README
¶
XMSS: eXtended Merkle Signature Scheme
This project implements RFC8391, the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature system that can so far withstand known attacks using quantum computers. This repostiory contains code implementing the single-tree scheme, namely the following parameter sets (see section 5.3. for reference):
| Name | Functions | n | w | len | h |
|---|---|---|---|---|---|
| SHA2_10_256 | SHA2-256 | 32 | 16 | 67 | 10 |
| SHA2_16_256 | SHA2-256 | 32 | 16 | 67 | 16 |
| SHA2_20_256 | SHA2-256 | 32 | 16 | 67 | 20 |
This code has no dependencies and is compatible with the official C implementation assuming the appropriate settings (see above) are presumed.
Install
- Run
go get https://github.com/danielhavir/go-xmss
Example
package main
import (
"fmt"
"github.com/danielhavir/go-xmss"
)
func main() {
params := xmss.SHA2_16_256
prv, pub := xmss.GenerateXMSSKeypar(params)
msg := ...
sig := prv.Sign(params, msg)
m := make([]byte, params.SignBytes()+len(msg))
if xmss.Verify(params, m, *sig, *pub) {
fmt.Println("Signature matches.")
} else {
fmt.Println("Verification does not match.")
}
}
References
- XMSS: eXtended Merkle Signature Scheme RFC8391
- Official reference C implementation
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // SHA2_10_256 is parameter set using SHA-256 with n = 32, w = 16 and a Merkle Tree of height 10 SHA2_10_256 = initParams(32, 16, 10) // SHA2_16_256 is parameter set using SHA-256 with n = 32, w = 16 and a Merkle Tree of height 16 SHA2_16_256 = initParams(32, 16, 16) // SHA2_20_256 is parameter set using SHA-256 with n = 32, w = 16 and a Merkle Tree of height 20 SHA2_20_256 = initParams(32, 16, 20) )
Functions ¶
func GenerateXMSSKeypair ¶
func GenerateXMSSKeypair(params *Params) (*PrivateXMSS, *PublicXMSS)
GenerateXMSSKeypair Section 4.1.7. Algorithm 10: XMSS_keyGen - Generate an XMSS key pair Generates a XMSS key pair for a given parameter set. Format private: [(32bit) index || prvSeed || seed || pubSeed || root] Format public: [root || pubSeed]
func Verify ¶
func Verify(params *Params, m, signature []byte, pub PublicXMSS) (match bool)
Verify Section 4.1.10. Algorithm 14: XMSS_verify - Verify an XMSS signature using the corresponding XMSS public key and a message Verifies a given message signature pair under a given public key. Note that this assumes a pk without an OID, i.e. [root || pubSeed]
Types ¶
type Params ¶
type Params struct {
// contains filtered or unexported fields
}
Params is a struct for parameters
type PrivateXMSS ¶
type PrivateXMSS []byte
PrivateXMSS key
func (PrivateXMSS) Sign ¶
func (prv PrivateXMSS) Sign(params *Params, m []byte) *SignatureXMSS
Sign Section 4.1.9. Algorithm 12: XMSS_sign - Generate an XMSS signature and update the XMSS private key Signs a message. Returns an array containing the signature followed by the message and an updated secret key.
Source Files
Directories