A python implementation of the signature scheme Falcon
Switch branches/tags
Nothing to show
Clone or download
Latest commit 300f49e Mar 11, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Mar 4, 2018
README.md Update README.md Mar 6, 2018
common.py mostly documentation Mar 5, 2018
encoding.py tests for compress Mar 11, 2018
falcon.py tests for compress Mar 11, 2018
ffsampling.py tests for compress Mar 11, 2018
fft.py mostly documentation Mar 5, 2018
fft_constants.py initial commit Mar 4, 2018
generate_constants.sage initial commit Mar 4, 2018
ntrugen.py tests for compress Mar 11, 2018
ntt.py tests for compress Mar 11, 2018
ntt_constants.py initial commit Mar 4, 2018
profile.py tests for compress Mar 11, 2018
sampler.py mostly documentation Mar 5, 2018
test.py tests for compress Mar 11, 2018

README.md

falcon.py

This is a private repository implementing the signature scheme Falcon (https://falcon-sign.info/). Falcon stands for FAst Fourier Lattice-based COmpact signatures over NTRU

Content

This repository contains the following files (in order of dependency):

  1. generate_constants.sage contains the code which was used to generate the constants used in this project
  2. common.py contains shared functions and constants
  3. fft_constants.py contains precomputed constants used in the FFT
  4. ntt_constants.py contains precomputed constants used in the NTT
  5. fft.py contains a stand-alone implementation of the FFT over R[x] / (xn + 1)
  6. ntt.py contains a stand-alone implementation of the NTT over Zq[x] / (xn + 1)
  7. ntrugen.py generate polynomials f,g,F,G in Z[x] / (xn + 1) such that f G - g F = q
  8. sampler.py implements a Gaussian sampler over the integers
  9. ffsampling.py implements the fast Fourier sampling algorithm
  10. falcon.py implements Falcon
  11. test.py implements tests to check that everything is properly implemented

How to use

  1. Generate a secret key sk = SecretKey(n)
  2. Generate the corresponding public key pk = PublicKey(sk)
  3. Now we can sign messages:
    • To plainly sign a message m: sig = sk.sign(m)
    • To sign a message m with a pre-chosen 320-bit integer salt: sig = sk.sign(m, salt)
  4. We can also verify signatures: pk.verify(m, sig)

Todo

  • Compress and decompress
  • Document all the docstrings

Author

Disclaimer

This is work in progress. It is not to be considered suitable for production. It can, to some extent, be considered reference code, but the "true" reference code of Falcon is on https://falcon-sign.info/.

If you find errors or flaw, I will be very happy if you report them to me at the provided address.

License

MIT