def verify(msg, sig, pk): "verify a 256-bit value using hash-bash signatures" msg = crypturd.fixed_length_key(msg, 32) checksum = 0 digest = "" for i in range(32): c = ord(msg[i]) checksum += c digest += hash_times(sig[i * 32:i * 32 + 32], 256 - c) digest += hash_times(sig[-64:-32], checksum // 256) digest += hash_times(sig[-32:], checksum % 256) return sha256(digest) == pk
def sign(msg, sk): "Sign a 256-bit value" msg = crypturd.fixed_length_key(msg, 32) sig = "" checksum = 0 for i in range(32): c = ord(msg[i]) checksum += c sig += hash_times(sk[i * 32:i * 32 + 32], c) # sign a checksum sig += hash_times(sk[-64:-32], 32 - (checksum // 256)) sig += hash_times(sk[-32:], 256 - (checksum % 256)) return sig
def sign_right(msg2, sk): "Sign 2 256-bit values using hash-bash signatures (second part)" msg2 = crypturd.fixed_length_key(msg2, 32) sig = "" M2 = crypturd.bigendian2int(msg2) for i in range(256): zero = sk[i * 64 + 16384:i * 64 + 16416] one = sk[i * 64 + 16416:i * 64 + 16448] if ((1 << i) & M2) > 0: zero = crypturd.sha256(zero) else: one = crypturd.sha256(one) sig += zero + one return sig
def sign_left(msg1, sk): "Sign 2 256-bit values using hash-bash signatures (first part)" msg1 = crypturd.fixed_length_key(msg1, 32) M1 = crypturd.bigendian2int(msg1) sig = "" for i in range(256): zero = sk[i * 64:i * 64 + 32] one = sk[i * 64 + 32:i * 64 + 64] if ((1 << i) & M1) > 0: zero = crypturd.sha256(zero) else: one = crypturd.sha256(one) sig += zero + one return sig
def digest_right(msg2, sig): "verify 2 256-bit values using hash-bash signatures (second part)" msg1 = crypturd.fixed_length_key(msg2, 32) digest2 = "" M2 = crypturd.bigendian2int(msg2) for i in range(256): zero = sig[i * 64 + 16384:i * 64 + 16416] one = sig[i * 64 + 16416:i * 64 + 16448] if ((1 << i) & M2) > 0: one = crypturd.sha256(one) else: zero = crypturd.sha256(zero) digest2 += zero + one return sha256(digest2)
def digest_left(msg1, sig): "verify 2 256-bit values using hash-bash signatures (first part)" msg1 = crypturd.fixed_length_key(msg1, 32) digest1 = "" M1 = crypturd.bigendian2int(msg1) for i in range(256): zero = sig[i * 64:i * 64 + 32] one = sig[i * 64 + 32:i * 64 + 64] if ((1 << i) & M1) > 0: one = crypturd.sha256(one) else: zero = crypturd.sha256(zero) digest1 += zero + one return sha256(digest1)