hash-sig-go

module

v0.0.0-...-9a5de48 Latest Latest Go to latest Published: Sep 7, 2025 License: Apache-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aerius-labs/hash-sig-go

Links

Open Source Insights

README ¶

hashsig-go

Go implementation of generalized XMSS with tweakable hashes and incomparable encodings (Winternitz & Target-Sum variants).

This is a port of the Rust implementation at b-wagn/hash-sig, implementing the cryptographic constructions from:

"Hash-Based Multi-Signatures for Post-Quantum Ethereum" [DKKW25a]
"LeanSig for Post-Quantum Ethereum" [DKKW25b]

Features

Generalized XMSS (Construction 3) signature scheme
Tweakable hash functions with SHA-3 backend (Section 7.2)
Incomparable encodings:
- Winternitz encoding (Construction 5)
- Target-Sum Winternitz encoding (Construction 6)
Merkle tree construction (Construction 1)
Hash chains (Construction 2)
Parallel computation for improved performance
Full test coverage with parity to Rust implementation

Installation

go get github.com/aerius-labs/hash-sig-go

Usage

Library Usage

package main

import (
    "crypto/rand"
    "fmt"
    
    "github.com/aerius-labs/hash-sig-go/encoding/winternitz"
    "github.com/aerius-labs/hash-sig-go/internal/prf"
    "github.com/aerius-labs/hash-sig-go/th/message_hash"
    "github.com/aerius-labs/hash-sig-go/th/tweak_hash"
    "github.com/aerius-labs/hash-sig-go/xmss"
)

func main() {
    // Setup components
    prfInstance := prf.NewSHA3PRF(24, 24)
    thInstance := tweak_hash.NewSHA3TweakableHash(24, 24)
    mhInstance := message_hash.NewSHA3MessageHash(24, 24, 48, 4)
    
    // Create Winternitz encoding
    checksumLen := winternitz.ComputeChecksumLength(48, 4)
    encInstance := winternitz.NewWinternitzEncoding(mhInstance, 4, checksumLen)
    
    // Create XMSS with log lifetime = 8 (256 epochs)
    xmssInstance := xmss.NewGeneralizedXMSS(prfInstance, encInstance, thInstance, 8)
    
    // Generate keys
    pk, sk := xmssInstance.KeyGen(rand.Reader, 0, 256)
    
    // Sign a message
    message := make([]byte, 32)
    rand.Read(message)
    
    sig, err := xmssInstance.Sign(rand.Reader, sk, 0, message)
    if err != nil {
        panic(err)
    }
    
    // Verify signature
    valid := xmssInstance.Verify(pk, 0, message, sig)
    fmt.Printf("Signature valid: %v\n", valid)
}

CLI Usage

Build the CLI tool:

go build ./cmd/hashsig-cli

Generate keys:

./hashsig-cli keygen -out mykey

Sign a message:

./hashsig-cli sign -sk mykey.sk -epoch 0 -msg <hex_message> -out sig.bin

Verify a signature:

./hashsig-cli verify -pk mykey.pk -epoch 0 -msg <hex_message> -sig sig.bin

Testing

Run all tests:

go test ./...

Run benchmarks:

go test -bench=. ./xmss

Parameters

Winternitz Encoding

Chunk size w ∈ {1,2,4,8} bits
Checksum length n₁ = ⌊log_{2^w}(n₀(2^w−1))⌋ + 1
Always succeeds (no retries needed)

Target-Sum Winternitz

Target sum T = ⌈δ·v·(2^w−1)/2⌉ with δ ∈ {1.0, 1.1}
May require retries (probabilistic encoding)
Reduces verifier hashing cost

References

[DKKW25a] "Hash-Based Multi-Signatures for Post-Quantum Ethereum" https://eprint.iacr.org/2025/055.pdf
[DKKW25b] "LeanSig for Post-Quantum Ethereum" https://eprint.iacr.org/2025/1332.pdf

License

Apache Version 2.0.

Directories ¶

Path	Synopsis
encoding
targetsum
winternitz
field Package field implements the BabyBear prime field using gnark-crypto	Package field implements the BabyBear prime field using gnark-crypto
hypercube
internal
bitutil
prf
merkle
poseidon Package poseidon implements Poseidon2 permutation over BabyBear field using gnark-crypto	Package poseidon implements Poseidon2 permutation over BabyBear field using gnark-crypto
th
message_hash
tweak_hash Package poseidon implements Poseidon-based tweakable hash	Package poseidon implements Poseidon-based tweakable hash
tweak
xmss

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL