Fraunhofer-AISEC · aewag · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024
diff --git a/src/constants.rs b/src/constants.rs
@@ -13,7 +13,11 @@ pub type LmsLeafIdentifier = [u8; 4];
 type FvcMax = u16;
 type FvcSum = u16;
 type FvcCoef = (usize, u16, u64); // (index, shift, mask)
-pub type FastVerifyCached = (FvcMax, FvcSum, ArrayVec<[FvcCoef; MAX_HASH_CHAIN_COUNT]>);
+pub type FastVerifyCached = (
+    FvcMax,
+    FvcSum,
+    ArrayVec<[FvcCoef; MAX_NUM_WINTERNITZ_CHAINS]>,
+);
 
 pub const D_PBLC: [u8; 2] = [0x80, 0x80];
 pub const D_MESG: [u8; 2] = [0x81, 0x81];
@@ -39,37 +43,37 @@ pub const fn prng_len(seed_len: usize) -> usize {
     23 + seed_len
 }
 
-pub const LMS_LEAF_IDENTIFIERS_SIZE: usize = 8;
+pub const HSS_COMPRESSED_USED_LEAFS_SIZE: usize = 8;
 pub const REF_IMPL_MAX_ALLOWED_HSS_LEVELS: usize = 8;
 pub const REF_IMPL_MAX_PRIVATE_KEY_SIZE: usize =
-    LMS_LEAF_IDENTIFIERS_SIZE + REF_IMPL_MAX_ALLOWED_HSS_LEVELS + MAX_SEED_LEN;
+    HSS_COMPRESSED_USED_LEAFS_SIZE + REF_IMPL_MAX_ALLOWED_HSS_LEVELS + MAX_SEED_LEN;
 
 pub const MAX_HASH_SIZE: usize = 32;
 pub const MAX_HASH_BLOCK_SIZE: usize = 64;
 
 pub const PRNG_MAX_LEN: usize = prng_len(MAX_HASH_SIZE);
 
-pub const MAX_HASH_CHAIN_COUNT: usize =
-    get_hash_chain_count(MIN_WINTERNITZ_PARAMETER, MAX_HASH_SIZE);
+pub const MAX_NUM_WINTERNITZ_CHAINS: usize =
+    get_num_winternitz_chains(MIN_WINTERNITZ_PARAMETER, MAX_HASH_SIZE);
 
 pub const MAX_LMOTS_SIGNATURE_LENGTH: usize =
-    lmots_signature_length(MAX_HASH_SIZE, MAX_HASH_CHAIN_COUNT);
+    lmots_signature_length(MAX_HASH_SIZE, MAX_NUM_WINTERNITZ_CHAINS);
 
 pub const MAX_LMS_PUBLIC_KEY_LENGTH: usize = lms_public_key_length(MAX_HASH_SIZE);
 pub const MAX_LMS_SIGNATURE_LENGTH: usize =
-    lms_signature_length(MAX_HASH_SIZE, MAX_HASH_CHAIN_COUNT, MAX_TREE_HEIGHT);
+    lms_signature_length(MAX_HASH_SIZE, MAX_NUM_WINTERNITZ_CHAINS, MAX_TREE_HEIGHT);
 
 pub const MAX_HSS_PUBLIC_KEY_LENGTH: usize = size_of::<u32>()       // HSS Level
         + lms_public_key_length(MAX_HASH_SIZE); // Root LMS PublicKey
 pub const MAX_HSS_SIGNED_PUBLIC_KEY_LENGTH: usize =
-    hss_signed_public_key_length(MAX_HASH_SIZE, MAX_HASH_CHAIN_COUNT, MAX_TREE_HEIGHT);
+    hss_signed_public_key_length(MAX_HASH_SIZE, MAX_NUM_WINTERNITZ_CHAINS, MAX_TREE_HEIGHT);
 pub const MAX_HSS_SIGNATURE_LENGTH: usize = get_hss_signature_length();
 
 /// Calculated using the formula from RFC 8554 Appendix B
 /// https://datatracker.ietf.org/doc/html/rfc8554#appendix-B
 const HASH_CHAIN_COUNTS: [usize; 12] = [136, 200, 265, 68, 101, 133, 35, 51, 67, 18, 26, 34];
 
