Digital Signature
CROSS
Codes and Restricted Objects Signature Scheme
non-FIPScode-based1 parameter setsQNSP tier: default+provider: liboqs
Code-based signature using the MPC-in-the-head paradigm over restricted syndrome decoding. NIST PQC additional-signatures track candidate.
Mechanism
How it works
CROSS combines syndrome decoding with the MPC-in-the-head zero-knowledge proof system to produce signatures whose security reduces to the hardness of decoding random codes. Multiple parameter sets balance signature size against signing speed.
Parameter Sets
1 variants shipped
Each variant trades security category against key, ciphertext, or signature size. QNSP exposes all variants via the @cuilabs/liboqs-native binding; tenant crypto-policy determines which are allowed.
| Variant | NIST Level | Public Key | Secret Key | Signature | Note |
|---|---|---|---|---|---|
| CROSS-RSDP / CROSS-RSDPG (multiple param sets) | L5 | 77 B | 32 B | 13,152 B |
NIST ACVP
Conformance evidence
QNSP runs the official NIST ACVP test vectors against every shipped algorithm. Live evidence + SHA-3-256 tamper digest at /verify/conformance.
@noble/post-quantum
non-addressablePure-JavaScript reference; cross-verification secondary on Maximum + Government tiers.
@cuilabs/liboqs-native
non-addressableNative-C primary production engine. Runs across every QNSP backend service.
Use Cases
When to use it
- Code-based signature option for assumption diversification
- NIST PQC additional-signatures track inclusion
Trade-offs
What you give up, what you get
- Tiny public keys (77 bytes), large signatures
- Code-based assumption diversifies away from lattice-based signature dominance
References