Skip to content

Commit 4df06e7

Browse files
guanzhiguanzhi
committed
Update SPHINCS+
1 parent af3bbca commit 4df06e7

File tree

3 files changed

+1184
-288
lines changed

3 files changed

+1184
-288
lines changed

include/gmssl/sphincs.h

Lines changed: 152 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,8 @@ void sphincs_adrs_set_hash_address(sphincs_adrs_t adrs, const uint32_t address);
133133
void sphincs_adrs_set_tree_height(sphincs_adrs_t adrs, uint32_t height);
134134
void sphincs_adrs_set_tree_index(sphincs_adrs_t adrs, uint32_t index);
135135

136+
int sphincs_adrs_print(FILE *fp, int fmt, int ind, const char *label, const sphincs_adrs_t adrs);
137+
136138
typedef struct {
137139
uint8_t layer_address;
138140
uint64_t tree_address;
@@ -160,43 +162,37 @@ typedef struct {
160162
size_t siglen;
161163
} SPHINCS_PARAMS;
162164

163-
// sizeof(sphincs_secret_t) == n, when sm3/sha256, n == 16
164-
typedef uint8_t sphincs_secret_t[16];
165+
// sizeof(sphincs_hash128_t) == n, when sm3/sha256, n == 16
166+
typedef uint8_t sphincs_hash128_t[16];
167+
168+
169+
170+
#define SPHINCS_WOTS_NUM_CHAINS 35
165171

166-
typedef sphincs_secret_t sphincs_wots_key_t[35];
167-
typedef sphincs_secret_t sphincs_wots_sig_t[35];
172+
typedef sphincs_hash128_t sphincs_wots_key_t[35];
173+
typedef sphincs_hash128_t sphincs_wots_sig_t[35];
168174

169175
int sphincs_wots_key_print(FILE *fp, int fmt, int ind, const char *label, const sphincs_wots_key_t key);
170176
int sphincs_wots_sig_print(FILE *fp, int fmt, int ind, const char *label, const sphincs_wots_sig_t sig);
171177

172-
void sphincs_wots_derive_sk(const sphincs_secret_t secret,
173-
const sphincs_secret_t seed, const sphincs_adrs_t in_adrs,
178+
void sphincs_wots_derive_sk(const sphincs_hash128_t secret,
179+
const sphincs_hash128_t seed, const sphincs_adrs_t in_adrs,
174180
sphincs_wots_key_t sk);
175-
void sphincs_wots_chain(const sphincs_secret_t x,
176-
const sphincs_secret_t seed, const sphincs_adrs_t ots_adrs,
177-
int start, int steps, sphincs_secret_t y);
181+
void sphincs_wots_chain(const sphincs_hash128_t x,
182+
const sphincs_hash128_t seed, const sphincs_adrs_t ots_adrs,
183+
int start, int steps, sphincs_hash128_t y);
178184
void sphincs_wots_sk_to_pk(const sphincs_wots_key_t sk,
179-
const sphincs_secret_t seed, const sphincs_adrs_t ots_adrs,
185+
const sphincs_hash128_t seed, const sphincs_adrs_t ots_adrs,
180186
sphincs_wots_key_t pk);
181-
void sphincs_wots_pk_to_root(const sphincs_wots_key_t pk,
182-
const sphincs_secret_t seed, const sphincs_adrs_t in_adrs,
183-
sphincs_secret_t root);
184-
void sphincs_base_w_and_checksum(const sphincs_secret_t dgst, int steps[35]);
185187
void sphincs_wots_sign(const sphincs_wots_key_t sk,
186-
const sphincs_secret_t seed, const sphincs_adrs_t ots_adrs,
187-
const sphincs_secret_t dgst, sphincs_wots_sig_t sig);
188+
const sphincs_hash128_t seed, const sphincs_adrs_t ots_adrs,
189+
const sphincs_hash128_t dgst, sphincs_wots_sig_t sig);
188190
void sphincs_wots_sig_to_pk(const sphincs_wots_sig_t sig,
189-
const sphincs_secret_t seed, const sphincs_adrs_t ots_adrs,
190-
const sphincs_secret_t dgst, sphincs_wots_key_t pk);
191-
192-
193-
194-
195-
typedef struct {
196-
uint32_t index;
197-
sphincs_wots_sig_t wots_sig;
198-
sphincs_secret_t auth_path[22]; // sphincs+_128f height = 22
199-
} SPHINCS_XMSS_SIGNATURE;
191+
const sphincs_hash128_t seed, const sphincs_adrs_t ots_adrs,
192+
const sphincs_hash128_t dgst, sphincs_wots_key_t pk);
193+
void sphincs_wots_pk_to_root(const sphincs_wots_key_t pk,
194+
const sphincs_hash128_t seed, const sphincs_adrs_t in_adrs,
195+
sphincs_hash128_t root);
200196

