Tracking PR for v0.9.0 release (#278)

* chore: update crate version to v0.9.0 * chore: remove deprecated re-exports * chore: remove Box re-export * feat: implement pure-Rust keygen and signing for RpoFalcon512 (#285) * feat: add reproducible builds (#296) * fix: address a few issues for migrating Miden VM (#298) * feat: add RngCore supertrait for FeltRng (#299) --------- Co-authored-by: Al-Kindi-0 <82364884+Al-Kindi-0@users.noreply.github.com> Co-authored-by: Paul-Henry Kajfasz <42912740+phklive@users.noreply.github.com>
2026-01-12 09:01:29 +01:00 · 2024-03-24 08:38:08 -07:00
parent 2be17b74fb
commit 5a2e917dd5
39 changed files with 5964 additions and 2334 deletions
--- a/src/dsa/rpo_falcon512/mod.rs
+++ b/src/dsa/rpo_falcon512/mod.rs
@@ -4,33 +4,31 @@ use crate::{
    Felt, Word, ZERO,
 };

-#[cfg(feature = "std")]
-mod ffi;
-
-mod error;
+mod hash_to_point;
 mod keys;
-mod polynomial;
+mod math;
 mod signature;

-pub use error::FalconError;
-pub use keys::{KeyPair, PublicKey};
-pub use polynomial::Polynomial;
-pub use signature::Signature;
+pub use self::keys::{PubKeyPoly, PublicKey, SecretKey};
+pub use self::math::Polynomial;
+pub use self::signature::{Signature, SignatureHeader, SignaturePoly};

 // CONSTANTS
 // ================================================================================================

-// The Falcon modulus.
-const MODULUS: u16 = 12289;
-const MODULUS_MINUS_1_OVER_TWO: u16 = 6144;
+// The Falcon modulus p.
+const MODULUS: i16 = 12289;
+
+// Number of bits needed to encode an element in the Falcon field.
+const FALCON_ENCODING_BITS: u32 = 14;

 // The Falcon parameters for Falcon-512. This is the degree of the polynomial `phi := x^N + 1`
 // defining the ring Z_p[x]/(phi).
 const N: usize = 512;
-const LOG_N: usize = 9;
+const LOG_N: u8 = 9;

 /// Length of nonce used for key-pair generation.
-const NONCE_LEN: usize = 40;
+const SIG_NONCE_LEN: usize = 40;

 /// Number of filed elements used to encode a nonce.
 const NONCE_ELEMENTS: usize = 8;
@@ -42,16 +40,64 @@ pub const PK_LEN: usize = 897;
 pub const SK_LEN: usize = 1281;

 /// Signature length as a u8 vector.
-const SIG_LEN: usize = 626;
+const SIG_POLY_BYTE_LEN: usize = 625;

 /// Bound on the squared-norm of the signature.
 const SIG_L2_BOUND: u64 = 34034726;

+/// Standard deviation of the Gaussian over the lattice.
+const SIGMA: f64 = 165.7366171829776;
+
 // TYPE ALIASES
 // ================================================================================================

-type SignatureBytes = [u8; NONCE_LEN + SIG_LEN];
-type PublicKeyBytes = [u8; PK_LEN];
-type SecretKeyBytes = [u8; SK_LEN];
-type NonceBytes = [u8; NONCE_LEN];
-type NonceElements = [Felt; NONCE_ELEMENTS];
+type ShortLatticeBasis = [Polynomial<i16>; 4];
+
+// NONCE
+// ================================================================================================
+
+/// Nonce of the Falcon signature.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct Nonce([u8; SIG_NONCE_LEN]);
+
+impl Nonce {
+    /// Returns a new [Nonce] instantiated from the provided bytes.
+    pub fn new(bytes: [u8; SIG_NONCE_LEN]) -> Self {
+        Self(bytes)
+    }
+
+    /// Returns the underlying bytes of this nonce.
+    pub fn as_bytes(&self) -> &[u8; SIG_NONCE_LEN] {
+        &self.0
+    }
+
+    /// Converts byte representation of the nonce into field element representation.
+    ///
+    /// Nonce bytes are converted to field elements by taking consecutive 5 byte chunks
+    /// of the nonce and interpreting them as field elements.
+    pub fn to_elements(&self) -> [Felt; NONCE_ELEMENTS] {
+        let mut buffer = [0_u8; 8];
+        let mut result = [ZERO; 8];
+        for (i, bytes) in self.0.chunks(5).enumerate() {
+            buffer[..5].copy_from_slice(bytes);
+            // we can safely (without overflow) create a new Felt from u64 value here since this
+            // value contains at most 5 bytes
+            result[i] = Felt::new(u64::from_le_bytes(buffer));
+        }
+
+        result
+    }
+}
+
+impl Serializable for &Nonce {
+    fn write_into<W: ByteWriter>(&self, target: &mut W) {
+        target.write_bytes(&self.0)
+    }
+}
+
+impl Deserializable for Nonce {
+    fn read_from<R: ByteReader>(source: &mut R) -> Result<Self, DeserializationError> {
+        let bytes = source.read()?;
+        Ok(Self(bytes))
+    }
+}