What is the hash used by ECDSA in p256_dilithium2?

[wangweij]

I'm trying out the hybrid signature scheme p256_dilithium2(1.3.9999.2.7.1) at https://test.openquantumsafe.org:6230. I thought the left side is using ecdsa_secp256r1_sha256 but from my test it looks like ecdsa_secp256r1_sha384.

Is this true? Where is the hash algorithm documented? Thanks in advance.

[baentsch]

Thanks also for this report, @wangweij .

I thought the left side is using ecdsa_secp256r1_sha256 but from my test it looks like ecdsa_secp256r1_sha384. Is this true?

This is surprising. My assumption based on this code also follows your initial thinking that "p256_dilithium2" should use SHA256.

Can you share information how you tested this?

Where is the hash algorithm documented?

Good question. I cannot find a location for this. Clearly needs improvement. @christianpaquin @dstebila Did we have this documented for oqs-openssl111? Code in oqsprovider hints at functional equvalence "inherited" from there...

[wangweij]

This is a little complicated and hopefully I haven't made a mistake.

First, enable the signature scheme and access the URL, grab the 2 incoming certificates:

$ cat c1
-----BEGIN CERTIFICATE-----
MIIIvjCCBqagAwIBAgIUM/kJz48+u7m55CwxZrWbgCicSlowDQYJKoZIhvcNAQELBQAwFTETMBEG
A1UEAwwKb3FzdGVzdF9DQTAeFw0yMzExMTMxMTI2NDlaFw0yNDExMTMxMTI2NDlaMC8xLTArBgNV
BAMMJG9xc3Rlc3RfaW50ZXJtZWRpYXRlX3AyNTZfZGlsaXRoaXVtMjCCBXQwCAYGK84PAgcBA4IF
ZgAAAABBBEOjEth6zleHeRIQkEY4Yzbokl8K7lQisvT+zXnBAjlqJNoEDEI99m6lzzQL64NngWbE
ClUY62kU4rchuLDo/SEjJ2MADSkuEECrO98n7yKL8L62BSO/2EIA4GqB0IDxtyzcJ0L80k3UlrSD
gmcbxR1qifrLmt4QIiOyYrUJrEUgTH1iqifUm9k9Hicr+XEAzw7uUbkTJcQw61jgkvuEgj4fm/yL
sK2gglFDennbutGS8hKGOk31+wbVXLT+BHDjOh1Lfaexqmm4ozQlrIKNDl/U0KITBvz3flRW6O/9
XQBcpVzh7UFA00oEJ723LnXDQLDe4cY+8zTJOvX+O3pJQUsKV3a8RLeYDR3wdWTwKmHkSm/7qbQJ
6xw7vJz4nOj3/MCCxfR+dpbV7G+M0+xP61Qc5AZ1zHXiHx2P7O0O2pmUYSj4dck3Vs9DlDhrKEgB
Puqg53TkTxPYmQwQ1yCW2rWha+E3gnFSjPyFtQF6+IEdGKVlKqkK+2R8oWL8vrL6fwSJGgolKjBp
3nQmoqkd8S85GRXKJoN2inCAWm/cPyXMFOnnNaJr7eVKMML/qIZlBzShH5DOI+jL67WJR+HCzPss
KYTfKsaWdIiPrX9CeysHTubiMgv7OSZqWIDFEvDR4tLTHY5Lv8uXppAiSwwQFm7s70NBnSf51Ftz
XZD30lC8shc/M6nqIW4T7tyBvlo9CQ337HNWpmxMvW5vxFZ2lTGXbmufGUs4XPY8F0T4exarf73i
0L+poV4fF7XaNGmnRoerHQBmo4UbGPwbzPMnzEtiKXjNLW8uLk0iDu6v+4S0rD91pDdQjW9dXgy3
K+pT7nrs2QJIij3o+X2jgnsPNKlzXhC4HbwKIWjVNv8R4Ich8Lz6ysWT0ZDQeQjiY/mF42y6MkgG
iAMZQJK9aHW/mo3ZrBaQtwYcerSy5FKanRy1npnlqr7HVQ6dLe5pfPIND3LJQTdOivFRP3PXEw7j
V+Es2S8/1vHhv2E5XyZFeRzl4QZ3f5X7FLf/NVWvmOxObfnvQye/F4ShJJcWf3qU++gZ1ATdj5Rd
+qUr819wSXKhz+XddPfOoprSlaiaq7jThIb0MuEXrWiZlf/sBWTM1d79tVivbIR91O5ufGoxv/im
TfYA8aC1Qlc9d3FUX//aGMg42HLyPrsR8RL/HYg8PVa8PLD2pGwC1djvCLiwtsSaIHK+cE7xtd2T
VWQdQiACjcCIN7Ia0I4auzzZ8L80o4usvxNG0ECN3URctoAa1MAP8+4upgjZ+WgRAU+yVvO1f75h
Y1vNoA59UkLclzNc4ps+KQw96YhlsCHaOBvCxDw9WLd2jZ/c5KKLGejpL1tSAyzjLr1FZ9Ep3d3R
A0g5FFG2B8YSCFD7COJ96EqGGagFPrrGRKdRjsn3cgp8USSKs61L8jlYBJKZ4JP+MtIicTdGIQ1q
ygiCMSQRQO+m7qT17898NR7TWhqVjGtUaS2P5SByNxwO+bFU6dH3L7uKAkm5tr0wXyiZEs4ACxPQ
e11mCB3Bcj3caltj7HTbJpWaDeLizT4C5LLyLnU6//D7iFoPmpAfNhrR+jzmeX9KFdh/RWfdKR6L
BxtKzIxA0ZR/YDhsFPBsIxZY9Sbg0Zbj8o/EaR4V9ofxVhnA6rzDWovrcOtka7POKc8Eih12G2sw
ryZ+Tz1qaZqn/f64VQyy+y3SDm/3VFPQCHwfSGWA90fCyPih1kLh7QvH2n6qVTcbn3b5yqJRKJ7z
t3QlDX+a+bCARO2B3DvhhDFj7uYtteAQSgSBiLu0ONbSdunFZFHmNZiCX3RlRAJ2s3pEJQ0C8LsJ
1GcJr891LaXyY4RlV6V7o4GZMIGWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdDgQWBBQbl0PIIlymjN3ZVz+tOpuIpML+vzAfBgNVHSMEGDAWgBQU7EzvWW5eWkHJUvfa
BtS5aWkoBzARBgNVHSAECjAIMAYGBFUdIAAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB
MA0GCSqGSIb3DQEBCwUAA4ICAQCv6EbA3c8YErRAZJbE7M/Wf56F0BDiZ1NZ5RgEKN19PxMZVBQF
iLVzsMsvxi0nOfoCXsxMK1NbNl7JDHfB2+4aR7vgXBzxzFTqgzsDpEM+YHJlYUX5Tf1KYF8Gwt8L
wehvvpNEukVcR3meuw79cyavyw6gX4sVxO8z462tPBCI7/+jr8EyTO9ov9kAXBD/Q46nljxvbJ3L
9UIsxdUuJ4V+K9XVHrvNNPgQJnV9hmbxQJQvIodd/dX/CoQXonQkZERypzbin34bMPCCayCh9g5Q
RphGqTSNQ8KRFiTMMnZSxtmSPBk+3lLYp3m8lRu66X6Bo4LcP4UlMOF1xGQ0LPBjbNVIrODEmzSr
Agm3Gh/NdXswRBuZ9zZJmYJyA55n4A/C9zZuji2fnyPHKnfTGeO7jfGAhX18D45bWLExAhSR46zE
dzS1ZMgNr+mH+a8mgH11sugeXmzx8oNS4VGNXaaU01ms2rSgG1ju/1x7IrD47n4Zc5zZ4xxYUViE
GkSBY/qUetacZu6aLd8K12MSyghcdLpXroUGDClGouD3mwl6YetZFKFo6lVm9HFkRycYV9ZW12ag
YgqSzs2Hinfal5iC6sqJT6g2UELyAainrbvS7pGwuPu/LOVJs0Bv8ObzXaFU+0ROfWNR34DH7qP0
0KvEJR86Nz2PAV2BasEOeGzqHw==
-----END CERTIFICATE-----

$ cat c2
-----BEGIN CERTIFICATE-----
MIIQmTCCBsagAwIBAgIUPQdrRhcj5QnbKT1uWCJmx9KbLA0wCAYGK84PAgcBMC8xLTArBgNVBAMM
JG9xc3Rlc3RfaW50ZXJtZWRpYXRlX3AyNTZfZGlsaXRoaXVtMjAeFw0yMzExMTMxMTI2NDlaFw0y
NDExMTIxMTI2NDlaMCMxITAfBgNVBAMMGHRlc3Qub3BlbnF1YW50dW1zYWZlLm9yZzCCBXQwCAYG
K84PAgcBA4IFZgAAAABBBB5wuPJtjAomnTqGxTTuDDAKMKn6flb0XekVDx5075wT83sOIZsvpbZY
f4OjhoBWWuYKbCoYdgBweABDBakNzlLlz1gko9i3xD/gKD65rPQZLKACjI3dkEj0LyT9fHz+SaTX
uKML6GoHXOqiMZGE6W4s1jgRyyTmusTI0kRulArCA6wyla4NriMU/eArk2uE8GFWz84srbF2zIFv
NhZW46AUVSR+OTxM3KV4RpoUVjX3ytL6tpZLjTUpYjSWMJyOWPX1qhatZLUlNmh+a2LafcBo7Ety
HR28jKWsnlFzkQ/gwPG3csxqXUEa7729rXUZhRw079ekx0hjtEXZ+3O+a+diB9NfCHGDMYv157uP
Y4tshCyB4qbXTAyF8uwtywOPUBms4GiPDGAE4BYkh1b0BOXgzWmjZ3UD5jOBYOEr8NaivTwImN5g
x4Gy3udi5Atc8nVnOx9Ve74Yce9bOT8/Huf/gjTeSYOmfXI11/tnSsPT4K5f9JVnMJ8PAAyNwGVV
vV+cjkJjeEceb2zjmO+9SOVG00jF3sZJmwH+2Qrd43Xbqt7QJ3QHOeHpbZ6MFFS0U7EeENJ+2n4f
yO+x0HdMBtkoxyMFVLckXIXh3hGiwPJHPbgMBkic9/C+IM6bj/BbAY3k/H0KBBT+KbZU1iniVkpn
ehzKQt5cNzZM/5IK3SnFYqelQs0GC2ef+sL+YXOxoVwCOve17RW8A1kHL48+cW4kkEDTbFqpBdPq
AJDNdsnua23P4eAQDg0HMnOcERqJ9h1Tlfz3vEQBJ91E+dZws4W6pHSXt3rUbc+xmq/wMkoXgpWX
lwoBYO5mkJGcT5oafG9rV61EydSGFPr6tHIEMdfWeny7zTtGedoSypsLK9+gzgN8NHAmGQ31NDcV
Ba+U33oIUF1EY7iCIKScKXcspEAQN+G4gh+pRVTtoxH3BB829mQ7HEF583Vh615k9nNp3ozdaTDu
siveueWohzgr6FzSdNtIJKMIGhELNn3UYbyaCFGn+Butux4pfWi5JgGQhaP8ybzdxFeq3At2/7DW
sZTk6WbTdgNjsOTNXDB3iOBxnakjIjPiY6ff4XQodrI3FYffXsXErjG1pE0RRCn/9WN7SW00DU+G
G894h15xHRcr5v1THXvcpnbDGJuaGf6swokIt9OrEXYo7/9NkRqgARG5CxqSzORp72xUMVk1IuNl
4PhEwrefDcRD3QERtDwpPNww5oikKq12aSyDFIESSKYA8Cq9nKFfFQeOJKVq6uL7OKNSBaKKGMXV
wHstaS8zdPiQ42QX/xTNE+Qsx/grEkE+JCur1adiAKdATWS2st5qzTgac1w/OtdHM7azvRBzLhoa
M0Y3bhlb++c7HHAWei/JEgsjhydUZP42HXTXLMqfCzpab4La7ubmkJ96nb9wP9vfTzMXGMin/d8J
qBF35UMfvoeaHEzIB+o4Tz2ZFPQoyiqApXA2JTuVmVkq8Y3wO5V+JYrT22b3iihwGGKjLK6LlqMu
PXrWFip6o7Nl4rLlJgGTbHD7fXBbkDvyOHnBLOmQVuDyCQxOYmfTFZ4f7Aend2/6ewKJLwzM+yij
9AphEpQwrf7ZtqxOxhA4Ie0ooV2/Z9gxwVTdHoS3zwfZCb3Y9I0soYkEh7kKgMRM27pcn5mrfsDo
7tEYCQHIJnMMSbSQrfZRpkTsgBKqNBK1RWmYTzjDxHVSoWmbv2uIPHBKlOHAPvJQpUNi3yv5AQm3
/1IuW+IQxYA3UZUBz1WQ7IyLJgttYBo74Zby9RwJYRur+HIO433GDIesmPbJQUCGl/SHoGok+R9I
QPhEdv8bDcebc2c+JzHMDxpQLVf/y5Lno4GwMIGtMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD
AgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQJ0k/o7iGOCx3XkQvczAwcxPFqMDAf
BgNVHSMEGDAWgBQbl0PIIlymjN3ZVz+tOpuIpML+vzAjBgNVHREEHDAaghh0ZXN0Lm9wZW5xdWFu
dHVtc2FmZS5vcmcwEwYDVR0gBAwwCjAIBgZngQwBAgEwCAYGK84PAgcBA4IJwQAAAABIMEYCIQDM
CowvEzTAxk4wjSHNLFUdkTKEbrl2R/VhiIyed83KbgIhANz6tyO4QOWt+uFeMwuocwPdODo1koYx
YyZ9MhuNwEaOSq5JnN5eIP4sEfv0hik7Jg66CVKodESQ4PKWRzXpT+SeIIoAF1NadMhf/1wgAub9
x9rfx9+bne4KkGEp+1jnXfGeOl8b1z8A5tMqfTKj+kl5RMgHFoep2i7U4dQAgPw7DnT2MEgo0T/P
RKrZXrcoemoPhNMTZEpU2gTeyUrO7DXWYJGozWPHoTFZ/W+xE7zo5O1DYQWmH9tDNlDTmTqvT0sV
Z5VqU3oTUMoUx2tjA9xc/qYjs5BlHLrk0Q4AyR2M5XYHdvQ2/sUn3Nh/mmW2St614ddQNJ8X5I3n
OomwwcrTSrJoSdziQleFLr3esUigHXZKaeVlsTMjWIVNvNuLjIL8NTgnEFuVENMHd6mtgOsOfvyV
0MswX77jTTHbuA1NXNBXQcJJXB/MFpERF55837hd+EAt8FuLqZOnu/ybVqB0OPMsI69hi+jwjB6W
YiPIO+CKSObR5/rcraxTDbx7sh92c638k8aRmw8Box020CEw/n9G2FRyJC4mSpWDWW7C3wjSNL4h
bApyjvYf2UdpIsjqJBeHBSCYlGm/bkl2AdvJ1qhD80q+nwzuCbNlBqG9trYqbjmcSicuhYdgu5AR
2BEMmYjKGK2dwsHN+gDv4FhGCxsGN6Y0tyJy0Irlb44Ubh4vv8Pr2IsuCtI36BI+3y2L6lujcSr0
2OaNLprnqCi++PCm+Ir6AbDsNtfskKd4FjW2/E9Jnb+BqLWCS09W3cJWYcQZfQAaPA2TJujcYHAk
SoDkGWmRhoPKznMvmZum6aYP+1hxuH5cdx6QWOJ7wpCwK0hB1GYB/wSWzqSpIG/noHMdTnTHFdZh
LSBEUWTwxFAiFjlse/VCeNGzB9AO8v18uR3olgMPSny8q7G+cPPtiSe7648PLph54RUhbmQtdLKh
zkDQ12FIEIip0mGy2v051IRicvZg/NnbYc6WL0mctMP5bWU24VbplwKyLfHJXA+YEU11AoASDgeH
zCejoOwtYmKt4ldFGG2Ag7f4YfLIbokECehZHd9Ab9yJAKMZfwvqrU3BlFt5oVhTQAlauc/oGE/K
oT9/QvcxsB1oUCv9fReo2iFEuJ0eV6c/bz/SIFE4LoPx4Azj8bB8ISajuiD1BXYEJ6c7A6DIxtoE
s/jdXIJFzlr7o8Wg7wje2w3sa0mgfSg7vJ7Cn9xByUt8ZegfT9R9WLfznV6AR+iWxtBPzTfm8Cn9
BPHDY3MRtX3+UK7A7ZgQdMwQG4SHpKOdzsCkvcIeXD09f86kaKLFFUGIPplbdLs7J/jl5k7avv4g
1A+uYyC9J9X8LK3Fk1eeHNmw5F0UEwCwn+4QT3gM6ZMdW6FLjKCyV2H2wvRVXtbxIw7vi7zzMCwZ
