{"id":18894157,"url":"https://github.com/trailofbits/lms-rust","last_synced_at":"2025-04-15T00:31:58.344Z","repository":{"id":220010168,"uuid":"750516683","full_name":"trailofbits/lms-rust","owner":"trailofbits","description":"A Rust implementation of LMS and LM-OTS. See RustCrypto for living code.","archived":true,"fork":false,"pushed_at":"2025-03-13T16:03:39.000Z","size":1412,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-03-28T12:51:15.745Z","etag":null,"topics":["cryptography","digital-signature","hash-based-signatures","pqc"],"latest_commit_sha":null,"homepage":"https://crates.io/crates/lms-signature","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-01-30T19:37:14.000Z","updated_at":"2025-03-13T16:05:04.000Z","dependencies_parsed_at":"2024-02-06T05:26:12.286Z","dependency_job_id":null,"html_url":"https://github.com/trailofbits/lms-rust","commit_stats":null,"previous_names":["trailofbits/lms-rust"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flms-rust","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flms-rust/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flms-rust/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Flms-rust/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/lms-rust/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248984402,"owners_count":21193742,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","digital-signature","hash-based-signatures","pqc"],"created_at":"2024-11-08T08:18:36.634Z","updated_at":"2025-04-15T00:31:58.338Z","avatar_url":"https://github.com/trailofbits.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Leighton-Micali Hash-Based Signatures\n\n\u003e [!IMPORTANT]\n\u003e This implementation is [now part of RustCrypto]. Users should avoid any\n\u003e direct use of this repository and instead use [lms-signature] from RustCrypto.\n\n[now part of RustCrypto]: https://github.com/RustCrypto/signatures/tree/master/lms\n\n[lms-signature]: https://crates.io/crates/lms-signature\n\nThis repository contains implementations of [Leighton-Micali Hash-Based\nSignatures (RFC 8554)](https://datatracker.ietf.org/doc/html/rfc8554).\n\n## Security Notice\n\nLMS signatures are stateful: Users must take care to never sign more than one\nmessage with the same internal LM-OTS private key. To avoid catastrophe, state\nmust be maintained across multiple invocations of the signing algorithm.\n\nWhen using our LMS implementations, the internal counter (`q`) will be\nincremented before each signature is returned.\n\nIf the LMS private key is persisted to storage, you **MUST** update the\npersistent storage after each signature is generated and before it is released\nto the rest of the application. Failure to adhere to this requirement is a\nsecurity vulnerability in your application.\n\nFor a stateless hash-based signature algorithm, see\n[SPHINCS+](https://sphincs.org).\n\nNOTE: this project has not been externally audited, but the entire codebase\nwas internally reviewed by cryptographers at Trail of Bits.\n\n## Installation\n\n```terminal\ncargo install\n```\n\n## Usage\n\nOur implementation uses strongly typed private and public key types.\n\n```rust\nlet mut rng = thread_rng();\nlet mut seckey = lms::lms::PrivateKey::new::\u003cLmsSha256M32H10\u003cLmsOtsSha256N32W4\u003e\u003e(\u0026mut rng);\nlet pubkey = seckey.public();   // of type lms::lms::PublicKey\u003cLmsSha256M32H10\u003e\nlet sig    = seckey.try_sign_with_rng(\u0026mut rng, \"example\".as_bytes()).unwrap();\nlet sig_valid = pubkey.verify(\"example\".as_bytes(), \u0026sig).is_ok();\n```\n\nWe can generate LMOTS signatures in the same way using `lms::ots::PrivateKey`\ninstead.\n\n### Key Management\n\nWe do not require much from the user in terms of key management. Any internal\nstate changing operation uses mutable reference to update the internal state.\nWhen persisting private keys to long term storage, users must be very careful\nthat **the same private key is never read from disk twice**. This would create\ntwo private keys in the same state and thus when they are both used to sign a\nmessage, the LMOTS private keys will have been reused, which is considered **not\ngood**.\n\n## License\n\nAll crates licensed under either of\n\n * [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)\n * [MIT license](http://opensource.org/licenses/MIT)\n\nat your option.\n\n## Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the Apache-2.0 license, shall be\ndual licensed as above, without any additional terms or conditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Flms-rust","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Flms-rust","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Flms-rust/lists"}