WOTS

Winternitz one-time signature scheme as described in https://cryptojedi.org/papers/sphincs-20150202.pdf

package

template WOTS (

uint n

alias hash_n_n

alias prg

uint log_w

) if (

is_hash_n_n!hash_n_n &&

is_prg!(prg, seed_bytes)

&&

n % 8 == 0

) {

enum l;

enum w;

enum log_l;

enum sig_bytes;

H[l] pkgen(in ref ubyte[seed_bytes] sk, in H[] masks);

ubyte[sig_bytes] sign(in ref H msg, in ref ubyte[seed_bytes] sk, in H[] masks);

ubyte[sig_bytes] verify(in ubyte[] sig, in ref H msg, in H[] masks);

}

Members

Functions

pkgen H[l] pkgen(in ref ubyte[seed_bytes] sk, in H[] masks): Generate a public key.
sign ubyte[sig_bytes] sign(in ref H msg, in ref ubyte[seed_bytes] sk, in H[] masks): Create a one-time signature for msg.
verify ubyte[sig_bytes] verify(in ubyte[] sig, in ref H msg, in H[] masks): From given signature, message and mask computes the public key. The signature is valid if and only if the return value is equal to the real public key.

Parameters

n: Bitlength of the hash values.
hash_n_n: A hash function mapping n-bit strings to n-bit strings.
log_w: The log2 of the Winternitz parameter.

Meta

Source

See Implementation

dcrypt pqc sphincs wots templates

WOTS