Skip to content

feat(ml-dsa): Implement verifying_key method for SigningKey #1008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 28, 2025
Merged

feat(ml-dsa): Implement verifying_key method for SigningKey #1008

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a5d84eb
feat(ml-dsa): Implement verifying_key method for SigningKey
eferollo Jun 29, 2025
d57bfe0
feat(ml-dsa): implement Keypair trait and refactor inherent verifying…
romen Jul 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions ml-dsa/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -504,6 +504,23 @@ impl<P: MlDsaParams> SigningKey<P> {
None,
)
}

/// This auxiliary function derives a `VerifyingKey` from a bare
/// `SigningKey` (even in the absence of the original seed).
///
/// This is a utility function that is useful when importing the private key
/// from an external source which does not export the seed and does not
/// provide the precomputed public key associated with the private key
/// itself.
///
/// `SigningKey` implements `signature::Keypair`: this inherent method is
/// retained for convenience, so it is available for callers even when the
/// `signature::Keypair` trait is out-of-scope.
pub fn verifying_key(&self) -> VerifyingKey<P> {
let kp: &dyn signature::Keypair<VerifyingKey = VerifyingKey<P>> = self;

kp.verifying_key()
}
}

/// The `Signer` implementation for `SigningKey` uses the optional deterministic variant of ML-DSA, and
Expand All @@ -524,6 +541,26 @@ impl<P: MlDsaParams> MultipartSigner<Signature<P>> for SigningKey<P> {
}
}

/// The `KeyPair` implementation for `SigningKey` allows to derive a `VerifyingKey` from
/// a bare `SigningKey` (even in the absence of the original seed).
impl<P: MlDsaParams> signature::Keypair for SigningKey<P> {
type VerifyingKey = VerifyingKey<P>;

/// This is a utility function that is useful when importing the private key
/// from an external source which does not export the seed and does not
/// provide the precomputed public key associated with the private key
/// itself.
fn verifying_key(&self) -> Self::VerifyingKey {
let As1 = &self.A_hat * &self.s1_hat;
let t = &As1.ntt_inverse() + &self.s2;

/* Discard t0 */
let (t1, _) = t.power2round();

VerifyingKey::new(self.rho.clone(), t1, Some(self.A_hat.clone()), None)
}
}

/// The `RandomizedSigner` implementation for `SigningKey` only supports signing with an empty
/// context string. If you would like to include a context string, use the [`SigningKey::sign`]
/// method.
Expand Down Expand Up @@ -947,6 +984,25 @@ mod test {
encode_decode_round_trip_test::<MlDsa87>();
}

fn public_from_private_test<P>()
where
P: MlDsaParams + PartialEq,
{
let kp = P::key_gen_internal(&Array::default());
let sk = kp.signing_key;
let vk = kp.verifying_key;
let vk_derived = sk.verifying_key();

assert!(vk == vk_derived);
}

#[test]
fn public_from_private() {
public_from_private_test::<MlDsa44>();
public_from_private_test::<MlDsa65>();
public_from_private_test::<MlDsa87>();
}

fn sign_verify_round_trip_test<P>()
where
P: MlDsaParams,
Expand Down