SLH-DSA with SHA2

generate_keys([; seed])

Return a tuple (; sk, pk) consisting of a secret key and the corresponding public key. The length of sk will be 64 bytes and the length of pk 32 bytes.

For a deterministic result, a parameter seed = (; sk, prf, pk) consisting of three components of 16 bytes each can be provided.

sign_message(msg, sk[; randomize])

Return a signature sig computed from the message msg based on the secret key sk. The message msg may consist of arbitrarily many bytes, whereas sk must be a valid secret key of 64 bytes. The length of sig will be 7856 bytes.

For a deterministic result, the optional parameter randomize can be set to false or to some given 16 bytes.

verify_signature(msg, sig, pk)

Check whether sig is a valid signature for msg under the public key pk. The message msg and potential signature sig may consist of arbitrarily many bytes, whereas pk must be a valid public key of 32 bytes.

generate_keys([; seed])

Return a tuple (; sk, pk) consisting of a secret key and the corresponding public key. The length of sk will be 64 bytes and the length of pk 32 bytes.

For a deterministic result, a parameter seed = (; sk, prf, pk) consisting of three components of 16 bytes each can be provided.

sign_message(msg, sk[; randomize])

Return a signature sig computed from the message msg based on the secret key sk. The message msg may consist of arbitrarily many bytes, whereas sk must be a valid secret key of 64 bytes. The length of sig will be 17088 bytes.

For a deterministic result, the optional parameter randomize can be set to false or to some given 16 bytes.

verify_signature(msg, sig, pk)

Check whether sig is a valid signature for msg under the public key pk. The message msg and potential signature sig may consist of arbitrarily many bytes, whereas pk must be a valid public key of 32 bytes.

generate_keys([; seed])

Return a tuple (; sk, pk) consisting of a secret key and the corresponding public key. The length of sk will be 96 bytes and the length of pk 48 bytes.

For a deterministic result, a parameter seed = (; sk, prf, pk) consisting of three components of 24 bytes each can be provided.

sign_message(msg, sk[; randomize])

Return a signature sig computed from the message msg based on the secret key sk. The message msg may consist of arbitrarily many bytes, whereas sk must be a valid secret key of 96 bytes. The length of sig will be 16224 bytes.

For a deterministic result, the optional parameter randomize can be set to false or to some given 24 bytes.

verify_signature(msg, sig, pk)

Check whether sig is a valid signature for msg under the public key pk. The message msg and potential signature sig may consist of arbitrarily many bytes, whereas pk must be a valid public key of 48 bytes.

generate_keys([; seed])

Return a tuple (; sk, pk) consisting of a secret key and the corresponding public key. The length of sk will be 96 bytes and the length of pk 48 bytes.

For a deterministic result, a parameter seed = (; sk, prf, pk) consisting of three components of 24 bytes each can be provided.

sign_message(msg, sk[; randomize])

Return a signature sig computed from the message msg based on the secret key sk. The message msg may consist of arbitrarily many bytes, whereas sk must be a valid secret key of 96 bytes. The length of sig will be 35664 bytes.

For a deterministic result, the optional parameter randomize can be set to false or to some given 24 bytes.

verify_signature(msg, sig, pk)

Check whether sig is a valid signature for msg under the public key pk. The message msg and potential signature sig may consist of arbitrarily many bytes, whereas pk must be a valid public key of 48 bytes.

generate_keys([; seed])

Return a tuple (; sk, pk) consisting of a secret key and the corresponding public key. The length of sk will be 128 bytes and the length of pk 64 bytes.

For a deterministic result, a parameter seed = (; sk, prf, pk) consisting of three components of 32 bytes each can be provided.

sign_message(msg, sk[; randomize])

Return a signature sig computed from the message msg based on the secret key sk. The message msg may consist of arbitrarily many bytes, whereas sk must be a valid secret key of 128 bytes. The length of sig will be 29792 bytes.

For a deterministic result, the optional parameter randomize can be set to false or to some given 32 bytes.

verify_signature(msg, sig, pk)

Check whether sig is a valid signature for msg under the public key pk. The message msg and potential signature sig may consist of arbitrarily many bytes, whereas pk must be a valid public key of 64 bytes.

generate_keys([; seed])

Return a tuple (; sk, pk) consisting of a secret key and the corresponding public key. The length of sk will be 128 bytes and the length of pk 64 bytes.

For a deterministic result, a parameter seed = (; sk, prf, pk) consisting of three components of 32 bytes each can be provided.

sign_message(msg, sk[; randomize])

Return a signature sig computed from the message msg based on the secret key sk. The message msg may consist of arbitrarily many bytes, whereas sk must be a valid secret key of 128 bytes. The length of sig will be 49856 bytes.

For a deterministic result, the optional parameter randomize can be set to false or to some given 32 bytes.

verify_signature(msg, sig, pk)

Check whether sig is a valid signature for msg under the public key pk. The message msg and potential signature sig may consist of arbitrarily many bytes, whereas pk must be a valid public key of 64 bytes.