Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ExternalMu mode for pre-hash ML-DSA #2113

Merged
merged 36 commits into from
Jan 17, 2025
+3,894 −838
Merged

ExternalMu mode for pre-hash ML-DSA #2113

Changes from 1 commit
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
5abd396
ml-dsa extmu
jakemas Jan 10, 2025
00b3ba1
CR fixes from nevine and will
jakemas Jan 13, 2025
0461f48
spacing nits
jakemas Jan 13, 2025
21006fd
evp documentation
jakemas Jan 13, 2025
9f17f86
Merge branch 'main' into extmu-ml-dsa
jakemas Jan 13, 2025
7823f93
removed use of internal functions in test file
jakemas Jan 13, 2025
7baa8c1
spacing nits
jakemas Jan 13, 2025
9de6f9d
mem leak in test code
jakemas Jan 13, 2025
dddd501
duplicated line
jakemas Jan 13, 2025
bd4e629
added negative testing for extmu
jakemas Jan 13, 2025
9a90332
added ACVP access for extmu internal and KAT framework
jakemas Jan 14, 2025
cb40bdc
spacing nit
jakemas Jan 14, 2025
ba50e2c
Merge branch 'main' into extmu-ml-dsa
jakemas Jan 14, 2025
ba1856b
CR fixes
jakemas Jan 14, 2025
255aa97
Merge branch 'extmu-ml-dsa' of github.com:jakemas/aws-lc into extmu-m…
jakemas Jan 14, 2025
89d4744
spotted typo
jakemas Jan 14, 2025
49580d6
updated message names to mu
jakemas Jan 14, 2025
a97e54b
Merge branch 'main' into extmu-ml-dsa
jakemas Jan 15, 2025
318f0c1
internal naming
jakemas Jan 15, 2025
6d214b5
readme updates
jakemas Jan 15, 2025
195779c
readme update
jakemas Jan 15, 2025
75ccaf5
Merge branch 'main' into extmu-ml-dsa
jakemas Jan 16, 2025
3d98fb6
remove KAT
jakemas Jan 16, 2025
b347ee6
added source files
jakemas Jan 16, 2025
3b6e302
updated gensrc
jakemas Jan 16, 2025
2f8729a
update readme to discuss KAT
jakemas Jan 16, 2025
ce4f764
update gen src
jakemas Jan 16, 2025
957523e
added ACVP test vectors
jakemas Jan 16, 2025
76a71f1
update readme
jakemas Jan 16, 2025
807aca4
Merge branch 'main' into extmu-ml-dsa
jakemas Jan 17, 2025
201b096
update internal name
jakemas Jan 17, 2025
6762c2a
Merge branch 'extmu-ml-dsa' of github.com:jakemas/aws-lc into extmu-m…
jakemas Jan 17, 2025
0dfc1f2
typo
jakemas Jan 17, 2025
e56a143
missed space
jakemas Jan 17, 2025
49d0b08
missed space
jakemas Jan 17, 2025
36e9ae2
Merge branch 'main' into extmu-ml-dsa
jakemas Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion crypto/ml_dsa/ml_dsa_ref/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ that initialize a given structure with values corresponding to a parameter set.
- Documentation has been added to `ntt.c`, `packing.c`, `poly.c`, `polyvec.c`, and `rounding.c` that outlines the algorithm specification (including algorithm number) in FIPS 204.
- `poly.c` and `sign.c` have been modified to cleanse intermediate data as soon as it is no longer needed as defined in FIPS 204 Section 3.6.3.
- Intermediate values are cleansed within `crypto_sign_keypair_internal`, `crypto_sign_keypair`, `crypto_sign_signature_internal`, `crypto_sign_verify_internal`, `crypto_sign_verify`, `poly_uniform_eta`, `poly_uniform_gamma1`, and `poly_challenge` as per FIPS 204 Section 3.6.3.
- `sign.c` has been modified to provide support for ML-DSA in ExternalMu mode. This is an alternative implementation of ML-DSA sign and verify that accepts `mu` as input, rather than the raw message. As `mu` can be constructed (and thus hashed) in another cryptographic module.
jakemas marked this conversation as resolved.
Show resolved Hide resolved

**Testing**

The KATs were obtained from https://github.com/post-quantum-cryptography/KAT. We select the KATs for the signing mode `hedged`, which derives the signing private random seed (rho) pseudorandomly from the signer's private key, the message to be signed, and a 256-bit string `rnd` which is generated at random. The `pure` variant of these KATs were used, as they provide test vector inputs for "pure" i.e., non-pre-hashed messages. The KAT files have been modified to insert linebreaks between each test vector set.
The KATs were obtained from https://github.com/post-quantum-cryptography/KAT. We select the KATs for the signing mode `hedged`, which derives the signing private random seed (rho) pseudorandomly from the signer's private key, the message to be signed, and a 256-bit string `rnd` which is generated at random. The `pure` variant of these KATs were used, as they provide test vector inputs for "pure" i.e., non-pre-hashed messages. The KAT files have been modified to insert linebreaks between each test vector set.
Additionally, we re-use these KATs to test ExternalMu mode of ML-DSA, by including the known value of `mu` for each of the test vectors.
Loading