rename newhope1024ccakem -> newhope1024cca
This commit is contained in:
parent
d879595da3
commit
12fafb1bf0
@ -1,4 +1,4 @@
|
|||||||
name: NewHope1024CCAKEM
|
name: NewHope1024CCA
|
||||||
type: kem
|
type: kem
|
||||||
claimed-nist-level: 5
|
claimed-nist-level: 5
|
||||||
length-public-key: 1824
|
length-public-key: 1824
|
@ -1,6 +1,6 @@
|
|||||||
# This Makefile can be used with GNU Make or BSD Make
|
# This Makefile can be used with GNU Make or BSD Make
|
||||||
|
|
||||||
LIB=libnewhope1024ccakem_clean.a
|
LIB=libnewhope1024cca_clean.a
|
||||||
HEADERS=api.h cpapke.h ntt.h params.h poly.h reduce.h verify.h
|
HEADERS=api.h cpapke.h ntt.h params.h poly.h reduce.h verify.h
|
||||||
OBJECTS=cpapke.o kem.o ntt.o poly.o precomp.o reduce.o verify.o
|
OBJECTS=cpapke.o kem.o ntt.o poly.o precomp.o reduce.o verify.o
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
# This Makefile can be used with Microsoft Visual Studio's nmake using the command:
|
# This Makefile can be used with Microsoft Visual Studio's nmake using the command:
|
||||||
# nmake /f Makefile.Microsoft_nmake
|
# nmake /f Makefile.Microsoft_nmake
|
||||||
|
|
||||||
LIBRARY=libnewhope1024ccakem_clean.lib
|
LIBRARY=libnewhope1024cca_clean.lib
|
||||||
OBJECTS=cpapke.obj kem.obj ntt.obj poly.obj precomp.obj reduce.obj verify.obj
|
OBJECTS=cpapke.obj kem.obj ntt.obj poly.obj precomp.obj reduce.obj verify.obj
|
||||||
|
|
||||||
CFLAGS=/nologo /I ..\..\..\common /W4 /WX
|
CFLAGS=/nologo /I ..\..\..\common /W4 /WX
|
15
crypto_kem/newhope1024cca/clean/api.h
Normal file
15
crypto_kem/newhope1024cca/clean/api.h
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#ifndef PQCLEAN_NEWHOPE1024CCA_CLEAN_API_H
|
||||||
|
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_API_H
|
||||||
|
|
||||||
|
|
||||||
|
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_SECRETKEYBYTES 3680
|
||||||
|
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_PUBLICKEYBYTES 1824
|
||||||
|
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_CIPHERTEXTBYTES 2208
|
||||||
|
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_BYTES 32
|
||||||
|
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_ALGNAME "NewHope1024-CCAKEM"
|
||||||
|
|
||||||
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
|
||||||
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk);
|
||||||
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk);
|
||||||
|
|
||||||
|
#endif
|
@ -18,7 +18,7 @@
|
|||||||
**************************************************/
|
**************************************************/
|
||||||
static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *seed) {
|
static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *seed) {
|
||||||
int i;
|
int i;
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(r, pk);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(r, pk);
|
||||||
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
||||||
r[NEWHOPE_POLYBYTES + i] = seed[i];
|
r[NEWHOPE_POLYBYTES + i] = seed[i];
|
||||||
}
|
}
|
||||||
@ -35,7 +35,7 @@ static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *see
|
|||||||
**************************************************/
|
**************************************************/
|
||||||
static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) {
|
static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) {
|
||||||
int i;
|
int i;
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(pk, r);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(pk, r);
|
||||||
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
||||||
seed[i] = r[NEWHOPE_POLYBYTES + i];
|
seed[i] = r[NEWHOPE_POLYBYTES + i];
|
||||||
}
|
}
|
||||||
@ -53,8 +53,8 @@ static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) {
|
|||||||
* - const poly *v: pointer to the input polynomial v
|
* - const poly *v: pointer to the input polynomial v
|
||||||
**************************************************/
|
**************************************************/
|
||||||
static void encode_c(unsigned char *r, const poly *b, const poly *v) {
|
static void encode_c(unsigned char *r, const poly *b, const poly *v) {
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(r, b);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(r, b);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(r + NEWHOPE_POLYBYTES, v);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(r + NEWHOPE_POLYBYTES, v);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*************************************************
|
/*************************************************
|
||||||
@ -67,8 +67,8 @@ static void encode_c(unsigned char *r, const poly *b, const poly *v) {
|
|||||||
* - const unsigned char *r: pointer to input byte array
|
* - const unsigned char *r: pointer to input byte array
|
||||||
**************************************************/
|
**************************************************/
|
||||||
static void decode_c(poly *b, poly *v, const unsigned char *r) {
|
static void decode_c(poly *b, poly *v, const unsigned char *r) {
