Botan::XMSS_WOTS_PrivateKey Class Reference

#include <xmss_wots.h>

Inheritance diagram for Botan::XMSS_WOTS_PrivateKey:

Public Member Functions
const wots_keysig_t &	key_data () const
wots_keysig_t	sign (const secure_vector< uint8_t > &msg, std::span< const uint8_t > public_seed, XMSS_Address &adrs, XMSS_Hash &hash)
	XMSS_WOTS_PrivateKey (XMSS_WOTS_Parameters params, std::span< const uint8_t > private_seed, XMSS_Address adrs, XMSS_Hash &hash)
	XMSS_WOTS_PrivateKey (XMSS_WOTS_Parameters params, std::span< const uint8_t > public_seed, std::span< const uint8_t > private_seed, XMSS_Address adrs, XMSS_Hash &hash)

Protected Attributes
wots_keysig_t	m_key_data
XMSS_WOTS_Parameters	m_params

Detailed Description

A Winternitz One Time Signature private key for use with Extended Hash-Based Signatures.

Definition at line 101 of file xmss_wots.h.

Constructor & Destructor Documentation

XMSS_WOTS_PrivateKey() [1/2]

Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey	(	XMSS_WOTS_Parameters	params,
		std::span< const uint8_t >	public_seed,
		std::span< const uint8_t >	private_seed,
		XMSS_Address	adrs,
		XMSS_Hash &	hash
	)

Algorithm 3: "Generating a WOTS+ Private Key". Generates a private key.

Note that this is implemented according to the recommendations in NIST SP.800-208 Section 6.2 to avoid a multi-target attack vulnerability. This does not influence the sign/verify interoperability with implementations that do not implement this recommendation.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters

params	The WOTS parameters to use
public_seed	The public seed for the private key generation
private_seed	The private seed for the private key generation
adrs	The address of the key to retrieve.
hash	Instance of XMSS_Hash, that may only be used by the thread executing at.

Definition at line 146 of file xmss_wots.cpp.

   : XMSS_WOTS_Base(std::move(params))
   {
   m_key_data.resize(m_params.len());
   for(size_t i = 0; i < m_params.len(); ++i)
      {
      adrs.set_chain_address(static_cast<uint32_t>(i));
      const auto data = concat_as<std::vector<uint8_t>>(public_seed, adrs.bytes());
      hash.prf_keygen(m_key_data[i], private_seed, data);
      }
   }

References Botan::XMSS_Address::bytes(), Botan::XMSS_WOTS_Parameters::len(), Botan::XMSS_WOTS_Base::m_key_data, Botan::XMSS_WOTS_Base::m_params, Botan::XMSS_Hash::prf_keygen(), and Botan::XMSS_Address::set_chain_address().

XMSS_WOTS_PrivateKey() [2/2]

Botan::XMSS_WOTS_PrivateKey::XMSS_WOTS_PrivateKey	(	XMSS_WOTS_Parameters	params,
		std::span< const uint8_t >	private_seed,
		XMSS_Address	adrs,
		XMSS_Hash &	hash
	)

Constructor for the old derivation logic. Creates a WOTS+ private key using the old key derivation logic, i.e. the logic WITHOUT the recommendations in NIST SP.800-208. It is used to support XMSS_PrivateKeys created before the derivation logic was updated.

Parameters

params	The WOTS parameters to use
private_seed	The private seed for the private key generation
adrs	The address of the key to retrieve.
hash	Instance of XMSS_Hash, that may only be used by the thread executing it.

Definition at line 164 of file xmss_wots.cpp.

   : XMSS_WOTS_Base(std::move(params))
   {
   m_key_data.resize(m_params.len());
 
   secure_vector<uint8_t> r;
   hash.prf(r, private_seed, adrs.bytes());
 
   for(size_t i = 0; i < m_params.len(); ++i)
      {
      XMSS_Tools::concat<size_t>(m_key_data[i], i, 32);
      hash.prf(m_key_data[i], r, m_key_data[i]);
      }
   }

References Botan::XMSS_Address::bytes(), Botan::XMSS_WOTS_Parameters::len(), Botan::XMSS_WOTS_Base::m_key_data, Botan::XMSS_WOTS_Base::m_params, and Botan::XMSS_Hash::prf().

Member Function Documentation

key_data()

const wots_keysig_t & Botan::XMSS_WOTS_Base::key_data ( ) const

inlineinherited

Definition at line 40 of file xmss_wots.h.

{ return m_key_data; }

References Botan::XMSS_WOTS_Base::m_key_data.

Referenced by sign().

sign()

wots_keysig_t Botan::XMSS_WOTS_PrivateKey::sign	(	const secure_vector< uint8_t > &	msg,
		std::span< const uint8_t >	public_seed,
		XMSS_Address &	adrs,
		XMSS_Hash &	hash
	)

Algorithm 5: "WOTS_sign" Generates a signature from a private key and a message.

This overload is used in multithreaded scenarios, where it is required to provide seperate instances of XMSS_Hash to each thread.

Parameters

msg	A message to sign.
public_seed	The public seed to use for the signature
adrs	An OTS hash address identifying the WOTS+ key pair used for signing.
hash	Instance of XMSS_Hash, that may only be used by the thread executing sign.

Returns

signature for msg.

Definition at line 124 of file xmss_wots.cpp.

   {
   secure_vector<uint8_t> msg_digest
      {
      m_params.base_w(msg, m_params.len_1())
      };
 
   m_params.append_checksum(msg_digest);
   auto sig = this->key_data();
 
   for(size_t i = 0; i < m_params.len(); i++)
      {
      adrs.set_chain_address(static_cast<uint32_t>(i));
      chain(m_params, sig[i], 0 , msg_digest[i], adrs, public_seed, hash);
      }
 
   return sig;
   }

References Botan::XMSS_WOTS_Parameters::append_checksum(), Botan::XMSS_WOTS_Parameters::base_w(), Botan::XMSS_WOTS_Base::key_data(), Botan::XMSS_WOTS_Parameters::len(), Botan::XMSS_WOTS_Parameters::len_1(), Botan::XMSS_WOTS_Base::m_params, and Botan::XMSS_Address::set_chain_address().

Member Data Documentation

m_key_data

wots_keysig_t Botan::XMSS_WOTS_Base::m_key_data

protectedinherited

Definition at line 44 of file xmss_wots.h.

Referenced by Botan::XMSS_WOTS_Base::key_data(), XMSS_WOTS_PrivateKey(), and Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey().

m_params

XMSS_WOTS_Parameters Botan::XMSS_WOTS_Base::m_params

protectedinherited

Definition at line 43 of file xmss_wots.h.

Referenced by sign(), XMSS_WOTS_PrivateKey(), and Botan::XMSS_WOTS_PublicKey::XMSS_WOTS_PublicKey().

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/xmss/xmss_wots.h
• src/lib/pubkey/xmss/xmss_wots.cpp