Dilithium.h (3796B)
1 /* 2 * Dilithium.h - CRYSTALS-Dilithium Post-Quantum Digital Signatures 3 * 4 * NIST PQC Standard (FIPS 204) 5 * Security levels: Dilithium2, Dilithium3, Dilithium5 6 */ 7 8 #ifndef DILITHIUM_H 9 #define DILITHIUM_H 10 11 #include <stdint.h> 12 #include <stddef.h> 13 14 /* Dilithium2 (Level 2 - equivalent to SHA-256 security) */ 15 #define DILITHIUM2_PUBLIC_KEY_BYTES 1312 16 #define DILITHIUM2_SECRET_KEY_BYTES 2528 17 #define DILITHIUM2_SIGNATURE_BYTES 2420 18 19 /* Dilithium3 (Level 3 - equivalent to SHA3-256 security) */ 20 #define DILITHIUM3_PUBLIC_KEY_BYTES 1952 21 #define DILITHIUM3_SECRET_KEY_BYTES 4000 22 #define DILITHIUM3_SIGNATURE_BYTES 3293 23 24 /* Dilithium5 (Level 5 - equivalent to SHA3-512 security) */ 25 #define DILITHIUM5_PUBLIC_KEY_BYTES 2592 26 #define DILITHIUM5_SECRET_KEY_BYTES 4864 27 #define DILITHIUM5_SIGNATURE_BYTES 4595 28 29 /* Security level enumeration */ 30 typedef enum { 31 DILITHIUM_2 = 2, /* (4,4) parameters, security level 2 */ 32 DILITHIUM_3 = 3, /* (6,5) parameters, security level 3 */ 33 DILITHIUM_5 = 5 /* (8,7) parameters, security level 5 */ 34 } dilithium_level_t; 35 36 /* ============================================================================ 37 * Dilithium2 API 38 * ========================================================================= */ 39 40 /** 41 * Generate Dilithium2 keypair 42 * @param public_key Output buffer (1312 bytes) 43 * @param secret_key Output buffer (2528 bytes) 44 * @return 0 on success, -1 on failure 45 */ 46 int dilithium2_keypair(uint8_t *public_key, uint8_t *secret_key); 47 48 /** 49 * Sign message with Dilithium2 50 * @param signature Output buffer (2420 bytes) 51 * @param signature_len Output signature length 52 * @param message Message to sign 53 * @param message_len Message length 54 * @param secret_key Secret key (2528 bytes) 55 * @return 0 on success, -1 on failure 56 */ 57 int dilithium2_sign(uint8_t *signature, size_t *signature_len, 58 const uint8_t *message, size_t message_len, 59 const uint8_t *secret_key); 60 61 /** 62 * Verify Dilithium2 signature 63 * @param signature Signature to verify 64 * @param signature_len Signature length 65 * @param message Message that was signed 66 * @param message_len Message length 67 * @param public_key Public key (1312 bytes) 68 * @return 0 if valid, -1 if invalid 69 */ 70 int dilithium2_verify(const uint8_t *signature, size_t signature_len, 71 const uint8_t *message, size_t message_len, 72 const uint8_t *public_key); 73 74 /* ============================================================================ 75 * Dilithium3 API (RECOMMENDED - Best balance of security and performance) 76 * ========================================================================= */ 77 78 int dilithium3_keypair(uint8_t *public_key, uint8_t *secret_key); 79 int dilithium3_sign(uint8_t *signature, size_t *signature_len, 80 const uint8_t *message, size_t message_len, 81 const uint8_t *secret_key); 82 int dilithium3_verify(const uint8_t *signature, size_t signature_len, 83 const uint8_t *message, size_t message_len, 84 const uint8_t *public_key); 85 86 /* ============================================================================ 87 * Dilithium5 API 88 * ========================================================================= */ 89 90 int dilithium5_keypair(uint8_t *public_key, uint8_t *secret_key); 91 int dilithium5_sign(uint8_t *signature, size_t *signature_len, 92 const uint8_t *message, size_t message_len, 93 const uint8_t *secret_key); 94 int dilithium5_verify(const uint8_t *signature, size_t signature_len, 95 const uint8_t *message, size_t message_len, 96 const uint8_t *public_key); 97 98 #endif /* DILITHIUM_H */