-pub const fn get_hash_chain_count(winternitz_parameter: usize, output_size: usize) -> usize {
+pub const fn get_num_winternitz_chains(winternitz_parameter: usize, output_size: usize) -> usize {
     let w_i = match winternitz_parameter {
         1 => 0usize,
         2 => 1usize,
@@ -128,7 +132,7 @@ pub const fn get_hss_signature_length() -> usize {
     while level > 0 {
         length += hss_signed_public_key_length(
             MAX_HASH_SIZE,
-            get_hash_chain_count(WINTERNITZ_PARAMETERS[level], MAX_HASH_SIZE),
+            get_num_winternitz_chains(WINTERNITZ_PARAMETERS[level], MAX_HASH_SIZE),
             TREE_HEIGHTS[level],
         );
         level -= 1;
@@ -137,7 +141,7 @@ pub const fn get_hss_signature_length() -> usize {
     length
         + lms_signature_length(
             MAX_HASH_SIZE,
-            get_hash_chain_count(WINTERNITZ_PARAMETERS[0], MAX_HASH_SIZE),
+            get_num_winternitz_chains(WINTERNITZ_PARAMETERS[0], MAX_HASH_SIZE),
             TREE_HEIGHTS[0],
         )
 }
@@ -166,21 +170,21 @@ pub mod winternitz_chain {
 
 #[cfg(test)]
 mod tests {
-    use crate::constants::get_hash_chain_count;
+    use crate::constants::get_num_winternitz_chains;
 
     #[test]
-    fn test_get_hash_chain_count() {
-        assert_eq!(get_hash_chain_count(1, 32), 265);
-        assert_eq!(get_hash_chain_count(2, 32), 133);
-        assert_eq!(get_hash_chain_count(4, 32), 67);
-        assert_eq!(get_hash_chain_count(8, 32), 34);
-        assert_eq!(get_hash_chain_count(1, 24), 200);
-        assert_eq!(get_hash_chain_count(2, 24), 101);
-        assert_eq!(get_hash_chain_count(4, 24), 51);
-        assert_eq!(get_hash_chain_count(8, 24), 26);
-        assert_eq!(get_hash_chain_count(1, 16), 136);
-        assert_eq!(get_hash_chain_count(2, 16), 68);
-        assert_eq!(get_hash_chain_count(4, 16), 35);
-        assert_eq!(get_hash_chain_count(8, 16), 18);
+    fn test_get_num_winternitz_chains() {
+        assert_eq!(get_num_winternitz_chains(1, 32), 265);
+        assert_eq!(get_num_winternitz_chains(2, 32), 133);
+        assert_eq!(get_num_winternitz_chains(4, 32), 67);
+        assert_eq!(get_num_winternitz_chains(8, 32), 34);
+        assert_eq!(get_num_winternitz_chains(1, 24), 200);
+        assert_eq!(get_num_winternitz_chains(2, 24), 101);
+        assert_eq!(get_num_winternitz_chains(4, 24), 51);
+        assert_eq!(get_num_winternitz_chains(8, 24), 26);
+        assert_eq!(get_num_winternitz_chains(1, 16), 136);
+        assert_eq!(get_num_winternitz_chains(2, 16), 68);
+        assert_eq!(get_num_winternitz_chains(4, 16), 35);
+        assert_eq!(get_num_winternitz_chains(8, 16), 18);
     }
 }
diff --git a/src/hss/mod.rs b/src/hss/mod.rs
@@ -293,7 +293,7 @@ pub fn hss_keygen<H: HashChain>(
 mod tests {
     use crate::util::helper::test_helper::gen_random_seed;
     use crate::{
-        constants::{LMS_LEAF_IDENTIFIERS_SIZE, MAX_HASH_SIZE},
+        constants::{HSS_COMPRESSED_USED_LEAFS_SIZE, MAX_HASH_SIZE},
         hasher::{
             sha256::{Sha256_128, Sha256_192, Sha256_256},
             shake256::{Shake256_128, Shake256_192, Shake256_256},
@@ -338,8 +338,8 @@ mod tests {
 
         assert_ne!(signing_key.as_slice(), signing_key_const.as_slice());
         assert_eq!(
-            signing_key.as_slice()[LMS_LEAF_IDENTIFIERS_SIZE..],
-            signing_key_const.as_slice()[LMS_LEAF_IDENTIFIERS_SIZE..]
+            signing_key.as_slice()[HSS_COMPRESSED_USED_LEAFS_SIZE..],
+            signing_key_const.as_slice()[HSS_COMPRESSED_USED_LEAFS_SIZE..]
         );
     }
 
@@ -366,7 +366,7 @@ mod tests {
 
         for index in 0..keypair_lifetime {
             assert_eq!(
-                signing_key.as_slice()[..LMS_LEAF_IDENTIFIERS_SIZE],
+                signing_key.as_slice()[..HSS_COMPRESSED_USED_LEAFS_SIZE],
                 index.to_be_bytes(),
             );
             assert_eq!(

diff --git a/src/hss/reference_impl_private_key.rs b/src/hss/reference_impl_private_key.rs
@@ -1,6 +1,6 @@
 use crate::{
     constants::{
-        LmsTreeIdentifier, D_TOPSEED, ILEN, LMS_LEAF_IDENTIFIERS_SIZE, MAX_ALLOWED_HSS_LEVELS,
+        LmsTreeIdentifier, D_TOPSEED, HSS_COMPRESSED_USED_LEAFS_SIZE, ILEN, MAX_ALLOWED_HSS_LEVELS,
         MAX_HASH_SIZE, MAX_SEED_LEN, REF_IMPL_MAX_PRIVATE_KEY_SIZE, SEED_CHILD_SEED,
         SEED_SIGNATURE_RANDOMIZER_SEED, TOPSEED_D, TOPSEED_LEN, TOPSEED_SEED, TOPSEED_WHICH,
     },
@@ -125,7 +125,7 @@ impl<H: HashChain> ReferenceImplPrivateKey<H> {
         let mut index = 0;
 
         let compressed_used_leafs_indexes =
-            read_and_advance(data, LMS_LEAF_IDENTIFIERS_SIZE, &mut index);
+            read_and_advance(data, HSS_COMPRESSED_USED_LEAFS_SIZE, &mut index);
         result.compressed_used_leafs_indexes =
             CompressedUsedLeafsIndexes::from_slice(compressed_used_leafs_indexes);
 

diff --git a/src/hss/signing.rs b/src/hss/signing.rs
@@ -216,7 +216,9 @@ impl<'a, H: HashChain> InMemoryHssSignedPublicKey<'a, H> {
             sig.lmots_signature
                 .lmots_parameter
                 .get_hash_function_output_size(),
-            sig.lmots_signature.lmots_parameter.get_hash_chain_count() as usize,
+            sig.lmots_signature
+                .lmots_parameter
+                .get_num_winternitz_chains() as usize,
             sig.lms_parameter.get_tree_height() as usize,
         );
 
@@ -234,7 +236,9 @@ impl<'a, H: HashChain> InMemoryHssSignedPublicKey<'a, H> {
             sig.lmots_signature
                 .lmots_parameter
                 .get_hash_function_output_size(),
-            sig.lmots_signature.lmots_parameter.get_hash_chain_count() as usize,
+            sig.lmots_signature
+                .lmots_parameter
+                .get_num_winternitz_chains() as usize,
             sig.lms_parameter.get_tree_height() as usize,
         );
         let public_key_size =

diff --git a/src/lm_ots/definitions.rs b/src/lm_ots/definitions.rs
@@ -2,7 +2,9 @@ use tinyvec::ArrayVec;
 use zeroize::{Zeroize, ZeroizeOnDrop};
 
 use crate::{
-    constants::{LmsLeafIdentifier, LmsTreeIdentifier, Node, MAX_HASH_CHAIN_COUNT, MAX_HASH_SIZE},
+    constants::{
+        LmsLeafIdentifier, LmsTreeIdentifier, Node, MAX_HASH_SIZE, MAX_NUM_WINTERNITZ_CHAINS,
+    },
     hasher::HashChain,
     util::ArrayVecZeroize,
 };
@@ -13,7 +15,7 @@ use super::parameters::LmotsParameter;
 pub struct LmotsPrivateKey<H: HashChain> {
     pub lms_tree_identifier: LmsTreeIdentifier,
     pub lms_leaf_identifier: LmsLeafIdentifier,
-    pub key: ArrayVecZeroize<Node, MAX_HASH_CHAIN_COUNT>, // [[0u8; n]; p];
+    pub key: ArrayVecZeroize<Node, MAX_NUM_WINTERNITZ_CHAINS>, // [[0u8; n]; p];
     #[zeroize(skip)]
     pub lmots_parameter: LmotsParameter<H>,
 }
@@ -22,7 +24,7 @@ impl<H: HashChain> LmotsPrivateKey<H> {
     pub fn new(
         lms_tree_identifier: LmsTreeIdentifier,
         lms_leaf_identifier: LmsLeafIdentifier,
-        key: ArrayVec<[Node; MAX_HASH_CHAIN_COUNT]>,
+        key: ArrayVec<[Node; MAX_NUM_WINTERNITZ_CHAINS]>,
         lmots_parameter: LmotsParameter<H>,
     ) -> Self {
         LmotsPrivateKey {
@@ -69,7 +71,7 @@ mod tests {
                 let parameter = $parameter.construct_parameter::<$hash_chain>().unwrap();
                 assert_eq!(parameter.get_hash_function_output_size(), $n);
                 assert_eq!(parameter.get_winternitz(), $w);
-                assert_eq!(parameter.get_hash_chain_count(), $p);
+                assert_eq!(parameter.get_num_winternitz_chains(), $p);
                 assert_eq!(parameter.get_checksum_left_shift(), $ls);
                 assert_eq!(parameter.get_type_id(), $type);
             }

diff --git a/src/lm_ots/keygen.rs b/src/lm_ots/keygen.rs
@@ -1,7 +1,7 @@
 use super::definitions::*;
 use super::parameters::LmotsParameter;
 use crate::constants::*;
-use crate::constants::{D_PBLC, MAX_HASH_CHAIN_COUNT, MAX_HASH_SIZE};
+use crate::constants::{D_PBLC, MAX_HASH_SIZE, MAX_NUM_WINTERNITZ_CHAINS};
 use crate::hasher::HashChain;
 use crate::Seed;
 use tinyvec::ArrayVec;
@@ -16,7 +16,7 @@ pub fn generate_private_key<H: HashChain>(
 
     let mut hasher = lmots_parameter.get_hasher();
 
