Educational implementations of NIST FIPS cryptographic standard.
Project description
FIPS Standards Implementations
[!CAUTION] :warning: Under no circumstances should this be used for cryptographic applications. :warning:
This is an educational resource and has not been designed to be secure against any form of side-channel attack. The intended use of this project is for learning and experimenting with FIPS Algorithms.
This repository contains a python implementation of:
- ML-DSA the NIST Module-Lattice-Based Digital Signature Standard following the FIPS 204.
Licenses
This project is licensed under the License MIT.
Disclaimer
This implementation follows instructions given in FIPS 204 as it is for all algorithms.
With sole exception of Algorithm 43 BitRev as zeta values are precomputed and hardcoded.
Documentation
Complete documentation of this repository is available at https://kyuuaditya.github.io/fips-collection-python/
Using fips
FIPS 204 - MLDSA
The MLDSA class contains 3 main functions:
MLDSAKeyGen(): generates a public-private keypair(public_key, secret_key)MLDSASign(secret_key, Message, ctx): generates an MLDSA signaturesigaturefrom the messagemessageand bit-packed secret keysecret_key.MLDSAVerify(public_key, message, signature): verifies asignaturerho for amessageM.
To use FIPS 204 - MLDSA simply import as follows:
from fips import MLDSA_44, MLDSA_65, MLDSA_87
Example Use Case
from fips import MLDSA_44
mldsa128 = MLDSA_44
# Generate the public-private key pair.
public_key, secret_key = mldsa128.MLDSAKeyGen()
context = b'ab'
message = "du bis gut"
message_spoof = "you are good"
# Generate the signature.
signature = mldsa128.MLDSASign(secret_key, mldsa128.auxilary.BytesToBits(message.encode()), context)
# Verification will only pass with the correct corresponding public key.
assert mldsa128.MLDSAVerify(public_key, mldsa128.auxilary.BytesToBits(message.encode()), signature, context)
# Verification will fail with an altered message.
assert not MLDSA_44.MLDSAVerify(public_key, MLDSA_44.auxilary.BytesToBits(message_spoof.encode()), signature, context)
# Verification will fail with any other public key.
public_key_new, secret_key_new = MLDSA_44.MLDSAKeyGen()
assert not MLDSA_44.MLDSAVerify(public_key_new, MLDSA_44.auxilary.BytesToBits(message.encode()), signature, context)
The above example would also work with the other NIST levels
MLDSA_65 and MLDSA_87.
Hash ML-DSA
Algorithm 4 and 5 of FIPS 204 are not yet added to this implementation.
Benchmarks
FIPS 204 - MLDSA Performance:
MLDSA_44 |
MLDSA_65 |
MLDSA_87 |
|
|---|---|---|---|
KeyGen() Average Time |
8.4 ms | 14.1 ms | 22.3 ms |
Sign() Average Time |
78.0 ms | 127.1 ms | 144.3 ms |
Verify() Average Time |
20.9 ms | 29.9 ms | 43.6 ms |
Data recorded using a Ryzen 7 4800H CPU averaged over 1000 calls.
Colaborations
Feel free to modify and share improvements.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file fips_collection-1.0.0.tar.gz.
File metadata
- Download URL: fips_collection-1.0.0.tar.gz
- Upload date:
- Size: 33.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
51698f83c91e069ec2daec712dfa8353aee6e3e981b740f2c8a5815042830775
|
|
| MD5 |
c50564d2192e08ec8b385d34dd642279
|
|
| BLAKE2b-256 |
ff686bbbd713e04f1c9d0889f11ef3efec16e9ca5ce3b1b6dc2b241d7abea425
|
File details
Details for the file fips_collection-1.0.0-py3-none-any.whl.
File metadata
- Download URL: fips_collection-1.0.0-py3-none-any.whl
- Upload date:
- Size: 27.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dda7f67cd2ca6eaa53cdbebf4561ed2a29b916ce19c9d24b2fb2cce162dd1541
|
|
| MD5 |
08158f0d08e20e7e65211dd28ec3dc41
|
|
| BLAKE2b-256 |
d4cd87261e6f7febc5208cd332930f34298c977cd7242fe33255cac2c2fbc8cf
|