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(b, r);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(b, r);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(v, r + NEWHOPE_POLYBYTES);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(v, r + NEWHOPE_POLYBYTES);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*************************************************
|
/*************************************************
|
||||||
@ -80,7 +80,7 @@ static void decode_c(poly *b, poly *v, const unsigned char *r) {
|
|||||||
* - const unsigned char *seed: pointer to input seed
|
* - const unsigned char *seed: pointer to input seed
|
||||||
**************************************************/
|
**************************************************/
|
||||||
static void gen_a(poly *a, const unsigned char *seed) {
|
static void gen_a(poly *a, const unsigned char *seed) {
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(a, seed);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(a, seed);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -94,7 +94,7 @@ static void gen_a(poly *a, const unsigned char *seed) {
|
|||||||
* Arguments: - unsigned char *pk: pointer to output public key
|
* Arguments: - unsigned char *pk: pointer to output public key
|
||||||
* - unsigned char *sk: pointer to output private key
|
* - unsigned char *sk: pointer to output private key
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk,
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(unsigned char *pk,
|
||||||
unsigned char *sk) {
|
unsigned char *sk) {
|
||||||
poly ahat, ehat, ahat_shat, bhat, shat;
|
poly ahat, ehat, ahat_shat, bhat, shat;
|
||||||
unsigned char z[2 * NEWHOPE_SYMBYTES];
|
unsigned char z[2 * NEWHOPE_SYMBYTES];
|
||||||
@ -106,16 +106,16 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk,
|
|||||||
|
|
||||||
gen_a(&ahat, publicseed);
|
gen_a(&ahat, publicseed);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&shat, noiseseed, 0);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&shat, noiseseed, 0);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&shat);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&shat);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&ehat, noiseseed, 1);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&ehat, noiseseed, 1);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&ehat);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&ehat);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&ahat_shat, &shat, &ahat);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&ahat_shat, &shat, &ahat);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&bhat, &ehat, &ahat_shat);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&bhat, &ehat, &ahat_shat);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(sk, &shat);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(sk, &shat);
|
||||||
encode_pk(pk, &bhat, publicseed);
|
encode_pk(pk, &bhat, publicseed);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -132,33 +132,33 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk,
|
|||||||
* - const unsigned char *coin: pointer to input random coins used as seed
|
* - const unsigned char *coin: pointer to input random coins used as seed
|
||||||
* to deterministically generate all randomness
|
* to deterministically generate all randomness
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c,
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(unsigned char *c,
|
||||||
const unsigned char *m,
|
const unsigned char *m,
|
||||||
const unsigned char *pk,
|
const unsigned char *pk,
|
||||||
const unsigned char *coin) {
|
const unsigned char *coin) {
|
||||||
poly sprime, eprime, vprime, ahat, bhat, eprimeprime, uhat, v;
|
poly sprime, eprime, vprime, ahat, bhat, eprimeprime, uhat, v;
|
||||||
unsigned char publicseed[NEWHOPE_SYMBYTES];
|
unsigned char publicseed[NEWHOPE_SYMBYTES];
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(&v, m);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(&v, m);
|
||||||
|
|
||||||
decode_pk(&bhat, publicseed, pk);
|
decode_pk(&bhat, publicseed, pk);
|
||||||
gen_a(&ahat, publicseed);
|
gen_a(&ahat, publicseed);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&sprime, coin, 0);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&sprime, coin, 0);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&eprime, coin, 1);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&eprime, coin, 1);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&eprimeprime, coin, 2);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&eprimeprime, coin, 2);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&sprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&sprime);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&eprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&eprime);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&uhat, &ahat, &sprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&uhat, &ahat, &sprime);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&uhat, &uhat, &eprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&uhat, &uhat, &eprime);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&vprime, &bhat, &sprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&vprime, &bhat, &sprime);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(&vprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(&vprime);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&vprime, &vprime, &eprimeprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&vprime, &vprime, &eprimeprime);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&vprime, &vprime, &v); // add message
