MTL Library Version 1.0.0

Author: vtharvey2000

.gitignore

@@ -0,0 +1,120 @@
+# Prerequisites
+*.d
+
+# Object files
+*.o
+*.ko
+*.obj
+*.elf
+
+# Linker output
+*.ilk
+*.map
+*.exp
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Libraries
+*.lib
+*.a
+*.la
+*.lo
+
+# Shared objects (inc. Windows DLLs)
+*.dll
+*.so
+*.so.*
+*.dylib
+
+# Executables
+*.exe
+*.out
+*.app
+*.i*86
+*.x86_64
+*.hex
+
+# Debug files
+*.dSYM/
+*.su
+*.idb
+*.pdb
+
+# Kernel Module Compile Results
+*.mod*
+*.cmd
+.tmp_versions/
+modules.order
+Module.symvers
+Mkfile.old
+dkms.conf
+
+# Temporary Files
+**/*\~
+
+# Project Binaries
+**/mtltool
+**/mtltest
+
+# Autotools 
+# http://www.gnu.org/software/automake
+
+Makefile.in
+/ar-lib
+/mdate-sh
+/py-compile
+/test-driver
+/ylwrap
+.deps/
+.dirstamp
+
+# http://www.gnu.org/software/autoconf
+
+autom4te.cache
+/autoscan.log
+/autoscan-*.log
+/aclocal.m4
+/compile
+/config.cache
+/config.guess
+/config.h.in
+/config.log
+/config.status
+/config.sub
+/configure
+/configure.scan
+/depcomp
+/install-sh
+/missing
+/stamp-h1
+
+# https://www.gnu.org/software/libtool/
+
+/ltmain.sh
+
+# http://www.gnu.org/software/texinfo
+
+/texinfo.tex
+
+# http://www.gnu.org/software/m4/
+
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
+
+# Generated Makefile
+# (meta build system like autotools,
+# can automatically generate from config.status script
+# (which is called by configure script))
+Makefile
+
+
+# Ignore key files
+*.pem
+
+# Ignore examples tem files
+examples/tmp/**

LICENSE.md

@@ -0,0 +1,54 @@
+Verisign has announced public, royalty-free licenses to certain intellectual property
+related to MTL mode in furtherance of IETF standardization which helps support the
+security, stability and resiliency of the Domain Name System (DNS) and the internet.
+For more information about the licenses, see the following IETF IPR declarations or
+updates thereto:
+
+* https://datatracker.ietf.org/ipr/6176/
+* https://datatracker.ietf.org/ipr/6175/
+* https://datatracker.ietf.org/ipr/6174/
+* https://datatracker.ietf.org/ipr/6173/
+* https://datatracker.ietf.org/ipr/6172/
+* https://datatracker.ietf.org/ipr/6171/
+* https://datatracker.ietf.org/ipr/6170/
+
+Subject to the licenses referenced above and conditions thereof:
+ 
+"This product is licensed under patents and/or patent applications owned by VeriSign, Inc.
+in furtherance of IETF standardization which helps support the security, stability and
+resiliency of the Domain Name System (DNS) and the internet. For more information about the
+patents, visit www.verisign.com/Declarations."
+
+
+The Clear BSD License
+
+Copyright (c) 2023, VeriSign, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted (subject to the limitations in the disclaimer
+below) provided that the following conditions are met:
+
+     * Redistributions of source code must retain the above copyright notice,
+     this list of conditions and the following disclaimer.
+
+     * Redistributions in binary form must reproduce the above copyright
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
+
+     * Neither the name of the copyright holder nor the names of its
+     contributors may be used to endorse or promote products derived from this
+     software without specific prior written permission.
+
+NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE GRANTED BY
+THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

