Leighton-Micali Hash-Based Signatures
Project description
python-hsslms
This is an implementation of Leighton-Micali Hash-Based Signatures in Python according to RFC 8554 <https://www.rfc-editor.org/rfc/rfc8554.html>_. The one time signature keys are generated by using pseudo random generator, which saves a lot of memory to store the private keys in ram and on harddisk.
The implementation is meant as a reference and for educational purposes.
The implementation provides 4 classes:
- LM-OTS One-Time Signatures. These are one-time signatures; each private key MUST be used at most one time to sign a message.
- Leighton-Micali Signatures (LMS). This systemholds a fixed number of one-time signatures, i.e. LM-OTS.
- Hierarchical Signatures (HSS). This system uses a sequence of LMS.
- Persistent Hierarchical Signatures (PersHSS). The same as HSS except that the private key is stored in an encrypted file.
Installation
.. code:: bash
python3 -m pip install hsslms
Example Usage
LM-OTS ^^^^^^
.. code:: python
from os import urandom from hsslms import LM_OTS_Priv
generate a one-time private key
sk = LM_OTS_Priv(LMOTS_ALGORITHM_TYPE.LMOTS_SHA256_N32_W2, urandom(16), 0)
sign a message with the private key
signature = sk.sign(b'abc')
compute the related public key
vk = sk.gen_pub()
verify the signature, if invalid an exception will be raised
vk.verify(b'abc', signature)
LMS ^^^
.. code:: python
from os import urandom from hsslms import LMS_Priv
generate a private key
sk = LMS_Priv(LMS_ALGORITHM_TYPE.LMS_SHA256_M32_H10, LMOTS_ALGORITHM_TYPE.LMOTS_SHA256_N32_W8)
sign a message with the private key, in total 2^10 signatures are available
signature = sk.sign(b'abc')
compute the related public key
vk = sk.gen_pub()
verify the signature, if invalid an exception will be raised
vk.verify(b'abc', signature)
HSS ^^^
.. code:: python
from os import urandom from hsslms import HSS_Priv
generate a private key
sk = HSS_Priv([LMS_ALGORITHM_TYPE.LMS_SHA256_M32_H10]*2, LMOTS_ALGORITHM_TYPE.LMOTS_SHA256_N32_W1)
sign a message with the private key, in total 2^20 signatures are available
signature = sk.sign(b'abc')
compute the related public key
vk = sk.gen_pub()
verify the signature, if invalid an exception will be raised
vk.verify(b'abc', signature)
Performance Measurements
The measurements are done on a Ryzen 5600X, where multiprocessing features are used with 6 cores.
Key Generation ^^^^^^^^^^^^^^
+----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | Key-Type | Time[s] | #Signatures | Size of Signature | +==========+=====+=====+=====+=====+=============+======+======+======+=======+ | w | 1 | 2 | 4 | 8 | | 1 | 2 | 4 | 8 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | H5 | 0.1 | 0.1 | 0.1 | 0.1 | 32 | 8688 | 4464 | 2352 | 1296 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | H10 | 0.3 | 0.2 | 0.2 | 0.7 | 1024 | 8848 | 4624 | 2512 | 1456 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | H15 | 8.0 | 4.6 | 4.3 | 20.2| 32768 | 9008 | 4784 | 2672 | 1616 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | H20 | 293 | 161 | 137 | 643 | 1048576 | 9168 | 4944 | 2832 | 1776 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | H10/H10 | 0.6 | 0.5 | 0.5 | 1.4 | 1048576 | 17748| 9300 | 5076 | 2964 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | H10/H15 | 8.1 | 4.6 | 4.2 | 21.1| 33554432 | 17908| 9460 | 5236 | 3124 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+ | H15/H15 | 15.7| 10.4| 8.9 | 40.0| 1073741824 | 18068| 9620 | 5396 | 3284 | +----------+-----+-----+-----+-----+-------------+------+------+------+-------+
Performance of Signature Generation: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+----------+-------+-------+-------+-------+ | Key-Type | Time[s] | +==========+=======+=======+=======+=======+ | w | 1 | 2 | 4 | 8 | +----------+-------+-------+-------+-------+ | H15 | 0.001 | 0.001 | 0.001 | 0.005 | +----------+-------+-------+-------+-------+
Performance of Signature Verification: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+----------+-------+-------+-------+-------+ | Key-Type | Time[s] | +==========+=======+=======+=======+=======+ | w | 1 | 2 | 4 | 8 | +----------+-------+-------+-------+-------+ | H15 | 0.001 | 0.001 | 0.001 | 0.004 | +----------+-------+-------+-------+-------+
License
MIT <https://opensource.org/licenses/MIT>__
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file hsslms-0.1.3.tar.gz.
File metadata
- Download URL: hsslms-0.1.3.tar.gz
- Upload date:
- Size: 23.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8d0a1f2bbc5f10f53f6abb394247bf185976088fbbb698a7f8c14031e97a4be5 |
|
| MD5 | b62b2ee26411db2dc78d120f01e5d14d |
|
| BLAKE2b-256 | d4d2f3976dbdb80d05c1eba6e2de8005c04c962a71611a0975d0bf379a0d8853 |
File details
Details for the file hsslms-0.1.3-py3-none-any.whl.
File metadata
- Download URL: hsslms-0.1.3-py3-none-any.whl
- Upload date:
- Size: 17.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6d96fc98cd53b33969edf400e3cf24dbafdd2bdfc5bc6cb168b4fe1a516f47d5 |
|
| MD5 | e89cd55714b776999d733f09b15e2526 |
|
| BLAKE2b-256 | 1588882259f4cbd938a6a2a2c2ec4fdbb3a5f2a971def2444854c0f3c2827d3a |