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&vprime, &vprime, &v); // add message
|
||||||
|
|
||||||
encode_c(c, &uhat, &vprime);
|
encode_c(c, &uhat, &vprime);
|
||||||
}
|
}
|
||||||
@ -175,18 +175,18 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c,
|
|||||||
* - const unsigned char *c: pointer to input ciphertext
|
* - const unsigned char *c: pointer to input ciphertext
|
||||||
* - const unsigned char *sk: pointer to input secret key
|
* - const unsigned char *sk: pointer to input secret key
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(unsigned char *m,
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(unsigned char *m,
|
||||||
const unsigned char *c,
|
const unsigned char *c,
|
||||||
const unsigned char *sk) {
|
const unsigned char *sk) {
|
||||||
poly vprime, uhat, tmp, shat;
|
poly vprime, uhat, tmp, shat;
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(&shat, sk);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(&shat, sk);
|
||||||
|
|
||||||
decode_c(&uhat, &vprime, c);
|
decode_c(&uhat, &vprime, c);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&tmp, &shat, &uhat);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&tmp, &shat, &uhat);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(&tmp);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(&tmp);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(&tmp, &tmp, &vprime);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(&tmp, &tmp, &vprime);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(m, &tmp);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(m, &tmp);
|
||||||
}
|
}
|
@ -1,15 +1,15 @@
|
|||||||
#ifndef INDCPA_H
|
#ifndef INDCPA_H
|
||||||
#define INDCPA_H
|
#define INDCPA_H
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk,
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(unsigned char *pk,
|
||||||
unsigned char *sk);
|
unsigned char *sk);
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c,
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(unsigned char *c,
|
||||||
const unsigned char *m,
|
const unsigned char *m,
|
||||||
const unsigned char *pk,
|
const unsigned char *pk,
|
||||||
const unsigned char *coins);
|
const unsigned char *coins);
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(unsigned char *m,
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(unsigned char *m,
|
||||||
const unsigned char *c,
|
const unsigned char *c,
|
||||||
const unsigned char *sk);
|
const unsigned char *sk);
|
||||||
|
|
@ -19,10 +19,10 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(pk, sk); /* First put the actual secret key into sk */
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(pk, sk); /* First put the actual secret key into sk */
|
||||||
sk += NEWHOPE_CPAPKE_SECRETKEYBYTES;
|
sk += NEWHOPE_CPAPKE_SECRETKEYBYTES;
|
||||||
|
|
||||||
for (i = 0; i < NEWHOPE_CPAPKE_PUBLICKEYBYTES; i++) { /* Append the public key for re-encryption */
|
for (i = 0; i < NEWHOPE_CPAPKE_PUBLICKEYBYTES; i++) { /* Append the public key for re-encryption */
|
||||||
@ -50,7 +50,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsign
|
|||||||
*
|
*
|
||||||
* Returns 0 (success)
|
* Returns 0 (success)
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
||||||
unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */
|
unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */
|
||||||
unsigned char buf[2 * NEWHOPE_SYMBYTES];
|
unsigned char buf[2 * NEWHOPE_SYMBYTES];
|
||||||
int i;
|
int i;
|
||||||
@ -61,7 +61,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned c
|
|||||||
shake256(buf + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, pk, NEWHOPE_CCAKEM_PUBLICKEYBYTES); /* Multitarget countermeasure for coins + contributory KEM */
|
shake256(buf + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, pk, NEWHOPE_CCAKEM_PUBLICKEYBYTES); /* Multitarget countermeasure for coins + contributory KEM */
|
||||||
shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES);
|
shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(ct, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(ct, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */
|
||||||
|
|
||||||
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
||||||
ct[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES]; /* copy Targhi-Unruh hash into ct */
|
ct[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES]; /* copy Targhi-Unruh hash into ct */
|
||||||
@ -86,30 +86,30 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned c
|
|||||||
*
|
*
|
||||||
* On failure, ss will contain a randomized value.
|
* On failure, ss will contain a randomized value.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
|
||||||
int i, fail;
|
int i, fail;
|
||||||
unsigned char ct_cmp[NEWHOPE_CCAKEM_CIPHERTEXTBYTES];
|
unsigned char ct_cmp[NEWHOPE_CCAKEM_CIPHERTEXTBYTES];
|
||||||
unsigned char buf[2 * NEWHOPE_SYMBYTES];
|
unsigned char buf[2 * NEWHOPE_SYMBYTES];
|
||||||
unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */
|
unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */
|
||||||
const unsigned char *pk = sk + NEWHOPE_CPAPKE_SECRETKEYBYTES;
|
const unsigned char *pk = sk + NEWHOPE_CPAPKE_SECRETKEYBYTES;
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(buf, ct, sk);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(buf, ct, sk);
|
||||||
|
|
||||||
for (i = 0; i < NEWHOPE_SYMBYTES; i++) { /* Use hash of pk stored in sk */
|
for (i = 0; i < NEWHOPE_SYMBYTES; i++) { /* Use hash of pk stored in sk */
|
||||||
buf[NEWHOPE_SYMBYTES + i] = sk[NEWHOPE_CCAKEM_SECRETKEYBYTES - 2 * NEWHOPE_SYMBYTES + i];
|
buf[NEWHOPE_SYMBYTES + i] = sk[NEWHOPE_CCAKEM_SECRETKEYBYTES - 2 * NEWHOPE_SYMBYTES + i];
|
||||||
}
|
}
|
||||||
shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES);
|
shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES);
|
||||||
|
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(ct_cmp, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(ct_cmp, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */
|
||||||
|
|
||||||
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
|
||||||
ct_cmp[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES];
|
ct_cmp[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES];
|
||||||
}
|
}
|
||||||
|
|
||||||
fail = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(ct, ct_cmp, NEWHOPE_CCAKEM_CIPHERTEXTBYTES);
|
fail = PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(ct, ct_cmp, NEWHOPE_CCAKEM_CIPHERTEXTBYTES);
|
||||||
|
|
||||||
shake256(k_coins_d + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, ct, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); /* overwrite coins in k_coins_d with h(c) */
|
shake256(k_coins_d + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, ct, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); /* overwrite coins in k_coins_d with h(c) */
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(k_coins_d, sk + NEWHOPE_CCAKEM_SECRETKEYBYTES - NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, (unsigned char) fail); /* Overwrite pre-k with z on re-encryption failure */
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(k_coins_d, sk + NEWHOPE_CCAKEM_SECRETKEYBYTES - NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, (unsigned char) fail); /* Overwrite pre-k with z on re-encryption failure */
|
||||||
shake256(ss, NEWHOPE_SYMBYTES, k_coins_d, 2 * NEWHOPE_SYMBYTES); /* hash concatenation of pre-k and h(c) to k */
|
shake256(ss, NEWHOPE_SYMBYTES, k_coins_d, 2 * NEWHOPE_SYMBYTES); /* hash concatenation of pre-k and h(c) to k */
|
||||||
|
|
||||||
return 0;
|
return 0;
|
@ -51,7 +51,7 @@ static uint16_t bitrev_table[NEWHOPE_N] = {
|
|||||||
*
|
*
|
||||||
* Arguments: - uint16_t* poly: pointer to in/output polynomial
|
* Arguments: - uint16_t* poly: pointer to in/output polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(uint16_t *poly) {
|
||||||
unsigned int i, r;
|
unsigned int i, r;
|
||||||
uint16_t tmp;
|
uint16_t tmp;
|
||||||
|
|
||||||
@ -74,11 +74,11 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly) {
|
|||||||
* - const uint16_t* factors: pointer to input polynomial, coefficients
|
* - const uint16_t* factors: pointer to input polynomial, coefficients
|
||||||
* are assumed to be in Montgomery representation
|
* are assumed to be in Montgomery representation
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
for (i = 0; i < NEWHOPE_N; i++) {
|
for (i = 0; i < NEWHOPE_N; i++) {
|
||||||
poly[i] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((poly[i] * factors[i]));
|
poly[i] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((poly[i] * factors[i]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -94,7 +94,7 @@ void /*************************************************
|
|||||||
* - const uint16_t* omega: pointer to input powers of root of unity omega;
|
* - const uint16_t* omega: pointer to input powers of root of unity omega;
|
||||||
* assumed to be in Montgomery domain
|
* assumed to be in Montgomery domain
|
||||||
**************************************************/
|
**************************************************/
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) {
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt(uint16_t *a, const uint16_t *omega) {
|
||||||
int i, start, j, jTwiddle, distance;
|
int i, start, j, jTwiddle, distance;
|
||||||
uint16_t temp, W;
|
uint16_t temp, W;
|
||||||
|
|
||||||
@ -108,7 +108,7 @@ PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) {
|
|||||||
W = omega[jTwiddle++];
|
W = omega[jTwiddle++];
|
||||||
temp = a[j];
|
temp = a[j];
|
||||||
a[j] = (temp + a[j + distance]); // Omit reduction (be lazy)
|
a[j] = (temp + a[j + distance]); // Omit reduction (be lazy)
|
||||||
a[j + distance] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance])));
