package org.bouncycastle.pqc.crypto.gmss;

import java.util.Vector;

import org.bouncycastle.crypto.Digest;
import org.bouncycastle.pqc.crypto.gmss.util.GMSSRandom;
import org.bouncycastle.pqc.crypto.gmss.util.WinternitzOTSignature;
import org.bouncycastle.util.Arrays;


This class provides a specification for a GMSS private key.
/** * This class provides a specification for a GMSS private key. */
public class GMSSPrivateKeyParameters extends GMSSKeyParameters { private int[] index; private byte[][] currentSeeds; private byte[][] nextNextSeeds; private byte[][][] currentAuthPaths; private byte[][][] nextAuthPaths; private Treehash[][] currentTreehash; private Treehash[][] nextTreehash; private Vector[] currentStack; private Vector[] nextStack; private Vector[][] currentRetain; private Vector[][] nextRetain; private byte[][][] keep; private GMSSLeaf[] nextNextLeaf; private GMSSLeaf[] upperLeaf; private GMSSLeaf[] upperTreehashLeaf; private int[] minTreehash; private GMSSParameters gmssPS; private byte[][] nextRoot; private GMSSRootCalc[] nextNextRoot; private byte[][] currentRootSig; private GMSSRootSig[] nextRootSig; private GMSSDigestProvider digestProvider; private boolean used = false;
An array of the heights of the authentication trees of each layer
/** * An array of the heights of the authentication trees of each layer */
private int[] heightOfTrees;
An array of the Winternitz parameter 'w' of each layer
/** * An array of the Winternitz parameter 'w' of each layer */
private int[] otsIndex;
The parameter K needed for the authentication path computation
/** * The parameter K needed for the authentication path computation */
private int[] K;
the number of Layers
/** * the number of Layers */
private int numLayer;
The hash function used to construct the authentication trees
/** * The hash function used to construct the authentication trees */
private Digest messDigestTrees;
The message digest length
/** * The message digest length */
private int mdLength;
The PRNG used for private key generation
/** * The PRNG used for private key generation */
private GMSSRandom gmssRandom;
The number of leafs of one tree of each layer
/** * The number of leafs of one tree of each layer */
private int[] numLeafs;
Generates a new GMSS private key
Params:
  • currentSeed – seed for the generation of private OTS keys for the current subtrees
  • nextNextSeed – seed for the generation of private OTS keys for the next subtrees
  • currentAuthPath – array of current authentication paths
  • nextAuthPath – array of next authentication paths
  • currentTreehash – array of current treehash instances
  • nextTreehash – array of next treehash instances
  • currentStack – array of current shared stacks
  • nextStack – array of next shared stacks
  • currentRetain – array of current retain stacks
  • nextRetain – array of next retain stacks
  • nextRoot – the roots of the next subtree
  • currentRootSig – array of signatures of the roots of the current subtrees
  • gmssParameterset – the GMSS Parameterset
See Also:
/** * Generates a new GMSS private key * * @param currentSeed seed for the generation of private OTS keys for the * current subtrees * @param nextNextSeed seed for the generation of private OTS keys for the next * subtrees * @param currentAuthPath array of current authentication paths * @param nextAuthPath array of next authentication paths * @param currentTreehash array of current treehash instances * @param nextTreehash array of next treehash instances * @param currentStack array of current shared stacks * @param nextStack array of next shared stacks * @param currentRetain array of current retain stacks * @param nextRetain array of next retain stacks * @param nextRoot the roots of the next subtree * @param currentRootSig array of signatures of the roots of the current subtrees * @param gmssParameterset the GMSS Parameterset * @see org.bouncycastle.pqc.crypto.gmss.GMSSKeyPairGenerator */
public GMSSPrivateKeyParameters(byte[][] currentSeed, byte[][] nextNextSeed, byte[][][] currentAuthPath, byte[][][] nextAuthPath, Treehash[][] currentTreehash, Treehash[][] nextTreehash, Vector[] currentStack, Vector[] nextStack, Vector[][] currentRetain, Vector[][] nextRetain, byte[][] nextRoot, byte[][] currentRootSig, GMSSParameters gmssParameterset, GMSSDigestProvider digestProvider) { this(null, currentSeed, nextNextSeed, currentAuthPath, nextAuthPath, null, currentTreehash, nextTreehash, currentStack, nextStack, currentRetain, nextRetain, null, null, null, null, nextRoot, null, currentRootSig, null, gmssParameterset, digestProvider); }
/**
Params:
  • index – tree indices
  • keep – keep array for the authPath algorithm
  • currentTreehash – treehash for authPath algorithm of current tree
  • nextTreehash – treehash for authPath algorithm of next tree (TREE+)
  • currentStack – shared stack for authPath algorithm of current tree
  • nextStack – shared stack for authPath algorithm of next tree (TREE+)
  • currentRetain – retain stack for authPath algorithm of current tree
  • nextRetain – retain stack for authPath algorithm of next tree (TREE+)
  • nextNextLeaf – array of upcoming leafs of the tree after next (LEAF++) of each layer
  • upperLeaf – needed for precomputation of upper nodes
  • upperTreehashLeaf – needed for precomputation of upper treehash nodes
  • minTreehash – index of next treehash instance to receive an update
  • nextRoot – the roots of the next trees (ROOT+)
  • nextNextRoot – the roots of the tree after next (ROOT++)
  • currentRootSig – array of signatures of the roots of the current subtrees (SIG)
  • nextRootSig – array of signatures of the roots of the next subtree (SIG+)
  • gmssParameterset – the GMSS Parameterset
/** * /** * * @param index tree indices * @param keep keep array for the authPath algorithm * @param currentTreehash treehash for authPath algorithm of current tree * @param nextTreehash treehash for authPath algorithm of next tree (TREE+) * @param currentStack shared stack for authPath algorithm of current tree * @param nextStack shared stack for authPath algorithm of next tree (TREE+) * @param currentRetain retain stack for authPath algorithm of current tree * @param nextRetain retain stack for authPath algorithm of next tree (TREE+) * @param nextNextLeaf array of upcoming leafs of the tree after next (LEAF++) of * each layer * @param upperLeaf needed for precomputation of upper nodes * @param upperTreehashLeaf needed for precomputation of upper treehash nodes * @param minTreehash index of next treehash instance to receive an update * @param nextRoot the roots of the next trees (ROOT+) * @param nextNextRoot the roots of the tree after next (ROOT++) * @param currentRootSig array of signatures of the roots of the current subtrees * (SIG) * @param nextRootSig array of signatures of the roots of the next subtree * (SIG+) * @param gmssParameterset the GMSS Parameterset */