vZ18GFChRwBsWKhOhZXemGV+De6+3uQHK63NDWRH1htA7msPoeRV8yM+190iQ3xmpyY3TABqxfc+
TAbtIhvTo5x//YiGfY8UAzMKvbXR4YiMH/64GplwagNu1ZK/tVnv9cqYNgxxtIKvdSjFhi08TCB4
MorQ+iA2MUFDC89So8AjE1f6hWBe0DCFvqqa9AM4jyAETSX26Gd1kCGrLVYxnO4A8mHaREZp/NbQ
nYXsZY62b92eEu6xJvhNloaD4xFDtOcibs2himdx3QLpvktPJhbyTumdVLdY1Ok+Y9b0DtlOwIGn
UjgUrV59MhhRhoPM3QSnouCaPeFA39rECTG6gbpjq5T4iHAzeonpp+7XN4SBZCneLfhtPjVIK7Rl
a3rovz94gYYFXpetV0OXfHLim6INr8jKwReKa7hFhPVPZhTbMkkA/1WBVWZVXgxoRCiAAbRu+usE
3OZur6oeUMpVT81RxtGjkLDCKcqNZo1M0CR+37IZILFpnVpKdB5W4kuEHgX55ZVESoimSHHBmJQT
Np/XSTc64qG68P39wVdnoKDliRQ38IiE52utuHyqpjjJw6i903nLkRUr/vQA0zin/vcV0owNqUjF
tz8GP3L20kpXpG6Gal1tc55YFt4r+hMMxFGdZxFGsqPryHerX51iGirtXivsABgqoKgX9akaLHNX
RLwvLKSm95VdLnB5s+5zt9MqdzBs4m9yotg2jMA8WmmdZ7pjYoVWj9yMTfvGJneF1AhILFcoGpJv
V1skAjWhzWayNTJPFojo60ljngFczs+FQ0N1ov8iKp9JKzmUQNnjLVWD4MtjzQAmIv+C3tbhsPce
rG775FIDPWIpb09zrRnMETm96xUYe0ccuLtbt6MEi8ZucQizEOWFf9ZNwY7czaV4I7okxa3+FqN9
vEOGb//8LPaNabubHk1wAJMTYe2XaFNkCPPcufcAf+1gQqiReDrs9wK8j7mgEl9hln4sK4I8M6pr
3qQ9VENLcW+xp4mwlLikA3fS7Jo+lT7I5EO0ZkXFQ1svtradXB9EjA5MELupg4LrkMGabOzcJ9OB
V2L9UgJVVqc4FswQBS1t+SDr9UX4N3QXSEokx7tW17eFId/ItR7+S4v7mYk3YYaL/JBOx/rpdInZ
PgycsP5aGAemODLwLxbqAqzX5pzasPQarsXm6mgKIwxmU/fOZulvZk2lnV+XGP5cdBrpAo3kovTZ
liNq7xuYtc9/gHbpdwKMWQ3sHX0IeDDMq0hVwTN6OgbxO+7bxNTVDbyUgMR2aPxf/tKw468Bu8cX
kfXRGl23kGRUrjC5IU2JMeFyQsW92YBw8hMZ5tXdO0Uo/h+dFLCk77ron+ax5+PFVFHuaKwFPvmV
FsONnC5uKxXTOorJuFk99nAQx0rO9AB513jRP2zq2RtKVieQxE/9p23oalJ0S9V6hSNqoQ9Px9SO
hitt7PLwprq4NlEv3cwhL2QyZEhvkXtHCGurd39vhGphGDJQs/G+L58r35GjJSFgyOBdnBLJ5cUh
L4jK22veThejodHMWZFUTEzDhT9pVOCCzPxr0+esjkMeQdRVJ4PrlXfcXeLajjeIHKdAW/Egx9Ma
yXswE9zfGcO6C8jHNQ9Xhddg4bYJ85ptd/Pd2O6EyDLlVauAxTK/AyjIZjadgMAJckTuVO5AD/at
VCMDb97qC4vCWbdEsKA8lqEfj1ieW2rtTcqAgS3i3/C8vEZf9rbuRTQE2mwgcVjlYCMCr6QyVd0e
s9TelEaigZkFXWNpe3yGitnm8fP7GzxRWWB5en+i6PT1AgcmJ3WNlZqpr8jzAAUQR1hZbZnu+fwA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0ZJTA=
-----END CERTIFICATE-----

