Niels Möller nisse-SamgB31n2u5IcsJQ0EH25Q@public.gmane.org writes:
void dsa_slh_shake128_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature);
...
Another naming question, should it be dsa_slh_shake128, or maybe dsa_slh128_shake ? There's a shake128 algorithm, but that's *not* used for dsa-slh, it uses shake256. Instead, 128/192/256 refers to the size of the values used internally in slh-dsa and in the resulting signature.
It would be nice to get naming right... some considerations:
- SPHINCS+ is the original name, and is the only one with a stable specification: https://sphincs.org/data/sphincs+-round3-submission-nist.zip
- The DSA-SLH specification aren't final, are they? NIST is known to make last minute incompatible changes that can complicate naming, or make a small change in five years that modify the algorithm.
- https://github.com/sphincs/sphincsplus has a table with names of the core primitives that are available, but the hash choice needs to be added too.
- Using "s" (for "small") and "f" (for "fast") variants is in common use.
- Round 2 submission of SPHINCS+ introduced the variants "simple" and "robust" which has consequences for naming.
The most complete list of parameter names I can find is page 55 of the round 3 submission, I'm including the complete list of variants below.
Some ideas based on the above:
void sphincp_128ss_sha2_sign (const uint8_t *pub, const uint8_t *priv, size_t length, const uint8_t *msg, uint8_t *signature);
sphincp_192fr_sha3_sign (const uint8_t *pub,
sphincp_192fr_sha3_sign (const uint8_t *pub,
Or more expanded as
sphincp_smallsimple128_sha2_sign (const uint8_t *pub, sphincp_fastrobust192_sha2_sign (const uint8_t *pub, sphincp_fastsimple256_sha3_sign (const uint8_t *pub,
Using 'sha2' and 'sha3' seems clearer than including hash size like 'shake256' or 'sha256'.
Expanding 'small', 'fast, 'simple' and 'robust' may avoid some confusion. I've made the mistake of confusing 'small' with 'simple' when I used 's' myself.
/Simon
SPHINCS+ -SHAKE256-128s-simple SPHINCS+ -SHAKE256-128s-robust SPHINCS+ -SHAKE256-128f-simple SPHINCS+ -SHAKE256-128f-robust SPHINCS+ -SHAKE256-192s-simple SPHINCS+ -SHAKE256-192s-robust SPHINCS+ -SHAKE256-192f-simple SPHINCS+ -SHAKE256-192f-robust SPHINCS+ -SHAKE256-256s-simple SPHINCS+ -SHAKE256-256s-robust SPHINCS+ -SHAKE256-256f-simple SPHINCS+ -SHAKE256-256f-robust
SPHINCS+ -SHA-256-128s-simple SPHINCS+ -SHA-256-128s-robust SPHINCS+ -SHA-256-128f-simple SPHINCS+ -SHA-256-128f-robust SPHINCS+ -SHA-256-192s-simple SPHINCS+ -SHA-256-192s-robust SPHINCS+ -SHA-256-192f-simple SPHINCS+ -SHA-256-192f-robust SPHINCS+ -SHA-256-256s-simple SPHINCS+ -SHA-256-256s-robust SPHINCS+ -SHA-256-256f-simple SPHINCS+ -SHA-256-256f-robust
SPHINCS+ -Haraka-128s-simple SPHINCS+ -Haraka-128s-robust SPHINCS+ -Haraka-128f-simple SPHINCS+ -Haraka-128f-robust SPHINCS+ -Haraka-192f-simple SPHINCS+ -Haraka-192f-robust SPHINCS+ -Haraka-192s-simple SPHINCS+ -Haraka-192s-robust SPHINCS+ -Haraka-256f-simple SPHINCS+ -Haraka-256f-robust SPHINCS+ -Haraka-256s-simple SPHINCS+ -Haraka-256s-robust
SPHINCS+ -Haraka-128s-simple SPHINCS+ -Haraka-128s-robust SPHINCS+ -Haraka-128f-simple SPHINCS+ -Haraka-128f-robust SPHINCS+ -Haraka-192s-simple SPHINCS+ -Haraka-192s-robust SPHINCS+ -Haraka-192f-simple SPHINCS+ -Haraka-192f-robust SPHINCS+ -Haraka-256s-simple SPHINCS+ -Haraka-256s-robust SPHINCS+ -Haraka-256f-simple SPHINCS+ -Haraka-256f-robust
SPHINCS+ -SHA-256-128s-simple SPHINCS+ -SHA-256-128s-robust SPHINCS+ -SHA-256-128f-simple SPHINCS+ -SHA-256-128f-robust SPHINCS+ -SHA-256-192s-simple SPHINCS+ -SHA-256-192s-robust SPHINCS+ -SHA-256-192f-simple SPHINCS+ -SHA-256-192f-robust SPHINCS+ -SHA-256-256s-simple SPHINCS+ -SHA-256-256s-robust SPHINCS+ -SHA-256-256f-simple SPHINCS+ -SHA-256-256f-robust
SPHINCS+ -SHAKE256-128s-simple SPHINCS+ -SHAKE256-128s-robust SPHINCS+ -SHAKE256-128f-simple SPHINCS+ -SHAKE256-128f-robust SPHINCS+ -SHAKE256-192s-simple SPHINCS+ -SHAKE256-192s-robust SPHINCS+ -SHAKE256-192f-simple SPHINCS+ -SHAKE256-192f-robust SPHINCS+ -SHAKE256-256s-simple SPHINCS+ -SHAKE256-256s-robust SPHINCS+ -SHAKE256-256f-simple SPHINCS+ -SHAKE256-256f-robust