WOTS

Winternitz one-time signature scheme as described in https://cryptojedi.org/papers/sphincs-20150202.pdf

package

template WOTS (

uint n

alias hash_n_n

alias prg

uint log_w

) if (

is_hash_n_n!hash_n_n &&

is_prg!(prg, seed_bytes)

&&

n % 8 == 0

) {

enum sig_bytes;

H[l] pkgen(ubyte[seed_bytes] sk, H[] masks);

ubyte[sig_bytes] sign(H msg, ubyte[seed_bytes] sk, H[] masks);

ubyte[sig_bytes] verify(ubyte[] sig, H msg, H[] masks);

}

Members

Functions

pkgen H[l] pkgen(ubyte[seed_bytes] sk, H[] masks): Generate a public key.
sign ubyte[sig_bytes] sign(H msg, ubyte[seed_bytes] sk, H[] masks): Create a one-time signature for msg.
verify ubyte[sig_bytes] verify(ubyte[] sig, H msg, H[] masks): From given signature, message and mask computes the public key. The signature is valid if and only if the return value is equal to the real public key.

Manifest constants

l enum l;: l1 + l2;
log_l enum log_l;: Number of levels in the l-tree.
sig_bytes enum sig_bytes;: Undocumented in source.
w enum w;: Winternitz parameter.

Parameters

n: Bitlength of the hash values.
hash_n_n: A hash function mapping n-bit strings to n-bit strings.
log_w: The log2 of the Winternitz parameter.

Meta

Source

See Implementation

dcrypt pqc sphincs wots templates

WOTS