Quantum resistant lock script on CKB, based on NIST FIPS 205 standard. 2 implementations exist:
make buildThe built contracts can be located at build/release
make testSee ckb-script-templates for more commands.
The lock script built here uses all-in-one mode, meaning one lock script can support all 12 paramter sets defined by NIST FIPS 205 standard. Feel free to also learn about different parameter sets here.
See Simple Usage, or Advanced Usage for usage. Performance discussions are kept in Performance Doc.
The exact cycle consumptions will slightly vary from one signature to another, a ballpark estimation of cycle consumptions(here we measure cycle consumptions for the whole script, meaning CKB transaction signing is included as well) for each NIST approved parameter set, can be located below(M stands for million):
| 128s bit | 128f bit | 192s bit | 192f bit | 256s bit | 256f bit | |
|---|---|---|---|---|---|---|
| pubkey size | 32 | 32 | 48 | 48 | 64 | 64 |
| signature size | 7856 | 17088 | 16224 | 35664 | 29792 | 49856 |
| sha2 simple (C) | 11.5M | 32.2M | 17.6M | 49.4M | 25.7M | 49.7M |
| sha2 simple (Hybrid) | 11.6M | 34.5M | 18.5M | 49.4M | 25.7M | 49.0M |
| sha2 simple (Rust) | 21.9M | 59.2M | 31.5M | 87.1M | 45.3M | 92.6M |
| shake simple (C) | 20.5M | 60.4M | 31.7M | 91.9M | 46.5M | 91.5M |
| shake simple (Hybrid) | 20.8M | 62.0M | 31.7M | 89.9M | 48.1M | 92.4M |
| shake simple (Rust) | 37.6M | 111.6M | 53.3M | 156.6M | 76.5M | 157.6M |
In general, the s variants take longer to generate a signature, but takes less cycles to verify. The f variants are fast in signature generation but takes longer cycles to verify.
NOTE: the following tool shall be considered deprecated, and only kept here for historic reasons.
This tool is to convert a default Lock(SECP256K1/blake160) to quantum resistant lock script..
Follow steps below:
-
compile.
By default, sphincsplus_lock file's size is about 85K bytes.
-
Deploy the compiled contract to the test network.
We use ckb-cli to deploy this contract, You can refer to here.- After the execution is successful, it is recommended to record the tx-hash to facilitate subsequent operations.
-
Generate key file.
Use this tool: tools/ckb-sphincs-tools.cargo run -- gen-key key.json
We can get a set of key files, including public and private keys.
- If the contract you compile does not use the default value, it needs to be the same here.
- Need to save this file.
-
Convert a SECP256K1/blake160 lock script to quantum resistant lock script.
cargo run -- cc_to_sphincsplus --tx_hash <tx-hash> --tx_index <index> --key_file key.json --prikey <You can use ckb-cli account export>
-
Convert a quantum resistant lock script to SECP256K1/blake160 lock script.
cargo run -- cc_to_secp --tx_hash <tx-hash> --tx_index <index> --key_file key.json --lock_arg <LOCK-ARG> --sp_tx_hash <SPHINCS+ Script in step 2> --sp_tx_index <index> --fee 10000
