- Implemented method to derive the public ML-DSA key from the private key

pdb0102 · pdb0102 · commit 647abf5e89ab · 2025-03-06T05:39:25.000-07:00
diff --git a/.gitignore b/.gitignore
@@ -14,4 +14,5 @@
 [Dd]ebug/
 [Rr]elease/
 [Oo]bj/
-[Bb]in/
+[Bb]in/
+BenchMarkDotNet.Artifacts/
diff --git a/PQnet.Test/PQApiRoundtripTests.cs b/PQnet.Test/PQApiRoundtripTests.cs
@@ -47,6 +47,7 @@ public void TestSignatureApi(string algorithm) {
 			ISignature signature;
 			byte[] private_key;
 			byte[] public_key;
+			byte[] derived_public_key;
 			byte[] signature_bytes;
 			byte[] message;
 			string error;
@@ -66,6 +67,10 @@ public void TestSignatureApi(string algorithm) {
 			Assert.AreEqual(signature.PrivateKeyBytes, private_key.Length, $"Private key length is incorrect for '{algorithm}' algorithm");
 			Assert.AreEqual(signature.PublicKeyBytes, public_key.Length, $"Public key length is incorrect for '{algorithm}' algorithm");
 
+			success = signature.DerivePublicFromPrivateKey(private_key, out derived_public_key, out error);
+			Assert.IsTrue(success, $"Failed to derive public key from private key for '{algorithm}' algorithm: {error}");
+			CollectionAssert.AreEqual(public_key, derived_public_key, $"Derived public key does not match original public key for '{algorithm}' algorithm");
+
 			success = signature.Sign(message, private_key, null, out signature_bytes, out error);
 			Assert.IsTrue(success, $"Failed to sign message for '{algorithm}' algorithm: {error}");
 			Assert.IsNull(error, $"Error was not null despite success [Error: {error}]");
diff --git a/PQnet/Common/ISignature.cs b/PQnet/Common/ISignature.cs
@@ -75,6 +75,15 @@ public interface ISignature {
 		/// <returns><c>true</c> if the key pair was successfully generated, <c>false</c> otherwise</returns>
 		bool GenerateKeyPair(out byte[] public_key, out byte[] private_key, byte[] seed, out string error);
 
+		/// <summary>
+		/// Derive the public key from a private key
+		/// </summary>
+		/// <param name="private_key">The private key</param>
+		/// <param name="public_key">Receives the public key</param>
+		/// <param name="error">Receives an error that occurred, or <c>null</c></param>
+		/// <returns><c>true</c> if the key was successfully returned, <c>false</c> otherwise</returns>
+		bool DerivePublicFromPrivateKey(byte[] private_key, out byte[] public_key, out string error);
+
 		/// <summary>
 		/// Generate a pure signature
 		/// </summary>
diff --git a/PQnet/ML-DSA/MlDsaBase.cs b/PQnet/ML-DSA/MlDsaBase.cs
@@ -197,6 +197,26 @@ public bool GenerateKeyPair(out byte[] public_key, out byte[] private_key, byte[
 			return false;
 		}
 
+		/// <summary>
+		/// Derive the ML-DSA public key from a private key
+		/// </summary>
+		/// <param name="private_key">The private key</param>
+		/// <param name="public_key">Receives the public key</param>
+		/// <param name="error">Receives an error that occurred, or <c>null</c></param>
+		/// <returns><c>true</c> if the key was successfully returned, <c>false</c> otherwise</returns>
+		public bool DerivePublicFromPrivateKey(byte[] private_key, out byte[] public_key, out string error) {
+			if (private_key.Length != PrivateKeyBytes) {
+				public_key = null;
+				error = $"Private key must be {PrivateKeyBytes} bytes long";
+				return false;
+			}
+
+			ml_derive_public(private_key, out public_key);
+
+			error = null;
+			return true;
+		}
+
 		/// <summary>
 		/// Generate a pure ML-DSA signature
 		/// </summary>
diff --git a/PQnet/ML-DSA/Sign.cs b/PQnet/ML-DSA/Sign.cs
@@ -119,6 +119,53 @@ internal bool ml_keygen(out byte[] pk, out byte[] sk, byte[] seed = null) {
 			return true;
 		}
 
+		internal bool ml_derive_public(byte[] sk, out byte[] pk) {
+			byte[] tr;
+			byte[] rho;
+			byte[] key;
+			PolyVecL[] mat;
+			PolyVecL s1, s1hat;
+			PolyVecK s2, t1, t0;
+
+			mat = new PolyVecL[K];
+			for (int i = 0; i < K; i++) {
+				mat[i] = new PolyVecL(L, N);
+			}
+
+			rho = new byte[(2 * SeedBytes) + CrhBytes];
+			tr = new byte[TrBytes];
+			key = new byte[SeedBytes];
+			t0 = new PolyVecK(K, N);
+			s1 = new PolyVecL(L, N);
+			s2 = new PolyVecK(K, N);
+
+			/* unpack the private key */
+			unpack_sk(rho, tr, key, t0, s1, s2, sk);
+
+			/* Expand matrix */
+			polyvec_matrix_expand(mat, rho);
+
+			/* Matrix-vector multiplication */
+			t0 = new PolyVecK(K, N);
+			t1 = new PolyVecK(K, N);
+			s1hat = s1.Clone();
+			polyvecl_ntt(s1hat);
+			polyvec_matrix_pointwise_montgomery(t1, mat, s1hat);
+			polyveck_reduce(t1);
+			polyveck_invntt_tomont(t1);
+
+			/* Add error vector s2 */
+			polyveck_add(t1, t1, s2);
+
+			/* Extract t1 and write public key */
+			polyveck_caddq(t1);
+			polyveck_power2round(t1, t0, t1);
+			pk = new byte[PublicKeyBytes];
+			pack_pk(pk, rho, t1);
+
+			return true;
+		}
+
 		/*************************************************
 		* Name:        crypto_sign_signature_internal
 		*
diff --git a/PQnet/SLH-DSA/SlhDsaBase.Api.cs b/PQnet/SLH-DSA/SlhDsaBase.Api.cs
@@ -88,7 +88,7 @@ public bool GenerateKeyPair(out byte[] public_key, out byte[] private_key, byte[
 		}
 
 		/// <summary>
-		/// Derive an SLH-DSA public key from a private key
+		/// Derive the SLH-DSA public key from a private key
 		/// </summary>
 		/// <param name="private_key">The private key</param>
 		/// <param name="public_key">Receives the public key</param>
diff --git a/Sandcastle/PQnet.xml b/Sandcastle/PQnet.xml

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ public bool GenerateKeyPair(out byte[] public_key, out byte[] private_key, byte[`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`/// <summary>`
`91`		`- /// Derive an SLH-DSA public key from a private key`
	`91`	`+ /// Derive the SLH-DSA public key from a private key`
`92`	`92`	`/// </summary>`
`93`	`93`	`/// <param name="private_key">The private key</param>`
`94`	`94`	`/// <param name="public_key">Receives the public key</param>`