I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Unverified Commit efc11074 authored by zzz's avatar zzz
Browse files

additional prop. 169 updates

parent 882f7ed1
No related branches found
No related tags found
No related merge requests found
......@@ -159,7 +159,9 @@ We will use the "hedged" or randomized signing variant,
not the "determinstic" variant, as defined in [FIPS204]_ section 3.4.
This ensures that each signature is different, even when over the same data,
and provides additional protection against side-channel attacks.
See the implementation notes section below.
See the implementation notes section below for additional details
about algorithm choices including encoding and context.
The new signature types are:
......@@ -1773,6 +1775,15 @@ While [FIPS204]_ specifies that the "hedged" variant is the default,
this may or may not be true in various libraries.
Implementors must ensure that the "hedged" variant is used for signing.
We use the normal signing process (called Pure ML-DSA Signature Generation)
which encodes the message internally as 0x00 || len(ctx) || ctx || message,
where ctx is some optional value of size 0x00..0xFF.
We are not using any optional context. len(ctx) == 0.
This process is defined in [FIPS204]_ Algorithm 2 step 10 and Algorithm 3 step 5.
Note that some published test vectors may require setting a mode
where the message is not encoded.
Reliability
-----------
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment