bdsState = new BDS(params, tmpPublicSeed, tmpSecretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build(), builder.index);
otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(index).withChainAddress(otsHashAddress.getChainAddress()) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(otsHashAddress.getKeyAndMask()) .build();
OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withTreeAddress(indexTree) .withOTSAddress(indexLeaf).build(); otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withLayerAddress(layer) .withTreeAddress(indexTree).withOTSAddress(indexLeaf).build();
otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(indexLeaf).withChainAddress(otsHashAddress.getChainAddress()) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(otsHashAddress.getKeyAndMask()) .build();
otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(nextIndex).withChainAddress(otsHashAddress.getChainAddress()) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(otsHashAddress.getKeyAndMask()) .build(); LTreeAddress lTreeAddress = (LTreeAddress)new LTreeAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress())
OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withOTSAddress(index).build(); WOTSPlusSignature wotsPlusSignature = wotsSign(messageDigest, otsHashAddress); XMSSSignature signature = (XMSSSignature)new XMSSSignature.Builder(params).withIndex(index).withRandom(random)
for (int i = 0; i < params.getLen(); i++) otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).withChainAddress(i) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(otsHashAddress.getKeyAndMask()) .build(); publicKey[i] = chain(signature.toByteArray()[i], baseWMessage.get(i), params.getWinternitzParameter() - 1 - baseWMessage.get(i), otsHashAddress);
otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).withChainAddress(otsHashAddress.getChainAddress()) .withHashAddress(startIndex + steps - 1).withKeyAndMask(0).build(); byte[] key = khf.PRF(publicSeed, otsHashAddress.toByteArray()); otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).withChainAddress(otsHashAddress.getChainAddress()) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(1).build(); byte[] bitmask = khf.PRF(publicSeed, otsHashAddress.toByteArray()); byte[] tmpMasked = new byte[n];
OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withTreeAddress(indexTree) .withOTSAddress(indexLeaf).build(); otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withLayerAddress(layer) .withTreeAddress(indexTree).withOTSAddress(indexLeaf).build();
for (int i = 0; i < params.getLen(); i++) otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).withChainAddress(i) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(otsHashAddress.getKeyAndMask()) .build(); signature[i] = chain(expandSecretKeySeed(i), 0, baseWMessage.get(i), otsHashAddress);
int indexLeaf = XMSSUtil.getLeafIndex(globalIndex, xmssHeight); OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withTreeAddress(indexTree) .withOTSAddress(indexLeaf).build(); indexTree = XMSSUtil.getTreeIndex(indexTree, xmssHeight); otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withLayerAddress(layer) .withTreeAddress(indexTree).withOTSAddress(indexLeaf).build();
/** * Generate a new XMSSMT private key / public key pair. */ public AsymmetricCipherKeyPair generateKeyPair() { XMSSMTPrivateKeyParameters privateKey; XMSSMTPublicKeyParameters publicKey; /* generate XMSSMT private key */ privateKey = generatePrivateKey(new XMSSMTPrivateKeyParameters.Builder(params).build().getBDSState()); /* import to xmss */ xmssParams.getWOTSPlus().importKeys(new byte[params.getDigestSize()], privateKey.getPublicSeed()); /* get root */ int rootLayerIndex = params.getLayers() - 1; OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withLayerAddress(rootLayerIndex) .build(); /* store BDS instance of root xmss instance */ BDS bdsRoot = new BDS(xmssParams, privateKey.getPublicSeed(), privateKey.getSecretKeySeed(), otsHashAddress); XMSSNode root = bdsRoot.getRoot(); privateKey.getBDSState().put(rootLayerIndex, bdsRoot); /* set XMSS^MT root / create public key */ privateKey = new XMSSMTPrivateKeyParameters.Builder(params).withSecretKeySeed(privateKey.getSecretKeySeed()) .withSecretKeyPRF(privateKey.getSecretKeyPRF()).withPublicSeed(privateKey.getPublicSeed()) .withRoot(root.getValue()).withBDSState(privateKey.getBDSState()).build(); publicKey = new XMSSMTPublicKeyParameters.Builder(params).withRoot(root.getValue()) .withPublicSeed(privateKey.getPublicSeed()).build(); return new AsymmetricCipherKeyPair(publicKey, privateKey); }
