|
|
118
|
+
|
|
119
|
+
/**
|
|
120
|
+
* Check if buffer is all zeros using constant-time comparison
|
|
121
|
+
* @param buffer - Buffer to check
|
|
122
|
+
* @returns true if all bytes are zero
|
|
123
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
124
|
+
*/
|
|
125
|
+
export function isZero(buffer: Uint8Array): boolean;
|
|
126
|
+
|
|
127
|
+
// Internal classes (exported but primarily for internal use)
|
|
128
|
+
|
|
129
|
+
export class Poly {
|
|
130
|
+
coeffs: Int32Array;
|
|
131
|
+
constructor();
|
|
132
|
+
copy(poly: Poly): void;
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
export class PolyVecK {
|
|
136
|
+
vec: Poly[];
|
|
137
|
+
constructor();
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
export class PolyVecL {
|
|
141
|
+
vec: Poly[];
|
|
142
|
+
constructor();
|
|
143
|
+
copy(polyVecL: PolyVecL): void;
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
export class KeccakState {
|
|
147
|
+
constructor();
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
// Internal functions (exported but primarily for internal use)
|
|
151
|
+
export function polyNTT(a: Poly): void;
|
|
152
|
+
export function polyInvNTTToMont(a: Poly): void;
|
|
153
|
+
export function polyChallenge(c: Poly, seed: Uint8Array): void;
|
|
154
|
+
export function ntt(a: Int32Array): void;
|
|
155
|
+
export function invNTTToMont(a: Int32Array): void;
|
|
156
|
+
export function montgomeryReduce(a: bigint): bigint;
|
|
157
|
+
export function reduce32(a: number): number;
|
|
158
|
+
export function cAddQ(a: number): number;
|
|
159
|
+
export function decompose(a0: Int32Array, i: number, a: number): number;
|
|
160
|
+
export function power2round(a0: Int32Array, i: number, a: number): number;
|
|
161
|
+
export function makeHint(a0: number, a1: number): number;
|
|
162
|
+
export function useHint(a: number, hint: number): number;
|
|
163
|
+
export function packPk(pk: Uint8Array, rho: Uint8Array, t1: PolyVecK): void;
|
|
164
|
+
export function packSk(
|
|
165
|
+
sk: Uint8Array,
|
|
166
|
+
rho: Uint8Array,
|
|
167
|
+
tr: Uint8Array,
|
|
168
|
+
key: Uint8Array,
|
|
169
|
+
t0: PolyVecK,
|
|
170
|
+
s1: PolyVecL,
|
|
171
|
+
s2: PolyVecK
|
|
172
|
+
): void;
|
|
173
|
+
export function packSig(
|
|
174
|
+
sig: Uint8Array,
|
|
175
|
+
c: Uint8Array,
|
|
176
|
+
z: PolyVecL,
|
|
177
|
+
h: PolyVecK
|
|
178
|
+
): void;
|
|
179
|
+
export function unpackPk(rho: Uint8Array, t1: PolyVecK, pk: Uint8Array): void;
|
|
180
|
+
export function unpackSk(
|
|
181
|
+
rho: Uint8Array,
|
|
182
|
+
tr: Uint8Array,
|
|
183
|
+
key: Uint8Array,
|
|
184
|
+
t0: PolyVecK,
|
|
185
|
+
s1: PolyVecL,
|
|
186
|
+
s2: PolyVecK,
|
|
187
|
+
sk: Uint8Array
|
|
188
|
+
): void;
|
|
189
|
+
export function unpackSig(
|
|
190
|
+
c: Uint8Array,
|
|
191
|
+
z: PolyVecL,
|
|
192
|
+
h: PolyVecK,
|
|
193
|
+
sig: Uint8Array
|
|
194
|
+
): number;
|
|
195
|
+
|
|
196
|
+
// FIPS 202 SHAKE primitives (low-level XOF interface, primarily internal)
|
|
197
|
+
export function shake128Init(state: KeccakState): void;
|
|
198
|
+
export function shake128Absorb(state: KeccakState, input: Uint8Array): void;
|
|
199
|
+
export function shake128Finalize(state: KeccakState): void;
|
|
200
|
+
export function shake128SqueezeBlocks(
|
|
201
|
+
out: Uint8Array,
|
|
202
|
+
outputOffset: number,
|
|
203
|
+
nBlocks: number,
|
|
204
|
+
state: KeccakState
|
|
205
|
+
): void;
|
|
206
|
+
export function shake256Init(state: KeccakState): void;
|
|
207
|
+
export function shake256Absorb(state: KeccakState, input: Uint8Array): void;
|
|
208
|
+
export function shake256Finalize(state: KeccakState): void;
|
|
209
|
+
export function shake256SqueezeBlocks(
|
|
210
|
+
out: Uint8Array,
|
|
211
|
+
outputOffset: number,
|
|
212
|
+
nBlocks: number,
|
|
213
|
+
state: KeccakState
|
|
214
|
+
): void;
|
|
215
|
+
|
|
216
|
+
// Dilithium-specific stream initializers
|
|
217
|
+
export function dilithiumShake128StreamInit(
|
|
218
|
+
state: KeccakState,
|
|
219
|
+
seed: Uint8Array,
|
|
220
|
+
nonce: number
|
|
221
|
+
): void;
|
|
222
|
+
export function dilithiumShake256StreamInit(
|
|
223
|
+
state: KeccakState,
|
|
224
|
+
seed: Uint8Array,
|
|
225
|
+
nonce: number
|
|
226
|
+
): void;
|
|
227
|
+
|
|
228
|
+
// Polynomial operations (internal)
|
|
229
|
+
export function polyReduce(a: Poly): void;
|
|
230
|
+
export function polyCAddQ(a: Poly): void;
|
|
231
|
+
export function polyAdd(c: Poly, a: Poly, b: Poly): void;
|
|
232
|
+
export function polySub(c: Poly, a: Poly, b: Poly): void;
|
|
233
|
+
export function polyShiftL(a: Poly): void;
|
|
234
|
+
export function polyPointWiseMontgomery(c: Poly, a: Poly, b: Poly): void;
|
|
235
|
+
export function polyPower2round(a1: Poly, a0: Poly, a: Poly): void;
|
|
236
|
+
export function polyDecompose(a1: Poly, a0: Poly, a: Poly): void;
|
|
237
|
+
export function polyMakeHint(h: Poly, a0: Poly, a1: Poly): number;
|
|
238
|
+
export function polyUseHint(b: Poly, a: Poly, h: Poly): void;
|
|
239
|
+
export function polyChkNorm(a: Poly, b: number): number;
|
|
240
|
+
export function rejUniform(
|
|
241
|
+
a: Int32Array,
|
|
242
|
+
aOffset: number,
|
|
243
|
+
len: number,
|
|
244
|
+
buf: Uint8Array,
|
|
245
|
+
bufLen: number
|
|
246
|
+
): number;
|
|
247
|
+
export function polyUniform(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
248
|
+
export function rejEta(
|
|
249
|
+
a: Int32Array,
|
|
250
|
+
aOffset: number,
|
|
251
|
+
len: number,
|
|
252
|
+
buf: Uint8Array,
|
|
253
|
+
bufLen: number
|
|
254
|
+
): number;
|
|
255
|
+
export function polyUniformEta(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
256
|
+
export function polyZUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
257
|
+
export function polyUniformGamma1(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
258
|
+
export function polyEtaPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
259
|
+
export function polyEtaUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
260
|
+
export function polyT1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
261
|
+
export function polyT1Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
262
|
+
export function polyT0Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
263
|
+
export function polyT0Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
264
|
+
export function polyZPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
265
|
+
export function polyW1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
266
|
+
|
|
267
|
+
// Polynomial vector operations (internal)
|
|
268
|
+
export function polyVecMatrixExpand(mat: PolyVecL[], rho: Uint8Array): void;
|
|
269
|
+
export function polyVecMatrixPointWiseMontgomery(
|
|
270
|
+
t: PolyVecK,
|
|
271
|
+
mat: PolyVecL[],
|
|
272
|
+
v: PolyVecL
|
|
273
|
+
): void;
|
|
274
|
+
export function polyVecLUniformEta(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
275
|
+
export function polyVecLUniformGamma1(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
276
|
+
export function polyVecLReduce(v: PolyVecL): void;
|
|
277
|
+
export function polyVecLAdd(w: PolyVecL, u: PolyVecL, v: PolyVecL): void;
|
|
278
|
+
export function polyVecLNTT(v: PolyVecL): void;
|
|
279
|
+
export function polyVecLInvNTTToMont(v: PolyVecL): void;
|
|
280
|
+
export function polyVecLPointWisePolyMontgomery(
|
|
281
|
+
r: PolyVecL,
|
|
282
|
+
a: Poly,
|
|
283
|
+
v: PolyVecL
|
|
284
|
+
): void;
|
|
285
|
+
export function polyVecLPointWiseAccMontgomery(
|
|
286
|
+
w: Poly,
|
|
287
|
+
u: PolyVecL,
|
|
288
|
+
v: PolyVecL
|
|
289
|
+
): void;
|
|
290
|
+
export function polyVecLChkNorm(v: PolyVecL, bound: number): number;
|
|
291
|
+
export function polyVecKUniformEta(v: PolyVecK, seed: Uint8Array, nonce: number): void;
|
|
292
|
+
export function polyVecKReduce(v: PolyVecK): void;
|
|
293
|
+
export function polyVecKCAddQ(v: PolyVecK): void;
|
|
294
|
+
export function polyVecKAdd(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
295
|
+
export function polyVecKSub(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
296
|
+
export function polyVecKShiftL(v: PolyVecK): void;
|
|
297
|
+
export function polyVecKNTT(v: PolyVecK): void;
|
|
298
|
+
export function polyVecKInvNTTToMont(v: PolyVecK): void;
|
|
299
|
+
export function polyVecKPointWisePolyMontgomery(
|
|
300
|
+
r: PolyVecK,
|
|
301
|
+
a: Poly,
|
|
302
|
+
v: PolyVecK
|
|
303
|
+
): void;
|
|
304
|
+
export function polyVecKChkNorm(v: PolyVecK, bound: number): number;
|
|
305
|
+
export function polyVecKPower2round(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
306
|
+
export function polyVecKDecompose(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
307
|
+
export function polyVecKMakeHint(h: PolyVecK, v0: PolyVecK, v1: PolyVecK): number;
|
|
308
|
+
export function polyVecKUseHint(w: PolyVecK, u: PolyVecK, h: PolyVecK): void;
|
|
309
|
+
export function polyVecKPackW1(r: Uint8Array, w1: PolyVecK): void;
|
package/dist/cjs/dilithium5.js
CHANGED
|
@@ -1354,6 +1354,12 @@ function packSig(sigP, c, z, h) {
|
|
|
1354
1354
|
for (let i = 0; i < K; ++i) {
|
|
1355
1355
|
for (let j = 0; j < N; ++j) {
|
|
1356
1356
|
if (h.vec[i].coeffs[j] !== 0) {
|
|
1357
|
+
if (h.vec[i].coeffs[j] !== 1) {
|
|
1358
|
+
throw new Error('hint coefficients must be binary (0 or 1)');
|
|
1359
|
+
}
|
|
1360
|
+
if (k >= OMEGA) {
|
|
1361
|
+
throw new Error(`hint count exceeds OMEGA (${OMEGA})`);
|
|
1362
|
+
}
|
|
1357
1363
|
sig[sigOffset + k++] = j;
|
|
1358
1364
|
}
|
|
1359
1365
|
}
|
|
@@ -0,0 +1,309 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TypeScript definitions for @theqrl/dilithium5
|
|
3
|
+
* Dilithium-5 post-quantum digital signature scheme
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
// Constants
|
|
7
|
+
export const Shake128Rate: number;
|
|
8
|
+
export const Shake256Rate: number;
|
|
9
|
+
export const Stream128BlockBytes: number;
|
|
10
|
+
export const Stream256BlockBytes: number;
|
|
11
|
+
export const SeedBytes: number;
|
|
12
|
+
export const CRHBytes: number;
|
|
13
|
+
export const TRBytes: number;
|
|
14
|
+
export const N: number;
|
|
15
|
+
export const Q: number;
|
|
16
|
+
export const QInv: number;
|
|
17
|
+
export const D: number;
|
|
18
|
+
export const K: number;
|
|
19
|
+
export const L: number;
|
|
20
|
+
export const ETA: number;
|
|
21
|
+
export const TAU: number;
|
|
22
|
+
export const BETA: number;
|
|
23
|
+
export const GAMMA1: number;
|
|
24
|
+
export const GAMMA2: number;
|
|
25
|
+
export const OMEGA: number;
|
|
26
|
+
export const PolyT1PackedBytes: number;
|
|
27
|
+
export const PolyT0PackedBytes: number;
|
|
28
|
+
export const PolyETAPackedBytes: number;
|
|
29
|
+
export const PolyZPackedBytes: number;
|
|
30
|
+
export const PolyVecHPackedBytes: number;
|
|
31
|
+
export const PolyW1PackedBytes: number;
|
|
32
|
+
export const CryptoPublicKeyBytes: number;
|
|
33
|
+
export const CryptoSecretKeyBytes: number;
|
|
34
|
+
export const CryptoBytes: number;
|
|
35
|
+
export const PolyUniformNBlocks: number;
|
|
36
|
+
export const PolyUniformETANBlocks: number;
|
|
37
|
+
export const PolyUniformGamma1NBlocks: number;
|
|
38
|
+
export const zetas: readonly number[];
|
|
39
|
+
|
|
40
|
+
// Core signing functions
|
|
41
|
+
|
|
42
|
+
/**
|
|
43
|
+
* Generate a Dilithium-5 key pair
|
|
44
|
+
* @param seed - Optional 32-byte seed for deterministic key generation (null for random)
|
|
45
|
+
* @param pk - Output buffer for public key (must be CryptoPublicKeyBytes length)
|
|
46
|
+
* @param sk - Output buffer for secret key (must be CryptoSecretKeyBytes length)
|
|
47
|
+
* @returns The seed used for key generation
|
|
48
|
+
* @throws Error if pk/sk buffers are wrong size or null
|
|
49
|
+
*/
|
|
50
|
+
export function cryptoSignKeypair(
|
|
51
|
+
seed: Uint8Array | null,
|
|
52
|
+
pk: Uint8Array,
|
|
53
|
+
sk: Uint8Array
|
|
54
|
+
): Uint8Array;
|
|
55
|
+
|
|
56
|
+
/**
|
|
57
|
+
* Create a signature for a message
|
|
58
|
+
* @param sig - Output buffer for signature (must be CryptoBytes length minimum)
|
|
59
|
+
* @param m - Message to sign (hex string or Uint8Array; strings are parsed as hex only)
|
|
60
|
+
* @param sk - Secret key
|
|
61
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
62
|
+
* @returns 0 on success
|
|
63
|
+
* @throws Error if sk is wrong size
|
|
64
|
+
*/
|
|
65
|
+
export function cryptoSignSignature(
|
|
66
|
+
sig: Uint8Array,
|
|
67
|
+
m: Uint8Array | string,
|
|
68
|
+
sk: Uint8Array,
|
|
69
|
+
randomizedSigning: boolean
|
|
70
|
+
): number;
|
|
71
|
+
|
|
72
|
+
/**
|
|
73
|
+
* Sign a message, returning signature concatenated with message
|
|
74
|
+
* @param msg - Message to sign
|
|
75
|
+
* @param sk - Secret key
|
|
76
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
77
|
+
* @returns Signed message (signature || message)
|
|
78
|
+
* @throws Error if signing fails
|
|
79
|
+
*/
|
|
80
|
+
export function cryptoSign(
|
|
81
|
+
msg: Uint8Array | string,
|
|
82
|
+
sk: Uint8Array,
|
|
83
|
+
randomizedSigning: boolean
|
|
84
|
+
): Uint8Array;
|
|
85
|
+
|
|
86
|
+
/**
|
|
87
|
+
* Verify a signature
|
|
88
|
+
* @param sig - Signature to verify
|
|
89
|
+
* @param m - Message that was signed (hex string or Uint8Array; strings are parsed as hex only)
|
|
90
|
+
* @param pk - Public key
|
|
91
|
+
* @returns true if signature is valid, false otherwise
|
|
92
|
+
*/
|
|
93
|
+
export function cryptoSignVerify(
|
|
94
|
+
sig: Uint8Array,
|
|
95
|
+
m: Uint8Array | string,
|
|
96
|
+
pk: Uint8Array
|
|
97
|
+
): boolean;
|
|
98
|
+
|
|
99
|
+
/**
|
|
100
|
+
* Open a signed message (verify and extract message)
|
|
101
|
+
* @param sm - Signed message (signature || message)
|
|
102
|
+
* @param pk - Public key
|
|
103
|
+
* @returns Message if valid, undefined if verification fails
|
|
104
|
+
*/
|
|
105
|
+
export function cryptoSignOpen(
|
|
106
|
+
sm: Uint8Array,
|
|
107
|
+
pk: Uint8Array
|
|
108
|
+
): Uint8Array | undefined;
|
|
109
|
+
|
|
110
|
+
// Utility functions
|
|
111
|
+
|
|
112
|
+
/**
|
|
113
|
+
* Zero out a buffer (best-effort, see SECURITY.md for limitations)
|
|
114
|
+
* @param buffer - Buffer to zero
|
|
115
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
116
|
+
*/
|
|
117
|
+
export function zeroize(buffer: Uint8Array): void;
|
|
118
|
+
|
|
119
|
+
/**
|
|
120
|
+
* Check if buffer is all zeros using constant-time comparison
|
|
121
|
+
* @param buffer - Buffer to check
|
|
122
|
+
* @returns true if all bytes are zero
|
|
123
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
124
|
+
*/
|
|
125
|
+
export function isZero(buffer: Uint8Array): boolean;
|
|
126
|
+
|
|
127
|
+
// Internal classes (exported but primarily for internal use)
|
|
128
|
+
|
|
129
|
+
export class Poly {
|
|
130
|
+
coeffs: Int32Array;
|
|
131
|
+
constructor();
|
|
132
|
+
copy(poly: Poly): void;
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
export class PolyVecK {
|
|
136
|
+
vec: Poly[];
|
|
137
|
+
constructor();
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
export class PolyVecL {
|
|
141
|
+
vec: Poly[];
|
|
142
|
+
constructor();
|
|
143
|
+
copy(polyVecL: PolyVecL): void;
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
export class KeccakState {
|
|
147
|
+
constructor();
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
// Internal functions (exported but primarily for internal use)
