Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing signatures #8

Open
8 of 10 tasks
newpavlov opened this issue Mar 25, 2019 · 34 comments
Open
8 of 10 tasks

Missing signatures #8

newpavlov opened this issue Mar 25, 2019 · 34 comments
Labels
help wanted Extra attention is needed

Comments

@newpavlov
Copy link
Member

newpavlov commented Mar 25, 2019

  • ML-DSA / Dilithium
  • SLH-DSA
  • DSA
  • ECDSA
    • NIST P-256 (via p256)
    • NIST P-384 (via p384)
    • NIST P-521 (via p521)
    • secp256k1 (via k256)
  • Ed25519
  • Ed448
@newpavlov newpavlov added the help wanted Extra attention is needed label Mar 26, 2019
@link2xt
Copy link

link2xt commented Oct 20, 2019

DSA - Requested here: rpgp/rpgp#56

@heisen-li
Copy link

Is DSA not implemented yet? I can try to add.

@tarcieri
Copy link
Member

tarcieri commented Nov 3, 2020

Nobody's working on DSA. You can go for it. Edit: implemented!

It might be good to come up with a plan for how it would be implemented (e.g. what crate dependencies would be used, for example), and ideally try to align with https://github.com/RustCrypto/RSA on some of those decisions

@tarcieri tarcieri mentioned this issue May 11, 2021
tarcieri pushed a commit that referenced this issue May 16, 2022
Adds an initial implementation of DSA (see #8)  

The following things work when tested against OpenSSL:

- The generated keys are valid and can be imported and exported from/to their DER/PEM representation
- Signatures generated by this library can be successfully verified
- Signatures can be imported and exported from/into their DER representation
- Signatures generated by OpenSSL can be successfully imported and verified
@lumag
Copy link
Contributor

lumag commented Jul 27, 2022

GOST digital signature alsorithm is missing. However additional care should be taken while implementing it. The standard is clueless with respect to endianness of the used numbers. The implementation should follow the established practice, rather than blindly following the standard.

@tarcieri tarcieri pinned this issue Oct 11, 2022
@adamvm
Copy link

adamvm commented Oct 12, 2023

During build automata with rust nightly:

Compiling ed25519 v1.3.0 (https://github.com/RustCrypto/signatures.git?tag=ed25519/v1.3.0#8282fcaf)
error[E0405]: cannot find trait Signature in crate signature
--> /home/ami/.cargo/git/checkouts/signatures-a6df6df1cc32e789/8282fca/ed25519/src/lib.rs:349:17
|
349 | impl signature::Signature for Signature {
| ^^^^^^^^^ not found in signature

For more information about this error, try rustc --explain E0405.
error: could not compile ed25519 (lib) due to previous error
warning: build failed, waiting for other jobs to finish...

@tarcieri
Copy link
Member

nightly is expected to break in ways that have nothing to do with our crates, nor can we do anything to fix them

@tarcieri
Copy link
Member

tarcieri commented Mar 4, 2024

A note about ML-DSA: we now have an ML-KEM implementation at https://github.com/RustCrypto/KEMs/tree/master/ml-kem

It would be good for an ML-DSA implementation to share a common core with ml-kem.

@cothan
Copy link

cothan commented Mar 6, 2024

Hi, I'm interested in implementing ML-DSA.

@tarcieri
Copy link
Member

tarcieri commented Mar 6, 2024

cc @bifurcation

@bifurcation
Copy link

Hey @cothan, happy to collaborate on ML-DSA. Especially if you're willing to take the lead :) I haven't looked at ML-DSA much, but my impression is that the algebra is similar to ML-KEM, but the constants are different, as are which bits are public/private. So you'll probably want to change some things, but hopefully the ml-kem crate has good framework to adapt.

@tarcieri
Copy link
Member

tarcieri commented Mar 6, 2024

Ideally I'd hope there can be some reuse / shared code between ml-kem and ml-dsa, but I'm not sure the best way to structure that, especially since they're split across repos

@bifurcation
Copy link

The part I would have the most hope for is the linear algebra bits (algebra.rs in ml-kem), since those seem pretty much the same aside from the prime in use. Even then, you would have to make these operations generic over the prime, and probably over the storage class as well -- the ML-KEM prime fits in 12 bits, while the ML-DSA prime requires 24 bits.

