Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update documentation and license text. #1663

Merged
merged 3 commits into from
Jan 19, 2024
Merged

Conversation

ashman-p
Copy link
Contributor

Added doc for Stateful Signature, XMSS, LMS and update licenses per file in LMS directories.

  • Does this PR change the input/output behaviour of a cryptographic algorithm (i.e., does it change known answer test values)? (If so, a version bump will be required from x.y.z to x.(y+1).0.)
  • Does this PR change the list of algorithms available -- either adding, removing, or renaming? Does this PR otherwise change an API? (If so, PRs in fully supported downstream projects dependent on these, i.e., oqs-provider and OQS-OpenSSH will also need to be ready for review and merge by the time this is merged.)

Copy link
Member

@baentsch baentsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not having claimed SecLevel/NISTLevel may cause problems downstream. But not sure, so no blocker.

@@ -0,0 +1,27 @@

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea to add this file! Can you add a little bit of markdown formatting to it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Done.

@@ -32,7 +33,8 @@ void hss_hash_ctx(void *result, int hash_type, union hash_context *ctx,
const void *message, size_t message_len) {
#if ALLOW_VERBOSE
if (hss_verbose) {
int i; for (i=0; i< message_len; i++) printf( " %02x%s", ((unsigned char*)message)[i], (i%16 == 15) ? "\n" : "" );
int i; for (i=0; i< message_len; i++) printf( " %02x%s", ((unsigned char*)message)[i], (i%16 == 15) ? "
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did something go wrong with the \n symbols here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will fix.

@@ -44,7 +46,8 @@ void hss_hash_ctx(void *result, int hash_type, union hash_context *ctx,
#if ALLOW_VERBOSE
if (hss_verbose) {
printf( " ->" );
int i; for (i=0; i<32; i++) printf( " %02x", ((unsigned char *)result)[i] ); printf( "\n" );
int i; for (i=0; i<32; i++) printf( " %02x", ((unsigned char *)result)[i] ); printf( "
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did something go wrong with the \n symbols here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will fix.

@@ -95,7 +98,8 @@ void hss_finalize_hash_context(int h, union hash_context *ctx, void *buffer) {
if (hss_verbose) {
printf( " -->" );
int i; for (i=0; i<32; i++) printf( " %02x", ((unsigned char*)buffer)[i] );
printf( "\n" );
printf( "
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did something go wrong with the \n symbols here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will fix.

@@ -417,7 +418,8 @@ signed long initial_mem_target = mem_target; /* DEBUG HACK */
return 0;
}
#if 0
printf( "Allocation = %ld\n", initial_mem_target - mem_target + best_mem ); /* DEBUG HACK */
printf( "Allocation = %ld
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did something go wrong with the \n symbol here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will fix.

@@ -22,7 +23,8 @@
* hss_sign_update( &ctx, message_part_2, len_2 );
* hss_sign_update( &ctx, message_part_3, len_3 );
* success = hss_sign_finalize( &ctx, working_key, signature );
* if (success) printf( "We generated the signature\n" );
* if (success) printf( "We generated the signature
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did something go wrong with the \n symbol here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will fix.

@@ -20,7 +21,8 @@
* hss_validate_update( &ctx, message_part_2, len_2 );
* hss_validate_update( &ctx, message_part_3, len_3 );
* success = hss_validate_finalize( &ctx, signature );
* if (success) printf( "The signature validated\n" );
* if (success) printf( "The signature validated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did something go wrong with the \n symbol here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, will fix.

- Scott Fluhrer
auxiliary-submitters:

crypto-assumption: stateful hash-based signatures
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably be more specific and write something like "second preimage resistance of SHA-256". However, since the security proofs for LMS all seem to rely on random oracle assumptions on SHA-256 or one of its components, I'm not quite sure what to put here. Ideas @dstebila?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated with "second preimage resistance of SHA-256"

docs/algorithms/sig_stfl/lms.yml Show resolved Hide resolved

Stateful Hash Based Signature

The security of hash based signatures (HBS) is based on the underlaying hash functions on which they are built.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The security of hash based signatures (HBS) is based on the underlaying hash functions on which they are built.
The security of hash based signatures (HBS) is based on the underlying hash functions on which they are built.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

Key generation, signature generation, and signature verification.
Security of HBS also depends on the management of the state of the secret key. Secret keys can only used once to generate a signature.
Multiple signing with same key can reveal that key to an attacker.
Because of this, NIST recommends that key and signature aeration be done in hardware security modules.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Because of this, NIST recommends that key and signature aeration be done in hardware security modules.
Because of this, NIST recommends that key and signature iteration be done in hardware security modules.

