Niels Möller <[email protected]> writes: > Niels Möller <[email protected]> writes: > >> I'm tempted to try to write a minimal implementation of just >> SLH-DSA-SHAKE-128s from the spec, to get a better understanding. > > I've made some progress at that
And now it appears to pass tests, also for the top-level sign and verify functions. I think structure is a bit different, separate sign and verify functions for each building block, and no conditional outputs in the middle of the code. There are no memcpy calls except for handling the "addr" arrays. (I'mnot so happy with the addr handling in my code; almost all bugs I had to fix were related to missing initialization or confusion on which fields in the address were expected to be assigned or cleared on entry to the various functions; I'd consider refactoring to have most or all functions take structured inputs (e.g, uint64_t tree_idx) instead of the addr arguments, and do local serialization where needed). If this code will be useful for Nettle remains to be seen, but I hope it at least can provide some inspiration. Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