|
|
151
|
+
export function polyNTT(a: Poly): void;
|
|
152
|
+
export function polyInvNTTToMont(a: Poly): void;
|
|
153
|
+
export function polyChallenge(c: Poly, seed: Uint8Array): void;
|
|
154
|
+
export function ntt(a: Int32Array): void;
|
|
155
|
+
export function invNTTToMont(a: Int32Array): void;
|
|
156
|
+
export function montgomeryReduce(a: bigint): bigint;
|
|
157
|
+
export function reduce32(a: number): number;
|
|
158
|
+
export function cAddQ(a: number): number;
|
|
159
|
+
export function decompose(a0: Int32Array, i: number, a: number): number;
|
|
160
|
+
export function power2round(a0: Int32Array, i: number, a: number): number;
|
|
161
|
+
export function makeHint(a0: number, a1: number): number;
|
|
162
|
+
export function useHint(a: number, hint: number): number;
|
|
163
|
+
export function packPk(pk: Uint8Array, rho: Uint8Array, t1: PolyVecK): void;
|
|
164
|
+
export function packSk(
|
|
165
|
+
sk: Uint8Array,
|
|
166
|
+
rho: Uint8Array,
|
|
167
|
+
tr: Uint8Array,
|
|
168
|
+
key: Uint8Array,
|
|
169
|
+
t0: PolyVecK,
|
|
170
|
+
s1: PolyVecL,
|
|
171
|
+
s2: PolyVecK
|
|
172
|
+
): void;
|
|
173
|
+
export function packSig(
|
|
174
|
+
sig: Uint8Array,
|
|
175
|
+
c: Uint8Array,
|
|
176
|
+
z: PolyVecL,
|
|
177
|
+
h: PolyVecK
|
|
178
|
+
): void;
|
|
179
|
+
export function unpackPk(rho: Uint8Array, t1: PolyVecK, pk: Uint8Array): void;
|
|
180
|
+
export function unpackSk(
|
|
181
|
+
rho: Uint8Array,
|
|
182
|
+
tr: Uint8Array,
|
|
183
|
+
key: Uint8Array,
|
|
184
|
+
t0: PolyVecK,
|
|
185
|
+
s1: PolyVecL,
|
|
186
|
+
s2: PolyVecK,
|
|
187
|
+
sk: Uint8Array
|
|
188
|
+
): void;
|
|
189
|
+
export function unpackSig(
|
|
190
|
+
c: Uint8Array,
|
|
191
|
+
z: PolyVecL,
|
|
192
|
+
h: PolyVecK,
|
|
193
|
+
sig: Uint8Array
|
|
194
|
+
): number;
|
|
195
|
+
|
|
196
|
+
// FIPS 202 SHAKE primitives (low-level XOF interface, primarily internal)
|
|
197
|
+
export function shake128Init(state: KeccakState): void;
|
|
198
|
+
export function shake128Absorb(state: KeccakState, input: Uint8Array): void;
|
|
199
|
+
export function shake128Finalize(state: KeccakState): void;
|
|
200
|
+
export function shake128SqueezeBlocks(
|
|
201
|
+
out: Uint8Array,
|
|
202
|
+
outputOffset: number,
|
|
203
|
+
nBlocks: number,
|
|
204
|
+
state: KeccakState
|
|
205
|
+
): void;
|
|
206
|
+
export function shake256Init(state: KeccakState): void;
|
|
207
|
+
export function shake256Absorb(state: KeccakState, input: Uint8Array): void;
|
|
208
|
+
export function shake256Finalize(state: KeccakState): void;
|
|
209
|
+
export function shake256SqueezeBlocks(
|
|
210
|
+
out: Uint8Array,
|
|
211
|
+
outputOffset: number,
|
|
212
|
+
nBlocks: number,
|
|
213
|
+
state: KeccakState
|
|
214
|
+
): void;
|
|
215
|
+
|
|
216
|
+
// Dilithium-specific stream initializers
|
|
217
|
+
export function dilithiumShake128StreamInit(
|
|
218
|
+
state: KeccakState,
|
|
219
|
+
seed: Uint8Array,
|
|
220
|
+
nonce: number
|
|
221
|
+
): void;
|
|
222
|
+
export function dilithiumShake256StreamInit(
|
|
223
|
+
state: KeccakState,
|
|
224
|
+
seed: Uint8Array,
|
|
225
|
+
nonce: number
|
|
226
|
+
): void;
|
|
227
|
+
|
|
228
|
+
// Polynomial operations (internal)
|
|
229
|
+
export function polyReduce(a: Poly): void;
|
|
230
|
+
export function polyCAddQ(a: Poly): void;
|
|
231
|
+
export function polyAdd(c: Poly, a: Poly, b: Poly): void;
|
|
232
|
+
export function polySub(c: Poly, a: Poly, b: Poly): void;
|
|
233
|
+
export function polyShiftL(a: Poly): void;
|
|
234
|
+
export function polyPointWiseMontgomery(c: Poly, a: Poly, b: Poly): void;
|
|
235
|
+
export function polyPower2round(a1: Poly, a0: Poly, a: Poly): void;
|
|
236
|
+
export function polyDecompose(a1: Poly, a0: Poly, a: Poly): void;
|
|
237
|
+
export function polyMakeHint(h: Poly, a0: Poly, a1: Poly): number;
|
|
238
|
+
export function polyUseHint(b: Poly, a: Poly, h: Poly): void;
|
|
239
|
+
export function polyChkNorm(a: Poly, b: number): number;
|
|
240
|
+
export function rejUniform(
|
|
241
|
+
a: Int32Array,
|
|
242
|
+
aOffset: number,
|
|
243
|
+
len: number,
|
|
244
|
+
buf: Uint8Array,
|
|
245
|
+
bufLen: number
|
|
246
|
+
): number;
|
|
247
|
+
export function polyUniform(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
248
|
+
export function rejEta(
|
|
249
|
+
a: Int32Array,
|
|
250
|
+
aOffset: number,
|
|
251
|
+
len: number,
|
|
252
|
+
buf: Uint8Array,
|
|
253
|
+
bufLen: number
|
|
254
|
+
): number;
|
|
255
|
+
export function polyUniformEta(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
256
|
+
export function polyZUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
257
|
+
export function polyUniformGamma1(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
258
|
+
export function polyEtaPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
259
|
+
export function polyEtaUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
260
|
+
export function polyT1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
261
|
+
export function polyT1Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
262
|
+
export function polyT0Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
263
|
+
export function polyT0Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
264
|
+
export function polyZPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
265
|
+
export function polyW1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
266
|
+
|
|
267
|
+
// Polynomial vector operations (internal)
|
|
268
|
+
export function polyVecMatrixExpand(mat: PolyVecL[], rho: Uint8Array): void;
|
|
269
|
+
export function polyVecMatrixPointWiseMontgomery(
|
|
270
|
+
t: PolyVecK,
|
|
271
|
+
mat: PolyVecL[],
|
|
272
|
+
v: PolyVecL
|
|
273
|
+
): void;
|
|
274
|
+
export function polyVecLUniformEta(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
275
|
+
export function polyVecLUniformGamma1(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
276
|
+
export function polyVecLReduce(v: PolyVecL): void;
|
|
277
|
+
export function polyVecLAdd(w: PolyVecL, u: PolyVecL, v: PolyVecL): void;
|
|
278
|
+
export function polyVecLNTT(v: PolyVecL): void;
|
|
279
|
+
export function polyVecLInvNTTToMont(v: PolyVecL): void;
|
|
280
|
+
export function polyVecLPointWisePolyMontgomery(
|
|
281
|
+
r: PolyVecL,
|
|
282
|
+
a: Poly,
|
|
283
|
+
v: PolyVecL
|
|
284
|
+
): void;
|
|
285
|
+
export function polyVecLPointWiseAccMontgomery(
|
|
286
|
+
w: Poly,
|
|
287
|
+
u: PolyVecL,
|
|
288
|
+
v: PolyVecL
|
|
289
|
+
): void;
|
|
290
|
+
export function polyVecLChkNorm(v: PolyVecL, bound: number): number;
|
|
291
|
+
export function polyVecKUniformEta(v: PolyVecK, seed: Uint8Array, nonce: number): void;
|
|
292
|
+
export function polyVecKReduce(v: PolyVecK): void;
|
|
293
|
+
export function polyVecKCAddQ(v: PolyVecK): void;
|
|
294
|
+
export function polyVecKAdd(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
295
|
+
export function polyVecKSub(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
296
|
+
export function polyVecKShiftL(v: PolyVecK): void;
|
|
297
|
+
export function polyVecKNTT(v: PolyVecK): void;
|
|
298
|
+
export function polyVecKInvNTTToMont(v: PolyVecK): void;
|
|
299
|
+
export function polyVecKPointWisePolyMontgomery(
|
|
300
|
+
r: PolyVecK,
|
|
301
|
+
a: Poly,
|
|
302
|
+
v: PolyVecK
|
|
303
|
+
): void;
|
|
304
|
+
export function polyVecKChkNorm(v: PolyVecK, bound: number): number;
|
|
305
|
+
export function polyVecKPower2round(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
306
|
+
export function polyVecKDecompose(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
307
|
+
export function polyVecKMakeHint(h: PolyVecK, v0: PolyVecK, v1: PolyVecK): number;
