davidmcgrew / hash-sigs Goto Github PK
View Code? Open in Web Editor NEWA python implementation of Leighton-Micali hierarchical hash based signatures
License: Other
A python implementation of Leighton-Micali hierarchical hash based signatures
License: Other
In LmotsPrivateKey::init() S is passed in and length of S is not enforced (to LenS). Secondly, if S is None, S is generated from entropy to size of n, which is incorrect. S should always be 68 bytes.
I have come to realize this implements an earlier version of the Internet-Draft, not RFC 8554.
Using Python 3 syntax, this is one example:
D_PBLC = bytes.fromhex('8080') # hash of iterations in the LM-OTS
D_MESG = bytes.fromhex('8181') # hash of the message in the LMOTS
D_LEAF = bytes.fromhex('8282') # for hash of a leaf in LMS tree
D_INTR = bytes.fromhex('8383') # for hash of an interior node in LMS tree
D_PRG = bytes.fromhex('ff') # for computing LMS private keys
The order of the inputs to H() is a further indication. Does anyone know of a Python3 implementation that implements RFC 8554?
RFC 8554 says: The parameter I is a 16-byte string that indicates which Merkle tree this LM-OTS is used with.
Thus, the LenI in the lms_params dict should be 16, not 64.
lms_params = {
# m, h, LenI
lms_sha256_m32_h5: (32, 5, 16),
lms_sha256_m32_h10: (32, 10, 16),
lms_sha256_m32_h15: (32, 15, 16),
lms_sha256_m32_h20: (32, 20, 16),
lms_sha256_m32_h25: (32, 25, 16)
}
Attempt to sign the file "hello.txt" containing the text: Hello World!
python hss.py sign hello.txt hss2-5-8.prv
The signature is stored in the file of size 2,697 bytes
hello.txt.sig
Something is wrong. We cannot pretty print the signature with
python hss.py read hello.txt.sig
hss.py crashes at line 1282..., with message:
ValueError: ('error: parameter has wrong length', '0')
Signature verification fails:
python hss.py verify hss2-5-8.pub hello.txt
-> INVALID (error: exception)
Signing the second time gives different signature size: 2,707 bytes, but still fails verification
Signing the third time gives different signature size: 2,701 bytes, but still fails verification
Signing the fourth time gives different signature size: 2,700 bytes, but still fails verification
I'm getting this error when trying to verify a signature. Steps:
python hss.py genkey Alice
python hss.py sign somefile.txt Alice.prv
python hss.py verify Alice.pub somefile.txt
There seem to be other errors from what I can tell looking at the code, like it's only saving one level (root) of LMS private keys and the I parameter is 64 instead of 16 bytes.
Are you still maintaining this project? Is there an LMS/HSS implementation somewhere that does work? Should I switch to XMSS?
Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.