Skip to content

ML-DSA: Support (re-)generating MlDsaPrivate from seed#89

Open
mjdemilliano wants to merge 2 commits intowolfSSL:masterfrom
mjdemilliano:ml-dsa-generate-from-seed
Open

ML-DSA: Support (re-)generating MlDsaPrivate from seed#89
mjdemilliano wants to merge 2 commits intowolfSSL:masterfrom
mjdemilliano:ml-dsa-generate-from-seed

Conversation

@mjdemilliano
Copy link
Copy Markdown
Contributor

@mjdemilliano mjdemilliano commented Mar 24, 2026

As specified in FIPS 204, implementations can store the seed from which the key can be deterministically generated.

@mjdemilliano
ML-DSA: Support (re-)generating MlDsaPrivate from seed
1c034b2 
As specified in FIPS 204, implementations can store the seed from
which the key can be deterministically generated.
@embhorn
Copy link
Copy Markdown
Member

embhorn commented Apr 7, 2026

@mjdemilliano is an approved contributor

@embhorn embhorn requested a review from danielinux April 7, 2026 12:25
@danielinux danielinux assigned danielinux and unassigned wolfSSL-Bot Apr 8, 2026
@danielinux danielinux requested a review from Copilot April 8, 2026 06:29
Copilot AI reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for deterministic ML-DSA private key regeneration from a persisted seed (per FIPS 204), by exposing a new seed-based keygen API through the Python bindings and validating it via tests.

Changes:

  • Add MlDsaPrivate.make_key_from_seed() API and seed-length constant.
  • Expose wc_dilithium_make_key_from_seed() in the CFFI build definitions.
  • Add unit test covering deterministic regeneration and basic seed validation behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File Description
wolfcrypt/ciphers.py Introduces MlDsaPrivate.make_key_from_seed() and a seed length constant for deterministic ML-DSA key generation.
tests/test_mldsa.py Adds a test that generates keys from a seed, signs/verifies, and checks deterministic regeneration.
scripts/build_ffi.py Extends the ML-DSA CFFI cdefs to include wc_dilithium_make_key_from_seed().

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mjdemilliano
Process Copilot comments
44efa4b 
- Move+rename constant for seed length and use it in test_mldsa
- Replace assert by raising TypeError and ValueError in
  make_key_from_seed, and change type check to use memoryview.
@dgarske dgarske assigned wolfSSL-Bot and unassigned danielinux Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@dgarske dgarske dgarske approved these changes

@danielinux danielinux Awaiting requested review from danielinux

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mjdemilliano @embhorn @dgarske @danielinux @wolfSSL-Bot