This repository has been archived by the owner on Jan 8, 2025. It is now read-only.
Falcon signature size and private key's size differ from specifications #395
Unanswered
alexandra-buzatoiu
asked this question in
Q&A
Replies: 1 comment 2 replies
-
This is correct and explicable as the OpenSSL logic requires a public key to be always available if a private key is operated on (even if no cert is available): OQS-OpenSSL thus appends the public key to the private key. Some of the further variations may be explained by ASN.1 "wrapping" structures. Regarding the falcon-specific differences between spec and implementation I cannot help, unfortunately. Maybe it would be worth while checking with the authors of the algorithm? @dstebila : Any person you'd be considering the best contact for this? |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am not sure if I should have addressed this topic here, but here is what I have observed:
From the official website of the algorithm I see the signature size should be for falcon512 666 bytes, and for falcon1024 1280 bytes. Also, the public keys are falcon512 - 897 bytes, falcon1024 - 1793 bytes
Also I have read here https://csrc.nist.gov/CSRC/media/Projects/post-quantum-cryptography/documents/round-2/official-comments/FALCON-round2-official-comment.pdf that for the secret key, they assume 1281 bytes for falcon512 and 2305 for falcon1024. After having generated some keys and certificates, for falcon512, my private key has 2182 bytes so extra bytes and my signature has 657 bytes (so 9 bytes less).
About falcon1024, my private key has 4102 bytes (a lot, comparing to the specified size of 2305). Even if I subtracted the public key size from this number (i can see at the end of the actual private key I find the public key concatenated), so if I substract 1793 bytes (pk size), I still get some extra 4 bytes. Also, the signature I have inside my certificate with falcon1024 has 1272 bytes, so 8 bytes less than the specified 1280.
For the public keys inside the certificates everything is fine, same size as specified.
Another unclear thing for me would be the values of the signatures sizes macros in sig_falcon.h inside liboqs, cuz they are larger than the specifications.
#ifdef OQS_ENABLE_SIG_falcon_512
#define OQS_SIG_falcon_512_length_public_key 897
#define OQS_SIG_falcon_512_length_secret_key 1281
#define OQS_SIG_falcon_512_length_signature 690
[...]
#ifdef OQS_ENABLE_SIG_falcon_1024
#define OQS_SIG_falcon_1024_length_public_key 1793
#define OQS_SIG_falcon_1024_length_secret_key 2305
#define OQS_SIG_falcon_1024_length_signature 1330
Again, I don't know if the question is suitable, but if someone has an explanation for this +/- bytes in keys and signatures size it would be great.
Thank you in advance!
Beta Was this translation helpful? Give feedback.
All reactions