Niels Möller <[email protected]> writes:

>   void
>   dsa_slh_shake128_sign (const uint8_t *pub,
>                          const uint8_t *priv,                    
>                          size_t length, const uint8_t *msg,
>                          uint8_t *signature);
...
> Another naming question, should it be dsa_slh_shake128, or maybe
> dsa_slh128_shake ? There's a shake128 algorithm, but that's *not* used
> for dsa-slh, it uses shake256. Instead, 128/192/256 refers to the size
> of the values used internally in slh-dsa and in the resulting signature.

It would be nice to get naming right...  some considerations:

- SPHINCS+ is the original name, and is the only one with a stable
  specification:
  https://sphincs.org/data/sphincs+-round3-submission-nist.zip

- The DSA-SLH specification aren't final, are they?  NIST is known to
  make last minute incompatible changes that can complicate naming, or
  make a small change in five years that modify the algorithm.

- https://github.com/sphincs/sphincsplus has a table with names of the
  core primitives that are available, but the hash choice needs to be
  added too.

- Using "s" (for "small") and "f" (for "fast") variants is in common
  use.

- Round 2 submission of SPHINCS+ introduced the variants "simple" and
  "robust" which has consequences for naming.

The most complete list of parameter names I can find is page 55 of the
round 3 submission, I'm including the complete list of variants below.

Some ideas based on the above:

  void
  sphincp_128ss_sha2_sign (const uint8_t *pub,
                           const uint8_t *priv,                    
                           size_t length, const uint8_t *msg,
                           uint8_t *signature);

  sphincp_192fr_sha3_sign (const uint8_t *pub,

  sphincp_192fr_sha3_sign (const uint8_t *pub,

Or more expanded as

  sphincp_smallsimple128_sha2_sign (const uint8_t *pub,
  sphincp_fastrobust192_sha2_sign (const uint8_t *pub,
  sphincp_fastsimple256_sha3_sign (const uint8_t *pub,

Using 'sha2' and 'sha3' seems clearer than including hash size like
'shake256' or 'sha256'.

Expanding 'small', 'fast, 'simple' and 'robust' may avoid some
confusion.  I've made the mistake of confusing 'small' with 'simple'
when I used 's' myself.

/Simon

SPHINCS+ -SHAKE256-128s-simple
SPHINCS+ -SHAKE256-128s-robust
SPHINCS+ -SHAKE256-128f-simple
SPHINCS+ -SHAKE256-128f-robust
SPHINCS+ -SHAKE256-192s-simple
SPHINCS+ -SHAKE256-192s-robust
SPHINCS+ -SHAKE256-192f-simple
SPHINCS+ -SHAKE256-192f-robust
SPHINCS+ -SHAKE256-256s-simple
SPHINCS+ -SHAKE256-256s-robust
SPHINCS+ -SHAKE256-256f-simple
SPHINCS+ -SHAKE256-256f-robust

SPHINCS+ -SHA-256-128s-simple
SPHINCS+ -SHA-256-128s-robust
SPHINCS+ -SHA-256-128f-simple
SPHINCS+ -SHA-256-128f-robust
SPHINCS+ -SHA-256-192s-simple
SPHINCS+ -SHA-256-192s-robust
SPHINCS+ -SHA-256-192f-simple
SPHINCS+ -SHA-256-192f-robust
SPHINCS+ -SHA-256-256s-simple
SPHINCS+ -SHA-256-256s-robust
SPHINCS+ -SHA-256-256f-simple
SPHINCS+ -SHA-256-256f-robust

SPHINCS+ -Haraka-128s-simple
SPHINCS+ -Haraka-128s-robust
SPHINCS+ -Haraka-128f-simple
SPHINCS+ -Haraka-128f-robust
SPHINCS+ -Haraka-192f-simple
SPHINCS+ -Haraka-192f-robust
SPHINCS+ -Haraka-192s-simple
SPHINCS+ -Haraka-192s-robust
SPHINCS+ -Haraka-256f-simple
SPHINCS+ -Haraka-256f-robust
SPHINCS+ -Haraka-256s-simple
SPHINCS+ -Haraka-256s-robust

SPHINCS+ -Haraka-128s-simple
SPHINCS+ -Haraka-128s-robust
SPHINCS+ -Haraka-128f-simple
SPHINCS+ -Haraka-128f-robust
SPHINCS+ -Haraka-192s-simple
SPHINCS+ -Haraka-192s-robust
SPHINCS+ -Haraka-192f-simple
SPHINCS+ -Haraka-192f-robust
SPHINCS+ -Haraka-256s-simple
SPHINCS+ -Haraka-256s-robust
SPHINCS+ -Haraka-256f-simple
SPHINCS+ -Haraka-256f-robust

SPHINCS+ -SHA-256-128s-simple
SPHINCS+ -SHA-256-128s-robust
SPHINCS+ -SHA-256-128f-simple
SPHINCS+ -SHA-256-128f-robust
SPHINCS+ -SHA-256-192s-simple
SPHINCS+ -SHA-256-192s-robust
SPHINCS+ -SHA-256-192f-simple
SPHINCS+ -SHA-256-192f-robust
SPHINCS+ -SHA-256-256s-simple
SPHINCS+ -SHA-256-256s-robust
SPHINCS+ -SHA-256-256f-simple
SPHINCS+ -SHA-256-256f-robust

SPHINCS+ -SHAKE256-128s-simple
SPHINCS+ -SHAKE256-128s-robust
SPHINCS+ -SHAKE256-128f-simple
SPHINCS+ -SHAKE256-128f-robust
SPHINCS+ -SHAKE256-192s-simple
SPHINCS+ -SHAKE256-192s-robust
SPHINCS+ -SHAKE256-192f-simple
SPHINCS+ -SHAKE256-192f-robust
SPHINCS+ -SHAKE256-256s-simple
SPHINCS+ -SHAKE256-256s-robust
SPHINCS+ -SHAKE256-256f-simple
SPHINCS+ -SHAKE256-256f-robust

Attachment: signature.asc
Description: PGP signature

_______________________________________________
nettle-bugs mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to