Quantum-resistant, purely Hash-based, Stateful, One-Time Digital Signatures for OCaml.

View on GitHub


Quantum-resistant, purely Hash-based, Stateful, One-Time Digital Signatures for OCaml.

For further information, see:

This library uses the Blake2B hash algorithm, but further / additional hashes are planned as well. Currently, the following things are implemented now:

The novel approach of this library is to sign every piece of hexadecimal character from a given hash, so our range to sign and verify bits/bytes is smaller (we only need 16 characters offset plus digest / fingerprint length of the message hash, in the case of Blake2B, 128 characters). By hashing beforehand our message, we can sign any size/length of input message, our signature, private key and public key stay on the same size.


If this library is available on OPAM:

$ opam install hieroglyphs

Otherwise, through Dune build system:

$ dune install


(Assuming you’ve linked this library as hieroglyphs…)

module Hg = Hieroglyphs

let (priv, pub) = Hg.pair ( ) in
let msg = "Hello, World!" in
match Hg.sign ~priv ~msg with
| None -> failwith "Private key was already signed!"
| Some signature -> assert (Hg.verify ~pub ~msg ~signature)

A blacklist of revoked Private Key unique & deterministic IDs is maintained at the directory $HOME/.hieroglyphs/state/blacklist. It’s used to preserve the one-time signing invariant. You can inspect the additional bare Git repository provided by the Irmin library at $HOME/.hieroglyphs/state. If you don’t like to pollute your home directory with configuration noise / garbage, you may override that with the environment variable $HIEROGLYPHS_ROOT. For instance, if you define:


Then, your blacklist will be available under /tmp/hg-data/state/blacklist, and your Git repository under /tmp/hg-data/state.

For the complete API reference, check the docs here. Coverage reports are shown at this page.


Currently, we run benchmarks against the nocrypto RSA/PSS+SHA256 implementation, and the secp256k1 library (using a SHA256 hash as well on the message), besides our implementation in pure OCaml code using Blake2B (although future plans include C bindings). The benchmark test suite is available under the command $ make bench. It uses the quite good Jane Street’s core_bench library. The cached benchmark report is generated by dune build system at the file test/bench/bench.expected whenever you type $ make bench.


This library was not yet fully tested against many sort of attacks, such as timing attacks, but nevertheless the real security lies behind the digestif and nocrypto libraries, which both provide strong hashes, strong RNGs and strong encryption. Use with care and take responsibility by your own acts.