Cryptodoc Update for SLH-DSA #235
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
reneme
force-pushed
the
cryptodoc/slh-dsa
branch
from
fade6a9 to
1615c60
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
reneme
force-pushed
the
cryptodoc/slh-dsa
branch
from
5a81ef3 to
e2ab5e3
Compare
|
|
||
| .. _signatures/slh_dsa/address: | ||
|
|
||
| Address |
There was a problem hiding this comment.
| Address | |
| Addresses |
| Address | ||
| ^^^^^^^ | ||
|
|
||
| Botan's SLH-DSA addresses wrap the address specification of [FIPS-205]_ |
There was a problem hiding this comment.
I think it would be useful to refer to section 4.2 of FIPS 205.
Moreover, maybe an introductory sentence, like the first sentence in section 4.2 of FIPS 205 doesn't hurt here.
| ``sphincsplus_shake`` modules, enabling their selection for key creation. | ||
| As with the SLH-DSA instances, they are provided to the constructors of the | ||
| SLH-DSA keys. | ||
| These instances are maintained solely for version compatibility. It is strongly |
There was a problem hiding this comment.
What does "version compatibility" mean? Maybe you want to say "backwards compatibility" here?
| ------------------ | ||
|
|
||
| **Remark:** Signature creation with non-empty contexts is currently not | ||
| supported in Botan. Support for the pre-hash variant of SLH-DSA is also not yet |
There was a problem hiding this comment.
| supported in Botan. Support for the pre-hash variant of SLH-DSA is also not yet | |
| supported in Botan. Support for the pre-hash variant (HashSLH-DSA) of SLH-DSA is also not yet |
| - Steps 3.3, 3.5, 3.6: ``SK.pub_seed`` is omitted as an input because the hash functions are already instantiated with a corresponding member variable. | ||
| - ``SK`` is passed to ``slh_sign_internal`` via member variables. | ||
|
|
||
| Signature Validation |
There was a problem hiding this comment.
| Signature Validation | |
| Signature Verification |
| An SLH-DSA signature is verified in the following manner, following | ||
| Algorithm 24 of [FIPS-205]_ (see :srcref:`[src/lib/pubkey/sphincsplus/sphincsplus_common]/sphincsplus.cpp:203|is_valid_signature`): | ||
|
|
||
| .. admonition:: SLH-DSA Signature Validation |
There was a problem hiding this comment.
| .. admonition:: SLH-DSA Signature Validation | |
| .. admonition:: SLH-DSA signature verification |
There was a problem hiding this comment.
or in Camel Case if preferred but I clearly vote for "verification" instead of "validation"
There was a problem hiding this comment.
I think validation menas something different. If I'm not mistaken, this needs to be changed in other places as well, like for ML-DSA.
FAlbertDev
force-pushed
the
cryptodoc/slh-dsa
branch
from
e2ab5e3 to
31b09fd
Compare
With the published SLH-DSA specification (FIPS 205) and the Botan's upcoming changes in randombit/botan#4291, our cryptodoc must be adapted accordingly.
For Reviewers
Note that the first commit contains the main changes, while the second one only changes internals without modifying any content.