Crates.io | fips204 |
lib.rs | fips204 |
version | 0.2.1 |
source | src |
created_at | 2023-12-29 23:33:07.747898 |
updated_at | 2024-06-19 14:57:38.697655 |
description | FIPS 204 (draft): Module-Lattice-Based Digital Signature |
homepage | |
repository | https://github.com/integritychain/fips204 |
max_upload_size | |
id | 1083761 |
size | 2,988,369 |
FIPS 204 (Initial Public Draft) Module-Lattice-Based Digital Signature Standard written in pure Rust for server, desktop, browser and embedded applications. The source repository includes examples demonstrating benchmarking, an embedded target, constant-time statistical measurements, fuzzing, and WASM execution.
This crate implements the FIPS 204 draft standard in pure Rust with minimal and mainstream dependencies, and
without any unsafe code. All three security parameter sets are fully functional and tested. The implementation's
key generation and signature functionality operates in constant-time, does not require the standard library, e.g.
#[no_std]
, has no heap allocations, e.g. no alloc
needed, and exposes the RNG
so it is suitable for the full
range of applications down to the bare-metal. The API is stabilized and the code is heavily biased towards safety
and correctness; further performance optimizations will be implemented as the standard matures. This crate will
quickly follow any changes to FIPS 204 as they become available.
See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf for a full description of the target functionality.
The functionality is extremely simple to use, as demonstrated by the following example.
// Use the desired target parameter set.
# use std::error::Error;
#
# fn main() -> Result<(), Box<dyn Error>> {
# #[cfg(all(feature = "ml-dsa-44", feature = "default-rng"))] {
use fips204::ml_dsa_44; // Could also be ml_dsa_65 or ml_dsa_87.
use fips204::traits::{SerDes, Signer, Verifier};
let message = [0u8, 1, 2, 3, 4, 5, 6, 7];
// Generate key pair and signature
let (pk1, sk) = ml_dsa_44::try_keygen()?; // Generate both public and secret keys
let sig = sk.try_sign(&message)?; // Use the secret key to generate a message signature
// Serialize then send the public key, message and signature
let (pk_send, msg_send, sig_send) = (pk1.into_bytes(), message, sig);
let (pk_recv, msg_recv, sig_recv) = (pk_send, msg_send, sig_send);
// Deserialize the public key and signature, then verify the message
let pk2 = ml_dsa_44::PublicKey::try_from_bytes(pk_recv)?;
let v = pk2.verify(&msg_recv, &sig_recv); // Use the public to verify message signature
assert!(v);
# }
# Ok(())
# }
The Rust Documentation lives under each Module corresponding to the desired security parameter below.
dudect
dynamic tests.RNG
.SemVer
.Contents are licensed under either the Apache License, Version 2.0 or MIT license at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.