A web-based document authentication system using FAEST post-quantum digital signatures via the PyFAEST library.
- π Document Signing - Upload and sign documents with FAEST post-quantum signatures
- β Signature Verification - Verify document authenticity without login
- π Multiple Parameter Sets - Choose from 12 FAEST variants (128f, 128s, 192f, etc.)
- π Performance Metrics - Real-time signing and verification timing
- ποΈ Audit Trail - SQLite database tracks all signatures
- π¨ Modern UI - Responsive Bootstrap interface
- π REST API - Programmatic access to signing/verification
- Backend: Flask (Python 3.8+)
- Cryptography: PyFAEST (FAEST post-quantum signatures)
- Database: SQLite
- Frontend: HTML/CSS/JavaScript with Bootstrap 5
- Hashing: SHA-256 for document fingerprints
pqc-document-auth/ βββ app/ β βββ __init__.py # Flask app initialization β βββ routes.py # API endpoints β βββ models.py # Database models β βββ crypto_utils.py # FAEST signing/verification β βββ templates/ β β βββ base.html # Base template β β βββ index.html # Home page β β βββ sign.html # Document signing page β β βββ verify.html # Verification page β βββ static/ β βββ css/ β βββ style.css # Custom styles βββ uploads/ # Temporary document storage βββ keys/ # Generated keypairs βββ instance/ # SQLite database (auto-created) βββ config.py # Configuration βββ run.py # Application entry point βββ requirements.txt # Python dependencies βββ .gitignore βββ README.md - Python 3.8 or higher
- Linux (native or WSL), or macOS
- pip and venv
# Clone or navigate to project directory cd pqc-document-auth # Create virtual environment python3 -m venv venv source venv/bin/activate # On Windows WSL: source venv/bin/activate # Install dependencies pip install -r requirements.txt # Initialize database python run.py init-db # Run the application python run.pyThe application will start at http://localhost:5000
-
Home Page (
/)- Overview and features
- Quick links to sign/verify
-
Sign Document (
/sign)- Upload a file (PDF, image, text, etc.)
- Select FAEST parameter set (128f, 128s, 192f, etc.)
- Generate or use existing keypair
- Download signature file
- View performance metrics
-
Verify Signature (
/verify)- Upload document and signature file
- Provide public key
- See verification result
- View signature details
POST /api/keypair Content-Type: application/json { "param_set": "128f" } Response: { "public_key": "hex_encoded_key", "private_key": "hex_encoded_key", "param_set": "128f" }POST /api/sign Content-Type: multipart/form-data Fields: - file: document file - param_set: "128f" | "128s" | "192f" | ... - private_key: hex encoded private key Response: { "signature": "hex_encoded_signature", "document_hash": "sha256_hash", "signature_size": 5924, "signing_time_ms": 5.2, "param_set": "128f" }POST /api/verify Content-Type: multipart/form-data Fields: - file: document file - signature: hex encoded signature - public_key: hex encoded public key Response: { "valid": true, "document_hash": "sha256_hash", "verification_time_ms": 4.8, "param_set": "128f" }| Parameter Set | Security Level | Signature Size | Speed |
|---|---|---|---|
128f | NIST Level 1 | 5,924 bytes | Fast |
128s | NIST Level 1 | 4,506 bytes | Small |
192f | NIST Level 3 | 14,948 bytes | Fast |
192s | NIST Level 3 | 11,260 bytes | Small |
256f | NIST Level 5 | 26,548 bytes | Fast |
256s | NIST Level 5 | 20,696 bytes | Small |
em_128f | NIST Level 1 | 5,060 bytes | Fast |
em_128s | NIST Level 1 | 3,906 bytes | Small |
em_192f | NIST Level 3 | 12,380 bytes | Fast |
em_192s | NIST Level 3 | 9,340 bytes | Small |
em_256f | NIST Level 5 | 23,476 bytes | Fast |
em_256s | NIST Level 5 | 17,984 bytes | Small |
id- Auto-incrementing primary keydocument_hash- SHA-256 hash of documentsignature- FAEST signature (hex)public_key- Public key (hex)param_set- FAEST parameter set usedsignature_size- Size in bytessigning_time- Time taken to sign (ms)timestamp- Creation timestamp
- This is a demonstration/research project for academic purposes
- FAEST is still under NIST evaluation (not yet standardized)
- The reference implementation is not optimized for production
- Private keys are stored temporarily - use secure storage for production
- No authentication system - anyone can access the service
- Uploaded files are stored temporarily and should be cleaned periodically
pytest tests/ -v- See
CONTRIBUTING.mdfor contribution guidelines - Follow Flask best practices
- Add tests for new functionality
- Research: Compare FAEST with classical signature schemes
- Education: Demonstrate post-quantum cryptography
- Prototyping: Test FAEST in document workflows
- Benchmarking: Measure signature sizes and performance
"Module not found: pyfaest"
pip install pyfaest"Database not found"
python run.py init-db"Permission denied" on uploads
chmod 755 uploads/- PyFAEST - Python bindings for FAEST
- FAEST Specification
- NIST PQC Project
MIT License - See LICENSE file
Created for NYU Post-Quantum Cryptography Course (Fall 2025)
Built on top of PyFAEST and the FAEST reference implementation.