Question about Dilithium randomized signature

[sungmin-net]

Dear OQS team.

Would you please share a sample code for Dilithium randomized signature?

I saw that deterministic sample code in https://openquantumsafe.org/liboqs/examples/sig.html

but I want to know a lttle bit more to generate randomized signature and to verify it.

Thanks in adavance!
Sungmin

[dstebila]

The version of Dilithium in liboqs is the randomized signing version. From the caller's perspective, you do not need to provide randomness, it is generated during the signing procedure. So the code in the example file you linked to already does the randomized signing.

[sungmin-net]

Thank you for the answer. Let me test it and share the result with you soon. According to your answer, I'm expecting that fixed private key and fixed message will produce different signatures. But they are verifiable using the fixed public key.

[sungmin-net]

Hello @dstebila,

Unfortunately, I tested that fixed private key and fixed message produce fixed signature in the example code logic. Thus I think that example code in https://openquantumsafe.org/liboqs/examples/sig.html shows deterministic signing. I read that Dilithium provides randomized signature option in Sriaknth Sailada et al, "Crystal Dilithium Algorithm For Post Quantum Cryptography: Experimentation and Usecase for eSign", IEEE 2022. Would you please let me know how to generate randomized signature and to verify it using OQS?

Thanks in advance,
Sungmin

[baentsch]

Thus I think that example code in https://openquantumsafe.org/liboqs/examples/sig.html shows deterministic signing.

Not really: The example code shows how to use the liboqs API; it is the same code regardless of whether you use randomized signing or deterministic signing.

The actual operation of the algorithm(s) is defined by the behaviour built into liboqs at build time, so the method of operation (also of Dilithium) depends how one builds the library:

Would you please let me know how to generate randomized signature and to verify it using OQS?

Please read the source code for Dilithium, e.g., here for the Dilithium2 reference code:

liboqs/src/sig/dilithium/pqcrystals-dilithium_dilithium2_ref/sign.c

Lines 109 to 113 in 04ff6fd

	#ifdef DILITHIUM_RANDOMIZED_SIGNING
	randombytes(rhoprime, CRHBYTES);
	#else
	shake256(rhoprime, CRHBYTES, key, SEEDBYTES + CRHBYTES);
	#endif

So, you need to set the define "DILITHIUM_RANDOMIZED_SIGNING" when building liboqs to activate randomized signing as defined by the authors of the algorithm.

This is (already by default) done in the CMakeList file:

liboqs/src/sig/dilithium/CMakeLists.txt

Line 10 in 04ff6fd

target_compile_options(dilithium_2_ref PUBLIC -DDILITHIUM_MODE=2 -DDILITHIUM_RANDOMIZED_SIGNING)

[sungmin-net]

Wow! Thank you very much!! @baentsch
I checked that my liboqs.a didn't define DILITHIUM_RANDOMIZED_SIGNING.
I will rebuild the library and test it again.

[sparalia]

Is there a BUILD OPTION (https://github.com/open-quantum-safe/liboqs/blob/main/CONFIGURE.md#OQS_DIST_BUILD) that allows for specifying DILITHIUM_RANDOMIZED_SIGNING at build time: cmake -GNinja ..

or is the only way to do is by editing this make file:
src/sig/dilithium/CMakeLists.txt

[baentsch]

No, OQS tries to be as algorithm-agnostic as possible. But you may want to check out what cmake command line options like CMAKE_COMPILE_OPTIONS permit doing...