Niels Möller <[email protected]> writes:
> An update: I've now added support for slh-dsa-shake-128s and
> slh-dsa-shake-128f to the master branch. I think I'll look at
> sha2-variants next, I'm also curious about their performance.
I now have a work in progress implementation, and on this machine with
sha_ni instructions, it appears to be considerably faster than sha3/shake:
name size sign/s verify/s
slh-dsa-shake-s 128 0.80 1073.93
slh-dsa-shake-f 128 21.76 365.65
slh-dsa-sha2-s 128 6.31 7507.65
But there are still some bugs, and it would be help a lot both for
actual debugging and for confidence, to have authoritative test vectors.
There are none in the spec, none (for the sha2 flavors) in
https://github.com/smuellerDD/leancrypto/tree/master/slh-dsa/tests, and
I'm having some difficulty locating test vectors elsewhere. (I also
checked Zoltan's patch that started this development, but that was also
shake only).
I think I can find some test vectors at
http://sphincs.org/resources.html, but unclear if that would apply to
the NIST version (which differs in some details). Do any of you know
where to find test vectors for the NIST version of SLH-DSA-SHA2-*?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list -- [email protected]
To unsubscribe send an email to [email protected]