public GMSSPrivateKeyParameters(int[] index, byte[][] currentSeeds, byte[][] nextNextSeeds, byte[][][] currentAuthPaths, byte[][][] nextAuthPaths, byte[][][] keep, Treehash[][] currentTreehash, Treehash[][] nextTreehash, Vector[] currentStack, Vector[] nextStack, Vector[][] currentRetain, Vector[][] nextRetain, GMSSLeaf[] nextNextLeaf, GMSSLeaf[] upperLeaf, GMSSLeaf[] upperTreehashLeaf, int[] minTreehash, byte[][] nextRoot, GMSSRootCalc[] nextNextRoot, byte[][] currentRootSig, GMSSRootSig[] nextRootSig, GMSSParameters gmssParameterset, GMSSDigestProvider digestProvider) { super(true, gmssParameterset); // construct message digest this.messDigestTrees = digestProvider.get(); this.mdLength = messDigestTrees.getDigestSize(); // Parameter this.gmssPS = gmssParameterset; this.otsIndex = gmssParameterset.getWinternitzParameter(); this.K = gmssParameterset.getK(); this.heightOfTrees = gmssParameterset.getHeightOfTrees(); // initialize numLayer this.numLayer = gmssPS.getNumOfLayers(); // initialize index if null if (index == null) { this.index = new int[numLayer]; for (int i = 0; i < numLayer; i++) { this.index[i] = 0; } } else { this.index = index; } this.currentSeeds = currentSeeds; this.nextNextSeeds = nextNextSeeds; this.currentAuthPaths = Arrays.clone(currentAuthPaths); this.nextAuthPaths = nextAuthPaths; // initialize keep if null if (keep == null) { this.keep = new byte[numLayer][][]; for (int i = 0; i < numLayer; i++) { this.keep[i] = new byte[(int)Math.floor(heightOfTrees[i] / 2)][mdLength]; } } else { this.keep = keep; } // initialize stack if null if (currentStack == null) { this.currentStack = new Vector[numLayer]; for (int i = 0; i < numLayer; i++) { this.currentStack[i] = new Vector(); } } else { this.currentStack = currentStack; } // initialize nextStack if null if (nextStack == null) { this.nextStack = new Vector[numLayer - 1]; for (int i = 0; i < numLayer - 1; i++) { this.nextStack[i] = new Vector(); } } else { this.nextStack = nextStack; } this.currentTreehash = currentTreehash; this.nextTreehash = nextTreehash; this.currentRetain = currentRetain; this.nextRetain = nextRetain; this.nextRoot = nextRoot; this.digestProvider = digestProvider; if (nextNextRoot == null) { this.nextNextRoot = new GMSSRootCalc[numLayer - 1]; for (int i = 0; i < numLayer - 1; i++) { this.nextNextRoot[i] = new GMSSRootCalc( this.heightOfTrees[i + 1], this.K[i + 1], this.digestProvider); } } else { this.nextNextRoot = nextNextRoot; } this.currentRootSig = currentRootSig; // calculate numLeafs numLeafs = new int[numLayer]; for (int i = 0; i < numLayer; i++) { numLeafs[i] = 1 << heightOfTrees[i]; } // construct PRNG this.gmssRandom = new GMSSRandom(messDigestTrees); if (numLayer > 1) { // construct the nextNextLeaf (LEAFs++) array for upcoming leafs in // tree after next (TREE++) if (nextNextLeaf == null) { this.nextNextLeaf = new GMSSLeaf[numLayer - 2]; for (int i = 0; i < numLayer - 2; i++) { this.nextNextLeaf[i] = new GMSSLeaf(digestProvider.get(), otsIndex[i + 1], numLeafs[i + 2], this.nextNextSeeds[i]); } } else { this.nextNextLeaf = nextNextLeaf; } } else { this.nextNextLeaf = new GMSSLeaf[0]; } // construct the upperLeaf array for upcoming leafs in tree over the // actual if (upperLeaf == null) { this.upperLeaf = new GMSSLeaf[numLayer - 1]; for (int i = 0; i < numLayer - 1; i++) { this.upperLeaf[i] = new GMSSLeaf(digestProvider.get(), otsIndex[i], numLeafs[i + 1], this.currentSeeds[i]); } } else { this.upperLeaf = upperLeaf; } // construct the leafs for upcoming leafs in treehashs in tree over the // actual if (upperTreehashLeaf == null) { this.upperTreehashLeaf = new GMSSLeaf[numLayer - 1]; for (int i = 0; i < numLayer - 1; i++) { this.upperTreehashLeaf[i] = new GMSSLeaf(digestProvider.get(), otsIndex[i], numLeafs[i + 1]); } } else { this.upperTreehashLeaf = upperTreehashLeaf; } if (minTreehash == null) { this.minTreehash = new int[numLayer - 1]; for (int i = 0; i < numLayer - 1; i++) { this.minTreehash[i] = -1; } } else { this.minTreehash = minTreehash; } // construct the nextRootSig (RootSig++) byte[] dummy = new byte[mdLength]; byte[] OTSseed = new byte[mdLength]; if (nextRootSig == null) { this.nextRootSig = new GMSSRootSig[numLayer - 1]; for (int i = 0; i < numLayer - 1; i++) { System.arraycopy(currentSeeds[i], 