-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HSS/LMS Crypto Documentation #140
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, mostly just some smaller comments.
I also still need to look at the algorithm descriptions at the end.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Besides my faulty commend about SP800-208 requiring the usage of Appendix A LGTM now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left suggestions and remarks that should be addressed.
Great text.
For internal review, @atreiber94, could you give the changes in ba720ba a quick scan? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, though I only checked language. Left a few minor suggestions.
ba720ba
to
21f5a9a
Compare
Thanks for your review, @fluppe2, and thanks for reviewing my changes, @atreiber94. All suggestions are applied in 21f5a9a. |
7a4b470
to
c433b5e
Compare
Rebased to resolve pending merge conflicts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments on the documentation.
Overall the text is quite good.
docs/cryptodoc/src/05_06_hss_lms.rst
Outdated
------------------- | ||
|
||
The Hierarchical Signature System (HSS) with Leighton-Micali | ||
Hash-Based Signatures (HSS/LMS) consists of three building blocks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are the three building blocks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Meant are OTS, LMS, and HSS. The term building blocks may be misleading. I'll go with multiple components.
docs/cryptodoc/src/05_06_hss_lms.rst
Outdated
of a Merkle tree. This composition is the basis of the Leighton-Micali Signature (LMS) | ||
method. The root node of the LMS Merkle tree defines its public key. [RFC8554]_ | ||
also provides HSS, a hypertree composition of multiple LMS trees, where the leaves | ||
of LMS trees sign the public keys of other LMS trees. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Terminology: sometimes its called an LMS tree and sometimes an LMS Merkle tree. Strictly speaking, no definition of a LMS Merkle tree has been given and maybe its sufficient to call it simply a Merkle tree throughout?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch! I agree that this is inconsistent. However, I prefer the term LMS tree, which is also frequently used within RFC 8554. I'll introduce the term better and make it more consistent, though.
bd4f2d5
to
752eea8
Compare
Rebased to |
02e1fac
to
8cee0fa
Compare
8cee0fa
to
9b450e9
Compare
9b450e9
to
709dc5b
Compare
Rebased to latest main, in the hope to fix the build. See #216. |
This is the documentation for Botan's HSS/LMS implementation according to RFC 8554. Botan's PR for HSS/LMS has yet to be thoroughly reviewed so some changes may occur even in this document.
I marked this PR as a draft to notify that the documentation still needs to be internally reviewed. Also, since Botan's PR still needs to be merged, the CI for this PR will fail due to the missing source links.