Skip to content

Update Composite ML-DSA to draft 8 #120077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 25, 2025
Merged

Update Composite ML-DSA to draft 8 #120077

merged 3 commits into from
Sep 25, 2025

Conversation

PranavSenthilnathan
Copy link
Member

Composite ML-DSA spec release draft 8 recently, and this PR updates our implementation with the changes. The draft diff is here.

  • Domain separators depend on the algo name instead of OID so they will be stable even when the final OIDs are assigned by IANA. They are now called "labels" instead.
  • OIDs have been updated (still not final).
  • Signatures don't have a randomizer anymore.
  • ECPrivateKey component of the private key must omit publicKey and parameters.
  • KeyGen does not need to be timing invariant.
  • New test vectors

@PranavSenthilnathan PranavSenthilnathan added this to the 11.0.0 milestone Sep 24, 2025
@PranavSenthilnathan PranavSenthilnathan self-assigned this Sep 24, 2025
@Copilot Copilot AI review requested due to automatic review settings September 24, 2025 23:51
Copilot
Copilot AI reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the Composite ML-DSA implementation to align with draft 8 of the specification. The key changes include removing randomizers from signatures, updating domain separators to use algorithm names (now called "labels"), and enforcing stricter ECPrivateKey formatting requirements.

  • Removes 32-byte randomizers from signature format, reducing signature sizes
  • Updates domain separators to use algorithm names instead of OIDs for stability
  • Enforces that ECPrivateKey components must omit publicKey and parameters fields

Reviewed Changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/EccKeyFormatHelper.cs Adds inline validation logic for ECPrivateKey format, replacing external helper function
src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj Removes reference to shared EccKeyFormatHelper file
src/libraries/Microsoft.Bcl.Cryptography/src/Microsoft.Bcl.Cryptography.csproj Removes reference to shared EccKeyFormatHelper file
src/libraries/Common/tests/System/Security/Cryptography/CompositeMLDsaAlgorithmTests.cs Updates signature size expectations by removing 32-byte randomizer
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaTestsBase.cs Updates signature validation tests to reflect new format without randomizer
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaTestHelpers.cs Updates OIDs and ECPrivateKey size calculations
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaMockImplementation.cs Updates signature length assertions
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaFactoryTests.cs Updates private key import tests for new ECPrivateKey restrictions
src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaContractTests.cs Updates signature bounds calculations
src/libraries/Common/src/System/Security/Cryptography/Oids.cs Updates OID values to match draft 8
src/libraries/Common/src/System/Security/Cryptography/EccKeyFormatHelper.cs Deletes shared helper file
src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaManaged.cs Major refactoring to remove randomizer handling and update domain separators to labels
src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaManaged.ECDsa.cs Enforces ECPrivateKey format restrictions by rejecting parameters and publicKey fields
src/libraries/Common/src/System/Security/Cryptography/CompositeMLDsaAlgorithm.cs Removes randomizer constants and updates signature size calculations

@PranavSenthilnathan PranavSenthilnathan mentioned this pull request Sep 25, 2025
Open
This was referenced Sep 25, 2025
Open
Open
@PranavSenthilnathan PranavSenthilnathan enabled auto-merge (squash) September 25, 2025 17:20
@Copilot Copilot AI mentioned this pull request Sep 25, 2025
Draft
@PranavSenthilnathan PranavSenthilnathan merged commit 7ab1ed3 into dotnet:main Sep 25, 2025
86 of 88 checks passed
@build-analysis build-analysis bot mentioned this pull request Sep 25, 2025
Open
3 tasks
@bartonjs
Copy link
Member

/backport to release/10.0

@github-actions GitHub Actions
Copy link
Contributor

Started backporting to release/10.0: https://github.com/dotnet/runtime/actions/runs/18021553476

@github-actions github-actions bot mentioned this pull request Sep 25, 2025
Merged
4 tasks
@bartonjs bartonjs added the breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. label Sep 25, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Added needs-breaking-change-doc-created label because this PR has the breaking-change label.

When you commit this breaking change:

  1. Create and link to this PR and the issue a matching issue in the dotnet/docs repo using the breaking change documentation template, then remove this needs-breaking-change-doc-created label.
  2. Ask a committer to mail the .NET Breaking Change Notification DL.

Tagging @dotnet/compat for awareness of the breaking change.

@dotnet-policy-service dotnet-policy-service bot added the needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet label Sep 25, 2025
@ericstj
Copy link
Member

ericstj commented Oct 3, 2025

📋 Breaking Change Documentation Required

Create a breaking change issue with AI-generated content

Generated by Breaking Change Documentation Tool - 2025-10-03 12:19:42

@ericstj
Copy link
Member

ericstj commented Oct 3, 2025

📋 Breaking Change Documentation Required

Create a breaking change issue with AI-generated content

Generated by Breaking Change Documentation Tool - 2025-10-03 12:50:54

@bartonjs bartonjs mentioned this pull request Oct 3, 2025
Open
@bartonjs
Copy link
Member

bartonjs commented Oct 3, 2025

Added the breaking change doc. I clicked on the auto-gen link, but threw away most of its content, since it was trying to describe the behavioral changes, and to justify them (FWIW, the justification was entirely bogus hallucination). It'd probably be more useful for a change other than "moved to the current version of a spec" 😄.

@bartonjs bartonjs removed the needs-breaking-change-doc-created Breaking changes need an issue opened with https://github.com/dotnet/docs/issues/new?template=dotnet label Oct 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@PranavSenthilnathan PranavSenthilnathan

Labels

area-System.Security breaking-change Issue or PR that represents a breaking API or functional change over a prerelease.

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@PranavSenthilnathan @bartonjs @ericstj