def treehash(self, secret_seed, s, z, public_seed, adrs: ADRS): if s % (1 << z) != 0: return -1 stack = [] for i in range(0, 2 ** z): adrs.set_type(ADRS.WOTS_HASH) adrs.set_key_pair_address(s + i) node = self.wots_pk_gen(secret_seed, public_seed, adrs.copy()) adrs.set_type(ADRS.TREE) adrs.set_tree_height(1) adrs.set_tree_index(s + i) if len(stack) > 0: while stack[len(stack) - 1]['height'] == adrs.get_tree_height(): adrs.set_tree_index((adrs.get_tree_index() - 1) // 2) node = hash(public_seed, adrs.copy(), stack.pop()['node'] + node, self._n) adrs.set_tree_height(adrs.get_tree_height() + 1) if len(stack) <= 0: break stack.append({'node': node, 'height': adrs.get_tree_height()}) return stack.pop()['node']
def spx_verify(self, m, sig, public_key): adrs = ADRS() r = sig[0] sig_fors = sig[1] sig_ht = sig[2] public_seed = public_key[0] public_root = public_key[1] size_md = math.floor((self._k * self._a + 7) / 8) size_idx_tree = math.floor((self._h - self._h // self._d + 7) / 8) size_idx_leaf = math.floor((self._h // self._d + 7) / 8) digest = hash_msg(r, public_seed, public_root, m, size_md + size_idx_tree + size_idx_leaf) tmp_md = digest[:size_md] tmp_idx_tree = digest[size_md:(size_md + size_idx_tree)] tmp_idx_leaf = digest[(size_md + size_idx_tree):len(digest)] md_int = int.from_bytes(tmp_md, 'big') >> (len(tmp_md) * 8 - self._k * self._a) md = md_int.to_bytes(math.ceil(self._k * self._a / 8), 'big') idx_tree = int.from_bytes(tmp_idx_tree, 'big') >> (len(tmp_idx_tree) * 8 - (self._h - self._h // self._d)) idx_leaf = int.from_bytes(tmp_idx_leaf, 'big') >> (len(tmp_idx_leaf) * 8 - (self._h // self._d)) adrs.set_layer_address(0) adrs.set_tree_address(idx_tree) adrs.set_type(ADRS.FORS_TREE) adrs.set_key_pair_address(idx_leaf) pk_fors = self.fors_pk_from_sig(sig_fors, md, public_seed, adrs) adrs.set_type(ADRS.TREE) return self.ht_verify(pk_fors, sig_ht, public_seed, idx_tree, idx_leaf, public_root)
def spx_sign(self, m, secret_key): adrs = ADRS() secret_seed = secret_key[0] secret_prf = secret_key[1] public_seed = secret_key[2] public_root = secret_key[3] opt = bytes(self._n) if self._randomize: opt = os.urandom(self._n) r = prf_msg(secret_prf, opt, m, self._n) sig = [r] size_md = math.floor((self._k * self._a + 7) / 8) size_idx_tree = math.floor((self._h - self._h // self._d + 7) / 8) size_idx_leaf = math.floor((self._h // self._d + 7) / 8) digest = hash_msg(r, public_seed, public_root, m, size_md + size_idx_tree + size_idx_leaf) tmp_md = digest[:size_md] tmp_idx_tree = digest[size_md:(size_md + size_idx_tree)] tmp_idx_leaf = digest[(size_md + size_idx_tree):len(digest)] md_int = int.from_bytes(tmp_md, 'big') >> (len(tmp_md) * 8 - self._k * self._a) md = md_int.to_bytes(math.ceil(self._k * self._a / 8), 'big') idx_tree = int.from_bytes(tmp_idx_tree, 'big') >> (len(tmp_idx_tree) * 8 - (self._h - self._h // self._d)) idx_leaf = int.from_bytes(tmp_idx_leaf, 'big') >> (len(tmp_idx_leaf) * 8 - (self._h // self._d)) adrs.set_layer_address(0) adrs.set_tree_address(idx_tree) adrs.set_type(ADRS.FORS_TREE) adrs.set_key_pair_address(idx_leaf) sig_fors = self.fors_sign(md, secret_seed, public_seed, adrs.copy()) sig += [sig_fors] pk_fors = self.fors_pk_from_sig(sig_fors, md, public_seed, adrs.copy()) adrs.set_type(ADRS.TREE) sig_ht = self.ht_sign(pk_fors, secret_seed, public_seed, idx_tree, idx_leaf) sig += [sig_ht] return sig