Skip to content
A python implementation of the signature scheme Falcon
Python Makefile
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.

This is a private repository implementing the signature scheme Falcon ( Falcon stands for FAst Fourier Lattice-based COmpact signatures over NTRU


This repository contains the following files (in order of dependency):

  1. generate_constants.sage contains the code which was used to generate the constants used in this project
  2. contains shared functions and constants
  3. contains precomputed constants used in the FFT
  4. contains precomputed constants used in the NTT
  5. contains a stand-alone implementation of the FFT over R[x] / (xn + 1)
  6. contains a stand-alone implementation of the NTT over Zq[x] / (xn + 1)
  7. generate polynomials f,g,F,G in Z[x] / (xn + 1) such that f G - g F = q
  8. implements a Gaussian sampler over the integers
  9. implements the fast Fourier sampling algorithm
  10. implements Falcon
  11. implements tests to check that everything is properly implemented

How to use

  1. Generate a secret key sk = SecretKey(n)
  2. Generate the corresponding public key pk = PublicKey(sk)
  3. Now we can sign messages:
    • To plainly sign a message m: sig = sk.sign(m)
    • To sign a message m with a pre-chosen 320-bit integer salt: sig = sk.sign(m, salt)
  4. We can also verify signatures: pk.verify(m, sig)


  • Compress and decompress
  • Document all the docstrings



This is work in progress. It is not to be considered suitable for production. It can, to some extent, be considered reference code, but the "true" reference code of Falcon is on

If you find errors or flaw, I will be very happy if you report them to me at the provided address.



You can’t perform that action at this time.