search

sphincs / sphincsplus

The SPHINCS+ reference code, accompanying the submission to NIST's Post-Quantum Cryptography project
https://sphincs.org
Other
131 stars 44 forks source link

Api.h comment with key format is switched? #53

Open Muzosh opened 1 year ago

Muzosh commented 1 year ago

Hi,

I have generated a sphincs+-sha256-256s-simple keypair and looked at their contents. I think the format in the comment section might be incorrect: https://github.com/sphincs/sphincsplus/blob/06f42f47491085ac879a72b486ca8edb10891963/ref/api.h#LL44C1-L49C63

According to the comment, the order of "root" and "PUB_SEED" should be switched in SK and PK. But looking at the bytes, the PK is appended to the SK as is, without switching any order of components.

Either my implementation is wrong, or the comment should contain something like this:

/*
 * Generates a SPHINCS+ key pair given a seed.
 * Format sk: [SK_SEED || SK_PRF || root || PUB_SEED]
 * Format pk: [root || PUB_SEED]
 */

or

/*
 * Generates a SPHINCS+ key pair given a seed.
 * Format sk: [SK_SEED || SK_PRF || PUB_SEED || root]
 * Format pk: [PUB_SEED || root]
 */

...depending on what is actually first in PK, root or PUB_SEED (I'm not sure, didn't have chance to study SPHINCS that much yet).

Kaisiiii commented 7 months ago

According the NIST standard, it should be the latter. I think there exsits some inconsistencies between current codes and NIST SLH-DSA standard, such as computation of the subtree's public key which is should be a hashed value of the permutation of all wots-chain public key according the standard. But I am not sure if I misunderstood in some process.