ml-dsa: Rename KeyGen::key_gen_internal to from_seed
#1054
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hoxxep
commented
Sep 3, 2025
| @@ -913,8 +927,7 @@ pub trait KeyGen: MlDsaParams { | |||
| fn key_gen<R: CryptoRng + ?Sized>(rng: &mut R) -> Self::KeyPair; | |||
|
|
|||
| /// Deterministically generate a signing key pair from the specified seed | |||
| // TODO(RLB): Only expose this based on a feature. | |||
There was a problem hiding this comment.
I am not sure of this comment in particular. There may be reasons key_gen_internal cannot be named from_seed that I'm not aware of, and I can't think of reasons for feature gating this? cc. @tarcieri @bifurcation
There was a problem hiding this comment.
The name comes from FIPS 204, namely section 6.1 where it is referred to as ML-DSA.KeyGen_internal.
I don't oppose the change in this PR, though, just providing a reference for why it's named the way it is.
There was a problem hiding this comment.
Thanks, I've updated the docstrings to include that for end users.
hoxxep
force-pushed
the
ml-dsa-keygen-from-seed
branch
2 times, most recently
from
46fcc7b to
e4514bc
Compare
tarcieri
reviewed
Sep 3, 2025
hoxxep
force-pushed
the
ml-dsa-keygen-from-seed
branch
from
e4514bc to
8121172
Compare
… verifying key from_seed methods
hoxxep
force-pushed
the
ml-dsa-keygen-from-seed
branch
from
8121172 to
00db20d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an alternative to #1046 to reduce copying the seed derivation logic. Implementing a
from_seedas raised in issue #1045.KeyGen::key_gen_internaltoKeyGen::from_seed.SigningKey::from_seed. This internally callsKeyGen::from_seedfor now, as the majority of the computational work is the same for both keys. A future PR could be slightly more efficient by specialising the SigningKey from_seed method by skipping the couple of extra steps performed to also compute a VerifyingKey, but ml-dsa:SigningKey::from_seed(&B32)implementation #1046 shows this only nets a 20us / 10% speed up.from_seedimplementations don't deviate from each other in future, if more efficient implementations are provided.I am not sure why
key_gen_internalwas commented to be behind a feature flag or private, as I believe deriving from a seed value is a must-have, assuming this implementation correctly matches the spec. I can look through the spec and codebase for test vectors to make sure, if desired?Cheers!