201197

202198
#if 1 // SPHINCS+_128s
@@ -212,16 +208,138 @@ typedef struct {
212208
# define SPHINCS_FORS_NUM_TREES 33
213209
#endif
214210

211+
212+
213+
#define SPHINCS_FORS_TREE_HEIGHT 12
214+
#define SPHINCS_FORS_TREE_NUM_NODES ((1 << (SPHINCS_FORS_TREE_HEIGHT + 1)) - 1)
215+
216+
217+
#define SPHINCS_FORS_NUM_NODES (SPHINCS_FORS_TREE_NUM_NODES * SPHINCS_FORS_NUM_TRESS + 1)
218+
219+
220+
221+
222+
223+
// FORS (Forest Of Random Subsets)
224+
225+
// fors_tree
226+
// fors_tree_height
227+
// fors_tree_root
228+
// fors_forest
229+
// fors_num_trees
230+
// fors_root
231+
215232
#define SPHINCS_XMSS_HEIGHT (SPHINCS_HYPERTREE_HEIGHT/SPHINCS_HYPERTREE_LAYERS)
233+
#define SPHINCS_XMSS_NUM_NODES ((1 << (SPHINCS_XMSS_HEIGHT + 1)) - 1)
234+
235+
236+
216237

217238

218239

219240

241+
/*
242+
243+
SPHINCS+_128s/SM3
244+
245+
246+
H_msg(R, PK.seed, PK.root, M)
247+
= MGF1-SM3(R
248+
||PK.seed
249+
||SM3(R||PK.seed||PK.root||M),
250+
m),
251+
252+
253+
1. fors_index: 12 * 14 = 168 bits = 21 bytes
254+
2. tree_index: 63 - 63/7 = 54 bits = 7 bytes
255+
3. leaf_index: 9 bits = 2 bytes
256+
total: 30 bytes, 1 MGF1-SM3 output
257+
258+
259+
260+
SPHINCS+_128f/SM3
261+
262+
1. fors_index: 6 * 33 = 198 bits = 25 bytes
263+
2. tree_address: 66 - 66/22 = 63 bits = 8 bytes
264+
3. keypair_address (leaf_index): 3 bits = 1 byte
265+
total: 34 bytes, so need 2 MGF1-SM3 output
266+
267+
*/
268+
269+
270+
271+
void sphincs_xmss_tree_hash(
272+
const sphincs_hash128_t left_child, const sphincs_hash128_t right_child,
273+
const sphincs_hash128_t seed, const sphincs_adrs_t adrs,
274+
hash256_t parent);
275+
void sphincs_xmss_build_tree(const sphincs_hash128_t secret,
276+
const sphincs_hash128_t seed, const sphincs_adrs_t adrs,
277+
sphincs_hash128_t tree[SPHINCS_XMSS_NUM_NODES]);
278+
void sphincs_xmss_build_auth_path(const sphincs_hash128_t tree[SPHINCS_XMSS_NUM_NODES],
279+
uint32_t tree_index, sphincs_hash128_t auth_path[SPHINCS_XMSS_HEIGHT]);
280+
void sphincs_xmss_build_root(const sphincs_hash128_t wots_root, uint32_t tree_index,
281+
const sphincs_hash128_t seed, const sphincs_adrs_t adrs,
282+
const sphincs_hash128_t auth_path[SPHINCS_XMSS_HEIGHT],
283+
hash256_t root);
284+
285+
220286
typedef struct {
221-
sphincs_secret_t fors_sk[SPHINCS_FORS_HEIGHT];
222-
sphincs_secret_t auth_path[SPHINCS_FORS_NUM_TREES][SPHINCS_FORS_HEIGHT];
287+
sphincs_wots_sig_t wots_sig;
288+
sphincs_hash128_t auth_path[22]; // sphincs+_128f height = 22
289+
} SPHINCS_XMSS_SIGNATURE;
290+
291+
void sphincs_xmss_sign(const sphincs_hash128_t secret,
292+
const sphincs_hash128_t seed, const sphincs_adrs_t adrs, uint32_t keypair_address,
293+
const sphincs_hash128_t tbs_root, // to be signed xmss_root or fors_forest_root
294+
SPHINCS_XMSS_SIGNATURE *sig);
295+
void sphincs_xmss_sig_to_root(const SPHINCS_XMSS_SIGNATURE *sig,
296+
const sphincs_hash128_t seed, const sphincs_adrs_t adrs, uint32_t keypair_address,
297+
const sphincs_hash128_t tbs_root, // to be signed xmss_root or fors_forest_root
298+
sphincs_hash128_t xmss_root);
299+
300+
301+
void sphincs_hypertree_derive_root(const sphincs_hash128_t secret, const sphincs_hash128_t seed,
302+
sphincs_hash128_t root);
303+
void sphincs_hypertree_sign(const sphincs_hash128_t secret,
304+
const sphincs_hash128_t seed, uint64_t tree_address, uint32_t keypair_address,
305+
const sphincs_hash128_t tbs_fors_forest_root,
306+
SPHINCS_XMSS_SIGNATURE sig[SPHINCS_HYPERTREE_LAYERS]);
307+
int sphincs_hypertree_verify(const sphincs_hash128_t top_xmss_root,
308+
const sphincs_hash128_t seed, uint64_t tree_address, uint32_t keypair_address,
309+
const sphincs_hash128_t tbs_fors_forest_root,
310+
const SPHINCS_XMSS_SIGNATURE sig[SPHINCS_HYPERTREE_LAYERS]);
311+
312+
313+
314+
typedef uint8_t sphincs_fors_digest_t[21];
315+
316+
317+
void sphincs_fors_derive_sk(const sphincs_hash128_t secret,
318+
const sphincs_hash128_t seed, const sphincs_adrs_t in_adrs,
319+
uint32_t fors_index, sphincs_hash128_t sk);
320+
321+
void sphincs_fors_build_tree(const sphincs_hash128_t secret,
322+
const sphincs_hash128_t seed, const sphincs_adrs_t in_adrs, int tree_addr,
323+
sphincs_hash128_t tree[SPHINCS_FORS_TREE_NUM_NODES]);;
324+
void sphincs_fors_derive_root(const sphincs_hash128_t secret,
325+
const sphincs_hash128_t seed, const sphincs_adrs_t in_adrs,
326+
sphincs_hash128_t root);
327+
328+
329+
typedef struct {
330+
sphincs_hash128_t fors_sk[SPHINCS_FORS_NUM_TREES];
331+
sphincs_hash128_t auth_path[SPHINCS_FORS_NUM_TREES][SPHINCS_FORS_HEIGHT];
223332
} SPHINCS_FORS_SIGNATURE;
224333

