Skip to content

ml-dsa: use MaybeBox to store VerifyingKey#1344

Merged
tarcieri merged 1 commit into
masterfrom
ml-dsa/use-maybebox-with-verifyingkey
May 9, 2026
Merged

ml-dsa: use MaybeBox to store VerifyingKey#1344
tarcieri merged 1 commit into
masterfrom
ml-dsa/use-maybebox-with-verifyingkey

Conversation

@tarcieri
Copy link
Copy Markdown
Member

@tarcieri tarcieri commented May 9, 2026

When the alloc feature is enabled, uses Box to offload the largest parts of VerifyingKey to the heap.

This also extracts an internal PrecomputedValues struct to store the largest components of the key, which are all derived/precomputed values, as a single contiguous struct in a MaybeBox, and extracts some of the relevant logic to it.

@tarcieri
ml-dsa: use MaybeBox to store VerifyingKey
b74d60c 
When the `alloc` feature is enabled, uses `Box` to offload the largest
parts of `VerifyingKey` to the heap.

This also extracts an internal `PrecomputedValues` struct to store the
largest components of the key, which are all derived/precomputed values,
as a single contiguous struct in a `MaybeBox`, and extracts some of the
relevant logic to it.
@tarcieri tarcieri force-pushed the ml-dsa/use-maybebox-with-verifyingkey branch from bdaa3f7 to b74d60c Compare May 9, 2026 21:25
@tarcieri tarcieri merged commit 7336ca4 into master May 9, 2026
9 checks passed
@tarcieri tarcieri deleted the ml-dsa/use-maybebox-with-verifyingkey branch May 9, 2026 21:28
@tarcieri tarcieri mentioned this pull request May 9, 2026
Merged
tarcieri added a commit that referenced this pull request May 9, 2026
@tarcieri
ml-dsa: use MaybeBox for SigningKey
535d696 
Opportunistically stores the parts of `SigningKey` on the heap when the
`alloc` feature is enabled, similar to what #1344 did for
`VerifyingKey`.

This also addresses #1308 by adding a `Drop` (and `ZeroizeOnDrop`) impl
to `SigningKey` which clears the `Seed`.
tarcieri added a commit that referenced this pull request May 9, 2026
@tarcieri
ml-dsa: use MaybeBox for SigningKey (#1345)
c3ded0c 
Opportunistically stores the parts of `SigningKey` on the heap when the
`alloc` feature is enabled, similar to what #1344 did for
`VerifyingKey`.

This also addresses #1308 by adding a `Drop` (and `ZeroizeOnDrop`) impl
to `SigningKey` which clears the `Seed`.
@tarcieri tarcieri mentioned this pull request May 9, 2026
Merged
tarcieri added a commit that referenced this pull request May 9, 2026
@tarcieri
ml-dsa: precompute VerifyingKeys when alloc enabled (#1346)
e7f6a60 
Adds an `alloc`-gated `verifying_key` field to `SigningKey`, and when
the feature is enabled precomputes the key at the time the `SigningKey`
is initialized.

We previously used to do this but stopped to optimize stack usage (see
the changes in #1259 and #1261), however when `alloc` is enabled this
isn't an issue since we've moved the relevant data to the heap in this
case (see #1344 and #1345), so stack usage is no longer an issue.

This makes it possible to implement `signature::KeypairRef` for
`SigningKey` which still provides a blanket `signature::Keypair` impl,
so we can always depend on the latter being availble but take advantage
of the former when `alloc` is enabled.
@tarcieri tarcieri mentioned this pull request May 17, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tarcieri