/** * Derive private key at index from secret key seed. * * @param index Index. * @return Private key at index. */ private byte[] expandSecretKeySeed(int index) { if (index < 0 || index >= params.getLen()) { throw new IllegalArgumentException("index out of bounds"); } return khf.PRF(secretKeySeed, XMSSUtil.toBytesBigEndian(index, 32)); }
/** * Derive WOTS+ secret key for specific index as in XMSS ref impl Andreas * Huelsing. * * @param otsHashAddress * @return WOTS+ secret key at index. */ protected byte[] getWOTSPlusSecretKey(byte[] secretKeySeed, OTSHashAddress otsHashAddress) { otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).build(); return khf.PRF(secretKeySeed, otsHashAddress.toByteArray()); }
byte[] random = khf.PRF(privateKey.getSecretKeyPRF(), XMSSUtil.toBytesBigEndian(index, 32)); byte[] concatenated = Arrays.concatenate(random, privateKey.getRoot(), XMSSUtil.toBytesBigEndian(index, params.getDigestSize()));
.withOTSAddress(otsHashAddress.getOTSAddress()).withChainAddress(otsHashAddress.getChainAddress()) .withHashAddress(startIndex + steps - 1).withKeyAndMask(0).build(); byte[] key = khf.PRF(publicSeed, otsHashAddress.toByteArray()); otsHashAddress = (OTSHashAddress)new OTSHashAddress.Builder() .withLayerAddress(otsHashAddress.getLayerAddress()).withTreeAddress(otsHashAddress.getTreeAddress()) .withOTSAddress(otsHashAddress.getOTSAddress()).withChainAddress(otsHashAddress.getChainAddress()) .withHashAddress(otsHashAddress.getHashAddress()).withKeyAndMask(1).build(); byte[] bitmask = khf.PRF(publicSeed, otsHashAddress.toByteArray()); byte[] tmpMasked = new byte[n]; for (int i = 0; i < n; i++)
byte[] random = wotsPlus.getKhf().PRF(privateKey.getSecretKeyPRF(), XMSSUtil.toBytesBigEndian(globalIndex, 32)); byte[] concatenated = Arrays.concatenate(random, privateKey.getRoot(), XMSSUtil.toBytesBigEndian(globalIndex, params.getDigestSize()));
byte[] key = wotsPlus.getKhf().PRF(publicSeed, address.toByteArray()); byte[] bitmask0 = wotsPlus.getKhf().PRF(publicSeed, address.toByteArray()); byte[] bitmask1 = wotsPlus.getKhf().PRF(publicSeed, address.toByteArray()); int n = wotsPlus.getParams().getDigestSize(); byte[] tmpMask = new byte[2 * n];