|
a[j + distance] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance])));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -120,7 +120,7 @@ PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) {
|
|||||||
W = omega[jTwiddle++];
|
W = omega[jTwiddle++];
|
||||||
temp = a[j];
|
temp = a[j];
|
||||||
a[j] = (temp + a[j + distance]) % NEWHOPE_Q;
|
a[j] = (temp + a[j + distance]) % NEWHOPE_Q;
|
||||||
a[j + distance] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance])));
|
a[j + distance] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance])));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
14
crypto_kem/newhope1024cca/clean/ntt.h
Normal file
14
crypto_kem/newhope1024cca/clean/ntt.h
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
#ifndef NTT_H
|
||||||
|
#define NTT_H
|
||||||
|
|
||||||
|
#include "inttypes.h"
|
||||||
|
|
||||||
|
extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery[];
|
||||||
|
extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery[];
|
||||||
|
extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery[];
|
||||||
|
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(uint16_t *poly);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt(uint16_t *a, const uint16_t *omegas);
|
||||||
|
|
||||||
|
#endif
|
@ -1,5 +1,5 @@
|
|||||||
#ifndef PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_PARAMS_H
|
#ifndef PQCLEAN_NEWHOPE1024CCA_CLEAN_PARAMS_H
|
||||||
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_PARAMS_H
|
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_PARAMS_H
|
||||||
|
|
||||||
#define NEWHOPE_N 1024
|
#define NEWHOPE_N 1024
|
||||||
#define NEWHOPE_Q 12289
|
#define NEWHOPE_Q 12289
|
@ -51,7 +51,7 @@ static uint16_t flipabs(uint16_t x) {
|
|||||||
* Arguments: - poly *r: pointer to output polynomial
|
* Arguments: - poly *r: pointer to output polynomial
|
||||||
* - const unsigned char *a: pointer to input byte array
|
* - const unsigned char *a: pointer to input byte array
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char *a) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(poly *r, const unsigned char *a) {
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i < NEWHOPE_N / 4; i++) {
|
for (i = 0; i < NEWHOPE_N / 4; i++) {
|
||||||
r->coeffs[4 * i + 0] = a[7 * i + 0] | (((uint16_t)a[7 * i + 1] & 0x3f) << 8);
|
r->coeffs[4 * i + 0] = a[7 * i + 0] | (((uint16_t)a[7 * i + 1] & 0x3f) << 8);
|
||||||
@ -69,7 +69,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char
|
|||||||
* Arguments: - unsigned char *r: pointer to output byte array
|
* Arguments: - unsigned char *r: pointer to output byte array
|
||||||
* - const poly *p: pointer to input polynomial
|
* - const poly *p: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *p) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(unsigned char *r, const poly *p) {
|
||||||
int i;
|
int i;
|
||||||
uint16_t t0, t1, t2, t3;
|
uint16_t t0, t1, t2, t3;
|
||||||
for (i = 0; i < NEWHOPE_N / 4; i++) {
|
for (i = 0; i < NEWHOPE_N / 4; i++) {
|
||||||
@ -96,7 +96,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *
|
|||||||
* Arguments: - unsigned char *r: pointer to output byte array
|
* Arguments: - unsigned char *r: pointer to output byte array
|
||||||
* - const poly *p: pointer to input polynomial
|
* - const poly *p: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly *p) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(unsigned char *r, const poly *p) {
|
||||||
unsigned int i, j, k = 0;
|
unsigned int i, j, k = 0;
|
||||||
|
|
||||||
uint32_t t[8];
|
uint32_t t[8];
|
||||||
@ -123,7 +123,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly
|
|||||||
* Arguments: - poly *r: pointer to output polynomial
|
* Arguments: - poly *r: pointer to output polynomial
|
||||||
* - const unsigned char *a: pointer to input byte array
|
* - const unsigned char *a: pointer to input byte array
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned char *a) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(poly *r, const unsigned char *a) {
|
||||||
unsigned int i, j;
|
unsigned int i, j;
|
||||||
for (i = 0; i < NEWHOPE_N; i += 8) {
|
for (i = 0; i < NEWHOPE_N; i += 8) {
|
||||||
r->coeffs[i + 0] = a[0] & 7;
|
r->coeffs[i + 0] = a[0] & 7;
|
||||||
@ -149,7 +149,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned cha
|
|||||||
* Arguments: - poly *r: pointer to output polynomial
|
* Arguments: - poly *r: pointer to output polynomial
|
||||||
* - const unsigned char *msg: pointer to input message
|
* - const unsigned char *msg: pointer to input message
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *msg) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(poly *r, const unsigned char *msg) {
|
||||||
unsigned int i, j, mask;
|
unsigned int i, j, mask;
|
||||||
for (i = 0; i < 32; i++) { // XXX: MACRO for 32
|
for (i = 0; i < 32; i++) { // XXX: MACRO for 32
|
||||||
for (j = 0; j < 8; j++) {
|
for (j = 0; j < 8; j++) {
|
||||||
@ -170,7 +170,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *
|
|||||||
* Arguments: - unsigned char *msg: pointer to output message
|
* Arguments: - unsigned char *msg: pointer to output message
|
||||||
