@@ -101,6 +101,9 @@ const (
101101 sigEncodedLen87 = lambda256 / 4 + encodingSize20 * l87 + omega75 + k87
102102)
103103
104+ var _ crypto.Signer = (* PrivateKey44 )(nil )
105+ var _ crypto.Signer = (* Key44 )(nil )
106+
104107// A PrivateKey44 is the private key for the ML-DSA-44 signature scheme.
105108type PrivateKey44 struct {
106109 rho [32 ]byte // public random seed
@@ -118,10 +121,10 @@ type PrivateKey44 struct {
118121 t1Once sync.Once
119122}
120123
121- // PublicKey returns the public key corresponding to the private key.
124+ // Public returns the public key corresponding to the private key.
122125// Although we can derive the public key from the private key,
123126// but we do NOT need to derive it at most of the time.
124- func (sk * PrivateKey44 ) PublicKey () crypto.PublicKey {
127+ func (sk * PrivateKey44 ) Public () crypto.PublicKey {
125128 sk .ensureT1 ()
126129 return & PublicKey44 {
127130 rho : sk .rho ,
@@ -187,9 +190,9 @@ type PublicKey44 struct {
187190 nttOnce sync.Once
188191}
189192
190- // PublicKey generates and returns the corresponding public key for the given
193+ // Public generates and returns the corresponding public key for the given
191194// Key44 instance.
192- func (sk * Key44 ) PublicKey () * PublicKey44 {
195+ func (sk * Key44 ) Public () crypto. PublicKey {
193196 return & PublicKey44 {
194197 rho : sk .rho ,
195198 t1 : sk .t1 ,
@@ -210,9 +213,9 @@ func (pk *PublicKey44) Equal(x crypto.PublicKey) bool {
210213 if ! ok {
211214 return false
212215 }
213- b1 := pk . Bytes ()
214- b2 := xx .Bytes ( )
215- return subtle . ConstantTimeCompare ( b1 , b2 ) == 1
216+ eq := subtle . ConstantTimeCompare ( pk . rho [:], xx . rho [:]) &
217+ constantTimeEqualRingElementArray ( pk . t1 [:], xx .t1 [:] )
218+ return eq == 1
216219}
217220
218221// Bytes converts the PublicKey44 instance into a byte slice.
@@ -271,9 +274,13 @@ func (sk *PrivateKey44) Equal(x any) bool {
271274 if ! ok {
272275 return false
273276 }
274- b1 := sk .Bytes ()
275- b2 := xx .Bytes ()
276- return subtle .ConstantTimeCompare (b1 , b2 ) == 1
277+ eq := subtle .ConstantTimeCompare (sk .rho [:], xx .rho [:]) &
278+ subtle .ConstantTimeCompare (sk .k [:], xx .k [:]) &
279+ subtle .ConstantTimeCompare (sk .tr [:], xx .tr [:]) &
280+ constantTimeEqualRingElementArray (sk .s1 [:], xx .s1 [:]) &
281+ constantTimeEqualRingElementArray (sk .s2 [:], xx .s2 [:]) &
282+ constantTimeEqualRingElementArray (sk .t0 [:], xx .t0 [:])
283+ return eq == 1
277284}
278285
279286// GenerateKey44 generates a new Key44 (ML-DSA-44) using the provided random source.
@@ -363,7 +370,7 @@ func dsaKeyGen44(sk *Key44, xi *[32]byte) {
363370 }
364371 }
365372 H .Reset ()
366- ek := sk .PublicKey ( ).Bytes ()
373+ ek := sk .Public ().( * PublicKey44 ).Bytes ()
367374 H .Write (ek )
368375 H .Read (sk .tr [:])
369376}
0 commit comments