-    for index in 0..lmots_parameter.get_hash_chain_count() {
+    for index in 0..lmots_parameter.get_num_winternitz_chains() {
         hasher.update(&lms_tree_identifier);
         hasher.update(&lms_leaf_identifier);
         hasher.update(&index.to_be_bytes());
@@ -41,10 +41,10 @@ pub fn generate_public_key<H: HashChain>(private_key: &LmotsPrivateKey<H>) -> Lm
     let hash_chain_count: usize = 2_usize.pow(lmots_parameter.get_winternitz() as u32) - 1;
     let key = &private_key.key;
 
-    let mut public_key_data: ArrayVec<[ArrayVec<[u8; MAX_HASH_SIZE]>; MAX_HASH_CHAIN_COUNT]> =
+    let mut public_key_data: ArrayVec<[ArrayVec<[u8; MAX_HASH_SIZE]>; MAX_NUM_WINTERNITZ_CHAINS]> =
         ArrayVec::new();
 
-    for i in 0..lmots_parameter.get_hash_chain_count() as usize {
+    for i in 0..lmots_parameter.get_num_winternitz_chains() as usize {
         let mut hash_chain_data = H::prepare_hash_chain_data(
             &private_key.lms_tree_identifier,
             &private_key.lms_leaf_identifier,

diff --git a/src/lm_ots/parameters.rs b/src/lm_ots/parameters.rs
@@ -2,7 +2,7 @@ use core::marker::PhantomData;
 
 use tinyvec::ArrayVec;
 
-use crate::constants::get_hash_chain_count;
+use crate::constants::get_num_winternitz_chains;
 use crate::{
     constants::{FastVerifyCached, MAX_HASH_SIZE},
     hasher::HashChain,
@@ -45,25 +45,25 @@ impl LmotsAlgorithm {
             LmotsAlgorithm::LmotsW1 => Some(LmotsParameter::new(
                 1,
                 1,
-                get_hash_chain_count(1, H::OUTPUT_SIZE as usize) as u16,
+                get_num_winternitz_chains(1, H::OUTPUT_SIZE as usize) as u16,
                 7,
             )),
             LmotsAlgorithm::LmotsW2 => Some(LmotsParameter::new(
                 2,
                 2,
-                get_hash_chain_count(2, H::OUTPUT_SIZE as usize) as u16,
+                get_num_winternitz_chains(2, H::OUTPUT_SIZE as usize) as u16,
                 6,
             )),
             LmotsAlgorithm::LmotsW4 => Some(LmotsParameter::new(
                 3,
                 4,
-                get_hash_chain_count(4, H::OUTPUT_SIZE as usize) as u16,
+                get_num_winternitz_chains(4, H::OUTPUT_SIZE as usize) as u16,
                 4,
             )),
             LmotsAlgorithm::LmotsW8 => Some(LmotsParameter::new(
                 4,
                 8,
-                get_hash_chain_count(8, H::OUTPUT_SIZE as usize) as u16,
+                get_num_winternitz_chains(8, H::OUTPUT_SIZE as usize) as u16,
                 0,
             )),
         }
@@ -119,7 +119,7 @@ impl<H: HashChain> LmotsParameter<H> {
         self.winternitz
     }
 
-    pub fn get_hash_chain_count(&self) -> u16 {
+    pub fn get_num_winternitz_chains(&self) -> u16 {
         self.hash_chain_count
     }
 
@@ -138,7 +138,7 @@ impl<H: HashChain> LmotsParameter<H> {
         let sum = max * max_word_size;
 
         let mut coef = ArrayVec::new();
-        for i in 0..self.get_hash_chain_count() {
+        for i in 0..self.get_num_winternitz_chains() {
             coef.push(coef_helper(i, self.get_winternitz()));
         }
 
@@ -163,7 +163,7 @@ impl<H: HashChain> LmotsParameter<H> {
         checksum <<= self.get_checksum_left_shift();
         let checksum = [(checksum >> 8 & 0xff) as u8, (checksum & 0xff) as u8];
 
-        for i in *max..self.get_hash_chain_count() {
+        for i in *max..self.get_num_winternitz_chains() {
             let (index, shift, mask) = coef[i as usize];
             let hash_chain_length = ((checksum[index - 32] as u64 >> shift) & mask) as u16;
             total_hash_chain_iterations += hash_chain_length;