LMS implementation in Rust according to the IETF RFC 8554. This implementation is binary compatible with the reference implementation found here: hash-sigs.
This crate does not require the standard library (i.e. no_std capable) and can be easily used for bare-metal programming.
A demo application is located in the examples folder to demonstrate the use of the library.
This demo application can be used in the console as follows:
```
mykey.priv, mykey.pub with merkle tree height 10 and winternitz parameter 2cargo run --release --example lms-demo -- genkey mykey 10/2
message.txt.sigcargo run --release --example lms-demo -- sign mykey message.txt
message.txt with message.txt.sig against mykey.pubcargo run --release --example lms-demo -- verify mykey message.txt ```
The naming in the RFC is done by using a single character. To allow for a better understanding of the implementation, we have decided to use more descriptive designations. The following table shows the mapping between the RFC and the library naming including a short description.
| RFC Naming | Library Naming | Meaning | |------------|----------------------|-----------------------------------------------------------| | I | lmstreeidentifier | 16-byte random value to identify a single LMS tree | | q | lmsleafidentifier | 4-byte value to identify all leafs in a single LMS tree | | C | signaturerandomizer | 32-byte random value added to every signature | | Q | messagehash | Output of hashed message together with I, q, DMESG and C | | y | signaturedata | The actual data of the signature | | p | maxhashiterations | The maximum value of hash iterations | | ls | checksumleftshift | How many bits the checksum is shifted into the coef-value | | n | hashfunctionoutputsize | Number of bytes that the lmots hash functions generates | | m | hashfunctionoutput_size | Number of bytes that the lms hash functions generates |
The crate in this repository supports Rust 1.53 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
This work is licensed under terms of the Apache-2.0 license (see LICENSE file).
Any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be licensed as above, without any additional terms or conditions.