From: Sergey Matveev Date: Sat, 10 May 2025 08:01:08 +0000 (+0300) Subject: Faster SPHINCS+ verification is more important X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=e0cbc8262e23916b575f6757a735a16187ff283365123a19eade57a8a79c42f8;p=keks.git Faster SPHINCS+ verification is more important --- diff --git a/go/cm/cmd/cmkeytool/certification.t b/go/cm/cmd/cmkeytool/certification.t index fd1e4c8..7c03dc6 100755 --- a/go/cm/cmd/cmkeytool/certification.t +++ b/go/cm/cmd/cmkeytool/certification.t @@ -7,7 +7,7 @@ TMPDIR=${TMPDIR:-/tmp} echo "gost3410-512C gost3410-256A ed25519-blake2b ed25519-blake2b -sphincs+-shake-256f sphincs+-shake-256f" | while read caAlgo eeAlgo ; do +sphincs+-shake-256s sphincs+-shake-256s" | while read caAlgo eeAlgo ; do sub="-sub CN=CA -sub C=RU" test_expect_success "$caAlgo: CA load generation" "cmkeytool \ diff --git a/go/cm/cmd/cmkeytool/main.go b/go/cm/cmd/cmkeytool/main.go index 948e546..db9520f 100644 --- a/go/cm/cmd/cmkeytool/main.go +++ b/go/cm/cmd/cmkeytool/main.go @@ -98,7 +98,7 @@ func main() { gost.GOST3410512C, sntrup4591761x25519.SNTRUP4591761X25519, mceliece6960119x25519.ClassicMcEliece6960119X25519, - spx.SPHINCSPlusSHAKE256f, + spx.SPHINCSPlusSHAKE256s, } sort.Strings(algos) for _, s := range algos { @@ -180,7 +180,7 @@ func main() { prvRaw, pub, err = sntrup4591761x25519.NewKeypair() case mceliece6960119x25519.ClassicMcEliece6960119X25519: prvRaw, pub, err = mceliece6960119x25519.NewKeypair() - case spx.SPHINCSPlusSHAKE256f: + case spx.SPHINCSPlusSHAKE256s: prvRaw, pub, err = spx.NewKeypair(*algo) default: err = errors.New("unknown -algo specified") @@ -211,7 +211,7 @@ func main() { hasher = cmhash.ByName(cmhash.BLAKE2b256) case gost.GOST3410256A, gost.GOST3410512C: hasher = cmhash.ByName(cmhash.Streebog256) - case mceliece6960119x25519.ClassicMcEliece6960119X25519, spx.SPHINCSPlusSHAKE256f: + case mceliece6960119x25519.ClassicMcEliece6960119X25519, spx.SPHINCSPlusSHAKE256s: hasher = cmhash.ByName(cmhash.SHAKE128) default: log.Fatal("unsupported algorithm") diff --git a/go/cm/cmd/cmsigtool/basic.t b/go/cm/cmd/cmsigtool/basic.t index 9fa402e..87bd284 100755 --- a/go/cm/cmd/cmsigtool/basic.t +++ b/go/cm/cmd/cmsigtool/basic.t @@ -8,7 +8,7 @@ TMPDIR=${TMPDIR:-/tmp} echo "gost3410-512C gost3410-256A ed25519-blake2b -sphincs+-shake-256f" | while read keyalgo ; do +sphincs+-shake-256s" | while read keyalgo ; do sub="-sub what=ever" typ="some-different-type" diff --git a/go/cm/hash/algo.go b/go/cm/hash/algo.go index 133ea02..703e7d1 100644 --- a/go/cm/hash/algo.go +++ b/go/cm/hash/algo.go @@ -73,12 +73,12 @@ func ByName(name string) hash.Hash { return h case SHAKE128: return NewSHAKE128() - case SHAKE256, SPHINCSPlusSHAKE256f, SPHINCSPlusSHAKE256fPh: + case SHAKE256, SPHINCSPlusSHAKE256s, SPHINCSPlusSHAKE256sPh: return NewSHAKE256() case SHAKE128Merkle: return NewSHAKE128MerkleHasher( merkle.DefaultChunkLen, DefaultNumCPU) - case SHAKE256Merkle, SPHINCSPlusSHAKE256fMerkle: + case SHAKE256Merkle, SPHINCSPlusSHAKE256sMerkle: return NewSHAKE256MerkleHasher( merkle.DefaultChunkLen, DefaultNumCPU) } diff --git a/go/cm/hash/shake.go