From 12fafb1bf044e98b07c1d8179691213b7401ca6d Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 8 May 2019 17:07:57 +0200 Subject: [PATCH] rename newhope1024ccakem -> newhope1024cca --- .../META.yml | 2 +- .../clean/LICENSE | 0 .../clean/Makefile | 2 +- .../clean/Makefile.Microsoft_nmake | 2 +- crypto_kem/newhope1024cca/clean/api.h | 15 ++++ .../clean/cpapke.c | 68 +++++++++---------- .../clean/cpapke.h | 6 +- .../clean/kem.c | 18 ++--- .../clean/ntt.c | 12 ++-- crypto_kem/newhope1024cca/clean/ntt.h | 14 ++++ .../clean/params.h | 4 +- .../clean/poly.c | 40 +++++------ crypto_kem/newhope1024cca/clean/poly.h | 32 +++++++++ .../clean/precomp.c | 6 +- .../clean/reduce.c | 2 +- crypto_kem/newhope1024cca/clean/reduce.h | 8 +++ .../clean/verify.c | 4 +- crypto_kem/newhope1024cca/clean/verify.h | 12 ++++ crypto_kem/newhope1024ccakem/clean/api.h | 15 ---- crypto_kem/newhope1024ccakem/clean/ntt.h | 14 ---- crypto_kem/newhope1024ccakem/clean/poly.h | 32 --------- crypto_kem/newhope1024ccakem/clean/reduce.h | 8 --- crypto_kem/newhope1024ccakem/clean/verify.h | 12 ---- 23 files changed, 164 insertions(+), 164 deletions(-) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/META.yml (95%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/LICENSE (100%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/Makefile (93%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/Makefile.Microsoft_nmake (91%) create mode 100644 crypto_kem/newhope1024cca/clean/api.h rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/cpapke.c (70%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/cpapke.h (54%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/kem.c (79%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/ntt.c (92%) create mode 100644 crypto_kem/newhope1024cca/clean/ntt.h rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/params.h (91%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/poly.c (85%) create mode 100644 crypto_kem/newhope1024cca/clean/poly.h rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/precomp.c (99%) rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/reduce.c (91%) create mode 100644 crypto_kem/newhope1024cca/clean/reduce.h rename crypto_kem/{newhope1024ccakem => newhope1024cca}/clean/verify.c (86%) create mode 100644 crypto_kem/newhope1024cca/clean/verify.h delete mode 100644 crypto_kem/newhope1024ccakem/clean/api.h delete mode 100644 crypto_kem/newhope1024ccakem/clean/ntt.h delete mode 100644 crypto_kem/newhope1024ccakem/clean/poly.h delete mode 100644 crypto_kem/newhope1024ccakem/clean/reduce.h delete mode 100644 crypto_kem/newhope1024ccakem/clean/verify.h diff --git a/crypto_kem/newhope1024ccakem/META.yml b/crypto_kem/newhope1024cca/META.yml similarity index 95% rename from crypto_kem/newhope1024ccakem/META.yml rename to crypto_kem/newhope1024cca/META.yml index d8c4662c..39a20392 100644 --- a/crypto_kem/newhope1024ccakem/META.yml +++ b/crypto_kem/newhope1024cca/META.yml @@ -1,4 +1,4 @@ -name: NewHope1024CCAKEM +name: NewHope1024CCA type: kem claimed-nist-level: 5 length-public-key: 1824 diff --git a/crypto_kem/newhope1024ccakem/clean/LICENSE b/crypto_kem/newhope1024cca/clean/LICENSE similarity index 100% rename from crypto_kem/newhope1024ccakem/clean/LICENSE rename to crypto_kem/newhope1024cca/clean/LICENSE diff --git a/crypto_kem/newhope1024ccakem/clean/Makefile b/crypto_kem/newhope1024cca/clean/Makefile similarity index 93% rename from crypto_kem/newhope1024ccakem/clean/Makefile rename to crypto_kem/newhope1024cca/clean/Makefile index e63127fb..933c6e2d 100644 --- a/crypto_kem/newhope1024ccakem/clean/Makefile +++ b/crypto_kem/newhope1024cca/clean/Makefile @@ -1,6 +1,6 @@ # This Makefile can be used with GNU Make or BSD Make -LIB=libnewhope1024ccakem_clean.a +LIB=libnewhope1024cca_clean.a HEADERS=api.h cpapke.h ntt.h params.h poly.h reduce.h verify.h OBJECTS=cpapke.o kem.o ntt.o poly.o precomp.o reduce.o verify.o diff --git a/crypto_kem/newhope1024ccakem/clean/Makefile.Microsoft_nmake b/crypto_kem/newhope1024cca/clean/Makefile.Microsoft_nmake similarity index 91% rename from crypto_kem/newhope1024ccakem/clean/Makefile.Microsoft_nmake rename to crypto_kem/newhope1024cca/clean/Makefile.Microsoft_nmake index 7c0fc463..f6dca8d7 100644 --- a/crypto_kem/newhope1024ccakem/clean/Makefile.Microsoft_nmake +++ b/crypto_kem/newhope1024cca/clean/Makefile.Microsoft_nmake @@ -1,7 +1,7 @@ # This Makefile can be used with Microsoft Visual Studio's nmake using the command: # nmake /f Makefile.Microsoft_nmake -LIBRARY=libnewhope1024ccakem_clean.lib +LIBRARY=libnewhope1024cca_clean.lib OBJECTS=cpapke.obj kem.obj ntt.obj poly.obj precomp.obj reduce.obj verify.obj CFLAGS=/nologo /I ..\..\..\common /W4 /WX diff --git a/crypto_kem/newhope1024cca/clean/api.h b/crypto_kem/newhope1024cca/clean/api.h new file mode 100644 index 00000000..62139de0 --- /dev/null +++ b/crypto_kem/newhope1024cca/clean/api.h @@ -0,0 +1,15 @@ +#ifndef PQCLEAN_NEWHOPE1024CCA_CLEAN_API_H +#define PQCLEAN_NEWHOPE1024CCA_CLEAN_API_H + + +#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_SECRETKEYBYTES 3680 +#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_PUBLICKEYBYTES 1824 +#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_CIPHERTEXTBYTES 2208 +#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_BYTES 32 +#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_ALGNAME "NewHope1024-CCAKEM" + +int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk); +int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk); +int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk); + +#endif diff --git a/crypto_kem/newhope1024ccakem/clean/cpapke.c b/crypto_kem/newhope1024cca/clean/cpapke.c similarity index 70% rename from crypto_kem/newhope1024ccakem/clean/cpapke.c rename to crypto_kem/newhope1024cca/clean/cpapke.c index 4bbd0b3a..09986223 100644 --- a/crypto_kem/newhope1024ccakem/clean/cpapke.c +++ b/crypto_kem/newhope1024cca/clean/cpapke.c @@ -18,7 +18,7 @@ **************************************************/ static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *seed) { int i; - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(r, pk); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(r, pk); for (i = 0; i < NEWHOPE_SYMBYTES; i++) { r[NEWHOPE_POLYBYTES + i] = seed[i]; } @@ -35,7 +35,7 @@ static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *see **************************************************/ static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) { int i; - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(pk, r); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(pk, r); for (i = 0; i < NEWHOPE_SYMBYTES; i++) { seed[i] = r[NEWHOPE_POLYBYTES + i]; } @@ -53,8 +53,8 @@ static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) { * - const poly *v: pointer to the input polynomial v **************************************************/ static void encode_c(unsigned char *r, const poly *b, const poly *v) { - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(r, b); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(r + NEWHOPE_POLYBYTES, v); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(r, b); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(r + NEWHOPE_POLYBYTES, v); } /************************************************* @@ -67,8 +67,8 @@ static void encode_c(unsigned char *r, const poly *b, const poly *v) { * - const unsigned char *r: pointer to input byte array **************************************************/ static void decode_c(poly *b, poly *v, const unsigned char *r) { - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(b, r); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(v, r + NEWHOPE_POLYBYTES); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(b, r); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(v, r + NEWHOPE_POLYBYTES); } /************************************************* @@ -80,7 +80,7 @@ static void decode_c(poly *b, poly *v, const unsigned char *r) { * - const unsigned char *seed: pointer to input seed **************************************************/ static void gen_a(poly *a, const unsigned char *seed) { - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(a, seed); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(a, seed); } @@ -94,7 +94,7 @@ static void gen_a(poly *a, const unsigned char *seed) { * Arguments: - unsigned char *pk: pointer to output public key * - unsigned char *sk: pointer to output private key **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk, +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(unsigned char *pk, unsigned char *sk) { poly ahat, ehat, ahat_shat, bhat, shat; unsigned char z[2 * NEWHOPE_SYMBYTES]; @@ -106,16 +106,16 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk, gen_a(&ahat, publicseed); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&shat, noiseseed, 0); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&shat); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&shat, noiseseed, 0); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&shat); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&ehat, noiseseed, 1); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&ehat); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&ehat, noiseseed, 1); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&ehat); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&ahat_shat, &shat, &ahat); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&bhat, &ehat, &ahat_shat); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&ahat_shat, &shat, &ahat); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&bhat, &ehat, &ahat_shat); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(sk, &shat); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(sk, &shat); encode_pk(pk, &bhat, publicseed); } @@ -132,33 +132,33 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk, * - const unsigned char *coin: pointer to input random coins used as seed * to deterministically generate all randomness **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c, +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(unsigned char *c, const unsigned char *m, const unsigned char *pk, const unsigned char *coin) { poly sprime, eprime, vprime, ahat, bhat, eprimeprime, uhat, v; unsigned char publicseed[NEWHOPE_SYMBYTES]; - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(&v, m); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(&v, m); decode_pk(&bhat, publicseed, pk); gen_a(&ahat, publicseed); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&sprime, coin, 0); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&eprime, coin, 1); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&eprimeprime, coin, 2); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&sprime, coin, 0); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&eprime, coin, 1); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&eprimeprime, coin, 2); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&sprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&eprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&sprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&eprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&uhat, &ahat, &sprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&uhat, &uhat, &eprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&uhat, &ahat, &sprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&uhat, &uhat, &eprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&vprime, &bhat, &sprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(&vprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&vprime, &bhat, &sprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(&vprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&vprime, &vprime, &eprimeprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&vprime, &vprime, &v); // add message + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&vprime, &vprime, &eprimeprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&vprime, &vprime, &v); // add message encode_c(c, &uhat, &vprime); } @@ -175,18 +175,18 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c, * - const unsigned char *c: pointer to input ciphertext * - const unsigned char *sk: pointer to input secret key **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(unsigned char *m, +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(unsigned char *m, const unsigned char *c, const unsigned char *sk) { poly vprime, uhat, tmp, shat; - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(&shat, sk); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(&shat, sk); decode_c(&uhat, &vprime, c); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&tmp, &shat, &uhat); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(&tmp); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&tmp, &shat, &uhat); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(&tmp); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(&tmp, &tmp, &vprime); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(&tmp, &tmp, &vprime); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(m, &tmp); + PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(m, &tmp); } diff --git a/crypto_kem/newhope1024ccakem/clean/cpapke.h b/crypto_kem/newhope1024cca/clean/cpapke.h similarity index 54% rename from crypto_kem/newhope1024ccakem/clean/cpapke.h rename to crypto_kem/newhope1024cca/clean/cpapke.h index dad194f6..34be8055 100644 --- a/crypto_kem/newhope1024ccakem/clean/cpapke.h +++ b/crypto_kem/newhope1024cca/clean/cpapke.h @@ -1,15 +1,15 @@ #ifndef INDCPA_H #define INDCPA_H -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk, +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(unsigned char *pk, unsigned char *sk); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c, +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(unsigned char *c, const unsigned char *m, const unsigned char *pk, const unsigned char *coins); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(unsigned char *m, +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(unsigned char *m, const unsigned char *c, const unsigned char *sk); diff --git a/crypto_kem/newhope1024ccakem/clean/kem.c b/crypto_kem/newhope1024cca/clean/kem.c similarity index 79% rename from crypto_kem/newhope1024ccakem/clean/kem.c rename to crypto_kem/newhope1024cca/clean/kem.c index 67585c23..2ac276c6 100644 --- a/crypto_kem/newhope1024ccakem/clean/kem.c +++ b/crypto_kem/newhope1024cca/clean/kem.c @@ -19,10 +19,10 @@ * * Returns 0 (success) **************************************************/ -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { size_t i; - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(pk, sk); /* First put the actual secret key into sk */ + PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(pk, sk); /* First put the actual secret key into sk */ sk += NEWHOPE_CPAPKE_SECRETKEYBYTES; for (i = 0; i < NEWHOPE_CPAPKE_PUBLICKEYBYTES; i++) { /* Append the public key for re-encryption */ @@ -50,7 +50,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsign * * Returns 0 (success) **************************************************/ -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) { +int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) { unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */ unsigned char buf[2 * NEWHOPE_SYMBYTES]; int i; @@ -61,7 +61,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned c shake256(buf + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, pk, NEWHOPE_CCAKEM_PUBLICKEYBYTES); /* Multitarget countermeasure for coins + contributory KEM */ shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(ct, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */ + PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(ct, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */ for (i = 0; i < NEWHOPE_SYMBYTES; i++) { ct[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES]; /* copy Targhi-Unruh hash into ct */ @@ -86,30 +86,30 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned c * * On failure, ss will contain a randomized value. **************************************************/ -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) { +int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) { int i, fail; unsigned char ct_cmp[NEWHOPE_CCAKEM_CIPHERTEXTBYTES]; unsigned char buf[2 * NEWHOPE_SYMBYTES]; unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */ const unsigned char *pk = sk + NEWHOPE_CPAPKE_SECRETKEYBYTES; - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(buf, ct, sk); + PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(buf, ct, sk); for (i = 0; i < NEWHOPE_SYMBYTES; i++) { /* Use hash of pk stored in sk */ buf[NEWHOPE_SYMBYTES + i] = sk[NEWHOPE_CCAKEM_SECRETKEYBYTES - 2 * NEWHOPE_SYMBYTES + i]; } shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(ct_cmp, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */ + PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(ct_cmp, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */ for (i = 0; i < NEWHOPE_SYMBYTES; i++) { ct_cmp[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES]; } - fail = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(ct, ct_cmp, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); + fail = PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(ct, ct_cmp, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); shake256(k_coins_d + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, ct, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); /* overwrite coins in k_coins_d with h(c) */ - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(k_coins_d, sk + NEWHOPE_CCAKEM_SECRETKEYBYTES - NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, (unsigned char) fail); /* Overwrite pre-k with z on re-encryption failure */ + PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(k_coins_d, sk + NEWHOPE_CCAKEM_SECRETKEYBYTES - NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, (unsigned char) fail); /* Overwrite pre-k with z on re-encryption failure */ shake256(ss, NEWHOPE_SYMBYTES, k_coins_d, 2 * NEWHOPE_SYMBYTES); /* hash concatenation of pre-k and h(c) to k */ return 0; diff --git a/crypto_kem/newhope1024ccakem/clean/ntt.c b/crypto_kem/newhope1024cca/clean/ntt.c similarity index 92% rename from crypto_kem/newhope1024ccakem/clean/ntt.c rename to crypto_kem/newhope1024cca/clean/ntt.c index afed4ee1..ffefa465 100644 --- a/crypto_kem/newhope1024ccakem/clean/ntt.c +++ b/crypto_kem/newhope1024cca/clean/ntt.c @@ -51,7 +51,7 @@ static uint16_t bitrev_table[NEWHOPE_N] = { * * Arguments: - uint16_t* poly: pointer to in/output polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(uint16_t *poly) { unsigned int i, r; uint16_t tmp; @@ -74,11 +74,11 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly) { * - const uint16_t* factors: pointer to input polynomial, coefficients * are assumed to be in Montgomery representation **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors) { unsigned int i; for (i = 0; i < NEWHOPE_N; i++) { - poly[i] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((poly[i] * factors[i])); + poly[i] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((poly[i] * factors[i])); } } @@ -94,7 +94,7 @@ void /************************************************* * - const uint16_t* omega: pointer to input powers of root of unity omega; * assumed to be in Montgomery domain **************************************************/ -PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) { +PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt(uint16_t *a, const uint16_t *omega) { int i, start, j, jTwiddle, distance; uint16_t temp, W; @@ -108,7 +108,7 @@ PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) { W = omega[jTwiddle++]; temp = a[j]; a[j] = (temp + a[j + distance]); // Omit reduction (be lazy) - a[j + distance] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance]))); + a[j + distance] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance]))); } } @@ -120,7 +120,7 @@ PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) { W = omega[jTwiddle++]; temp = a[j]; a[j] = (temp + a[j + distance]) % NEWHOPE_Q; - a[j + distance] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance]))); + a[j + distance] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance]))); } } } diff --git a/crypto_kem/newhope1024cca/clean/ntt.h b/crypto_kem/newhope1024cca/clean/ntt.h new file mode 100644 index 00000000..c43ba5f1 --- /dev/null +++ b/crypto_kem/newhope1024cca/clean/ntt.h @@ -0,0 +1,14 @@ +#ifndef NTT_H +#define NTT_H + +#include "inttypes.h" + +extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery[]; +extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery[]; +extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery[]; + +void PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(uint16_t *poly); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt(uint16_t *a, const uint16_t *omegas); + +#endif diff --git a/crypto_kem/newhope1024ccakem/clean/params.h b/crypto_kem/newhope1024cca/clean/params.h similarity index 91% rename from crypto_kem/newhope1024ccakem/clean/params.h rename to crypto_kem/newhope1024cca/clean/params.h index ab049d68..4e5e6442 100644 --- a/crypto_kem/newhope1024ccakem/clean/params.h +++ b/crypto_kem/newhope1024cca/clean/params.h @@ -1,5 +1,5 @@ -#ifndef PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_PARAMS_H -#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_PARAMS_H +#ifndef PQCLEAN_NEWHOPE1024CCA_CLEAN_PARAMS_H +#define PQCLEAN_NEWHOPE1024CCA_CLEAN_PARAMS_H #define NEWHOPE_N 1024 #define NEWHOPE_Q 12289 diff --git a/crypto_kem/newhope1024ccakem/clean/poly.c b/crypto_kem/newhope1024cca/clean/poly.c similarity index 85% rename from crypto_kem/newhope1024ccakem/clean/poly.c rename to crypto_kem/newhope1024cca/clean/poly.c index 4d11314d..e368a6b3 100644 --- a/crypto_kem/newhope1024ccakem/clean/poly.c +++ b/crypto_kem/newhope1024cca/clean/poly.c @@ -51,7 +51,7 @@ static uint16_t flipabs(uint16_t x) { * Arguments: - poly *r: pointer to output polynomial * - const unsigned char *a: pointer to input byte array **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char *a) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(poly *r, const unsigned char *a) { int i; for (i = 0; i < NEWHOPE_N / 4; i++) { r->coeffs[4 * i + 0] = a[7 * i + 0] | (((uint16_t)a[7 * i + 1] & 0x3f) << 8); @@ -69,7 +69,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char * Arguments: - unsigned char *r: pointer to output byte array * - const poly *p: pointer to input polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *p) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(unsigned char *r, const poly *p) { int i; uint16_t t0, t1, t2, t3; for (i = 0; i < NEWHOPE_N / 4; i++) { @@ -96,7 +96,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly * * Arguments: - unsigned char *r: pointer to output byte array * - const poly *p: pointer to input polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly *p) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(unsigned char *r, const poly *p) { unsigned int i, j, k = 0; uint32_t t[8]; @@ -123,7 +123,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly * Arguments: - poly *r: pointer to output polynomial * - const unsigned char *a: pointer to input byte array **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned char *a) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(poly *r, const unsigned char *a) { unsigned int i, j; for (i = 0; i < NEWHOPE_N; i += 8) { r->coeffs[i + 0] = a[0] & 7; @@ -149,7 +149,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned cha * Arguments: - poly *r: pointer to output polynomial * - const unsigned char *msg: pointer to input message **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *msg) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(poly *r, const unsigned char *msg) { unsigned int i, j, mask; for (i = 0; i < 32; i++) { // XXX: MACRO for 32 for (j = 0; j < 8; j++) { @@ -170,7 +170,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char * * Arguments: - unsigned char *msg: pointer to output message * - const poly *x: pointer to input polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *x) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(unsigned char *msg, const poly *x) { unsigned int i; uint16_t t; @@ -199,7 +199,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly * * Arguments: - poly *a: pointer to output polynomial * - const unsigned char *seed: pointer to input seed **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(poly *a, const unsigned char *seed) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(poly *a, const unsigned char *seed) { unsigned int ctr = 0; uint16_t val; uint64_t state[25]; @@ -254,7 +254,7 @@ static unsigned char hw(unsigned char a) { * - const unsigned char *seed: pointer to input seed * - unsigned char nonce: one-byte input nonce **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce) { unsigned char buf[128], a, b; // uint32_t t, d, a, b, c; int i, j; @@ -298,12 +298,12 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *s * - const poly *a: pointer to first input polynomial * - const poly *b: pointer to second input polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b) { int i; uint16_t t; for (i = 0; i < NEWHOPE_N; i++) { - t = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(3186 * b->coeffs[i]); /* t is now in Montgomery domain */ - r->coeffs[i] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(a->coeffs[i] * t); /* r->coeffs[i] is back in normal domain */ + t = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(3186 * b->coeffs[i]); /* t is now in Montgomery domain */ + r->coeffs[i] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(a->coeffs[i] * t); /* r->coeffs[i] is back in normal domain */ } } @@ -316,7 +316,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a, * - const poly *a: pointer to first input polynomial * - const poly *b: pointer to second input polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly *b) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(poly *r, const poly *a, const poly *b) { int i; for (i = 0; i < NEWHOPE_N; i++) { r->coeffs[i] = (a->coeffs[i] + b->coeffs[i]) % NEWHOPE_Q; @@ -332,7 +332,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly * - const poly *a: pointer to first input polynomial * - const poly *b: pointer to second input polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) { int i; for (i = 0; i < NEWHOPE_N; i++) { r->coeffs[i] = (a->coeffs[i] + 3 * NEWHOPE_Q - b->coeffs[i]) % NEWHOPE_Q; @@ -348,9 +348,9 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly * * Arguments: - poly *r: pointer to in/output polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r) { - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(poly *r) { + PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery); + PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery); } /************************************************* @@ -362,9 +362,9 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r) { * * Arguments: - poly *r: pointer to in/output polynomial **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(poly *r) { - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(r->coeffs); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery); - PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(poly *r) { + PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(r->coeffs); + PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery); + PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery); } diff --git a/crypto_kem/newhope1024cca/clean/poly.h b/crypto_kem/newhope1024cca/clean/poly.h new file mode 100644 index 00000000..7da7ee58 --- /dev/null +++ b/crypto_kem/newhope1024cca/clean/poly.h @@ -0,0 +1,32 @@ +#ifndef POLY_H +#define POLY_H + +#include "params.h" +#include + +/* + * Elements of R_q = Z_q[X]/(X^n + 1). Represents polynomial + * coeffs[0] + X*coeffs[1] + X^2*xoeffs[2] + ... + X^{n-1}*coeffs[n-1] + */ +typedef struct { + uint16_t coeffs[NEWHOPE_N]; +} poly; + +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(poly *a, const unsigned char *seed); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(poly *r, const poly *a, const poly *b); + +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(poly *r); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(poly *r); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b); + +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(poly *r, const unsigned char *a); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(unsigned char *r, const poly *p); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(unsigned char *r, const poly *p); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(poly *r, const unsigned char *a); + +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(poly *r, const unsigned char *msg); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(unsigned char *msg, const poly *x); +void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(poly *r, const poly *a, const poly *b); + +#endif diff --git a/crypto_kem/newhope1024ccakem/clean/precomp.c b/crypto_kem/newhope1024cca/clean/precomp.c similarity index 99% rename from crypto_kem/newhope1024ccakem/clean/precomp.c rename to crypto_kem/newhope1024cca/clean/precomp.c index b61ee8fb..1540c6bb 100644 --- a/crypto_kem/newhope1024ccakem/clean/precomp.c +++ b/crypto_kem/newhope1024cca/clean/precomp.c @@ -78,7 +78,7 @@ * Description: Contains inverses of powers of nth root of unity * in Montgomery domain with R=2^18 in bit-reversed order ************************************************************/ -const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[NEWHOPE_N / 2] = { +const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery[NEWHOPE_N / 2] = { 4075, 5315, 4324, 4916, 10120, 11767, 7210, 9027, 10316, 6715, 1278, 9945, 3514, 11248, 11271, 5925, 147, 8500, 7840, 6833, 5537, 4749, 4467, 7500, 11099, 9606, 6171, 8471, 8429, 5445, 11239, 7753, 9090, 12233, 5529, 5206, 10587, 1987, 11635, 3565, 5415, 8646, 6153, 6427, 7341, 6152, 10561, 400, @@ -119,7 +119,7 @@ const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[NEWH * Description: Contains powers of nth root of -1 in Montgomery * domain with R=2^18 in bit-reversed order ************************************************************/ -const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[NEWHOPE_N] = { +const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery[NEWHOPE_N] = { 4075, 6974, 7373, 7965, 3262, 5079, 522, 2169, 6364, 1018, 1041, 8775, 2344, 11011, 5574, 1973, 4536, 1050, 6844, 3860, 3818, 6118, 2683, 1190, 4789, 7822, 7540, 6752, 5456, 4449, 3789, 12142, 11973, 382, 3988, 468, 6843, 5339, 6196, 3710, 11316, 1254, 5435, 10930, 3998, 10256, 10367, 3879, @@ -192,7 +192,7 @@ const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[NEWHOPE_ * Description: Contains inverses of powers of nth root of -1 * divided by n in Montgomery domain with R=2^18 ************************************************************/ -const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery[NEWHOPE_N] = { +const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery[NEWHOPE_N] = { 256, 10570, 1510, 7238, 1034, 7170, 6291, 7921, 11665, 3422, 4000, 2327, 2088, 5565, 795, 10647, 1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, 1669, 1994, 3796, 5809, 4341, 9398, 11876, 12230, 10525, 12037, 12253, 3506, 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553, 7387, 6322, diff --git a/crypto_kem/newhope1024ccakem/clean/reduce.c b/crypto_kem/newhope1024cca/clean/reduce.c similarity index 91% rename from crypto_kem/newhope1024ccakem/clean/reduce.c rename to crypto_kem/newhope1024cca/clean/reduce.c index d14c6748..a024f7ea 100644 --- a/crypto_kem/newhope1024ccakem/clean/reduce.c +++ b/crypto_kem/newhope1024cca/clean/reduce.c @@ -15,7 +15,7 @@ static const uint32_t rlog = 18; * * Returns: unsigned integer in {0,...,2^14-1} congruent to a * R^-1 modulo q. **************************************************/ -uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(uint32_t a) { +uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(uint32_t a) { uint32_t u; u = (a * qinv); diff --git a/crypto_kem/newhope1024cca/clean/reduce.h b/crypto_kem/newhope1024cca/clean/reduce.h new file mode 100644 index 00000000..268b049b --- /dev/null +++ b/crypto_kem/newhope1024cca/clean/reduce.h @@ -0,0 +1,8 @@ +#ifndef REDUCE_H +#define REDUCE_H + +#include + +uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(uint32_t a); + +#endif diff --git a/crypto_kem/newhope1024ccakem/clean/verify.c b/crypto_kem/newhope1024cca/clean/verify.c similarity index 86% rename from crypto_kem/newhope1024ccakem/clean/verify.c rename to crypto_kem/newhope1024cca/clean/verify.c index 8e5126c2..0cb31049 100644 --- a/crypto_kem/newhope1024ccakem/clean/verify.c +++ b/crypto_kem/newhope1024cca/clean/verify.c @@ -13,7 +13,7 @@ * * Returns 0 if the byte arrays are equal, 1 otherwise **************************************************/ -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len) { +int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len) { uint64_t r; size_t i; r = 0; @@ -39,7 +39,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigne * size_t len: Amount of bytes to be copied * unsigned char b: Condition bit; has to be in {0,1} **************************************************/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b) { +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b) { size_t i; b = -b; diff --git a/crypto_kem/newhope1024cca/clean/verify.h b/crypto_kem/newhope1024cca/clean/verify.h new file mode 100644 index 00000000..e5819338 --- /dev/null +++ b/crypto_kem/newhope1024cca/clean/verify.h @@ -0,0 +1,12 @@ +#ifndef VERIFY_H +#define VERIFY_H + +#include + +/* returns 0 for equal strings, 1 for non-equal strings */ +int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len); + +/* b = 1 means mov, b = 0 means don't mov*/ +void PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b); + +#endif diff --git a/crypto_kem/newhope1024ccakem/clean/api.h b/crypto_kem/newhope1024ccakem/clean/api.h deleted file mode 100644 index a4d84e69..00000000 --- a/crypto_kem/newhope1024ccakem/clean/api.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_API_H -#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_API_H - - -#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_SECRETKEYBYTES 3680 -#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_PUBLICKEYBYTES 1824 -#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_CIPHERTEXTBYTES 2208 -#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_BYTES 32 -#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_ALGNAME "NewHope1024-CCAKEM" - -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk); -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk); -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk); - -#endif diff --git a/crypto_kem/newhope1024ccakem/clean/ntt.h b/crypto_kem/newhope1024ccakem/clean/ntt.h deleted file mode 100644 index e9fd5e1d..00000000 --- a/crypto_kem/newhope1024ccakem/clean/ntt.h +++ /dev/null @@ -1,14 +0,0 @@ -#ifndef NTT_H -#define NTT_H - -#include "inttypes.h" - -extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[]; -extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[]; -extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery[]; - -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omegas); - -#endif diff --git a/crypto_kem/newhope1024ccakem/clean/poly.h b/crypto_kem/newhope1024ccakem/clean/poly.h deleted file mode 100644 index 2ffed246..00000000 --- a/crypto_kem/newhope1024ccakem/clean/poly.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef POLY_H -#define POLY_H - -#include "params.h" -#include - -/* - * Elements of R_q = Z_q[X]/(X^n + 1). Represents polynomial - * coeffs[0] + X*coeffs[1] + X^2*xoeffs[2] + ... + X^{n-1}*coeffs[n-1] - */ -typedef struct { - uint16_t coeffs[NEWHOPE_N]; -} poly; - -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(poly *a, const unsigned char *seed); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly *b); - -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(poly *r); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b); - -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char *a); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *p); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly *p); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned char *a); - -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *msg); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *x); -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly *b); - -#endif diff --git a/crypto_kem/newhope1024ccakem/clean/reduce.h b/crypto_kem/newhope1024ccakem/clean/reduce.h deleted file mode 100644 index 1598d193..00000000 --- a/crypto_kem/newhope1024ccakem/clean/reduce.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef REDUCE_H -#define REDUCE_H - -#include - -uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(uint32_t a); - -#endif diff --git a/crypto_kem/newhope1024ccakem/clean/verify.h b/crypto_kem/newhope1024ccakem/clean/verify.h deleted file mode 100644 index 12e73d9d..00000000 --- a/crypto_kem/newhope1024ccakem/clean/verify.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef VERIFY_H -#define VERIFY_H - -#include - -/* returns 0 for equal strings, 1 for non-equal strings */ -int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len); - -/* b = 1 means mov, b = 0 means don't mov*/ -void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b); - -#endif