0, dummy, 0, mdLength); gmssRandom.nextSeed(dummy); OTSseed = gmssRandom.nextSeed(dummy); this.nextRootSig[i] = new GMSSRootSig(digestProvider.get(), otsIndex[i], heightOfTrees[i + 1]); this.nextRootSig[i].initSign(OTSseed, nextRoot[i]); } } else { this.nextRootSig = nextRootSig; } } // we assume this only gets called from nextKey so used is never copied. private GMSSPrivateKeyParameters(GMSSPrivateKeyParameters original) { super(true, original.getParameters()); this.index = Arrays.clone(original.index); this.currentSeeds = Arrays.clone(original.currentSeeds); this.nextNextSeeds = Arrays.clone(original.nextNextSeeds); this.currentAuthPaths = Arrays.clone(original.currentAuthPaths); this.nextAuthPaths = Arrays.clone(original.nextAuthPaths); this.currentTreehash = original.currentTreehash; this.nextTreehash = original.nextTreehash; this.currentStack = original.currentStack; this.nextStack = original.nextStack; this.currentRetain = original.currentRetain; this.nextRetain = original.nextRetain; this.keep = Arrays.clone(original.keep); this.nextNextLeaf = original.nextNextLeaf; this.upperLeaf = original.upperLeaf; this.upperTreehashLeaf = original.upperTreehashLeaf; this.minTreehash = original.minTreehash; this.gmssPS = original.gmssPS; this.nextRoot = Arrays.clone(original.nextRoot); this.nextNextRoot = original.nextNextRoot; this.currentRootSig = original.currentRootSig; this.nextRootSig = original.nextRootSig; this.digestProvider = original.digestProvider; this.heightOfTrees = original.heightOfTrees; this.otsIndex = original.otsIndex; this.K = original.K; this.numLayer = original.numLayer; this.messDigestTrees = original.messDigestTrees; this.mdLength = original.mdLength; this.gmssRandom = original.gmssRandom; this.numLeafs = original.numLeafs; } public boolean isUsed() { return this.used; } public void markUsed() { this.used = true; } public GMSSPrivateKeyParameters nextKey() { GMSSPrivateKeyParameters nKey = new GMSSPrivateKeyParameters(this); nKey.nextKey(gmssPS.getNumOfLayers() - 1); return nKey; }
This method updates the GMSS private key for the next signature
Params:
  • layer – the layer where the next key is processed
/** * This method updates the GMSS private key for the next signature * * @param layer the layer where the next key is processed */
private void nextKey(int layer) { // only for lowest layer ( other layers indices are raised in nextTree() // method ) if (layer == numLayer - 1) { index[layer]++; } // else System.out.println(" --- nextKey on layer " + layer + " // index is now : " + index[layer]); // if tree of this layer is depleted if (index[layer] == numLeafs[layer]) { if (numLayer != 1) { nextTree(layer); index[layer] = 0; } } else { updateKey(layer); } }
Switch to next subtree if the current one is depleted
Params:
  • layer – the layer where the next tree is processed
/** * Switch to next subtree if the current one is depleted * * @param layer the layer where the next tree is processed */
private void nextTree(int layer) { // System.out.println("NextTree method called on layer " + layer); // dont create next tree for the top layer if (layer > 0) { // raise index for upper layer index[layer - 1]++; // test if it is already the last tree boolean lastTree = true; int z = layer; do { z--; if (index[z] < numLeafs[z]) { lastTree = false; } } while (lastTree && (z > 0)); // only construct next subtree if last one is not already in use if (!lastTree) { gmssRandom.nextSeed(currentSeeds[layer]); // last step of distributed signature calculation nextRootSig[layer - 1].updateSign(); // last step of distributed leaf calculation for nextNextLeaf if (layer > 1) { nextNextLeaf[layer - 1 - 1] = nextNextLeaf[layer - 1 - 1].nextLeaf(); } // last step of