Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds interesting test cases to ML-DSA SigGen #1525

Merged
merged 2 commits into from
Aug 8, 2024
Merged

Conversation

celic
Copy link
Collaborator

@celic celic commented Aug 8, 2024

No description provided.

@celic celic merged commit 56bca24 into master Aug 8, 2024
2 checks passed
@smuellerDD
Copy link
Contributor

Chris, these vectors do not work any more with the final FIPS 204 keygen definition as the seed turns them into different keys.

I have converted these edge case test cases by generating the key pairs. The expected signature value is left unchanged.

To use these edge case test vectors, simply invoke them with the ML-DSA.Sign_internal algorithm defined in FIPS 204. The generated signature would now need to be identical to the signature with the edge case test vector.

See [1] for the updated test vector. Perhaps you want to update this pull request to replace the seed with the actual keys.

[1] https://github.com/smuellerDD/leancrypto/blob/master/signature/tests/dilithium_edge_case_tester.c#L45

@celic
Copy link
Collaborator Author

celic commented Aug 22, 2024

How is the expected signature left unchanged? A different key pair should lead to a different signature?

The test cases use a property of the key to ensure a higher likelihood of hitting the ct0 error condition during signing. We searched through billions of signatures to find this set of cases. Due to the change in the key I don't think they can be converted, I think we need to perform the search again. A stop-gap would be to generate the "incorrect" keys using the old KeyGen routine, and serve the private key with the messages. Those tests would be valid. To save space on the page, I wanted to just include the key seed.

@smuellerDD
Copy link
Contributor

smuellerDD commented Aug 22, 2024 via email

@celic
Copy link
Collaborator Author

celic commented Aug 22, 2024

OK, you provided the full key pair instead of the seed. This is good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants