sign method

Uint8List sign(
  1. SecretKey sk,
  2. Uint8List message, {
  3. RandomBytes? randombytes,
})

Sign message with sk. If randombytes is provided it is used both as the salt source and to seed the per-attempt ChaCha20 sampler, making the signature reproducible (and byte-identical to the reference). When null, a secure source is used directly.

Implementation

Uint8List sign(SecretKey sk, Uint8List message, {RandomBytes? randombytes}) {
  final header = [0x30 + logn[param.n]!];
  final saltSource = randombytes ?? secureRandomBytes;
  final salt = saltSource(saltLen);
  final hashed = hashToPoint(message, salt);

  // Repeat until the preimage is short enough and the encoding fits.
  while (true) {
    final List<List<int>> s;
    if (randombytes == null) {
      s = _samplePreimage(sk, hashed, secureRandomBytes);
    } else {
      final seed = randombytes(seedLen);
      s = _samplePreimage(sk, hashed, ChaCha20(seed).randombytes);
    }
    final norm = FalconUtils.sqnorm(s);
    if (norm <= param.sigBound) {
      final enc = compress(s[1], param.sigBytelen - headLen - saltLen);
      if (enc != null) {
        return Uint8List.fromList([...header, ...salt, ...enc]);
      }
    }
  }
}