Niels Möller nisse@lysator.liu.se writes:
Niels Möller nisse@lysator.liu.se writes:
I'm tempted to try to write a minimal implementation of just SLH-DSA-SHAKE-128s from the spec, to get a better understanding.
I've made some progress at that
And now it appears to pass tests, also for the top-level sign and verify functions. I think structure is a bit different, separate sign and verify functions for each building block, and no conditional outputs in the middle of the code.
There are no memcpy calls except for handling the "addr" arrays. (I'mnot so happy with the addr handling in my code; almost all bugs I had to fix were related to missing initialization or confusion on which fields in the address were expected to be assigned or cleared on entry to the various functions; I'd consider refactoring to have most or all functions take structured inputs (e.g, uint64_t tree_idx) instead of the addr arguments, and do local serialization where needed).
If this code will be useful for Nettle remains to be seen, but I hope it at least can provide some inspiration.
Regards, /Niels