Switch to standardized ML-DSA (TODO update test vectors)

ProtonMail · Sep 13, 2024 · 155ad52 · 155ad52
1 parent 55a4bda
commit 155ad52
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 113 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -67,7 +67,6 @@
     "@noble/ed25519": "^1.7.3",
     "@noble/hashes": "^1.5.0",
     "@noble/post-quantum": "^0.2.0",
-    "@asanrom/dilithium": "^1.1.0",
     "@openpgp/jsdoc": "^3.6.11",
     "@openpgp/seek-bzip": "^1.0.5-git",
     "@openpgp/tweetnacl": "^1.0.4-1",

diff --git a/rollup.config.js b/rollup.config.js
@@ -25,7 +25,7 @@ const wasmOptions = {
 
 const getChunkFileName = (chunkInfo, extension) => {
   // index files result in chunks named simply 'index', so we rename them to include the package name
-  if (chunkInfo.name === 'index' && chunkInfo.facadeModuleId) {
+  if (chunkInfo.name === 'index') {
     const packageName = chunkInfo.facadeModuleId.split('/').at(-2); // assume index file is under the root folder
     return `${packageName}.${extension}`;
   }

diff --git a/src/crypto/public_key/post_quantum/signature/ml_dsa.js b/src/crypto/public_key/post_quantum/signature/ml_dsa.js
@@ -3,14 +3,8 @@ import enums from '../../../../enums';
 export async function generate(algo) {
   switch (algo) {
     case enums.publicKey.pqc_mldsa_ed25519: {
-      const { DilithiumKeyPair, DilithiumLevel } = await import('@asanrom/dilithium');
-
-      const level = DilithiumLevel.get(3);
-      const keyPair = DilithiumKeyPair.generate(level);
-
-      const mldsaSecretKey = keyPair.getPrivateKey().getBytes();
-      const mldsaPublicKey = keyPair.getPublicKey().getBytes();
-
+      const { ml_dsa65 } = await import('@noble/post-quantum/ml-dsa');
+      const { secretKey: mldsaSecretKey, publicKey: mldsaPublicKey } = ml_dsa65.keygen();
       return { mldsaSecretKey, mldsaPublicKey };
     }
     default:
@@ -21,10 +15,8 @@ export async function generate(algo) {
 export async function sign(algo, mldsaSecretKey, dataDigest) {
   switch (algo) {
     case enums.publicKey.pqc_mldsa_ed25519: {
-      const { DilithiumPrivateKey, DilithiumLevel } = await import('@asanrom/dilithium');
-      const level = DilithiumLevel.get(3);
-      const secretKey = DilithiumPrivateKey.fromBytes(mldsaSecretKey, level);
-      const mldsaSignature = secretKey.sign(dataDigest).getBytes();
+      const { ml_dsa65 } = await import('@noble/post-quantum/ml-dsa');
+      const mldsaSignature = ml_dsa65.sign(mldsaSecretKey, dataDigest);
       return { mldsaSignature };
     }
     default:
@@ -35,11 +27,8 @@ export async function sign(algo, mldsaSecretKey, dataDigest) {
 export async function verify(algo, mldsaPublicKey, dataDigest, mldsaSignature) {
   switch (algo) {
     case enums.publicKey.pqc_mldsa_ed25519: {
-      const { DilithiumPublicKey, DilithiumSignature, DilithiumLevel } = await import('@asanrom/dilithium');
-      const level = DilithiumLevel.get(3);
-      const publicKey = DilithiumPublicKey.fromBytes(mldsaPublicKey, level);
-      const signature = DilithiumSignature.fromBytes(mldsaSignature, level);
-      return publicKey.verifySignature(dataDigest, signature);
+      const { ml_dsa65 } = await import('@noble/post-quantum/ml-dsa');
+      return ml_dsa65.verify(mldsaPublicKey, dataDigest, mldsaSignature);
     }
     default:
       throw new Error('Unsupported signature algorithm');