RFR: 8351351: Pre-hash mode, context string, etc for ML-DSA
Weijun Wang
weijun at openjdk.org
Tue Feb 3 19:40:35 UTC 2026
On Thu, 6 Mar 2025 15:12:54 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> Add a new `SignatureParameterSpec` internal API to fully utilize the capabilities of ML-DSA. The updated ACVP test demonstrates its usage.
I need to reconsider this. The hash algorithm is usually considered an integral part of the signature algorithm itself, and when the key is generated it is generated for one algorithm. This means we should not use a ML-DSA key with HashML-DSA. Furthermore, we also cannot used a HashML-DSA-SHA512 key with HashML-DSA-SHAKE256.
So, it does not make sense to provide a hash algorithm field in `SignatureParameterSpec`.
Unless a matching `NamedParameterSpec` is defined, there is no way to create an ML-DSA key that is used for a given hash algorithm. I don't intend to create a new `AlgorithmParameterSpec` type for `KeyPairGenerator` and I also don't intend for the key's `getParams` to return anything other than a `NamedParameterSpec`.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23934#issuecomment-2762738223
More information about the security-dev
mailing list