@cothan
Copy link

cothan commented Mar 7, 2024

I agree. I read through the code and see that the algebra.rs is the one that I can reuse.
I'll try to read the rest of the ml-kem to see if we can reuse code.

@marija-mijailovic
Copy link

Hi, I am interested in collaborating on implementation ML-DSA. Is there a specific way or task I could focus on to integrate best?

@tarcieri
Copy link
Member

@cothan any thoughts on a potential collaboration?

@cothan
Copy link

cothan commented Mar 14, 2024

hi @marija-mijailovic , thank you for your interested. I will invite you to my private repo, so we can discuss further.

@bifurcation
Copy link

@tarcieri Might be good to add SLH-DSA / FIPS 205 to the list? I might be willing to take a hack at that.

@tarcieri
Copy link
Member

tarcieri commented Mar 19, 2024

@bifurcation I've been in touch with @trailofbits about contributing an SLH-DSA implementation. They recently contributed an LMS implementation (#801).

Good point though, added to the list!

@ranjithravitk
Copy link

ranjithravitk commented Mar 24, 2024

Hi, I went through the repository and believe that the diffie-hellman key exchange and ElGamal were not implemented. I would like to take a chance at that or is there any reason for not implementing it?

@tarcieri
Copy link
Member

@ranjithravitk Diffie-Hellman is a key exchange mechanism. We have a separate repo for that over here: https://github.com/rustcrypto/kems

@aumetra
Copy link
Contributor

aumetra commented Mar 24, 2024

And ElGamal is in a weird spot, similar to RSA, where it has a signature scheme and an encryption scheme. Wouldn't a separate repo be appropriate here?

@tarcieri
Copy link
Member

Yes, it would be great to have an ElGamal implementation but like RSA it probably deserves its own repo

@ranjithravitk
Copy link

@tarcieri Can I take a look into the ElGamal signature and Elgamal encryption? I will try to come up with its own repo like RSA.

@tarcieri
Copy link
Member

Yes, though we should definitely have a planning issue for how it should work (e.g. should it be specialized to ECC but generic over elliptic curve groups?)

@ranjithravitk
Copy link

ranjithravitk commented Mar 25, 2024

I was thinking of a repo with generic ElGamal encryption and signature. we can implement the Elgamal over elliptic curve groups as well inside the repo. And yes, we can use planning issue to understand the design. @tarcieri what do you think about this? Correct me if I am wrong.

@tarcieri
Copy link
Member

I made a new repo for ElGamal and opened a planning issue here: RustCrypto/ElGamal#1

@iquerejeta
Copy link

What about adding Schnorr signatures?

@tarcieri
Copy link
Member

We have an implementation of BIP340 Schnorr in the k256 crate.

The question beyond that is: what variant of Schnorr? EdDSA is the most popular one in modern use. Other than that, BIP340 is the only other modern specification I'm aware of.

@iquerejeta
Copy link

Oh, missed BIP340 in k256. I think we could implement that generically, over any curve with a prime number of points (unlike edwards curves, for which EdDSA exist). Don't know if that generic exists though.

@tarcieri
Copy link
Member

I would be wary to implement BIP340 for elliptic curves other than secp256k1. It's not really defined that way.

EdDSA is designed to be useful across multiple twisted Edwards curves, except @RustCrypto has no implementations of those.

@supinie
Copy link

supinie commented Jun 5, 2024

@cothan, bit late to the party but would also be interested in helping out with ML-DSA. Any chance I could be added to your repo to lend a hand to anything?

@tarcieri
Copy link
Member

tarcieri commented Jun 5, 2024

It sure would be nice if people worked on ML-DSA in public forks. I have no idea what the status of @cothan's branch is.

@cothan
Copy link

cothan commented Jun 5, 2024

Hi @supinie , I send you invitation to my github repo. I will make the repo public at when some code has landed.

@tarcieri
Copy link
Member

tarcieri commented Jul 11, 2024

FYI, I've published some initial crate boilerplate for ml-dsa here: https://github.com/RustCrypto/signatures/tree/master/ml-dsa

Edit: PR open with an implementation: #877

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests