def test_construct_root(): H = lambda x, y, i: x - y minus_tree = list(hash_tree(H, range(16))) for i in range(16): leaf = minus_tree[0][i] path = auth_path(minus_tree, i) assert construct_root(H, path, leaf, i) == minus_tree[-1][0]
def wots_path(self, a, SK1, Q, subh): ta = dict(a) leafs = [] for subleaf in range(1 << subh): ta['leaf'] = subleaf leafs.append(self.wots_leaf(self.address(**ta), SK1, Q)) Qtree = Q[2 * ceil(log(self.wots.l, 2)):] H = lambda x, y, i: self.H(xor(x, Qtree[2*i]), xor(y, Qtree[2*i+1])) tree = list(hash_tree(H, leafs)) return auth_path(tree, a['leaf']), root(tree)
def sign(self, m, seed, masks): assert len(m) == self.m // 8 assert len(seed) == self.n // 8 assert len(masks) >= 2 * self.tau sk = self.Gt(seed) sk = chunkbytes(sk, self.n // 8) L = list(map(self.F, sk)) H = lambda x, y, i: self.H(xor(x, masks[2*i]), xor(y, masks[2*i+1])) tree = hash_tree(H, L) trunk = list(itertools.islice(tree, 0, self.tau - self.x)) sigma_k = next(tree) M = self.message_indices(m) pk = root(tree) # the SPHINCS paper suggests to put sigma_k at the end of sigma # but the reference code places it at the front return ([(sk[Mi], auth_path(trunk, Mi)) for Mi in M] + [sigma_k], pk)
def sign(self, m, seed, masks): assert len(m) == self.m // 8 assert len(seed) == self.n // 8 assert len(masks) >= 2 * self.tau sk = self.Gt(seed) sk = chunkbytes(sk, self.n // 8) L = list(map(self.F, sk)) H = lambda x, y, i: self.H(xor(x, masks[2 * i]), xor(y, masks[2 * i + 1])) tree = hash_tree(H, L) trunk = list(itertools.islice(tree, 0, self.tau - self.x)) sigma_k = next(tree) M = self.message_indices(m) pk = root(tree) # the SPHINCS paper suggests to put sigma_k at the end of sigma # but the reference code places it at the front return ([(sk[Mi], auth_path(trunk, Mi)) for Mi in M] + [sigma_k], pk)
def test_auth_path(): tree = list(hash_tree(lambda x, y, i: x >> 1, range(15, 31))) assert list(auth_path(tree, 5)) == [19, 10, 3, 2]