Skip to content

Commit

Permalink
Merge pull request #619 from cryspen/jonas/ml-dsa-acvp
Browse files Browse the repository at this point in the history
ACVP test vectors for ML-DSA
  • Loading branch information
franziskuskiefer authored Oct 9, 2024
2 parents 5b51960 + 208f9f6 commit 9f0de7f
Show file tree
Hide file tree
Showing 17 changed files with 2,806 additions and 41 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/mldsa.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,12 +92,12 @@ jobs:
- name: 🏃🏻‍♀️ Test
run: |
cargo clean
cargo test --verbose $RUST_TARGET_FLAG
cargo test --verbose --features acvp $RUST_TARGET_FLAG
- name: 🏃🏻‍♀️ Test Release
run: |
cargo clean
cargo test --verbose --release $RUST_TARGET_FLAG
cargo test --verbose --release --features acvp $RUST_TARGET_FLAG
# Benchmarks
- name: 🔨 Build Benchmarks
Expand Down
1 change: 1 addition & 0 deletions libcrux-ml-dsa/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ pqcrypto-dilithium = { version = "0.5.0" } #, default-features = false
[features]
simd128 = []
simd256 = []
acvp = [] # expose internal API for ACVP testing

[[bench]]
name = "manual44"
Expand Down
18 changes: 0 additions & 18 deletions libcrux-ml-dsa/src/instantiations.rs

This file was deleted.

1 change: 0 additions & 1 deletion libcrux-ml-dsa/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ mod arithmetic;
mod constants;
mod encoding;
mod hash_functions;
mod instantiations;
mod matrix;
mod ml_dsa_generic;
mod ntt;
Expand Down
109 changes: 109 additions & 0 deletions libcrux-ml-dsa/src/ml_dsa_44.rs
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,59 @@ macro_rules! instantiate {
>(&signing_key.0, message, context, randomness)
}

/// Generate an ML-DSA-44 Signature (Algorithm 7 in FIPS204)
///
/// The message is assumed to be domain-separated.
#[cfg(feature = "acvp")]
pub fn sign_internal(
signing_key: &MLDSA44SigningKey,
message: &[u8],
randomness: [u8; SIGNING_RANDOMNESS_SIZE],
) -> Result<MLDSA44Signature, SigningError> {
p::sign_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
ETA,
ERROR_RING_ELEMENT_SIZE,
GAMMA1_EXPONENT,
GAMMA2,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
GAMMA1_RING_ELEMENT_SIZE,
SIGNING_KEY_SIZE,
SIGNATURE_SIZE,
>(&signing_key.0, message, randomness)
}

/// Verify an ML-DSA-44 Signature (Algorithm 8 in FIPS204)
///
/// The message is assumed to be domain-separated.
#[cfg(feature = "acvp")]
pub fn verify_internal(
verification_key: &MLDSA44VerificationKey,
message: &[u8],
signature: &MLDSA44Signature,
) -> Result<(), VerificationError> {
p::verify_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
SIGNATURE_SIZE,
VERIFICATION_KEY_SIZE,
GAMMA1_EXPONENT,
GAMMA1_RING_ELEMENT_SIZE,
GAMMA2,
BETA,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
>(&verification_key.0, message, &signature.0)
}

/// Generate a HashML-DSA-44 Signature, with a SHAKE128 pre-hashing
///
/// The parameter `context` is used for domain separation
Expand Down Expand Up @@ -274,6 +327,62 @@ pub fn sign(
>(&signing_key.0, message, context, randomness)
}

/// Sign with ML-DSA 44 (Algorithm 7 in FIPS204)
///
/// Sign a `message` (assumed to be domain-separated) with the ML-DSA `signing_key`.
///
/// This function returns an [`MLDSA44Signature`].
#[cfg(all(not(eurydice), feature = "acvp"))]
pub fn sign_internal(
signing_key: &MLDSA44SigningKey,
message: &[u8],
randomness: [u8; SIGNING_RANDOMNESS_SIZE],
) -> Result<MLDSA44Signature, SigningError> {
multiplexing::sign_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
ETA,
ERROR_RING_ELEMENT_SIZE,
GAMMA1_EXPONENT,
GAMMA2,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
GAMMA1_RING_ELEMENT_SIZE,
SIGNING_KEY_SIZE,
SIGNATURE_SIZE,
>(&signing_key.0, message, randomness)
}

/// Verify an ML-DSA-44 Signature (Algorithm 8 in FIPS204)
///
/// Returns `Ok` when the `signature` is valid for the `message` (assumed to be domain-separated) and
/// `verification_key`, and a [`VerificationError`] otherwise.
#[cfg(all(not(eurydice), feature = "acvp"))]
pub fn verify_internal(
verification_key: &MLDSA44VerificationKey,
message: &[u8],
signature: &MLDSA44Signature,
) -> Result<(), VerificationError> {
multiplexing::verify_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
SIGNATURE_SIZE,
VERIFICATION_KEY_SIZE,
GAMMA1_EXPONENT,
GAMMA1_RING_ELEMENT_SIZE,
GAMMA2,
BETA,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
>(&verification_key.0, message, &signature.0)
}

/// Verify an ML-DSA-44 Signature
///
/// The parameter `context` is used for domain separation
Expand Down
107 changes: 107 additions & 0 deletions libcrux-ml-dsa/src/ml_dsa_65.rs
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,58 @@ macro_rules! instantiate {
verification_key: MLDSAVerificationKey(verification_key),
}
}
/// Generate an ML-DSA-65 Signature (Algorithm 7 in FIPS 204)
///
/// The message is assumed to be domain-separated.
#[cfg(feature = "acvp")]
pub fn sign_internal(
signing_key: &MLDSA65SigningKey,
message: &[u8],
randomness: [u8; SIGNING_RANDOMNESS_SIZE],
) -> Result<MLDSA65Signature, SigningError> {
p::sign_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
ETA,
ERROR_RING_ELEMENT_SIZE,
GAMMA1_EXPONENT,
GAMMA2,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
GAMMA1_RING_ELEMENT_SIZE,
SIGNING_KEY_SIZE,
SIGNATURE_SIZE,
>(&signing_key.0, message, randomness)
}

/// Verify an ML-DSA-65 Signature (Algorithm 8 in FIPS 204)
///
/// The message is assumed to be domain-separated.
#[cfg(feature = "acvp")]
pub fn verify_internal(
verification_key: &MLDSA65VerificationKey,
message: &[u8],
signature: &MLDSA65Signature,
) -> Result<(), VerificationError> {
p::verify_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
SIGNATURE_SIZE,
VERIFICATION_KEY_SIZE,
GAMMA1_EXPONENT,
GAMMA1_RING_ELEMENT_SIZE,
GAMMA2,
BETA,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
>(&verification_key.0, message, &signature.0)
}

/// Generate an ML-DSA-65 Signature
///
Expand Down Expand Up @@ -374,3 +426,58 @@ pub fn verify_pre_hashed_shake128(
MAX_ONES_IN_HINT,
>(&verification_key.0, message, context, &signature.0)
}
/// Sign with ML-DSA 65 (Algorithm 7 in FIPS 204)
///
/// Sign a `message` (assumed to be domain-separated) with the ML-DSA `signing_key`.
///
/// This function returns an [`MLDSA65Signature`].
#[cfg(all(not(eurydice), feature = "acvp"))]
pub fn sign_internal(
signing_key: &MLDSA65SigningKey,
message: &[u8],
randomness: [u8; SIGNING_RANDOMNESS_SIZE],
) -> Result<MLDSA65Signature, SigningError> {
multiplexing::sign_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
ETA,
ERROR_RING_ELEMENT_SIZE,
GAMMA1_EXPONENT,
GAMMA2,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
GAMMA1_RING_ELEMENT_SIZE,
SIGNING_KEY_SIZE,
SIGNATURE_SIZE,
>(&signing_key.0, message, randomness)
}

/// Verify an ML-DSA-65 Signature (Algorithm 8 in FIPS204)
///
/// Returns `Ok` when the `signature` is valid for the `message` (assumed to be domain-separated) and
/// `verification_key`, and a [`VerificationError`] otherwise.
#[cfg(all(not(eurydice), feature = "acvp"))]
pub fn verify_internal(
verification_key: &MLDSA65VerificationKey,
message: &[u8],
signature: &MLDSA65Signature,
) -> Result<(), VerificationError> {
multiplexing::verify_internal::<
ROWS_IN_A,
COLUMNS_IN_A,
SIGNATURE_SIZE,
VERIFICATION_KEY_SIZE,
GAMMA1_EXPONENT,
GAMMA1_RING_ELEMENT_SIZE,
GAMMA2,
BETA,
COMMITMENT_RING_ELEMENT_SIZE,
COMMITMENT_VECTOR_SIZE,
COMMITMENT_HASH_SIZE,
ONES_IN_VERIFIER_CHALLENGE,
MAX_ONES_IN_HINT,
>(&verification_key.0, message, &signature.0)
}
Loading

0 comments on commit 9f0de7f

Please sign in to comment.