I think (?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed (generation)

Security of HBS also depends on the management of the state of the secret key. Secret keys can only used once to generate a signature.
Multiple signing with same key can reveal that key to an attacker.
Because of this, NIST recommends that key and signature aeration be done in hardware security modules.
Having said that, this library is fully functional for research purposes. Storage and management of the secret keys are left update applications using this feature.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Having said that, this library is fully functional for research purposes. Storage and management of the secret keys are left update applications using this feature.
Having said that, this library is fully functional for research purposes. Storage and management of the secret keys are left up to applications using this feature.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

Stateful keys can generate a finite number signatures. A counter tracks the limit when the key is created and is decremented after each signature is generated.
When the counter is down to 0, signature generations fails. Applications can query the remaining count via an API.

Multithreaded application will need to set lock and unlock callbacks for the library to use. This is needed to ensure that only one thread can access a given secret key
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Multithreaded application will need to set lock and unlock callbacks for the library to use. This is needed to ensure that only one thread can access a given secret key
Multithreaded applications will need to set lock and unlock callbacks for the library to use. This is needed to ensure that only one thread can access a given secret key

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@@ -0,0 +1,27 @@

Stateful Hash Based Signature
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Stateful Hash Based Signature
Stateful Hash Based Signatures

docs/algorithms/sig_stfl/xmss.yml Show resolved Hide resolved
docs/algorithms/sig_stfl/lms.yml Show resolved Hide resolved
- Bas Westerbaan
auxiliary-submitters:

crypto-assumption: stateful hash-based signatures
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
crypto-assumption: stateful hash-based signatures
crypto-assumption: hash function second-preimage resistance

Again tagging @dstebila to confirm this choice of assumption.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated as suggested.

@ashman-p ashman-p merged commit 89c714f into stateful-sigs Jan 19, 2024
52 checks passed
@ashman-p ashman-p deleted the na-stfl-docs-lic branch February 8, 2024 19:10
SWilson4 pushed a commit that referenced this pull request Feb 14, 2024
* Update documentation and license text.

* Fix missing CR in calls to printf

* Updates per review comments
cothan pushed a commit that referenced this pull request Apr 2, 2024
* Update documentation and license text.

* Fix missing CR in calls to printf

* Updates per review comments
SWilson4 pushed a commit that referenced this pull request Apr 12, 2024
* Update documentation and license text.

* Fix missing CR in calls to printf

* Updates per review comments
SWilson4 pushed a commit that referenced this pull request Apr 12, 2024
* Update documentation and license text.

* Fix missing CR in calls to printf

* Updates per review comments
SWilson4 pushed a commit that referenced this pull request Apr 12, 2024
* Update documentation and license text.

* Fix missing CR in calls to printf

* Updates per review comments
SWilson4 pushed a commit that referenced this pull request May 14, 2024
* Update documentation and license text.

* Fix missing CR in calls to printf

* Updates per review comments
ashman-p added a commit that referenced this pull request Jun 4, 2024
commit e356ebf Na lms (#1486)
commit 55094c3 LMS H5_W1 (#1513)
commit 4d773d7 Convert to use OQS_SIG_STFL_SECRET_KEY struct  (#1525)
commit 245aede LMS updated to use new SK API (#1533)
commit a85a9aa Stateful sigs secret key storage callback (#1553)
commit 3934949 Na statful sig lock (#1559)
commit 3db6b44 Secret Key Query  (#1572)
commit 2446c64 Na stateful sigs lms var (#1574)
commit 8df2539 Stateful sigs XMSS updates (#1590)
commit a7b2987 SHA2 Increment with arbitrary length (non-block sizes) (#1614)
commit 2dd9e07 Na lms kat multi level (#1620)
commit 982b440 Fix Build Errors (#1635)
commit ddae644 Various fixes
commit cc50ef0 Fix warning
commit cf03392 Update README.md
commit 9325713 Update README.md
commit a52b217 Update README.md
commit d442ac9 Update README.md
commit 72ab478 Update README.md
commit 5967f12 Update src/CMakeLists.txt
commit fc6d512 Update documentation and license text. (#1663)
commit e7a83c7 Disable Stateful Signatures in the build by default (#1676)
commit 6c81bae Na stateful macro (#1687)

Signed-off-by: Norman Ashley <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants