@@ -94,6 +94,7 @@ impl PrivateKey {
9494/// methods of the SigningKey implementation. This should remain private.
9595fn sign_arbitrary_message ( & self , message : & [ u8 ] ) -> Signature {
9696 use slh_dsa:: signature:: Signer ;
97+ // NOTE: To hedge against fault attacks, can use RandomizedSigner::<slh_dsa::Signature<Sha2_128s>>::sign_with_rng().
9798 let signature = Signer :: < slh_dsa:: Signature < Sha2_128s > > :: sign ( & self . 0 , message) ;
9899 Signature ( signature)
99100 }
@@ -535,4 +536,31 @@ mod tests {
535536 "Cloned private key should be equal to the original"
536537 ) ;
537538 }
539+
540+ #[ test]
541+ fn test_signing_is_deterministic ( ) {
542+ // Generate a random private key
543+ let mut rng = rand:: thread_rng ( ) ;
544+ let key = PrivateKey :: generate ( & mut rng) ;
545+
546+ // Create a test message
547+ let message = b"test message for deterministic signing" ;
548+
549+ // Sign the same message twice
550+ let signature1 = key. sign_arbitrary_message ( message) ;
551+ let signature2 = key. sign_arbitrary_message ( message) ;
552+
553+ // Assert that the two signatures are identical
554+ assert_eq ! (
555+ signature1, signature2,
556+ "Signing the same message twice should produce identical signatures"
557+ ) ;
558+
559+ // Also verify the signatures are equal when comparing bytes
560+ assert_eq ! (
561+ signature1. to_bytes( ) ,
562+ signature2. to_bytes( ) ,
563+ "Signature bytes should be identical for the same message"
564+ ) ;
565+ }
538566}
0 commit comments