{"id":50535457,"url":"https://github.com/symbolicsoft/jevil","last_synced_at":"2026-06-03T16:01:39.470Z","repository":{"id":361623923,"uuid":"1248652291","full_name":"symbolicsoft/jevil","owner":"symbolicsoft","description":"A stateless few-time signature scheme with a sharp key-recovery cliff","archived":false,"fork":false,"pushed_at":"2026-05-31T14:02:41.000Z","size":640,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-31T15:22:34.925Z","etag":null,"topics":["cryptography","few-time-signatures","post-quantum-cryptography","signature-scheme"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/symbolicsoft.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-24T23:09:16.000Z","updated_at":"2026-05-31T14:02:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/symbolicsoft/jevil","commit_stats":null,"previous_names":["symbolicsoft/jevil"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/symbolicsoft/jevil","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symbolicsoft%2Fjevil","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symbolicsoft%2Fjevil/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symbolicsoft%2Fjevil/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symbolicsoft%2Fjevil/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/symbolicsoft","download_url":"https://codeload.github.com/symbolicsoft/jevil/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/symbolicsoft%2Fjevil/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33872298,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","few-time-signatures","post-quantum-cryptography","signature-scheme"],"created_at":"2026-06-03T16:01:36.736Z","updated_at":"2026-06-03T16:01:39.447Z","avatar_url":"https://github.com/symbolicsoft.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"assets/jevil.png\" alt=\"Jevil logo\" width=\"300\"\u003e\n  \u003cbr\u003e\n  \u003csub\u003eLogo by Ela Bambust\u003c/sub\u003e\n\u003c/div\u003e\n\n# Jevil\n\n[![CI](https://github.com/symbolicsoft/jevil/actions/workflows/ci.yml/badge.svg)](https://github.com/symbolicsoft/jevil/actions/workflows/ci.yml)\n\n\u003e [!CAUTION]\n\u003e ## ⚠️ EXPERIMENTAL — DO NOT USE IN PRODUCTION ⚠️\n\u003e\n\u003e **This is a research-grade proof-of-concept implementation of a brand-new,\n\u003e completely novel cryptographic scheme.** Both the *scheme itself* and this\n\u003e *implementation* have received **close to zero peer review**.\n\u003e\n\u003e - The construction has **not** been vetted by the cryptographic community.\n\u003e - The security proofs have **not** been independently verified.\n\u003e - The code has **not** been audited.\n\u003e - There are almost certainly bugs, side channels, and possibly fundamental\n\u003e   design flaws that have not yet been discovered.\n\u003e - APIs, wire formats, and parameter choices may change without notice.\n\u003e\n\u003e Treat this repository as a **research artifact only**. Do not use it to\n\u003e protect anything you care about. Do not deploy it. Do not rely on it for\n\u003e any security property whatsoever.\n\nJevil ([paper](https://eprint.iacr.org/2026/1103)) is a post-quantum few-time\nsignature scheme parameterised by a single signing budget `n*`.\n\nSignatures `1..=n*` are existentially unforgeable; at\nthe `(n* + 1)`-th signature the secret signing key becomes **publicly\nrecoverable** by anyone observing the signatures — the cap is enforced not by\ncounters or hardware, but by the algebraic structure of a single committed\npolynomial. `Params::new` accepts only `n_star` values for which `n_star + 1`\nis a power of two (the paper's recommended regime), so `n_cliff = n_star + 1`\nexactly for every deployment.\n\n| | |\n| --- | --- |\n| **Public key** | 68 bytes |\n| **Secret key** | 32 bytes |\n| **Signature** | ~40 KB (n*=1) to ~337 KB (n*=1023) |\n| **Classical security** | ≥ 124 bits below the cliff |\n| **Quantum security** | ≥ 85 bits at default capacity (highly conservative estimate) |\n\n## When to use Jevil\n\nJevil is designed for **audit-budgeted credentials** — settings where\nover-signing must be *self-exposing* rather than merely policy-forbidden:\n\n- a firmware vendor capping its own release count,\n- an operator binding themselves to a per-tenure attestation budget,\n- an ephemeral session signer with a per-session cap,\n- any audit-budgeted credential whose holder shouldn't be trusted to honour\n  the budget unilaterally.\n\nIt is **not** a general-purpose signature scheme. For everyday signing use a\nstateful or unlimited-use post-quantum scheme such as ML-DSA or Falcon.\nJevil's value is in the cliff.\n\n## Installation\n\nAdd to your `Cargo.toml`:\n\n```toml\n[dependencies]\njevil = \"0.1\"\n```\n\nThe crate is `#![forbid(unsafe_code)]` and exposes a single library target.\n\n## Quick start\n\n```rust\nuse jevil::{Params, keygen, sign, verify};\nuse rand::SeedableRng;\nuse rand_chacha::ChaCha20Rng;\n\n// Pick a signing budget. n_star = 7 means: up to 7 honest signatures;\n// the cliff fires at the 8th. Params::new accepts only n_star values for\n// which n_star + 1 is a power of two (1, 3, 7, 15, 31, …).\nlet params = Params::new(7);\n\n// Generate a fresh key.\nlet mut rng = ChaCha20Rng::seed_from_u64(0);\nlet (pk, sk, cache) = keygen(\u0026mut rng, params);\n\n// Sign a message.\nlet signature = sign(\u0026sk, \u0026pk, \u0026cache, params, b\"firmware-image-v1.0.0\");\n\n// Anyone holding `pk` can verify.\nassert!(verify(\u0026pk, params, b\"firmware-image-v1.0.0\", \u0026signature).is_ok());\n```\n\nTry the bundled examples:\n\n```bash\ncargo run --release --example basic    # minimal sign/verify\ncargo run --release --example bench    # latencies across n_star\ncargo run --release --example cliff -- 3  # public-key recovery demo\n```\n\n## Testing\n\nUnit and integration tests cover:\n\n- Field arithmetic correctness (commutativity, distributivity, inverse, NTT).\n- Hash domain separation (every tag combination is distinct).\n- Position-derivation distinctness, sortedness, and rejection sampling bias.\n- Lift / symbolic-α correctness across `(ν, ν', K, R)` sweeps.\n- Signature round-trip across `n_star ∈ {1, 3, 7, 15, 31}`.\n- Tamper rejection: y-value flip, proof byte flip, wrong root, wrong\n  message, wrong `n_star`, non-canonical field element, truncated signature.\n- Determinism (same seed → byte-identical pk / signature).\n- A pinned known-answer test (KAT) for `n_star = 3`, `seed = 0`,\n  `msg = \"jevil-kat-fixture\"`.\n- The **cliff property**: at `n_cliff` signatures, Lagrange interpolation\n  recovers `f` byte-for-byte from observed `(x, y)` pairs.\n\n```bash\ncargo test                                            # standard\ncargo test --release --test slow -- --ignored         # n_star = 127, 1023\nKAT_UPDATE=1 cargo test --test kat -- --nocapture     # regenerate fixtures\n```\n\n## License\n\nLicensed under either of [Apache License, Version 2.0](LICENSE-APACHE) or\n[MIT license](LICENSE-MIT) at your option.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsymbolicsoft%2Fjevil","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsymbolicsoft%2Fjevil","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsymbolicsoft%2Fjevil/lists"}