b/go/cm/hash/shake.go index a92a4e9..5051d76 100644 --- a/go/cm/hash/shake.go +++ b/go/cm/hash/shake.go @@ -27,9 +27,9 @@ const ( SHAKE128Merkle = "shake128-merkle" SHAKE256Merkle = "shake256-merkle" - SPHINCSPlusSHAKE256f = "sphincs+-shake-256f" - SPHINCSPlusSHAKE256fPh = "sphincs+-shake-256f-ph" - SPHINCSPlusSHAKE256fMerkle = "sphincs+-shake-256f-merkle" + SPHINCSPlusSHAKE256s = "sphincs+-shake-256s" + SPHINCSPlusSHAKE256sPh = "sphincs+-shake-256s-ph" + SPHINCSPlusSHAKE256sMerkle = "sphincs+-shake-256s-merkle" ) type SHAKE struct { diff --git a/go/cm/sign/prv.go b/go/cm/sign/prv.go index 08ca9ae..7c7cdbd 100644 --- a/go/cm/sign/prv.go +++ b/go/cm/sign/prv.go @@ -60,7 +60,7 @@ func PrvParse(data []byte) (prv Iface, pub []byte, err error) { prv, pub, err = ed25519blake2b.NewSigner(av.V) case gost.GOST3410256A, gost.GOST3410512C: prv, pub, err = gost.NewSigner(av.V) - case spx.SPHINCSPlusSHAKE256f: + case spx.SPHINCSPlusSHAKE256s: prv, pub, err = spx.NewSigner(av.V) default: err = fmt.Errorf("unknown private key algo: %s", av.A) diff --git a/go/cm/sign/pub.go b/go/cm/sign/pub.go index b7b61f5..c71076e 100644 --- a/go/cm/sign/pub.go +++ b/go/cm/sign/pub.go @@ -140,8 +140,8 @@ func (pub *PubLoad) CheckSignature(algo string, signed, signature []byte) (err e if !valid { err = ErrSigInvalid } - case spx.SPHINCSPlusSHAKE256f: - if algo != spx.SPHINCSPlusSHAKE256f { + case spx.SPHINCSPlusSHAKE256s: + if algo != spx.SPHINCSPlusSHAKE256s { return ErrBadSigAlgo } valid, err = spx.Verify(key.A, key.V, signed, signature) @@ -191,10 +191,10 @@ func (pub *PubLoad) CheckSignaturePrehash( if !valid { err = ErrSigInvalid } - case spx.SPHINCSPlusSHAKE256f: + case spx.SPHINCSPlusSHAKE256s: switch algo { - case spx.SPHINCSPlusSHAKE256fPh: - case spx.SPHINCSPlusSHAKE256fMerkle: + case spx.SPHINCSPlusSHAKE256sPh: + case spx.SPHINCSPlusSHAKE256sMerkle: default: return ErrBadSigAlgo } diff --git a/go/cm/sign/spx/kp.go b/go/cm/sign/spx/kp.go index 67818af..5359c61 100644 --- a/go/cm/sign/spx/kp.go +++ b/go/cm/sign/spx/kp.go @@ -21,12 +21,12 @@ import ( ) const ( - SPHINCSPlusSHAKE256f = "sphincs+-shake-256f" - SPHINCSPlusSHAKE256fPh = "sphincs+-shake-256f-ph" - SPHINCSPlusSHAKE256fMerkle = "sphincs+-shake-256f-merkle" + SPHINCSPlusSHAKE256s = "sphincs+-shake-256s" + SPHINCSPlusSHAKE256sPh = "sphincs+-shake-256s-ph" + SPHINCSPlusSHAKE256sMerkle = "sphincs+-shake-256s-merkle" ) -var Params = spxParams.MakeSphincsPlusSHAKE256256fSimple(true) +var Params = spxParams.MakeSphincsPlusSHAKE256256sSimple(true) func NewKeypair(algo string) (prv, pub []byte, err error) { sk, pk := spx.Spx_keygen(Params) diff --git a/go/cm/sign/spx/signer.go b/go/cm/sign/spx/signer.go index b7ea550..57ddcb4 100644 --- a/go/cm/sign/spx/signer.go +++ b/go/cm/sign/spx/signer.go @@ -67,11 +67,11 @@ func (s *Signer) Prehasher() *hash.Hash { func (s *Signer) Algo() string { switch s.mode { case mode.Pure: - return SPHINCSPlusSHAKE256f + return SPHINCSPlusSHAKE256s case mode.Prehash: - return SPHINCSPlusSHAKE256fPh + return SPHINCSPlusSHAKE256sPh case mode.Merkle: - return SPHINCSPlusSHAKE256fMerkle + return