The draft FIPS 204 and 205 include an option to apply the signature scheme to the digest (i.e., hash) of a message rather than the message itself, in order to reduce the size of the message input to the signature and verification operations. Several of the public comments on the drafts addressed the pre-hashing step that would produce the digest to be signed and how it would be used in applications. NIST followed up on the pqc-forum mailing list with a note, “Pure vs. pre-hash signing for ML-DSA and SLH-DSA,” proposing a way to format the message input to the signature scheme in a way that distinguishes digest inputs from regular inputs. Participants responded to NIST’s proposal with further comments.
With the draft standards reaching their final form, it would be helpful to have a broader discussion on the design considerations for pre-hashing and how they may affect both the specification and the usage of FIPS 204 and 205.
5th PQC Standardization Conference (2024) [in-person]
Fifth PQC Standardization Conference
Starts: April 10, 2024The NIST PQC conference will be held at the: Hilton Washington DC/Rockville Hotel 1750 Rockville Pike Rockville, MD 20852
Security and Privacy: post-quantum cryptography