search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.31k stars 1.14k forks source link

SphincsPlus comes with robust algorithms only #1443

Closed fsolms closed 1 year ago

fsolms commented 1 year ago

Hi there,

I am currently working on an implementation of the PQC-Algorithm Sphincs+ for a project and noticed that the simple versions of Sphincs+ are not yet completely included in Bouncycastle. For example, in /pqc/crypto/util/Utils.java or /asn1/bc/BCObjectIdentifiers.java, only the robust versions are included, whereas the simple version is included in /pqc/crypto/sphincsplus/SPHINCSPlusParameters.java .

Is this a topic that you are still working on or is there a reason to why the simple versions are partially left out?

Thanks and best regards!

dghgit commented 1 year ago

Ah... yes, okay, no just hadn't gotten around to it. They should now be available in https://www.bouncycastle.org/betas 176b05 or later. Let us know how you go.

dghgit commented 1 year ago

Fixed in 1.76.

fsolms commented 7 months ago

Hi again, so, the simple versions are included, but the mapping of the OIDs seems to point to the "sphincsPlus_interop"-ones, whereas the robust versions already point to the R3-OIDs.

To test this I implemented the following java-Code:

void testSphincsPlus() {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("SPHINCSPLUS", BouncyCastleProvider.PROVIDER_NAME);
        kpg.initialize(SPHINCSPlusParameterSpec.fromName(SPHINCSPlusParameterSpec.sha2_256s_robust.getName()));
        KeyPair keyPair = kpg.generateKeyPair();
        PublicKey pubKey = keyPair.getPublic();

        AlgorithmIdentifier firstRootSeqObject = AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(pubKey.getEncoded()).getObjectAt(0));

        kpg.initialize(SPHINCSPlusParameterSpec.fromName(SPHINCSPlusParameterSpec.sha2_256s.getName()));
        keyPair = kpg.generateKeyPair();
        pubKey = keyPair.getPublic();

        firstRootSeqObject = AlgorithmIdentifier.getInstance(ASN1Sequence.getInstance(pubKey.getEncoded()).getObjectAt(0));
    }

To my surprise, the firstRootSeqObject of the robust version gives 1.3.6.1.4.1.22554.2.5.13 whereas the one of the simple version gives 1.3.9999.6.6.12.

Is it me or is there some mapping incomplete for the simple version?

dghgit commented 7 months ago

I'm sorry, but I don't quite understand this one - what's coming back sounds correct. We're sticking to the interop oids where possible. Would you provide some more information as to what you think the issue is?

It's worth noting that the robust parameter sets will be going away - it's also likely we'll see some of the simple ones disappear to.

fsolms commented 7 months ago

You're right, there has been a missunderstanding on my side. You map the simple verisons correctly to the interop-OIDs and that is fine. Thanks for the clarification!