Skip to main content

Educational implementations of NIST FIPS cryptographic standard.

Project description

License MIT

FIPS Standards Implementations

[!CAUTION] :warning: Under no circumstances should this be used for cryptographic applications. :warning:

This is an educational resource and has not been designed to be secure against any form of side-channel attack. The intended use of this project is for learning and experimenting with FIPS Algorithms.

This repository contains a python implementation of:

  1. ML-DSA the NIST Module-Lattice-Based Digital Signature Standard following the FIPS 204.

Licenses

This project is licensed under the License MIT.

Disclaimer

This implementation follows instructions given in FIPS 204 as it is for all algorithms.

With sole exception of Algorithm 43 BitRev as zeta values are precomputed and hardcoded.

Documentation

Complete documentation of this repository is available at https://kyuuaditya.github.io/fips-collection-python/

Using fips

FIPS 204 - MLDSA

The MLDSA class contains 3 main functions:

  • MLDSAKeyGen(): generates a public-private keypair (public_key, secret_key)
  • MLDSASign(secret_key, Message, ctx): generates an MLDSA signature sigature from the message message and bit-packed secret key secret_key.
  • MLDSAVerify(public_key, message, signature): verifies a signature rho for a message M.

To use FIPS 204 - MLDSA simply import as follows:

from fips import MLDSA_44, MLDSA_65, MLDSA_87

Example Use Case

from fips import MLDSA_44

mldsa128 = MLDSA_44

# Generate the public-private key pair.
public_key, secret_key = mldsa128.MLDSAKeyGen()

context = b'ab'
message = "du bis gut"
message_spoof = "you are good"

# Generate the signature.
signature = mldsa128.MLDSASign(secret_key, mldsa128.auxilary.BytesToBits(message.encode()), context)

# Verification will only pass with the correct corresponding public key.
assert mldsa128.MLDSAVerify(public_key, mldsa128.auxilary.BytesToBits(message.encode()), signature, context)

# Verification will fail with an altered message.
assert not MLDSA_44.MLDSAVerify(public_key, MLDSA_44.auxilary.BytesToBits(message_spoof.encode()), signature, context)

# Verification will fail with any other public key.
public_key_new, secret_key_new = MLDSA_44.MLDSAKeyGen()
assert not MLDSA_44.MLDSAVerify(public_key_new, MLDSA_44.auxilary.BytesToBits(message.encode()), signature, context)

The above example would also work with the other NIST levels MLDSA_65 and MLDSA_87.

Hash ML-DSA

Algorithm 4 and 5 of FIPS 204 are not yet added to this implementation.

Benchmarks

FIPS 204 - MLDSA Performance:

MLDSA_44 MLDSA_65 MLDSA_87
KeyGen() Average Time 8.4 ms 14.1 ms 22.3 ms
Sign() Average Time 78.0 ms 127.1 ms 144.3 ms
Verify() Average Time 20.9 ms 29.9 ms 43.6 ms

Data recorded using a Ryzen 7 4800H CPU averaged over 1000 calls.

Colaborations

Feel free to modify and share improvements.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fips_collection-1.0.0.tar.gz (33.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fips_collection-1.0.0-py3-none-any.whl (27.6 kB view details)

Uploaded Python 3

File details

Details for the file fips_collection-1.0.0.tar.gz.

File metadata

  • Download URL: fips_collection-1.0.0.tar.gz
  • Upload date:
  • Size: 33.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for fips_collection-1.0.0.tar.gz
Algorithm Hash digest
SHA256 51698f83c91e069ec2daec712dfa8353aee6e3e981b740f2c8a5815042830775
MD5 c50564d2192e08ec8b385d34dd642279
BLAKE2b-256 ff686bbbd713e04f1c9d0889f11ef3efec16e9ca5ce3b1b6dc2b241d7abea425

See more details on using hashes here.

File details

Details for the file fips_collection-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for fips_collection-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 dda7f67cd2ca6eaa53cdbebf4561ed2a29b916ce19c9d24b2fb2cce162dd1541
MD5 08158f0d08e20e7e65211dd28ec3dc41
BLAKE2b-256 d4cd87261e6f7febc5208cd332930f34298c977cd7242fe33255cac2c2fbc8cf

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page