search

XMSS / xmss-reference

Repository for the XMSS reference code, accompanying RFC 8391, XMSS: eXtended Merkle Signature Scheme
https://tools.ietf.org/html/rfc8391
Creative Commons Zero v1.0 Universal
49 stars 45 forks source link

fast and "general" versions are not interoperable #17

Open a-romm opened 1 year ago

a-romm commented 1 year ago 
(linux_crypto) developer@9a6f15be17ac:~/python-virtual-environments/linux/linux_crypto/xmss-reference/ui$ ./xmss_keypair XMSS-SHA2_10_256 > ref.key
(linux_crypto) developer@9a6f15be17ac:~/python-virtual-environments/linux/linux_crypto/xmss-reference/ui$ ./xmss_sign_fast ref.key message.txt > msg_signed.txt
Segmentation fault
(linux_crypto) developer@9a6f15be17ac:~/python-virtual-environments/linux/linux_crypto/xmss-reference/ui$ ./xmss_keypair_fast XMSS-SHA2_10_256 > fast.key
(linux_crypto) developer@9a6f15be17ac:~/python-virtual-environments/linux/linux_crypto/xmss-reference/ui$ ./xmss_sign_fast fast.key message.txt > msg_signed.txt
lucasperin commented 1 year ago

Hi @a-romm ,

Indeed it will not work since the "general" version does not initialize the BDS state. For example, you can see that the fast key in your example has 1.5K bytes while the general has 204.

The BDS state is optional, so this is up to your own implementation. In this reference implementation, they do not check if you are providing the BDS state at run time. So I don't think this this is an issue since this project is not supposed to be deployed, use it for cross validation.