Commit ce4ca018 authored by Lena Heimberger's avatar Lena Heimberger
Browse files
parents d178abfa 11c7f449
......@@ -7,45 +7,83 @@ The main motivation for this project was to write a high-level implementation of
Competition candidate SPHINCS+, a post-quantum secure hash-based digital signature scheme. The code is optimized for readability and straightforward usability. It aims to be faithful to the pseudocode in the [specification](https://sphincs.org/data/sphincs+-specification.pdf) to aid understanding of the signature scheme.
## Performance
Averaged over 100 iterations with random message input, the following signature and verification duration was measured.
### todo while computer at rest
Averaged over 100 iterations with random message input, the following signature and verification duration was measured on an ```Intel i7-4600U CPU @ 2.10GHz``` running ```Ubuntu 19.19```.
|SPHINCS+ flavor | time for signature generation<br> in milliseconds | time for signature verification in microseconds| signature size in bytes|
|---------------------|-----------|---------|------|
|haraka-128f-simple | 62.08 | 136.754 | 33953|
|haraka-128f-robust | 98.42 | 66.958 | 33953|
|haraka-128s-simple | 886.33 | 106.388 | 16161|
|haraka-128s-robust | 1472.69 | 108.196 | 16161|
|haraka-192f-simple | 70.79 | 41.1335 | 71329|
|haraka-192f-robust | 118.85 | 48.214 | 71329|
|haraka-192s-simple | 1980.39 | 108.540 | 34129|
|haraka-192s-robust | 3470.14 | 107.067 | 34129|
|haraka-256f-simple | 157.92 | 51.186 | 98433|
|haraka-256f-robust | 270.52 | 92.947 | 98433|
|haraka-256s-simple | 1373.39 | 109.219 | 59585|
|haraka-256s-robust | 2357.26 | 109.212 | 59585|
|sha256-128f-simple | 141.34 | 13.780 | 33953|
|sha256-128f-robust | 235.69 | 6.539 | 33953|
|sha256-128s-simple | 1989.43 | 17.648 | 16161|
|sha256-128s-robust | 3443.2 | 18.637 | 16161|
|sha256-192f-simple | 177.13 | 5.526 | 71329|
|sha256-192f-robust | 315.94 | 8.446 | 71329|
|sha256-192s-simple | 4423.59 | 17.785 | 34129|
|sha256-192s-robust | 7752.09 | 18.457 | 34129|
|sha256-256f-simple | 389.57 | 9.698 | 98433|
|sha256-256f-robust | 862.55 | 15.438 | 98433|
|sha256-256s-simple | 3264.95 | 19.018 | 59585|
|sha256-256s-robust | 7187.59 | 18.411 | 59585|
|shake256-128f-simple | 127.43 | 3.929 | 33953|
|shake256-128f-robust | 237.02 | 2.078 | 33953|
|shake256-128s-simple | 1928.36 | 3.658 | 16161|
|shake256-128s-robust | 3585.81 | 4.122 | 16161|
|shake256-192f-simple | 169.22 | 2.410 | 71329|
|shake256-192f-robust | 332.33 | 2.741 | 71329|
|shake256-192s-simple | 4057.12 | 4.025 | 34129|
|shake256-192s-robust | 7097.68 | 4.512 | 34129|
|shake256-256f-simple | 357.6 | 2.542 | 98433|
|shake256-256f-robust | 669.73 | 3.173 | 98433|
|shake256-256s-simple | 3013.07 | 4.643 | 59585|
|shake256-256s-robust | 5632.6 | 4.550 | 59585|
### Use case
SPHINCS+ rapidly verifies signed documents and the overhead for PDF documents is quite small. This improves the user experience. For reference, we [digitally signed the SPHINCS+ specification](https://extgit.iaik.tugraz.at/krypto/javasphincsplus/-/blob/master/examples/sphincs+-specification_signed.pdf).
In case the interested user would like to verify the signed specification, the authors unfortunately do not have knowledge of a PDF viewer being able to decode SPHINCS+ signatures or accepting our homebrewed certificate, but the verification time is equivalent to the times shown in the table.
## Used Libraries
Haraka is implemented without any dependencies. Please be aware that, if you are using a CPU without AES-NI hardware instructions, Haraka is susceptible to side-channel attacks.
Haraka is implemented without any dependencies. Please be aware that the software implementation of AES is table-based. If you are using a CPU without AES-NI hardware instructions, please be aware that for this specific implementation known timing attacks exist and use another AES implementation, which is sidechannel resistant.
For SHA256 and SHAKE256, a separate implementation is needed.
The implementation was tested using the JCE provided by [IAIK](https://jce.iaik.tugraz.at/sic/Products/Core_Crypto_Toolkits/JCA_JCE), but any other (correct) implementation should work.
The implementation was tested using the JCE provided by [IAIK](https://jce.iaik.tugraz.at/), but any other (correct) implementation should work.
## Features
In addition to the SPHINCS+ code, an Java JNI integration for [Haraka](https://github.com/kste/haraka) is included.
## How to use
Extensive examples can be found in the [test](https://extgit.iaik.tugraz.at/krypto/javasphincsplus/test) folder.
Extensive examples can be found in the [tests](https://extgit.iaik.tugraz.at/krypto/javasphincsplus/tests) folder.
Generally, the Java JCE interface for
[signatures](http://javadoc.iaik.tugraz.at/jce_me/current/iaik/me/security/Signature.html) is used:
- initialization step
[signatures](http://javadoc.iaik.tugraz.at/jce_me/current/iaik/me/security/Signature.html) is used:
- initialization step
- ```sphincs.initSign()``` supply a private key to generate a signature
- ```sphincs.initVerify()``` supply a public key to verify a signature
- update step
- ```sphincs.update(data, begin, length)``` with the desired data
- finalization step
- ```sphincs.sign()``` to create a signature
- ```sphincs.verify()``` to verify a signature
- ```sphincs.verify()``` to verify a signature
## Related
**SPHINCS+** [website](https://sphincs.org/)
**SPHINCS+** [website](https://sphincs.org/)
**Submission C code** on [Github](https://github.com/sphincs/sphincsplus)
**Haraka** with AESNI on [Github](https://github.com/kste/haraka)
**Haraka** with AES-NI on [Github](https://github.com/kste/haraka)
**JCE by** [IAIK](https://jce.iaik.tugraz.at/)
## License
The code is licensed under the [MIT](https://choosealicense.com/licenses/mit/) license.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment