[LMS] Key and signature sizes #43
Conversation
kriskwiatkowski
changed the title
|
We can simply provide range for each value of M and possibly describe how to calculate the size. |
|
I think some ready values would be good for engineers, so that they calculation is not needed. I think one table with size values, H values and W values would be enough and some reference to Winternitz parameter. |
|
Ok, one more idea - how about we merge those two tables into one and add columns for public, secret key and value M? So basically table with 8 rows and 3 more columns. |
|
Okay, sounds good but then do we not include signature sizes at all? I thought signature sizes is crucial to the reader. |
kriskwiatkowski
force-pushed
the
kris/lms_sizes2
branch
from
bdf8d9a to
a85b39f
Compare
|
I've changed that a little. Let me know what you think. For me those sizes are useful only because it's actually hard to find other source. But if we want to be brief, the other option is to just say something like "for M=24 signature size is in range 780-5436 depending on H, then for M=32 range is 1292-9324". |
There was a problem hiding this comment.
Thanks @kriskwiatkowski , this looks good, but you mentioned 80 possible parameterisations, that's including SHA-256 and SHAKE256 parameterisations, in the table I see 40 possible parameterisations, is that for SHA-256 or SHAKE256?
|
Yes, you're exactly right. It's 40 for SHA2-256 and 40 for SHAKE256. The table ignores hash function as neither key nor signature size depends on it. |
kriskwiatkowski
force-pushed
the
kris/lms_sizes2
branch
from
a85b39f to
d8a0cea
Compare
|
Typos fixed now. |
There was a problem hiding this comment.
Thanks @kriskwiatkowski for updating the PR. I think the table still looks a bit crowded because of the repetitions, I think we should maybe have the M= 32 option only if thats more common.
|
Let me check it out |
Provides a table with signatures sizes, when LMS is instantiated with M=32.
|
Done |
Provides key and signature sizes for LMS scheme.
For now it's only for LMS, but if that's useful, then I can produce similar thing for XMSS.
I found it useful to have ready to use reference somewhere in a back-pocket, so that I don't need to calculate it from RFC8446. But if that's not useful, then feel free to reject.