Makefile.am

@@ -0,0 +1,2 @@
+SUBDIRS = src test examples
+ACLOCAL_AMFLAGS = -I m4

README.md

@@ -0,0 +1,54 @@
+# MTL
+MTL Reference Library Implementation based on [draft-harvey-cfrg-mtl-mode-00](https://datatracker.ietf.org/doc/draft-harvey-cfrg-mtl-mode/)
+
+## Dependencies
+* libcrypto from openssl version 3.1.0 or newer (or substitute crypto operations to replace the spx_funcs.c functions)
+* liboqs version 0.7.2 or newer (for the examples).  To include the liboqs library as a statically linked library change the -loqs to -l:_path_/liboqs.a in the examples/Makefile.am. 
+* Applications using the MTL Reference Library should also link with the C math library (-lm)
+
+## Configuring the build environment
+1. Setup the auto tools: `autoreconf --install`
+2. configure the project: `./configure`
+3. build the library and tools: `make`
+
+## Running the test application
+(After building the library and tools) Run the mtltool test tool in the test directory `test/mtltest`.
+Alternatively, `make check` can be run to exercise the mtltest tool.
+
+## Running the example application
+(After building the library and tools) run the mtltool application `examples/mtltool` with one of the three supported commands
+* `mtltool keygen <key file> <key string>`
+* `mtltool sign   <key file> <data file> <signature file>`
+* `mtltool verify <key file> <data file> <signature file>`
+
+Where key file is the private/public key pair to generate/use, data file is an ascii file for which each line in the file will be signed, and signature file is a  binary file that will have one signature for each record signed.
+Key string is one of the supported algorithm strings [README_SCHEMES.md](README_SCHEMES.md)
+
+## Randomization
+Randomization is defined in the schemes table. It needs to match the underlying signature scheme randomization strategy, which can be a compile time decision for some libraries.
+
+## MTL Tree Sizes
+The page and record sizes for MTL mode are defined in the src/mtl_node_set.h file. Larger sizes allows for larger trees but requires more resources.  This value can be tailored to support smaller instances if desired.  The default values are 1 Megabyte per page with 1024 pages resulting in 1 Gigabyte of hashes in memory.  For a 128 bit hash this results in a max of 67,108,864 hashes (~33,554,432 messages signed) and for a 256 bit hash this results in 33,554,432 hashes (~16,777,216 messages signed)
+
+## Open Items
+* MTL Provider is tested through the application in the test folder and the example application. These applications are to demonstrate the capability and are not production worthy.  Some code paths are not implemented or are not fully tested. 
+
+## About MTL Mode
+Merkle Tree Ladder (MTL) mode is a technique for using an underlying signature scheme to authenticate an evolving series of messages that can reduce the signature scheme's operational impact.  Rather than signing messages individually, MTL mode signs structures called "Merkle tree ladders" that are derived from the messages to be authenticated.  Individual messages are then authenticated relative to the ladder using a Merkle tree authentication path and the ladder is authenticated using the public key of the underlying signature scheme.  The size and computational cost of the underlying signatures are thereby amortized across multiple messages, reducing the scheme's operational impact.  The reduction can be particularly beneficial when MTL mode is applied to a post-quantum signature scheme that has a large signature size or computational cost.  Like other Merkle tree techniques, MTL mode's security is based only on cryptographic hash functions, so the mode is quantum-safe based on the quantum-resistance of its cryptographic hash functions.
+ 
+MTL mode is described in more detail in this paper co-authored by Verisign researchers:  Fregly, A., Harvey, J., Kaliski Jr., B.S., Sheth, S. (2023). Merkle Tree Ladder Mode: Reducing the Size Impact of NIST PQC Signature Algorithms in Practice. In: Rosulek, M. (ed) Topics in Cryptology – CT-RSA 2023. Lecture Notes in Computer Science, vol 13871. Springer, Cham. https://doi.org/10.1007/978-3-031-30872-7_16.
+ 
+Verisign has announced public, royalty-free licenses to certain intellectual property related to MTL mode in furtherance of IETF standardization which helps support the security, stability and resiliency of the Domain Name System (DNS) and the internet. For more information about the licenses, see the following IETF IPR declarations or updates thereto:
+
+* https://datatracker.ietf.org/ipr/6176/
+* https://datatracker.ietf.org/ipr/6175/
+* https://datatracker.ietf.org/ipr/6174/
+* https://datatracker.ietf.org/ipr/6173/
+* https://datatracker.ietf.org/ipr/6172/
+* https://datatracker.ietf.org/ipr/6171/
+* https://datatracker.ietf.org/ipr/6170/
+
+Subject to the licenses referenced above and conditions thereof:
+ 
+"This product is licensed under patents and/or patent applications owned by VeriSign, Inc. in furtherance of IETF standardization which helps support the security, stability and resiliency of the Domain Name System (DNS) and the internet. For more information about the patents, visit www.verisign.com/Declarations."
+ 

README_SCHEMES.md

@@ -0,0 +1,39 @@
+# MTL SCHEMES
+The following signature schemes are suported by this library:
+
+## Supported algorithm strings
+* SPHINCS+-MTL-SHAKE-128S-SIMPLE
+* SPHINCS+-MTL-SHAKE-128S-ROBUST
+* SPHINCS+-MTL-SHAKE-128F-SIMPLE
+* SPHINCS+-MTL-SHAKE-128F-ROBUST
+* SPHINCS+-MTL-SHAKE-192S-SIMPLE
+* SPHINCS+-MTL-SHAKE-192S-ROBUST
+* SPHINCS+-MTL-SHAKE-192F-SIMPLE
+* SPHINCS+-MTL-SHAKE-192F-ROBUST
+* SPHINCS+-MTL-SHAKE-256S-SIMPLE
+* SPHINCS+-MTL-SHAKE-256S-ROBUST
+* SPHINCS+-MTL-SHAKE-256F-SIMPLE
+* SPHINCS+-MTL-SHAKE-256F-ROBUST
+* SPHINCS+-MTL-SHA2-128S-SIMPLE
+* SPHINCS+-MTL-SHA2-128S-ROBUST
+* SPHINCS+-MTL-SHA2-128F-SIMPLE
+* SPHINCS+-MTL-SHA2-128F-ROBUST
+* SPHINCS+-MTL-SHA2-192S-SIMPLE
+* SPHINCS+-MTL-SHA2-192S-ROBUST
+* SPHINCS+-MTL-SHA2-192F-SIMPLE
+* SPHINCS+-MTL-SHA2-192F-ROBUST
+* SPHINCS+-MTL-SHA2-256S-SIMPLE
+* SPHINCS+-MTL-SHA2-256S-ROBUST
+* SPHINCS+-MTL-SHA2-256F-SIMPLE
+* SPHINCS+-MTL-SHA2-256F-ROBUST
+
+## Definitions
+Signature schemes are defined in the example/schemes.h directory.
+
+## Adding new signature schemes
+Adding new signature schemes requires these steps
+1. Create the appropriate implementations of the hash_msg, hash_leaf, and hash_int functions.
+2. Update the examples/schemes.h to include the new signature scheme identifiers and properties.
+3. Update the examples/mtltool.c `// Algorithm Selection` sections to set the algorithm functions.
+4. Update the examples/mtltool.h to add any scheme specific #defines
+5. Update the examples/mtltool_io.c `// Create the scheme specific parameters` sections to create the appropriate parameters for the new scheme.

configure.ac

@@ -0,0 +1,26 @@
+AM_CFLAGS="-Wall -O0 -g"
+
+AC_INIT([mtllib], [1.0], [jsharvey@verisign.com])
+AC_CONFIG_SRCDIR([src])
+AC_CONFIG_HEADERS([config.h])
+AM_INIT_AUTOMAKE([-Wall -Werror foreign])
+AC_CONFIG_MACRO_DIR([m4])
+m4_ifdef([AM_PROG_AR], [AM_PROG_AR])
+AC_ENABLE_SHARED(yes)
+LT_INIT
+
+AC_HEADER_STDC
+AC_HEADER_DIRENT
+AC_CHECK_HEADERS([stdlib.h stdio.h libintl.h locale.h])
+AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto], ,[AC_MSG_ERROR(an acceptable version of libcrypto was not found)])
+AC_SEARCH_LIBS([log10], [m] ,[], AC_MSG_ERROR([libdmtx requires libm]))
+
+if test "${CFLAGS+set}" == set; then
+    dnl Remove this or change this to non-debug default before release
+    CFLAGS="-fPIC -Wall -Wextra -g -O0"
+fi
+AC_PROG_CC
+dnl AC_PROG_RANLIB
+AM_PROG_CC_C_O
+AC_CONFIG_FILES([Makefile src/Makefile test/Makefile examples/Makefile])
+AC_OUTPUT()

examples/Makefile.am

@@ -0,0 +1,7 @@
+srcPath = $(srcdir)/../src
+
+bin_PROGRAMS = mtltool
+mtltool_SOURCES = mtltool.c mtltool_io.c
+mtltool_LDADD = $(srcPath)/.libs/libmtllib.a -loqs
+
+AM_CFLAGS = -I$(srcPath) $(all_includes)