|
|
308
|
+
export function polyVecKUseHint(w: PolyVecK, u: PolyVecK, h: PolyVecK): void;
|
|
309
|
+
export function polyVecKPackW1(r: Uint8Array, w1: PolyVecK): void;
|
package/dist/mjs/dilithium5.js
CHANGED
|
@@ -975,6 +975,12 @@ function packSig(sigP, c, z, h) {
|
|
|
975
975
|
for (let i = 0; i < K; ++i) {
|
|
976
976
|
for (let j = 0; j < N; ++j) {
|
|
977
977
|
if (h.vec[i].coeffs[j] !== 0) {
|
|
978
|
+
if (h.vec[i].coeffs[j] !== 1) {
|
|
979
|
+
throw new Error('hint coefficients must be binary (0 or 1)');
|
|
980
|
+
}
|
|
981
|
+
if (k >= OMEGA) {
|
|
982
|
+
throw new Error(`hint count exceeds OMEGA (${OMEGA})`);
|
|
983
|
+
}
|
|
978
984
|
sig[sigOffset + k++] = j;
|
|
979
985
|
}
|
|
980
986
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@theqrl/dilithium5",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.5",
|
|
4
4
|
"description": "Dilithium-5 cryptography",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"dilithium",
|
|
@@ -44,8 +44,14 @@
|
|
|
44
44
|
},
|
|
45
45
|
"exports": {
|
|
46
46
|
".": {
|
|
47
|
-
"import":
|
|
48
|
-
|
|
47
|
+
"import": {
|
|
48
|
+
"types": "./dist/mjs/dilithium5.d.mts",
|
|
49
|
+
"default": "./dist/mjs/dilithium5.js"
|
|
50
|
+
},
|
|
51
|
+
"require": {
|
|
52
|
+
"types": "./dist/cjs/dilithium5.d.cts",
|
|
53
|
+
"default": "./dist/cjs/dilithium5.js"
|
|
54
|
+
}
|
|
49
55
|
}
|
|
50
56
|
},
|
|
51
57
|
"type": "module",
|
package/src/index.d.ts
CHANGED
|
@@ -192,3 +192,118 @@ export function unpackSig(
|
|
|
192
192
|
h: PolyVecK,
|
|
193
193
|
sig: Uint8Array
|
|
194
194
|
): number;
|
|
195
|
+
|
|
196
|
+
// FIPS 202 SHAKE primitives (low-level XOF interface, primarily internal)
|
|
197
|
+
export function shake128Init(state: KeccakState): void;
|
|
198
|
+
export function shake128Absorb(state: KeccakState, input: Uint8Array): void;
|
|
199
|
+
export function shake128Finalize(state: KeccakState): void;
|
|
200
|
+
export function shake128SqueezeBlocks(
|
|
201
|
+
out: Uint8Array,
|
|
202
|
+
outputOffset: number,
|
|
203
|
+
nBlocks: number,
|
|
204
|
+
state: KeccakState
|
|
205
|
+
): void;
|
|
206
|
+
export function shake256Init(state: KeccakState): void;
|
|
207
|
+
export function shake256Absorb(state: KeccakState, input: Uint8Array): void;
|
|
208
|
+
export function shake256Finalize(state: KeccakState): void;
|
|
209
|
+
export function shake256SqueezeBlocks(
|
|
210
|
+
out: Uint8Array,
|
|
211
|
+
outputOffset: number,
|
|
212
|
+
nBlocks: number,
|
|
213
|
+
state: KeccakState
|
|
214
|
+
): void;
|
|
215
|
+
|
|
216
|
+
// Dilithium-specific stream initializers
|
|
217
|
+
export function dilithiumShake128StreamInit(
|
|
218
|
+
state: KeccakState,
|
|
219
|
+
seed: Uint8Array,
|
|
220
|
+
nonce: number
|
|
221
|
+
): void;
|
|
222
|
+
export function dilithiumShake256StreamInit(
|
|
223
|
+
state: KeccakState,
|
|
224
|
+
seed: Uint8Array,
|
|
225
|
+
nonce: number
|
|
226
|
+
): void;
|
|
227
|
+
|
|
228
|
+
// Polynomial operations (internal)
|
|
229
|
+
export function polyReduce(a: Poly): void;
|
|
230
|
+
export function polyCAddQ(a: Poly): void;
|
|
231
|
+
export function polyAdd(c: Poly, a: Poly, b: Poly): void;
|
|
232
|
+
export function polySub(c: Poly, a: Poly, b: Poly): void;
|
|
233
|
+
export function polyShiftL(a: Poly): void;
|
|
234
|
+
export function polyPointWiseMontgomery(c: Poly, a: Poly, b: Poly): void;
|
|
235
|
+
export function polyPower2round(a1: Poly, a0: Poly, a: Poly): void;
|
|
236
|
+
export function polyDecompose(a1: Poly, a0: Poly, a: Poly): void;
|
|
237
|
+
export function polyMakeHint(h: Poly, a0: Poly, a1: Poly): number;
|
|
238
|
+
export function polyUseHint(b: Poly, a: Poly, h: Poly): void;
|
|
239
|
+
export function polyChkNorm(a: Poly, b: number): number;
|
|
240
|
+
export function rejUniform(
|
|
241
|
+
