FIPS 204

MLDSA

class fips.FIPS204.main.MLDSA(parameter)[source]

Bases: object

MLDSA is a digital signature scheme based on CRYSTALS-DILITHIUM. It consists of three main algorithms: MLDSAKeyGen, MLDSASign and MLDSAVerify. The MLDSA scheme uses the Fiat-Shamir with Aborts construction.

This pure python implementation of the scheme is an educational resource and is not constructed with side channel attacks. This must not be used for real world application.

Parameters:

parameter (dict[str, int])

MLDSAKeyGen()[source]

Algorithm 1

Generates a public-private key pair.

Return type:

tuple[bytes, bytes]

Returns:

  • public-key The public key bytestring.

  • private-key The private key bytestring.

MLDSAKeyGenInternal(seed)[source]

Algorithm 6

Generates a public-private key pair from a seed.

Parameters:

seed (bytes) – Input seed for deterministic results.

Return type:

tuple[bytes, bytes]

Returns:

  • public-key The public key bytestring.

  • private-key The private key bytestring.

Raises:

ValueError – If seed is not 32 bytes long.

MLDSASign(secret_key, Message, ctx)[source]

Algorithm 2

Generates an ML-DSA signature.

Parameters:
  • secret_key (bytes) – The private key bytestring.

  • Message (str) – The message to be signed in bits.

  • ctx (bytes) – Context bytestring of length at most 255.

Returns:

The generated ML-DSA signature as a bytestring.

Return type:

bytes | None

Raises:
  • ValueError – If the message bit string has other than 0 and 1 characters.

  • ValueError – If the context length is more than 255.

MLDSASignInternal(secret_key, Message, input_seed)[source]

Algorithm 7

Deterministic algorithm to generate a signature for a formatted message M’.

Parameters:
  • secret_key (bytes) – The private key bytestring.

  • Message (str) – The message to be signed in bits.

  • input_seed (bytes) – A 32-byte random seed for signature generation.

Returns:

The generated ML-DSA signature as a bytestring.

Return type:

signature (bytes)

Raises:
  • ValueError – If the input seed is not 32 bytes.

  • ValueError – If the message has other than 0 and 1 characters.

MLDSAVerify(public_key, message, signature, ctx)[source]

Algorithm 3

Verifies a signature rho for a message M.

Parameters:
  • public_key (bytes) – The public key bytestring.

  • message (str) – The message in bits.

  • signature (bytes | None) – The signature bytestring.

  • ctx (bytes) – Context bytestring of length at most 255.

Returns:

True if the signature is valid, False otherwise.

Return type:

bool

Raises:
  • ValueError – If the public key or signature is invalid.

  • TypeError – If the context is not a bytestring.

MLDSAVerifyInternal(public_key, message, signature)[source]

Algorithm 8

Internal function to verify a signature rho for a formatted message M'.

Parameters:
  • public_key (bytes) – The public key bytestring.

  • message (str) – The message in bits.

  • signature (bytes) – The signature bytestring.

Returns:

True if the signature is valid, False otherwise.

Return type:

bool

Raises:
  • ValueError – If the public key or signature is invalid.

  • TypeError – If the message is not a bitstring.

  • ValueError – If the message has other than 0 and 1 characters.