SPHINCSPlusSHAKE256sMerkle } return "" } diff --git a/spec/cm/prv/sphincs+-shake-256f b/spec/cm/prv/sphincs+-shake-256s similarity index 64% rename from spec/cm/prv/sphincs+-shake-256f rename to spec/cm/prv/sphincs+-shake-256s index 2ead934..2f54cb6 100644 --- a/spec/cm/prv/sphincs+-shake-256f +++ b/spec/cm/prv/sphincs+-shake-256s @@ -1,6 +1,6 @@ -[cm/prv/] with SPHINCS+-SHAKE256-256f. +[cm/prv/] with SPHINCS+-SHAKE256-256s. 255-bit security level, fast variant and simple parameters. => https://sphincs.org/ SPHINCS+ => https://keccak.team/ SHAKE256 Value is concatenation of private and public keys (128+64 bytes). -Algorithm identifier for the public key: "sphincs+-shake-256f". +Algorithm identifier for the public key: "sphincs+-shake-256s". diff --git a/spec/cm/pub/sphincs+-shake-256f b/spec/cm/pub/sphincs+-shake-256s similarity index 66% rename from spec/cm/pub/sphincs+-shake-256f rename to spec/cm/pub/sphincs+-shake-256s index 9d05458..3df24b1 100644 --- a/spec/cm/pub/sphincs+-shake-256f +++ b/spec/cm/pub/sphincs+-shake-256s @@ -1,6 +1,6 @@ -[cm/pub/] with SPHINCS+-SHAKE256-256f. +[cm/pub/] with SPHINCS+-SHAKE256-256s. 255-bit security level, fast variant and simple parameters. => https://sphincs.org/ SPHINCS+ => https://keccak.team/ SHAKE256 -"sphincs+-shake-256f" algorithm identifier is used. +"sphincs+-shake-256s" algorithm identifier is used. Public key's fingerprint should be calculated using SHAKE128. diff --git a/spec/cm/signed/sphincs+-shake-256f-merkle b/spec/cm/signed/sphincs+-shake-256f-merkle deleted file mode 100644 index 86813dc..0000000 --- a/spec/cm/signed/sphincs+-shake-256f-merkle +++ /dev/null @@ -1,3 +0,0 @@ -[cm/signed/] with SPHINCS+-SHAKE256-256f with Merkle-tree hashing. -[cm/hashed/shake-merkle] SHAKE256 Merkle-tree hashing is used. -"sphincs+-shake-256f-merkle" algorithm identifier must be used for the signature. diff --git a/spec/cm/signed/sphincs+-shake-256f b/spec/cm/signed/sphincs+-shake-256s similarity index 59% rename from spec/cm/signed/sphincs+-shake-256f rename to spec/cm/signed/sphincs+-shake-256s index d51768a..e386834 100644 --- a/spec/cm/signed/sphincs+-shake-256f +++ b/spec/cm/signed/sphincs+-shake-256s @@ -1,8 +1,8 @@ -[cm/signed/] with SPHINCS+-SHAKE256-256f. +[cm/signed/] with SPHINCS+-SHAKE256-256s. 255-bit security level, fast variant, simple parameters and deterministic signatures. => https://sphincs.org/ SPHINCS+ => https://keccak.team/ SHAKE256 -"sphincs+-shake-256f" algorithm identifier +"sphincs+-shake-256s" algorithm identifier must be used for the signature in pure signing mode. -"sphincs+-shake-256f-ph" is used in prehash mode. +"sphincs+-shake-256s-ph" is used in prehash mode. diff --git a/spec/cm/signed/sphincs+-shake-256s-merkle b/spec/cm/signed/sphincs+-shake-256s-merkle new file mode 100644 index 0000000..79a96b3 --- /dev/null +++ b/spec/cm/signed/sphincs+-shake-256s-merkle @@ -0,0 +1,3 @@ +[cm/signed/] with SPHINCS+-SHAKE256-256s with Merkle-tree hashing. +[cm/hashed/shake-merkle] SHAKE256 Merkle-tree hashing is used. +"sphincs+-shake-256s-merkle" algorithm identifier must be used for the signature.