falcon-rust

Crates.iofalcon-rust
lib.rsfalcon-rust
version0.1.2
sourcesrc
created_at2023-12-31 10:29:55.419691
updated_at2024-01-31 21:15:14.08512
descriptionA rust implementation of the Falcon post-quantum digital signature scheme.
homepagehttps://github.com/aszepieniec/falcon-rust
repositoryhttps://github.com/aszepieniec/falcon-rust
max_upload_size
id1084717
size462,390
(aszepieniec)

documentation

https://docs.rs/falcon-rust/latest/falcon_rust/

README

Falcon-Rust

Unofficial rust implementation of the Falcon post-quantum digital signature scheme.

Falcon was submitted to the NIST PQC standardization project and was selected for standardization. The final standard is still outstanding. We do anticipate slight changes between the standard and the submission, and these changes might break compatibility.

Falcon comes in two variants. Falcon512 claims at least 108 bits of security, and Falcon1024 claims at least 252 bits of security, both against quantum computers.

This implementation adheres to the specification. It was originally written following the the official python implementation, but has since deviated.

Example

let mut rng = thread_rng();
let mut msg : [u8; 5] = rng.gen();
let (sk, pk) = falcon512::keygen(rng.gen());
let sig = falcon512::sign(&msg, &sk);
assert!(falcon512::verify(&msg, &sig, &pk));

Performance

Performance is still inferior to the optimized C code accessible from rust via the foreign function interface "pqcrypto-falcon". These measurements were taken on my Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz (which supports AVX2). You can make your own by running cargo bench.

Keygen Sign Verify
falcon-rust 512 419.18 ms 692.68 µs 41.668 µs
falcon-rust 1024 2.4038 s 1.3891 ms 86.385 µs
pqcrypto-falcon 512 7.5356 ms 253.44 µs 48.065 µs
pqcrypto-falcon 1024 21.454 ms 510.43 µs 94.669 µs

Features

  • key generation
  • signature generation
  • signature verification
  • derandomized algorithms
  • (de)serialization
  • better algorithms (e.g. RNS)
  • uncompressed signature format
  • signed-message interface
  • hardware optimizations
  • message-recovery mode
  • constant-time (?)

To-do's

  • NIST KATs
  • make LdlTree straightforward
  • optimize representation of secret key, signature, public key
  • test interoperability against the reference implementation
  • negative tests
  • profile, and fix bottlenecks
  • Montgomery representation for field elements
  • Residue number system (RNS) for big integer arithmetic
  • streaming (de)serialization
  • investigate secret-dependent time variability

Contributing

Contributions are welcome! If accepted, contributions will be released under the same license.

Commit count: 0

cargo fmt