a: Int32Array,
|
|
242
|
+
aOffset: number,
|
|
243
|
+
len: number,
|
|
244
|
+
buf: Uint8Array,
|
|
245
|
+
bufLen: number
|
|
246
|
+
): number;
|
|
247
|
+
export function polyUniform(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
248
|
+
export function rejEta(
|
|
249
|
+
a: Int32Array,
|
|
250
|
+
aOffset: number,
|
|
251
|
+
len: number,
|
|
252
|
+
buf: Uint8Array,
|
|
253
|
+
bufLen: number
|
|
254
|
+
): number;
|
|
255
|
+
export function polyUniformEta(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
256
|
+
export function polyZUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
257
|
+
export function polyUniformGamma1(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
258
|
+
export function polyEtaPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
259
|
+
export function polyEtaUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
260
|
+
export function polyT1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
261
|
+
export function polyT1Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
262
|
+
export function polyT0Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
263
|
+
export function polyT0Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
264
|
+
export function polyZPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
265
|
+
export function polyW1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
266
|
+
|
|
267
|
+
// Polynomial vector operations (internal)
|
|
268
|
+
export function polyVecMatrixExpand(mat: PolyVecL[], rho: Uint8Array): void;
|
|
269
|
+
export function polyVecMatrixPointWiseMontgomery(
|
|
270
|
+
t: PolyVecK,
|
|
271
|
+
mat: PolyVecL[],
|
|
272
|
+
v: PolyVecL
|
|
273
|
+
): void;
|
|
274
|
+
export function polyVecLUniformEta(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
275
|
+
export function polyVecLUniformGamma1(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
276
|
+
export function polyVecLReduce(v: PolyVecL): void;
|
|
277
|
+
export function polyVecLAdd(w: PolyVecL, u: PolyVecL, v: PolyVecL): void;
|
|
278
|
+
export function polyVecLNTT(v: PolyVecL): void;
|
|
279
|
+
export function polyVecLInvNTTToMont(v: PolyVecL): void;
|
|
280
|
+
export function polyVecLPointWisePolyMontgomery(
|
|
281
|
+
r: PolyVecL,
|
|
282
|
+
a: Poly,
|
|
283
|
+
v: PolyVecL
|
|
284
|
+
): void;
|
|
285
|
+
export function polyVecLPointWiseAccMontgomery(
|
|
286
|
+
w: Poly,
|
|
287
|
+
u: PolyVecL,
|
|
288
|
+
v: PolyVecL
|
|
289
|
+
): void;
|
|
290
|
+
export function polyVecLChkNorm(v: PolyVecL, bound: number): number;
|
|
291
|
+
export function polyVecKUniformEta(v: PolyVecK, seed: Uint8Array, nonce: number): void;
|
|
292
|
+
export function polyVecKReduce(v: PolyVecK): void;
|
|
293
|
+
export function polyVecKCAddQ(v: PolyVecK): void;
|
|
294
|
+
export function polyVecKAdd(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
295
|
+
export function polyVecKSub(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
296
|
+
export function polyVecKShiftL(v: PolyVecK): void;
|
|
297
|
+
export function polyVecKNTT(v: PolyVecK): void;
|
|
298
|
+
export function polyVecKInvNTTToMont(v: PolyVecK): void;
|
|
299
|
+
export function polyVecKPointWisePolyMontgomery(
|
|
300
|
+
r: PolyVecK,
|
|
301
|
+
a: Poly,
|
|
302
|
+
v: PolyVecK
|
|
303
|
+
): void;
|
|
304
|
+
export function polyVecKChkNorm(v: PolyVecK, bound: number): number;
|
|
305
|
+
export function polyVecKPower2round(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
306
|
+
export function polyVecKDecompose(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
307
|
+
export function polyVecKMakeHint(h: PolyVecK, v0: PolyVecK, v1: PolyVecK): number;
|
|
308
|
+
export function polyVecKUseHint(w: PolyVecK, u: PolyVecK, h: PolyVecK): void;
|
|
309
|
+
export function polyVecKPackW1(r: Uint8Array, w1: PolyVecK): void;
|