334+
void sphincs_fors_sign(const sphincs_hash128_t secret,
335+
const sphincs_hash128_t seed, const sphincs_adrs_t in_adrs,
336+
const uint8_t dgst[21],
337+
SPHINCS_FORS_SIGNATURE *sig);
338+
void sphincs_fors_sig_to_root(const SPHINCS_FORS_SIGNATURE *sig,
339+
const sphincs_hash128_t seed, const sphincs_adrs_t adrs,
340+
const uint8_t dgst[21], sphincs_hash128_t root);
341+
342+
225343
#define SPHINCS_FORS_SIGNATURE_SIZE sizeof(SPHINCS_FORS_SIGNATURE)
226344
int sphincs_fors_signature_to_bytes(const SPHINCS_FORS_SIGNATURE *sig, uint8_t **out, size_t *outlen);
227345
int sphincs_fors_signature_from_bytes(SPHINCS_FORS_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
@@ -230,14 +348,14 @@ int sphincs_fors_signature_print(FILE *fp, int fmt, int ind, const char *label,
230348

231349

232350
typedef struct {
233-
sphincs_secret_t seed;
234-
sphincs_secret_t root;
351+
sphincs_hash128_t seed;
352+
sphincs_hash128_t root;
235353
} SPHINCS_PUBLIC_KEY;
236354

237355
typedef struct {
238356
SPHINCS_PUBLIC_KEY public_key;
239-
sphincs_secret_t secret;
240-
sphincs_secret_t sk_prf;
357+
sphincs_hash128_t secret;
358+
sphincs_hash128_t sk_prf;
241359
} SPHINCS_KEY;
242360

243361
#define SPHINCS_PUBLIC_KEY_SIZE sizeof(SPHINCS_PUBLIC_KEY)
@@ -253,7 +371,7 @@ void sphincs_key_cleanup(SPHINCS_KEY *key);
253371

254372

255373
typedef struct {
256-
sphincs_secret_t random;
374+
sphincs_hash128_t random;
257375
SPHINCS_FORS_SIGNATURE fors_sig;
258376
SPHINCS_XMSS_SIGNATURE xmss_sigs[SPHINCS_HYPERTREE_LAYERS];
259377
} SPHINCS_SIGNATURE;

0 commit comments

Comments
 (0)