distributed leaf calculation for upper leaf upperLeaf[layer - 1] = upperLeaf[layer - 1].nextLeaf(); // last step of distributed leaf calculation for all treehashs if (minTreehash[layer - 1] >= 0) { upperTreehashLeaf[layer - 1] = upperTreehashLeaf[layer - 1].nextLeaf(); byte[] leaf = this.upperTreehashLeaf[layer - 1].getLeaf(); // if update is required use the precomputed leaf to update // treehash try { currentTreehash[layer - 1][minTreehash[layer - 1]] .update(this.gmssRandom, leaf); // System.out.println("UUUpdated TH " + // minTreehash[layer - 1]); if (currentTreehash[layer - 1][minTreehash[layer - 1]] .wasFinished()) { // System.out.println("FFFinished TH " + // minTreehash[layer - 1]); } } catch (Exception e) { System.out.println(e); } } // last step of nextNextAuthRoot calculation this.updateNextNextAuthRoot(layer); // ******************************************************** / // NOW: advance to next tree on layer 'layer' // NextRootSig --> currentRootSigs this.currentRootSig[layer - 1] = nextRootSig[layer - 1] .getSig(); // ----------------------- // nextTreehash --> currentTreehash // nextNextTreehash --> nextTreehash for (int i = 0; i < heightOfTrees[layer] - K[layer]; i++) { this.currentTreehash[layer][i] = this.nextTreehash[layer - 1][i]; this.nextTreehash[layer - 1][i] = this.nextNextRoot[layer - 1] .getTreehash()[i]; } // NextAuthPath --> currentAuthPath // nextNextAuthPath --> nextAuthPath for (int i = 0; i < heightOfTrees[layer]; i++) { System.arraycopy(nextAuthPaths[layer - 1][i], 0, currentAuthPaths[layer][i], 0, mdLength); System.arraycopy(nextNextRoot[layer - 1].getAuthPath()[i], 0, nextAuthPaths[layer - 1][i], 0, mdLength); } // nextRetain --> currentRetain // nextNextRetain --> nextRetain for (int i = 0; i < K[layer] - 1; i++) { this.currentRetain[layer][i] = this.nextRetain[layer - 1][i]; this.nextRetain[layer - 1][i] = this.nextNextRoot[layer - 1] .getRetain()[i]; } // nextStack --> currentStack this.currentStack[layer] = this.nextStack[layer - 1]; // nextNextStack --> nextStack this.nextStack[layer - 1] = this.nextNextRoot[layer - 1] .getStack(); // nextNextRoot --> nextRoot this.nextRoot[layer - 1] = this.nextNextRoot[layer - 1] .getRoot(); // ----------------------- // ----------------- byte[] OTSseed = new byte[mdLength]; byte[] dummy = new byte[mdLength]; // gmssRandom.setSeed(currentSeeds[layer]); System .arraycopy(currentSeeds[layer - 1], 0, dummy, 0, mdLength); OTSseed = gmssRandom.nextSeed(dummy); // only need OTSSeed OTSseed = gmssRandom.nextSeed(dummy); OTSseed = gmssRandom.nextSeed(dummy); // nextWinSig[layer-1]=new // GMSSWinSig(OTSseed,algNames,otsIndex[layer-1],heightOfTrees[layer],nextRoot[layer-1]); nextRootSig[layer - 1].initSign(OTSseed, nextRoot[layer - 1]); // nextKey for upper layer nextKey(layer - 1); } } }
This method computes the authpath (AUTH) for the current tree, Additionally the root signature for the next tree (SIG+), the authpath (AUTH++) and root (ROOT++) for the tree after next in layer layer, and the LEAF++^1 for the next next tree in the layer above are updated This method is used by nextKey()
Params:
  • layer –
/** * This method computes the authpath (AUTH) for the current tree, * Additionally the root signature for the next tree (SIG+), the authpath * (AUTH++) and root (ROOT++) for the tree after next in layer * <code>layer</code>, and the LEAF++^1 for the next next tree in the * layer above are updated This method is used by nextKey() * * @param layer */
