Representation of an LMOTS private key. More...

#include <lm_ots.h>

Inheritance diagram for Botan::LMOTS_Private_Key:

Public Member Functions
const LMOTS_Node &	chain_input (uint16_t chain_idx) const
	The secret chain input at a given chain index. (x[] in RFC 8554 4.2).

const LMS_Identifier &	identifier () const
	The LMS identifier of the LMS tree containing this OTS instance ('I' in RFC 8554)

	LMOTS_Private_Key (const LMOTS_Params &params, const LMS_Identifier &identifier, LMS_Tree_Node_Idx q, const LMS_Seed &seed)
	Derive a LMOTS private key for a given `seed`.

const LMOTS_Params &	params () const
	The LMOTS parameters.

LMS_Tree_Node_Idx	q () const
	The index of the LMS tree leaf associated with this OTS instance.

void	sign (StrongSpan< LMOTS_Signature_Bytes > out_sig, const LMS_Message &msg) const
	Generate a new LMOTS signature.

Detailed Description

Representation of an LMOTS private key.

Contains the OTS params, I, q, the secret LMS seed and its derived secret chain inputs (x[] in RFC 8554 4.2)

Definition at line 257 of file lm_ots.h.

Constructor & Destructor Documentation

◆ LMOTS_Private_Key()

Botan::LMOTS_Private_Key::LMOTS_Private_Key	(	const LMOTS_Params &	params,
		const LMS_Identifier &	identifier,
		LMS_Tree_Node_Idx	q,
		const LMS_Seed &	seed )

Derive a LMOTS private key for a given seed.

Implements RFC 8554 4.2 using derivation of Appendix A

Definition at line 259 of file lm_ots.cpp.

                                                           :
      OTS_Instance(params, identifier, q), m_seed(seed) {
   PseudorandomKeyGeneration gen(identifier);
   const auto hash = params.hash();
 
   gen.set_q(q.get());
   gen.set_j(0xff);
 
   for(uint16_t i = 0; i < params.p(); ++i) {
      gen.set_i(i);
      m_ots_sk.push_back(gen.gen<LMOTS_Node>(*hash, seed));
   }
}

References Botan::PseudorandomKeyGeneration::gen(), Botan::detail::Strong_Base< T >::get(), Botan::LMOTS_Params::hash(), Botan::OTS_Instance::identifier(), Botan::LMOTS_Params::p(), Botan::OTS_Instance::params(), Botan::OTS_Instance::q(), Botan::PseudorandomKeyGeneration::set_i(), Botan::PseudorandomKeyGeneration::set_j(), and Botan::PseudorandomKeyGeneration::set_q().

Member Function Documentation

◆ chain_input()

const LMOTS_Node & Botan::LMOTS_Private_Key::chain_input ( uint16_t chain_idx ) const

inline

The secret chain input at a given chain index. (x[] in RFC 8554 4.2).

Definition at line 272 of file lm_ots.h.

272{ return m_ots_sk.at(chain_idx); }

Referenced by Botan::LMOTS_Public_Key::LMOTS_Public_Key(), and sign().

◆ identifier()

const LMS_Identifier & Botan::OTS_Instance::identifier ( ) const

inlineinherited

The LMS identifier of the LMS tree containing this OTS instance ('I' in RFC 8554)

Definition at line 238 of file lm_ots.h.

238{ return m_identifier; }

Referenced by LMOTS_Private_Key(), Botan::LMOTS_Public_Key::LMOTS_Public_Key(), and sign().

◆ params()

const LMOTS_Params & Botan::OTS_Instance::params ( ) const

inlineinherited

The LMOTS parameters.

Definition at line 233 of file lm_ots.h.

233{ return m_params; }

Referenced by LMOTS_Private_Key(), Botan::LMOTS_Public_Key::LMOTS_Public_Key(), and sign().

◆ q()

LMS_Tree_Node_Idx Botan::OTS_Instance::q ( ) const

inlineinherited

The index of the LMS tree leaf associated with this OTS instance.

Definition at line 243 of file lm_ots.h.

243{ return m_q; }

Referenced by LMOTS_Private_Key(), Botan::LMOTS_Public_Key::LMOTS_Public_Key(), and sign().

◆ sign()

void Botan::LMOTS_Private_Key::sign	(	StrongSpan< LMOTS_Signature_Bytes >	out_sig,
		const LMS_Message &	msg ) const

Generate a new LMOTS signature.

Defined in RFC 8554 4.5

Definition at line 276 of file lm_ots.cpp.

                                                                                                    {
   BOTAN_ARG_CHECK(out_sig.size() == LMOTS_Signature::size(params()), "Invalid output buffer size");
   BufferStuffer sig_stuffer(out_sig);
   const auto hash = params().hash();
   sig_stuffer.append(store_be(params().algorithm_type()));
   const auto C = sig_stuffer.next(params().n());
 
   // Since we do not store the signatures of the lms trees in the HSS sk,
   // we need deterministic signatures to avoid reusing a OTS key to generate multiple signatures.
   // See also: https://github.com/cisco/hash-sigs/blob/b0631b8891295bf2929e68761205337b7c031726/lm_ots_sign.c#L110-L115
   derive_random_C(C, *hash);
   CT::unpoison(C);  // contained in signature
 
   const auto Q_with_cksm = gen_Q_with_cksm(params(), identifier(), q(), C, msg);
 
   Chain_Generator chain_gen(identifier(), q());
   for(uint16_t i = 0; i < params().p(); ++i) {
      const auto y_i = sig_stuffer.next(params().n());
      const uint8_t a = coef(Q_with_cksm, i, params());
      chain_gen.process(*hash, i, 0, a, chain_input(i), y_i);
   }
   BOTAN_ASSERT_NOMSG(sig_stuffer.full());
}

References Botan::BufferStuffer::append(), BOTAN_ARG_CHECK, BOTAN_ASSERT_NOMSG, chain_input(), Botan::BufferStuffer::full(), Botan::LMOTS_Params::hash(), Botan::OTS_Instance::identifier(), Botan::BufferStuffer::next(), Botan::LMOTS_Params::p(), Botan::OTS_Instance::params(), Botan::OTS_Instance::q(), Botan::LMOTS_Signature::size(), Botan::StrongSpan< T >::size(), Botan::store_be(), and Botan::CT::unpoison().

Referenced by Botan::LMS_PrivateKey::sign_and_get_pk().

The documentation for this class was generated from the following files:

src/lib/pubkey/hss_lms/lm_ots.h
src/lib/pubkey/hss_lms/lm_ots.cpp

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ LMOTS_Private_Key()

Member Function Documentation

◆ chain_input()

◆ identifier()

◆ params()

◆ q()

◆ sign()