Quantum resistant lock script on CKB, based on NIST FIPS 205 standard.
There are 3 implementations:
- A C lock script using SPHINCS+
- A Rust lock script using fips205
- A hybrid lock script with the implementation of SPHINCS+ utilizing the sphincsplus C library and Rust glue code.
You can find more details about the implementation strategy in contracts/README.md.
make buildThe built contracts can be located at build/release
make testSee ckb-script-templates for more commands.
The lock script built here uses all-in-one mode, meaning one lock script can support all 12 paramter sets defined by NIST FIPS 205 standard. Feel free to also learn about different parameter sets here.
See Simple Usage, or Advanced Usage for usage. Performance discussions are kept in Performance Doc.
The exact cycle consumptions will slightly vary from one signature to another, a ballpark estimation of cycle consumptions(here we measure cycle consumptions for the whole script, meaning CKB transaction signing is included as well) for each NIST approved parameter set, can be located below(M stands for million):
| 128s bit | 128f bit | 192s bit | 192f bit | 256s bit | 256f bit | |
|---|---|---|---|---|---|---|
| pubkey size | 32 | 32 | 48 | 48 | 64 | 64 |
| signature size | 7856 | 17088 | 16224 | 35664 | 29792 | 49856 |
| sha2 simple (C) | 11.5M | 32.2M | 17.6M | 49.4M | 25.7M | 49.7M |
| sha2 simple (Hybrid) | 11.6M | 34.5M | 18.5M | 49.4M | 25.7M | 49.0M |
| sha2 simple (Rust) | 21.9M | 59.2M | 31.5M | 87.1M | 45.3M | 92.6M |
| shake simple (C) | 20.5M | 60.4M | 31.7M | 91.9M | 46.5M | 91.5M |
| shake simple (Hybrid) | 20.8M | 62.0M | 31.7M | 89.9M | 48.1M | 92.4M |
| shake simple (Rust) | 37.6M | 111.6M | 53.3M | 156.6M | 76.5M | 157.6M |
In general, the s variants take longer to generate a signature, but takes less cycles to verify. The f variants are fast in signature generation but takes longer cycles to verify.
This project has been audited by ScaleBit.