/** * Calculates a new public key based on the state of secretKeySeed, * publicSeed and otsHashAddress. * * @param otsHashAddress OTS hash address for randomization. * @return WOTS+ public key. */ protected WOTSPlusPublicKeyParameters getPublicKey(OTSHashAddress otsHashAddress) { if (otsHashAddress == null) { throw new NullPointerException("otsHashAddress == null"); } byte[][] publicKey = new byte[params.getLen()][]; /* derive public key from secretKeySeed */ for (int i = 0; i < params.getLen(); i++) { otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).withChainAddress(i) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(otsHashAddress.getKeyAndMask()) .build(); publicKey[i] = chain(expandSecretKeySeed(i), 0, params.getWinternitzParameter() - 1, otsHashAddress); } return new WOTSPlusPublicKeyParameters(params, publicKey); } }
public XMSSPrivateKeyParameters getNextKey() { /* prepare authentication path for next leaf */ int treeHeight = this.params.getHeight(); if (this.getIndex() < ((1 << treeHeight) - 1)) { return new XMSSPrivateKeyParameters.Builder(params) .withSecretKeySeed(secretKeySeed).withSecretKeyPRF(secretKeyPRF) .withPublicSeed(publicSeed).withRoot(root) .withBDSState(bdsState.getNextState(publicSeed, secretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build())).build(); } else { return new XMSSPrivateKeyParameters.Builder(params) .withSecretKeySeed(secretKeySeed).withSecretKeyPRF(secretKeyPRF) .withPublicSeed(publicSeed).withRoot(root) .withBDSState(new BDS(params, getIndex() + 1)).build(); // no more nodes left. } }
/** * Generate an XMSS private key. * * @return XMSS private key. */ private XMSSPrivateKeyParameters generatePrivateKey(XMSSParameters params, SecureRandom prng) { int n = params.getDigestSize(); byte[] secretKeySeed = new byte[n]; prng.nextBytes(secretKeySeed); byte[] secretKeyPRF = new byte[n]; prng.nextBytes(secretKeyPRF); byte[] publicSeed = new byte[n]; prng.nextBytes(publicSeed); XMSSPrivateKeyParameters privateKey = new XMSSPrivateKeyParameters.Builder(params).withSecretKeySeed(secretKeySeed) .withSecretKeyPRF(secretKeyPRF).withPublicSeed(publicSeed) .withBDSState(new BDS(params, publicSeed, secretKeySeed, (OTSHashAddress)new OTSHashAddress.Builder().build())).build(); return privateKey; } }
public boolean verifySignature(byte[] message, byte[] signature) { /* parse signature and public key */ XMSSSignature sig = new XMSSSignature.Builder(params).withSignature(signature).build(); /* generate public key */ int index = sig.getIndex(); /* reinitialize WOTS+ object */ params.getWOTSPlus().importKeys(new byte[params.getDigestSize()], publicKey.getPublicSeed()); /* create message digest */ byte[] concatenated = Arrays.concatenate(sig.getRandom(), publicKey.getRoot(), XMSSUtil.toBytesBigEndian(index, params.getDigestSize())); byte[] messageDigest = khf.HMsg(concatenated, message); int xmssHeight = params.getHeight(); int indexLeaf = XMSSUtil.getLeafIndex(index, xmssHeight); /* get root from signature */ OTSHashAddress otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder().withOTSAddress(index).build(); XMSSNode rootNodeFromSignature = XMSSVerifierUtil.getRootNodeFromSignature(params.getWOTSPlus(), xmssHeight, messageDigest, sig, otsHashAddress, indexLeaf); return Arrays.constantTimeAreEqual(rootNodeFromSignature.getValue(), publicKey.getRoot()); }
/** * Derive WOTS+ secret key for specific index as in XMSS ref impl Andreas * Huelsing. * * @param otsHashAddress * @return WOTS+ secret key at index. */ protected byte[] getWOTSPlusSecretKey(byte[] secretKeySeed, OTSHashAddress otsHashAddress) { otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).build(); return khf.PRF(secretKeySeed, otsHashAddress.toByteArray()); }