@theqrl/mldsa87 1.0.3 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/mldsa87.js +11 -11
- package/dist/mjs/mldsa87.js +1 -1
- package/package.json +9 -8
package/dist/cjs/mldsa87.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var sha3_js = require('@noble/hashes/sha3.js');
|
|
4
4
|
var pkg = require('randombytes');
|
|
5
5
|
|
|
6
6
|
const Shake128Rate = 168;
|
|
@@ -87,7 +87,7 @@ class KeccakState {
|
|
|
87
87
|
// SHAKE-128 functions
|
|
88
88
|
|
|
89
89
|
function shake128Init(state) {
|
|
90
|
-
state.hasher =
|
|
90
|
+
state.hasher = sha3_js.shake128.create({});
|
|
91
91
|
state.finalized = false;
|
|
92
92
|
}
|
|
93
93
|
|
|
@@ -109,7 +109,7 @@ function shake128SqueezeBlocks(out, outputOffset, nBlocks, state) {
|
|
|
109
109
|
// SHAKE-256 functions
|
|
110
110
|
|
|
111
111
|
function shake256Init(state) {
|
|
112
|
-
state.hasher =
|
|
112
|
+
state.hasher = sha3_js.shake256.create({});
|
|
113
113
|
state.finalized = false;
|
|
114
114
|
}
|
|
115
115
|
|
|
@@ -1096,7 +1096,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
|
|
|
1096
1096
|
|
|
1097
1097
|
const outputLength = 2 * SeedBytes + CRHBytes;
|
|
1098
1098
|
const domainSep = new Uint8Array([K, L]);
|
|
1099
|
-
const seedBuf =
|
|
1099
|
+
const seedBuf = sha3_js.shake256.create({}).update(seed).update(domainSep).xof(outputLength);
|
|
1100
1100
|
const rho = seedBuf.slice(0, SeedBytes);
|
|
1101
1101
|
const rhoPrime = seedBuf.slice(SeedBytes, SeedBytes + CRHBytes);
|
|
1102
1102
|
const key = seedBuf.slice(SeedBytes + CRHBytes);
|
|
@@ -1125,7 +1125,7 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
|
|
|
1125
1125
|
packPk(pk, rho, t1);
|
|
1126
1126
|
|
|
1127
1127
|
// Compute tr = SHAKE256(pk) (64 bytes) and write secret key
|
|
1128
|
-
const tr =
|
|
1128
|
+
const tr = sha3_js.shake256.create({}).update(pk).xof(TRBytes);
|
|
1129
1129
|
packSk(sk, rho, tr, key, t0, s1, s2);
|
|
1130
1130
|
|
|
1131
1131
|
return seed;
|
|
@@ -1189,11 +1189,11 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
|
|
|
1189
1189
|
const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
|
|
1190
1190
|
|
|
1191
1191
|
// mu = SHAKE256(tr || pre || m)
|
|
1192
|
-
const mu =
|
|
1192
|
+
const mu = sha3_js.shake256.create({}).update(tr).update(pre).update(mBytes).xof(CRHBytes);
|
|
1193
1193
|
|
|
1194
1194
|
// rhoPrime = SHAKE256(key || rnd || mu)
|
|
1195
1195
|
const rnd = randomizedSigning ? randomBytes(RNDBytes) : new Uint8Array(RNDBytes);
|
|
1196
|
-
rhoPrime =
|
|
1196
|
+
rhoPrime = sha3_js.shake256.create({}).update(key).update(rnd).update(mu).xof(CRHBytes);
|
|
1197
1197
|
|
|
1198
1198
|
polyVecMatrixExpand(mat, rho);
|
|
1199
1199
|
polyVecLNTT(s1);
|
|
@@ -1215,7 +1215,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
|
|
|
1215
1215
|
polyVecKPackW1(sig, w1);
|
|
1216
1216
|
|
|
1217
1217
|
// ctilde = SHAKE256(mu || w1_packed) (64 bytes)
|
|
1218
|
-
const ctilde =
|
|
1218
|
+
const ctilde = sha3_js.shake256
|
|
1219
1219
|
.create({})
|
|
1220
1220
|
.update(mu)
|
|
1221
1221
|
.update(sig.slice(0, K * PolyW1PackedBytes))
|
|
@@ -1341,7 +1341,7 @@ function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
|
|
|
1341
1341
|
}
|
|
1342
1342
|
|
|
1343
1343
|
/* Compute mu = SHAKE256(tr || pre || m) with tr = SHAKE256(pk) */
|
|
1344
|
-
const tr =
|
|
1344
|
+
const tr = sha3_js.shake256.create({}).update(pk).xof(TRBytes);
|
|
1345
1345
|
|
|
1346
1346
|
const pre = new Uint8Array(2 + ctx.length);
|
|
1347
1347
|
pre[0] = 0;
|
|
@@ -1350,7 +1350,7 @@ function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
|
|
|
1350
1350
|
|
|
1351
1351
|
// Convert hex message to bytes
|
|
1352
1352
|
const mBytes = typeof m === 'string' ? hexToBytes(m) : m;
|
|
1353
|
-
const muFull =
|
|
1353
|
+
const muFull = sha3_js.shake256.create({}).update(tr).update(pre).update(mBytes).xof(CRHBytes);
|
|
1354
1354
|
mu.set(muFull);
|
|
1355
1355
|
|
|
1356
1356
|
/* Matrix-vector multiplication; compute Az - c2^dt1 */
|
|
@@ -1375,7 +1375,7 @@ function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
|
|
|
1375
1375
|
polyVecKPackW1(buf, w1);
|
|
1376
1376
|
|
|
1377
1377
|
/* Call random oracle and verify challenge */
|
|
1378
|
-
const c2Hash =
|
|
1378
|
+
const c2Hash = sha3_js.shake256.create({}).update(mu).update(buf).xof(CTILDEBytes);
|
|
1379
1379
|
c2.set(c2Hash);
|
|
1380
1380
|
|
|
1381
1381
|
// Constant-time comparison to prevent timing attacks
|
package/dist/mjs/mldsa87.js
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@theqrl/mldsa87",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.4",
|
|
4
4
|
"description": "ML-DSA-87 cryptography",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ml-dsa",
|
|
@@ -48,19 +48,20 @@
|
|
|
48
48
|
},
|
|
49
49
|
"type": "module",
|
|
50
50
|
"devDependencies": {
|
|
51
|
+
"@eslint/js": "^9.39.0",
|
|
51
52
|
"c8": "^10.1.3",
|
|
52
|
-
"chai": "^
|
|
53
|
-
"eslint": "^
|
|
54
|
-
"eslint-config-
|
|
55
|
-
"eslint-
|
|
56
|
-
"eslint-plugin-import": "^2.32.0",
|
|
53
|
+
"chai": "^6.2.2",
|
|
54
|
+
"eslint": "^9.39.2",
|
|
55
|
+
"eslint-config-prettier": "^10.1.8",
|
|
56
|
+
"eslint-plugin-import-x": "^4.15.0",
|
|
57
57
|
"eslint-plugin-prettier": "^5.5.4",
|
|
58
|
-
"
|
|
58
|
+
"globals": "^16.2.0",
|
|
59
|
+
"mocha": "^11.7.5",
|
|
59
60
|
"prettier": "^3.7.4",
|
|
60
61
|
"rollup": "^4.55.1"
|
|
61
62
|
},
|
|
62
63
|
"dependencies": {
|
|
63
|
-
"@noble/hashes": "^
|
|
64
|
+
"@noble/hashes": "^2.0.1",
|
|
64
65
|
"randombytes": "^2.1.0"
|
|
65
66
|
}
|
|
66
67
|
}
|