A Rust implementation of hash-based signatures. See my Medium post for a longer description!
Disclaimer: This repository is a toy project to play around with Rust and cryptographic primitives. It implements some ideas of Chapter 14 of "A Graduate Course in Applied Cryptography" by Dan Boneh and Victor Shoup.
Hash-based signatures - unlike signature schemes based on RSA or ECC - do not rely on number-theoretic assumptions that are known to be broken by Quantum computers.
Stateless many-time signature schemes can be built in a three-step process:
- A one-time signature scheme can be built purely from hash functions.
- From there, we build an indexed signature scheme. Using a Merkle tree, the otherwise very large public key can be reduced to a single hash (at the expense of a larger signature).
- Finally, Merkle signatures build a tree of indexed signature schemes.
Install Rust and run:
$ cargo install hash-based-signatures
This gives you a command-line tool that lets you generate keys, sign files, and validate signatures:
To get started with signature verification, check out the example!
To sign files, run:
$ cargo run -- key-gen
This will create a .private_key.json
in your working directory and print the corresponding public key.
Keep it private!
To sign a file, make sure that you have a .private_key.json
in your working directory and run:
$ cargo run -- sign example/readme.md
Last but not least, signatures can also be verified using a web app, based on a Web Assembly compilation of the code: