Issues Closed

COMPARISON.md

@@ -39,7 +39,7 @@ This document provides a comprehensive comparison between the Rust `rust-bottle`
 | **ML-DSA-44** | Yes | Yes | Implemented in rust-bottle |
 | **ML-DSA-65** | Yes | Yes | Implemented in rust-bottle |
 | **ML-DSA-87** | Yes | Yes | Implemented in rust-bottle |
-| **SLH-DSA (12 variants)** | Yes (3 variants) | Yes | rust-bottle implements 3 SLH-DSA variants (128s, 192s, 256s) |
+| **SLH-DSA (12 variants)** | Yes (12 variants) | Yes | rust-bottle implements all 12 SLH-DSA variants (SHAKE-256 and SHA-2, s and f variants) |
 
 **Analysis**: Both libraries have comprehensive post-quantum cryptography support. rust-bottle implements ML-KEM (encryption), ML-DSA (signatures), and SLH-DSA (hash-based signatures) via optional feature flags.
 
@@ -147,7 +147,7 @@ Both libraries have comprehensive PQC support:
 
 **SLH-DSA (Hash-Based Signatures)**:
 - gobottle: 12 variants (SHA2/SHAKE, 128/192/256, s/f variants)
-- rust-bottle: 3 variants (128s, 192s, 256s - SHAKE-256 robust)
+- rust-bottle: 12 variants (SHA2/SHAKE, 128/192/256, s/f variants) - Full FIPS 205 compliance
 - Stateless hash-based signatures - Both support
 
 **Implementation Differences**:

POST_QUANTUM.md

@@ -64,17 +64,33 @@ ML-DSA provides post-quantum digital signatures based on lattice cryptography. T
 
 ### SLH-DSA (Hash-Based Signatures)
 
-SLH-DSA provides post-quantum signatures based on hash functions. Three security levels are available:
+SLH-DSA provides post-quantum signatures based on hash functions. Twelve variants are available, matching the FIPS 205 standard:
 
+**SHAKE-256 Variants:**
 | Variant | Security Level | Public Key Size | Secret Key Size | Signature Size | Implementation |
 |---------|---------------|-----------------|-----------------|----------------|----------------|
 | SLH-DSA-128s | 128-bit | 32 bytes | 64 bytes | ~7856 bytes | sphincsshake256128srobust |
+| SLH-DSA-128f | 128-bit | 32 bytes | 64 bytes | ~17088 bytes | sphincsshake256128frobust |
 | SLH-DSA-192s | 192-bit | 48 bytes | 96 bytes | ~16224 bytes | sphincsshake256192srobust |
+| SLH-DSA-192f | 192-bit | 48 bytes | 96 bytes | ~35664 bytes | sphincsshake256192frobust |
 | SLH-DSA-256s | 256-bit | 64 bytes | 128 bytes | ~29792 bytes | sphincsshake256256srobust |
+| SLH-DSA-256f | 256-bit | 64 bytes | 128 bytes | ~49856 bytes | sphincsshake256256frobust |
+
+**SHA-2 Variants:**
+| Variant | Security Level | Public Key Size | Secret Key Size | Signature Size | Implementation |
+|---------|---------------|-----------------|-----------------|----------------|----------------|
+| SLH-DSA-SHA2-128s | 128-bit | 32 bytes | 64 bytes | ~7856 bytes | sphincssha256128srobust |
+| SLH-DSA-SHA2-128f | 128-bit | 32 bytes | 64 bytes | ~17088 bytes | sphincssha256128frobust |
+| SLH-DSA-SHA2-192s | 192-bit | 48 bytes | 96 bytes | ~16224 bytes | sphincssha256192srobust |
+| SLH-DSA-SHA2-192f | 192-bit | 48 bytes | 96 bytes | ~35664 bytes | sphincssha256192frobust |
+| SLH-DSA-SHA2-256s | 256-bit | 64 bytes | 128 bytes | ~29792 bytes | sphincssha256256srobust |
+| SLH-DSA-SHA2-256f | 256-bit | 64 bytes | 128 bytes | ~49856 bytes | sphincssha256256frobust |
 
 **Implementation Details:**
 - Uses `pqcrypto-sphincsplus` v0.5.3
-- Uses "robust" variants with SHAKE-256
+- Uses "robust" variants with SHAKE-256 or SHA-2
+- "s" variants: smaller signatures, slower signing
+- "f" variants: faster signing, larger signatures
 - Very large signatures but simple hash-based security model
 - Works on all platforms including macOS/ARM
 

PQC_FEATURE_FLAG.md

@@ -46,7 +46,9 @@ cargo build --features post-quantum,ml-kem
 
 When the `post-quantum` feature is enabled:
 - **ML-DSA-44**, **ML-DSA-65**, **ML-DSA-87** signatures
-- **SLH-DSA-128s**, **SLH-DSA-192s**, **SLH-DSA-256s** signatures
+- **SLH-DSA-128s/128f**, **SLH-DSA-192s/192f**, **SLH-DSA-256s/256f** signatures (SHAKE-256)
+- **SLH-DSA-SHA2-128s/128f**, **SLH-DSA-SHA2-192s/192f**, **SLH-DSA-SHA2-256s/256f** signatures (SHA-2)
+- Total: 12 SLH-DSA variants matching FIPS 205 standard
 
 When the `ml-kem` feature is enabled (requires `post-quantum` for full functionality):
 - **ML-KEM-768** and **ML-KEM-1024** encryption

README.md

@@ -534,9 +534,13 @@ Comprehensive post-quantum cryptography support is available via feature flags.
 - **ML-DSA-44**: Post-quantum signatures (128-bit security) - Uses dilithium2
 - **ML-DSA-65**: Post-quantum signatures (192-bit security) - Uses dilithium3
 - **ML-DSA-87**: Post-quantum signatures (256-bit security) - Uses dilithium5
-- **SLH-DSA-128s**: Hash-based signatures (128-bit security) - Uses sphincsshake256128srobust
-- **SLH-DSA-192s**: Hash-based signatures (192-bit security) - Uses sphincsshake256192srobust
-- **SLH-DSA-256s**: Hash-based signatures (256-bit security) - Uses sphincsshake256256srobust
+- **SLH-DSA-128s/128f**: Hash-based signatures (128-bit security) - SHAKE-256 variants
+- **SLH-DSA-192s/192f**: Hash-based signatures (192-bit security) - SHAKE-256 variants
+- **SLH-DSA-256s/256f**: Hash-based signatures (256-bit security) - SHAKE-256 variants
+- **SLH-DSA-SHA2-128s/128f**: Hash-based signatures (128-bit security) - SHA-2 variants
+- **SLH-DSA-SHA2-192s/192f**: Hash-based signatures (192-bit security) - SHA-2 variants
+- **SLH-DSA-SHA2-256s/256f**: Hash-based signatures (256-bit security) - SHA-2 variants
+- Total: 12 SLH-DSA variants matching FIPS 205 standard
 
 **Hybrid Encryption (requires `ml-kem` feature):**
 - **ML-KEM-768 + X25519**: Combines post-quantum and classical security