Here c1 contains a p256_dilithium2 public key, and c2 is signed by this key.

# This is the EC part of the public key in c1, which is an encoded EC point
openssl x509 -in c1 -outform DER | dd bs=1 skip=177 count=65 > ecpoint.bin
# Generate a temp secp256r1 public key and extract its header
openssl ecparam -name secp256r1 -genkey | openssl ec -pubout -outform DER | dd bs=1 count=26 > eckey
# Then append the EC point and make it a real public key
cat ecpoint.bin >> eckey
# And convert it to PEM format
openssl ec -pubin -in eckey -inform DER -out eckey.pem

# This is the ECDSA part of the signature inside c2
openssl x509 -in c2 -outform DER | dd bs=1 skip=1761 count=72 > sig
# This is the TBSCertificate part of c2
openssl x509 -in c2 -outform DER | dd bs=1 skip=4 count=1738 > data

Now let's try verifying the signature:

$ openssl dgst -sha384 -verify eckey.pem -signature sig data
Verified OK
$ openssl dgst -sha256 -verify eckey.pem -signature sig data
Error Verifying Data

[wangweij]

According to https://github.com/open-quantum-safe/liboqs/blob/4906c3fc880328453a9efccde860e11adc5fea29/docs/algorithms/sig/dilithium.md?plain=1#L22, Dilithium2's Claimed NIST Level is 2, and SHA384 should be chosen according to the code you quoted.

[baentsch]

Right. For some reason I thought Dilithium2 is NIST Level 1. So everything seems to work as expected.