SLH-DSA Overview

Table of contents
  1. FIPS 205 SLH-DSA
    1. Applications:
  2. SLH-DSA advantages over classical digital signature algorithms
  3. SLH-DSA - Parameter set summary
  4. NIST’s Known Answer Tests (KAT)
  5. Leveraging SLH-DSA and True Entropy
  6. API overview
  7. Example
  • Algorithm type: Digital signature scheme.
  • Main cryptographic assumption: Scheme based on the presumed difficulty of finding preimages for hash functions.
  • License: Public-Domain

FIPS 205 SLH-DSA

FIPS 205 is the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA), which was developed by the National Institute of Standards and Technology (NIST) to provide a quantum-resistant digital signature mechanism. FIPS 205 defines a method for digital signature generation that can be used for the protection of binary data (commonly called a message) and for the verification and validation of those digital signatures

As part of the NIST standardisation process for post-squantum cryptography, SPHINCS+ has been under consideration and is the basis for Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).

The security of SLH-DSA relies on the presumed diffculty of finding preimages for hash functions as well as several related properties of the same hash functions. Unlike the algorithms specifed in FIPS 186-5, SLH-DSA is expected to provide resistance to attacks from a large-scale quantum computer.

The standard specifes the mathematical steps that need to be performed for key generation, signature generation, and signature verifcation.

FIPS 205 was initially published as a draft on August 24, 2023, with a public comment period that concluded on November 22, 2023. Following the public comment period, necessary revisions were made to address feedback, and NIST aims to finalize and publish the standard for use in 2024.

Applications:

FIPS 205 can be applied in multiple scenarios where secure digital signatures are essential, including:

  • Ensuring the integrity and authenticity of digital communications, documents, and transactions.
  • Utilizing quantum-resistant signatures within various cryptographic protocols and systems.
  • Implementing secure and verifiable signatures for sensitive and classified governmental and military communications.
  • Enhancing the security of electronic transactions, contracts, and records within financial systems.
  • Ensuring the authenticity and integrity of software updates and installations to prevent tampering and unauthorized alterations.

SLH-DSA advantages over classical digital signature algorithms

Stateless Hash-Based Digital Signature Algorithm (SLH-DSA), such as those based on the SPHINCS+, offer several significant advantages over classical digital signature algorithms like RSA or ECDSA (Elliptic Curve Digital Signature Algorithm). Here are some of the key benefits:

  • SLH-DSA is expected to provide resistance to attacks from a large-scale quantum computer. Classical algorithms like RSA and ECDSA can be broken by quantum algorithms (e.g., Shor’s algorithm), rendering them insecure in a post-quantum world.
  • SLH-DSA algorithm offer a good balance between security and performance, with efficient key generation, signing, and verification operations.
  • While classical algorithms may require increasingly larger key sizes to maintain security as computational power increases, SLH-DSA algorithms typically provide strong security with more manageable key and signature sizes,
  • SLH-DSA algorithms often come with different parameter sets, allowing users to choose configurations that balance security and performance based on specific needs.

SLH-DSA - Parameter set summary

  • SLH-DSA-SHAKE-256f - security category 5
  • Public key size - 64 bytes
  • Private key size - 128 bytes
  • Signature size - 49 856 bytes

NIST’s Known Answer Tests (KAT)

The TQ42 Cryptography SLH-DSA algorithm implementation has successfully passed the Known Answer Tests (KAT) provided by NIST. This confirms that the algorithm performs reliably as anticipated. For those interested in a deeper dive into the specifics of these tests, they are available for review.

Leveraging SLH-DSA and True Entropy

The customization of the SLH-DSA algorithm within TQ42 Cryptography is designed to work in synergy with true entropy, sourced from the Single Photon Quantum Random Number Generator (QRNG). This technology ensures that the randomness required for cryptographic keys is of the highest quality, providing unparalleled security for company data. Since the effectiveness of any cryptographic algorithm heavily relies on the randomness of its keys, incorporating QRNG derived true entropy with TQ42’s customized SLH-DSA algorithm ensures that your company’s sensitive information is safeguarded in the most robust manner possible.

API overview

To include the necessary library, please refer to the Getting Started Guide. After following the guide, include the pqc/slh-dsa.h header in your code. All Signature Schemes algorithms have a unified API. For SLH-DSA, you can set the algorithm to work using the constant PQC_CIPHER_SLH_DSA_SHAKE_256F_DRAFT. To learn about all the available methods for signature algorithms, visit the Signature Schemes Generic API Overview page.

Example

Code

#include <iostream>
#include <vector>

#include <pqc/common.h>
#include <pqc/slh-dsa.h>

// Macros simplify the creation of byte vectors for SLH-DSA private and public keys
#define SLH_DSA_PRIVATE_KEY(x) std::vector<uint8_t> x(sizeof(pqc_slh_dsa_private_key))
#define SLH_DSA_PUBLIC_KEY(x) std::vector<uint8_t> x(sizeof(pqc_slh_dsa_public_key))
#define SLH_DSA_SIGNATURE(x) std::vector<uint8_t> x(sizeof(pqc_slh_dsa_signature))

int main()
{
    SLH_DSA_PRIVATE_KEY(priv_alice);
    SLH_DSA_PUBLIC_KEY(pub_alice);
    SLH_DSA_SIGNATURE(signature);

    // Generate a SLH-DSA key pair for Alice
    size_t generateResult = PQC_generate_key_pair(
        PQC_CIPHER_SLH_DSA_SHAKE_256F, pub_alice.data(), pub_alice.size(), priv_alice.data(), priv_alice.size()
    );

    // Check if key generation was successful
    if (generateResult != PQC_OK)
    {
        std::cout << "Key generation failed!" << std::endl;
    }

    CIPHER_HANDLE SLH_DSA_ContextAlice =
        PQC_init_context(PQC_CIPHER_SLH_DSA_SHAKE_256F, priv_alice.data(), priv_alice.size());
    if (SLH_DSA_ContextAlice == PQC_BAD_CIPHER)
    {
        std::cout << "Failed to initialize cryptographic context!" << std::endl;
    }

    // Define a message that will be signed using SLH-DSA signature algorithm
    char message[] = "Here is my message I will sign by SLH-DSA signature algorithm!";

    // Sign the message with SLH-DSA algorithm using Alice's context
    size_t signResult =
        PQC_sign(SLH_DSA_ContextAlice, (uint8_t *)message, sizeof(message), signature.data(), signature.size());

    // Check if the signing process was successful
    if (signResult != PQC_OK)
    {
        std::cout << "Signing process failed!" << std::endl;
    }

    // Attempt to verify the signature of the signed message using Alice's public key
    size_t verifyResult = PQC_verify(
        PQC_CIPHER_SLH_DSA_SHAKE_256F, pub_alice.data(), pub_alice.size(), (uint8_t *)message, sizeof(message),
        signature.data(), signature.size()
    );

    // Check the result of the signature verification
    if (verifyResult == PQC_OK)
    {
        std::cout << "Signature is valid!" << std::endl;
    }
    else
    {
        std::cout << "Signature verification failed!" << std::endl;
    }

    return 0;
}

© Copyright 2024, Terra Quantum AG.