private void updateKey(int layer) { // ----------current tree processing of actual layer--------- // compute upcoming authpath for current Tree (AUTH) computeAuthPaths(layer); // -----------distributed calculations part------------ // not for highest tree layer if (layer > 0) { // compute (partial) next leaf on TREE++ (not on layer 1 and 0) if (layer > 1) { nextNextLeaf[layer - 1 - 1] = nextNextLeaf[layer - 1 - 1].nextLeaf(); } // compute (partial) next leaf on tree above (not on layer 0) upperLeaf[layer - 1] = upperLeaf[layer - 1].nextLeaf(); // compute (partial) next leaf for all treehashs on tree above (not // on layer 0) int t = (int)Math .floor((double)(this.getNumLeafs(layer) * 2) / (double)(this.heightOfTrees[layer - 1] - this.K[layer - 1])); if (index[layer] % t == 1) { // System.out.println(" layer: " + layer + " index: " + // index[layer] + " t : " + t); // take precomputed node for treehash update // ------------------------------------------------ if (index[layer] > 1 && minTreehash[layer - 1] >= 0) { byte[] leaf = this.upperTreehashLeaf[layer - 1].getLeaf(); // if update is required use the precomputed leaf to update // treehash try { currentTreehash[layer - 1][minTreehash[layer - 1]] .update(this.gmssRandom, leaf); // System.out.println("Updated TH " + minTreehash[layer // - 1]); if (currentTreehash[layer - 1][minTreehash[layer - 1]] .wasFinished()) { // System.out.println("Finished TH " + // minTreehash[layer - 1]); } } catch (Exception e) { System.out.println(e); } // ------------------------------------------------ } // initialize next leaf precomputation // ------------------------------------------------ // get lowest index of treehashs this.minTreehash[layer - 1] = getMinTreehashIndex(layer - 1); if (this.minTreehash[layer - 1] >= 0) { // initialize leaf byte[] seed = this.currentTreehash[layer - 1][this.minTreehash[layer - 1]] .getSeedActive(); this.upperTreehashLeaf[layer - 1] = new GMSSLeaf( this.digestProvider.get(), this.otsIndex[layer - 1], t, seed); this.upperTreehashLeaf[layer - 1] = this.upperTreehashLeaf[layer - 1].nextLeaf(); // System.out.println("restarted treehashleaf (" + (layer - // 1) + "," + this.minTreehash[layer - 1] + ")"); } // ------------------------------------------------ } else { // update the upper leaf for the treehash one step if (this.minTreehash[layer - 1] >= 0) { this.upperTreehashLeaf[layer - 1] = this.upperTreehashLeaf[layer - 1].nextLeaf(); // if (minTreehash[layer - 1] > 3) // System.out.print("#"); } } // compute (partial) the signature of ROOT+ (RootSig+) (not on top // layer) nextRootSig[layer - 1].updateSign(); // compute (partial) AUTHPATH++ & ROOT++ (not on top layer) if (index[layer] == 1) { // init root and authpath calculation for tree after next // (AUTH++, ROOT++) this.nextNextRoot[layer - 1].initialize(new Vector()); } // update root and authpath calculation for tree after next (AUTH++, // ROOT++) this.updateNextNextAuthRoot(layer); } // ----------- end distributed calculations part----------------- }
This method returns the index of the next Treehash instance that should receive an update
Params:
  • layer – the layer of the GMSS tree
Returns:index of the treehash instance that should get the update
/** * This method returns the index of the next Treehash instance that should * receive an update * * @param layer the layer of the GMSS tree * @return index of the treehash instance that should get the update */
private int getMinTreehashIndex(int layer) { int minTreehash = -1; for (int h = 0; h < heightOfTrees[layer] - K[layer]; h++) { if (currentTreehash[layer][h].wasInitialized() && !currentTreehash[layer][h].wasFinished()) { if (minTreehash == -1) { minTreehash = h; } else if (currentTreehash[layer][h].getLowestNodeHeight() < currentTreehash[layer][minTreehash] .getLowestNodeHeight()) { minTreehash = h; } } } return minTreehash; }
Computes the upcoming currentAuthpath of layer layer using the revisited authentication path computation of Dahmen/Schneider 2008
Params:
  • layer – the actual layer
/** * Computes the upcoming currentAuthpath of layer <code>layer</code> using * the revisited authentication path computation of Dahmen/Schneider 2008 * * @param layer the actual layer */
private void computeAuthPaths(int layer) { int Phi = index[layer]; int H = heightOfTrees[layer]; int K = this.K[layer]; // update all nextSeeds for seed scheduling for (int i = 0; i < H - K; i++) { currentTreehash[layer][i].updateNextSeed(gmssRandom); } // STEP 1 of Algorithm int Tau = heightOfPhi(Phi); byte[] OTSseed = new byte[mdLength]; OTSseed = gmssRandom.nextSeed(currentSeeds[layer]); // STEP 2 of Algorithm // if phi's parent on height tau + 1 if left node, store auth_tau // in keep_tau. // TODO check it, formerly was // int L = Phi / (int) Math.floor(Math.pow(2, Tau + 1)); // L %= 2; int L = (Phi >>> (Tau + 1)) & 1; byte[] tempKeep = new byte[mdLength]; // store the keep node not in keep[layer][tau/2] because it might be in // use // wait until the space is freed in step 4a if (Tau < H - 1 && L == 0) { System.arraycopy(currentAuthPaths[layer][Tau], 0, tempKeep, 0, mdLength); } byte[] help = new byte[mdLength]; // STEP 3 of Algorithm // if phi is left child, compute and store leaf for next currentAuthPath // path, // (obtained by veriying current signature) if (Tau == 0) { // LEAFCALC !!! if (layer == numLayer - 1) { // lowest layer computes the // necessary leaf completely at this // time WinternitzOTSignature ots = new WinternitzOTSignature(OTSseed, digestProvider.get(), otsIndex[layer]); help = ots.getPublicKey(); } else { // other layers use the precomputed leafs in // nextNextLeaf byte[] dummy = new byte[mdLength]; System.arraycopy(currentSeeds[layer], 0, dummy, 0, mdLength); gmssRandom.nextSeed(dummy); help = upperLeaf[layer].getLeaf(); this.upperLeaf[layer].initLeafCalc(dummy); // WinternitzOTSVerify otsver = new // WinternitzOTSVerify(algNames, otsIndex[layer]); // byte[] help2 = otsver.Verify(currentRoot[layer], // currentRootSig[layer]); // System.out.println(" --- " + layer + " " + // ByteUtils.toHexString(help) + " " + // ByteUtils.toHexString(help2)); } System.arraycopy(help, 0, currentAuthPaths[layer][0], 0, mdLength); } else { // STEP 4a of Algorithm // get new left currentAuthPath node on height tau byte[] toBeHashed = new byte[mdLength << 1]; System.arraycopy(currentAuthPaths[layer][Tau - 1], 0, toBeHashed, 0, mdLength); // free the shared keep[layer][tau/2] System.arraycopy(keep[layer][(int)Math.floor((Tau - 1) / 2)], 0, toBeHashed, mdLength, mdLength); messDigestTrees.update(toBeHashed, 0, toBeHashed.length); currentAuthPaths[layer][Tau] = new byte[messDigestTrees.getDigestSize()]; messDigestTrees.doFinal(currentAuthPaths[layer][Tau], 0); // STEP 4b and 4c of Algorithm // copy right nodes to currentAuthPath on height 0..Tau-1 for (int i = 0; i < Tau; i++) { // STEP 4b of Algorithm // 1st: copy from treehashs if (i < H - K) { if (currentTreehash[layer][i].wasFinished()) { System.arraycopy(currentTreehash[layer][i] .getFirstNode(), 0, currentAuthPaths[layer][i], 0, mdLength); currentTreehash[layer][i].destroy(); } else { System.err .println("Treehash (" + layer + "," + i + ") not finished when needed in AuthPathComputation"); } } // 2nd: copy precomputed values from Retain if (i < H - 1 && i >= H - K) { if (currentRetain[layer][i - (H - K)].size() > 0) { // pop element from retain System.arraycopy(currentRetain[layer][i - (H - K)] .lastElement(), 0, currentAuthPaths[layer][i], 0, mdLength); currentRetain[layer][i - (H - K)] .removeElementAt(currentRetain[layer][i - (H - K)].size() - 1); } } // STEP 4c of Algorithm // initialize new stack at heights 0..Tau-1 if (i < H - K) { // create stacks anew int startPoint = Phi + 3 * (1 << i); if (startPoint < numLeafs[layer]) { // if (layer < 2) { // System.out.println("initialized TH " + i + " on layer // " + layer); // } currentTreehash[layer][i].initialize(); } } } } // now keep space is free to use if (Tau < H - 1 && L == 0) { System.arraycopy(tempKeep, 0, keep[layer][(int)Math.floor(Tau / 2)], 0, mdLength); } // only update empty stack at height h if all other stacks have // tailnodes with height >h // finds active stack with lowest node height, choses lower index in // case of tie // on the lowest layer leafs must be computed at once, no precomputation // is possible. So all treehash updates are done at once here if (layer == numLayer - 1) { for (int tmp = 1; tmp <= (H - K) / 2; tmp++) { // index of the treehash instance that receives the next update int minTreehash = getMinTreehashIndex(layer); // if active treehash is found update with a leaf if (minTreehash >= 0) { try { byte[] seed = new byte[mdLength]; System.arraycopy( this.currentTreehash[layer][minTreehash] .getSeedActive(), 0, seed, 0, mdLength); byte[] seed2 = gmssRandom.nextSeed(seed); WinternitzOTSignature ots = new WinternitzOTSignature( seed2, this.digestProvider.get(), this.otsIndex[layer]); byte[] leaf = ots.getPublicKey(); currentTreehash[layer][minTreehash].update( this.gmssRandom, leaf); } catch (Exception e) { System.out.println(e); } } } } else { // on higher layers the updates are done later this.minTreehash[layer] = getMinTreehashIndex(layer); } }
Returns the largest h such that 2^h | Phi
Params:
  • Phi – the leaf index
Returns:The largest h with 2^h | Phi if Phi!=0 else return -1
/** * Returns the largest h such that 2^h | Phi * * @param Phi the leaf index * @return The largest <code>h</code> with <code>2^h | Phi</code> if * <code>Phi!=0</code> else return <code>-1</code> */
private int heightOfPhi(int Phi) { if (Phi == 0) { return -1; } int Tau = 0; int modul = 1; while (Phi % modul == 0) { modul *= 2; Tau += 1; } return Tau - 1; }
Updates the authentication path and root calculation for the tree after next (AUTH++, ROOT++) in layer layer
Params:
  • layer –
/** * Updates the authentication path and root calculation for the tree after * next (AUTH++, ROOT++) in layer <code>layer</code> * * @param layer */
private void updateNextNextAuthRoot(int layer) { byte[] OTSseed = new byte[mdLength]; OTSseed = gmssRandom.nextSeed(nextNextSeeds[layer - 1]); // get the necessary leaf if (layer == numLayer - 1) { // lowest layer computes the necessary // leaf completely at this time WinternitzOTSignature ots = new WinternitzOTSignature(OTSseed, digestProvider.get(), otsIndex[layer]); this.nextNextRoot[layer - 1].update(nextNextSeeds[layer - 1], ots .getPublicKey()); } else { // other layers use the precomputed leafs in nextNextLeaf this.nextNextRoot[layer - 1].update(nextNextSeeds[layer - 1], nextNextLeaf[layer - 1].getLeaf()); this.nextNextLeaf[layer - 1].initLeafCalc(nextNextSeeds[layer - 1]); } } public int[] getIndex() { return index; }
Returns:The current index of layer i
/** * @return The current index of layer i */
public int getIndex(int i) { return index[i]; } public byte[][] getCurrentSeeds() { return Arrays.clone(currentSeeds); } public byte[][][] getCurrentAuthPaths() { return Arrays.clone(currentAuthPaths); }
Returns:The one-time signature of the root of the current subtree
/** * @return The one-time signature of the root of the current subtree */
public byte[] getSubtreeRootSig(int i) { return currentRootSig[i]; } public GMSSDigestProvider getName() { return digestProvider; }
Returns:The number of leafs of each tree of layer i
/** * @return The number of leafs of each tree of layer i */
public int getNumLeafs(int i) { return numLeafs[i]; } }