ETHDILITHIUM gathers experiments around DILITHIUM adaptations for the ETHEREUM ecosystem. DILITHIUM signature scheme is a post-quantum digital signature algorithm.
The repo implements two version of DILITHIUM: one follows the NIST released implementation, and another is tunned for Ethereum Virtual Machine constraints. TODO write specifications (help with #Issue7).
This is an experimental work, not audited: DO NOT USE IN PRODUCTION, LOSS OF FUND WILL OCCUR
The repo contains a solidity verifier and a python signer.
- Installation:
(or
make install
make install_signerormake install_verifier) - Generation of test vectors:
Generate the test vectors of
make gen_test_vectors
test/ZKNOX_dilithium.t.solandtest/ZKNOX_ethdilithium.t.sol. - Tests:
(or
make testmake test_signerormake test_verifier)
| Signature verification | Gas cost | Status |
|---|---|---|
| Dilithium | 13.5M | OK (NIST KAT pass) |
| ETHDilithium | 6.6M | OK |
Dilithium is an implementation of the NIST standardized signature scheme, where the public key is expanded in order to save computations. ETHDilithium is an alternative version with a cheaper hash function and precomputations in the public key and signer in order to accelerate the verification.
An example of key generation, signature and verification in python is provided in this file, for Dilithium and ETHDilithium. A signature verification can be computed in Solidity, as illustrated in this file with a KAT vector from the NIST submission.
This repo provides an optimized version of DILITHIUM. Order of magnitudes were gained compared to other implementations. Despite those efforts, it is not feasible to reach the same cost as Falcon post-quantum signature. The implementation takes advantage of the NTT implementation of this repository. The main reason for adopting Dilithium for Ethereum is the simplicity and efficiency of the signer algorithm for hardware wallet.
Acknowledgements. Giacomo Pope for the original python implementation.