* - const poly *x: pointer to input polynomial
|
* - const poly *x: pointer to input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *x) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(unsigned char *msg, const poly *x) {
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
uint16_t t;
|
uint16_t t;
|
||||||
|
|
||||||
@ -199,7 +199,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *
|
|||||||
* Arguments: - poly *a: pointer to output polynomial
|
* Arguments: - poly *a: pointer to output polynomial
|
||||||
* - const unsigned char *seed: pointer to input seed
|
* - const unsigned char *seed: pointer to input seed
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(poly *a, const unsigned char *seed) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(poly *a, const unsigned char *seed) {
|
||||||
unsigned int ctr = 0;
|
unsigned int ctr = 0;
|
||||||
uint16_t val;
|
uint16_t val;
|
||||||
uint64_t state[25];
|
uint64_t state[25];
|
||||||
@ -254,7 +254,7 @@ static unsigned char hw(unsigned char a) {
|
|||||||
* - const unsigned char *seed: pointer to input seed
|
* - const unsigned char *seed: pointer to input seed
|
||||||
* - unsigned char nonce: one-byte input nonce
|
* - unsigned char nonce: one-byte input nonce
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce) {
|
||||||
unsigned char buf[128], a, b;
|
unsigned char buf[128], a, b;
|
||||||
// uint32_t t, d, a, b, c;
|
// uint32_t t, d, a, b, c;
|
||||||
int i, j;
|
int i, j;
|
||||||
@ -298,12 +298,12 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *s
|
|||||||
* - const poly *a: pointer to first input polynomial
|
* - const poly *a: pointer to first input polynomial
|
||||||
* - const poly *b: pointer to second input polynomial
|
* - const poly *b: pointer to second input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b) {
|
||||||
int i;
|
int i;
|
||||||
uint16_t t;
|
uint16_t t;
|
||||||
for (i = 0; i < NEWHOPE_N; i++) {
|
for (i = 0; i < NEWHOPE_N; i++) {
|
||||||
t = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(3186 * b->coeffs[i]); /* t is now in Montgomery domain */
|
t = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(3186 * b->coeffs[i]); /* t is now in Montgomery domain */
|
||||||
r->coeffs[i] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(a->coeffs[i] * t); /* r->coeffs[i] is back in normal domain */
|
r->coeffs[i] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(a->coeffs[i] * t); /* r->coeffs[i] is back in normal domain */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -316,7 +316,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a,
|
|||||||
* - const poly *a: pointer to first input polynomial
|
* - const poly *a: pointer to first input polynomial
|
||||||
* - const poly *b: pointer to second input polynomial
|
* - const poly *b: pointer to second input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly *b) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(poly *r, const poly *a, const poly *b) {
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i < NEWHOPE_N; i++) {
|
for (i = 0; i < NEWHOPE_N; i++) {
|
||||||
r->coeffs[i] = (a->coeffs[i] + b->coeffs[i]) % NEWHOPE_Q;
|
r->coeffs[i] = (a->coeffs[i] + b->coeffs[i]) % NEWHOPE_Q;
|
||||||
@ -332,7 +332,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly
|
|||||||
* - const poly *a: pointer to first input polynomial
|
* - const poly *a: pointer to first input polynomial
|
||||||
* - const poly *b: pointer to second input polynomial
|
* - const poly *b: pointer to second input polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) {
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i < NEWHOPE_N; i++) {
|
for (i = 0; i < NEWHOPE_N; i++) {
|
||||||
r->coeffs[i] = (a->coeffs[i] + 3 * NEWHOPE_Q - b->coeffs[i]) % NEWHOPE_Q;
|
r->coeffs[i] = (a->coeffs[i] + 3 * NEWHOPE_Q - b->coeffs[i]) % NEWHOPE_Q;
|
||||||
@ -348,9 +348,9 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly
|
|||||||
*
|
*
|
||||||
* Arguments: - poly *r: pointer to in/output polynomial
|
* Arguments: - poly *r: pointer to in/output polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(poly *r) {
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*************************************************
|
/*************************************************
|
||||||
@ -362,9 +362,9 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r) {
|
|||||||
*
|
*
|
||||||
* Arguments: - poly *r: pointer to in/output polynomial
|
* Arguments: - poly *r: pointer to in/output polynomial
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(poly *r) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(poly *r) {
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(r->coeffs);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(r->coeffs);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery);
|
||||||
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery);
|
PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery);
|
||||||
}
|
}
|
||||||
|
|
32
crypto_kem/newhope1024cca/clean/poly.h
Normal file
32
crypto_kem/newhope1024cca/clean/poly.h
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
#ifndef POLY_H
|
||||||
|
#define POLY_H
|
||||||
|
|
||||||
|
#include "params.h"
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Elements of R_q = Z_q[X]/(X^n + 1). Represents polynomial
|
||||||
|
* coeffs[0] + X*coeffs[1] + X^2*xoeffs[2] + ... + X^{n-1}*coeffs[n-1]
|
||||||
|
*/
|
||||||
|
typedef struct {
|
||||||
|
uint16_t coeffs[NEWHOPE_N];
|
||||||
|
} poly;
|
||||||
|
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(poly *a, const unsigned char *seed);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(poly *r, const poly *a, const poly *b);
|
||||||
|
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(poly *r);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(poly *r);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b);
|
||||||
|
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(poly *r, const unsigned char *a);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(unsigned char *r, const poly *p);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(unsigned char *r, const poly *p);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(poly *r, const unsigned char *a);
|
||||||
|
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(poly *r, const unsigned char *msg);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(unsigned char *msg, const poly *x);
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(poly *r, const poly *a, const poly *b);
|
||||||
|
|
||||||
|
#endif
|
@ -78,7 +78,7 @@
|
|||||||
* Description: Contains inverses of powers of nth root of unity
|
* Description: Contains inverses of powers of nth root of unity
|
||||||
* in Montgomery domain with R=2^18 in bit-reversed order
|
* in Montgomery domain with R=2^18 in bit-reversed order
|
||||||
************************************************************/
|
************************************************************/
|
||||||
const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[NEWHOPE_N / 2] = {
|
const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery[NEWHOPE_N / 2] = {
|
||||||
4075, 5315, 4324, 4916, 10120, 11767, 7210, 9027, 10316, 6715, 1278, 9945, 3514, 11248, 11271, 5925,
|
4075, 5315, 4324, 4916, 10120, 11767, 7210, 9027, 10316, 6715, 1278, 9945, 3514, 11248, 11271, 5925,
|
||||||
147, 8500, 7840, 6833, 5537, 4749, 4467, 7500, 11099, 9606, 6171, 8471, 8429, 5445, 11239, 7753,
|
147, 8500, 7840, 6833, 5537, 4749, 4467, 7500, 11099, 9606, 6171, 8471, 8429, 5445, 11239, 7753,
|
||||||
9090, 12233, 5529, 5206, 10587, 1987, 11635, 3565, 5415, 8646, 6153, 6427, 7341, 6152, 10561, 400,
|
9090, 12233, 5529, 5206, 10587, 1987, 11635, 3565, 5415, 8646, 6153, 6427, 7341, 6152, 10561, 400,
|
||||||
@ -119,7 +119,7 @@ const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[NEWH
|
|||||||
* Description: Contains powers of nth root of -1 in Montgomery
|
* Description: Contains powers of nth root of -1 in Montgomery
|
||||||
* domain with R=2^18 in bit-reversed order
|
* domain with R=2^18 in bit-reversed order
|
||||||
************************************************************/
|
************************************************************/
|
||||||
const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[NEWHOPE_N] = {
|
const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery[NEWHOPE_N] = {
|
||||||
4075, 6974, 7373, 7965, 3262, 5079, 522, 2169, 6364, 1018, 1041, 8775, 2344, 11011, 5574, 1973,
|
4075, 6974, 7373, 7965, 3262, 5079, 522, 2169, 6364, 1018, 1041, 8775, 2344, 11011, 5574, 1973,
|
||||||
4536, 1050, 6844, 3860, 3818, 6118, 2683, 1190, 4789, 7822, 7540, 6752, 5456, 4449, 3789, 12142,
|
4536, 1050, 6844, 3860, 3818, 6118, 2683, 1190, 4789, 7822, 7540, 6752, 5456, 4449, 3789, 12142,
|
||||||
11973, 382, 3988, 468, 6843, 5339, 6196, 3710, 11316, 1254, 5435, 10930, 3998, 10256, 10367, 3879,
|
11973, 382, 3988, 468, 6843, 5339, 6196, 3710, 11316, 1254, 5435, 10930, 3998, 10256, 10367, 3879,
|
||||||
@ -192,7 +192,7 @@ const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[NEWHOPE_
|
|||||||
* Description: Contains inverses of powers of nth root of -1
|
* Description: Contains inverses of powers of nth root of -1
|
||||||
* divided by n in Montgomery domain with R=2^18
|
* divided by n in Montgomery domain with R=2^18
|
||||||
************************************************************/
|
************************************************************/
|
||||||
const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery[NEWHOPE_N] = {
|
const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery[NEWHOPE_N] = {
|
||||||
256, 10570, 1510, 7238, 1034, 7170, 6291, 7921, 11665, 3422, 4000, 2327, 2088, 5565, 795, 10647,
|
256, 10570, 1510, 7238, 1034, 7170, 6291, 7921, 11665, 3422, 4000, 2327, 2088, 5565, 795, 10647,
|
||||||
1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, 1669, 1994, 3796, 5809, 4341, 9398, 11876, 12230,
|
1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, 1669, 1994, 3796, 5809, 4341, 9398, 11876, 12230,
|
||||||
10525, 12037, 12253, 3506, 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553, 7387, 6322,
|
10525, 12037, 12253, 3506, 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553, 7387, 6322,
|
@ -15,7 +15,7 @@ static const uint32_t rlog = 18;
|
|||||||
*
|
*
|
||||||
* Returns: unsigned integer in {0,...,2^14-1} congruent to a * R^-1 modulo q.
|
* Returns: unsigned integer in {0,...,2^14-1} congruent to a * R^-1 modulo q.
|
||||||
**************************************************/
|
**************************************************/
|
||||||
uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(uint32_t a) {
|
uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(uint32_t a) {
|
||||||
uint32_t u;
|
uint32_t u;
|
||||||
|
|
||||||
u = (a * qinv);
|
u = (a * qinv);
|
8
crypto_kem/newhope1024cca/clean/reduce.h
Normal file
8
crypto_kem/newhope1024cca/clean/reduce.h
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#ifndef REDUCE_H
|
||||||
|
#define REDUCE_H
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(uint32_t a);
|
||||||
|
|
||||||
|
#endif
|
@ -13,7 +13,7 @@
|
|||||||
*
|
*
|
||||||
* Returns 0 if the byte arrays are equal, 1 otherwise
|
* Returns 0 if the byte arrays are equal, 1 otherwise
|
||||||
**************************************************/
|
**************************************************/
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len) {
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len) {
|
||||||
uint64_t r;
|
uint64_t r;
|
||||||
size_t i;
|
size_t i;
|
||||||
r = 0;
|
r = 0;
|
||||||
@ -39,7 +39,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigne
|
|||||||
* size_t len: Amount of bytes to be copied
|
* size_t len: Amount of bytes to be copied
|
||||||
* unsigned char b: Condition bit; has to be in {0,1}
|
* unsigned char b: Condition bit; has to be in {0,1}
|
||||||
**************************************************/
|
**************************************************/
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b) {
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b) {
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
b = -b;
|
b = -b;
|
12
crypto_kem/newhope1024cca/clean/verify.h
Normal file
12
crypto_kem/newhope1024cca/clean/verify.h
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
#ifndef VERIFY_H
|
||||||
|
#define VERIFY_H
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
/* returns 0 for equal strings, 1 for non-equal strings */
|
||||||
|
int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len);
|
||||||
|
|
||||||
|
/* b = 1 means mov, b = 0 means don't mov*/
|
||||||
|
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b);
|
||||||
|
|
||||||
|
#endif
|
@ -1,15 +0,0 @@
|
|||||||
#ifndef PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_API_H
|
|
||||||
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_API_H
|
|
||||||
|
|
||||||
|
|
||||||
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_SECRETKEYBYTES 3680
|
|
||||||
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_PUBLICKEYBYTES 1824
|
|
||||||
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_CIPHERTEXTBYTES 2208
|
|
||||||
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_BYTES 32
|
|
||||||
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_ALGNAME "NewHope1024-CCAKEM"
|
|
||||||
|
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
|
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk);
|
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk);
|
|
||||||
|
|
||||||
#endif
|
|
@ -1,14 +0,0 @@
|
|||||||
#ifndef NTT_H
|
|
||||||
#define NTT_H
|
|
||||||
|
|
||||||
#include "inttypes.h"
|
|
||||||
|
|
||||||
extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[];
|
|
||||||
extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[];
|
|
||||||
extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery[];
|
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omegas);
|
|
||||||
|
|
||||||
#endif
|
|
@ -1,32 +0,0 @@
|
|||||||
#ifndef POLY_H
|
|
||||||
#define POLY_H
|
|
||||||
|
|
||||||
#include "params.h"
|
|
||||||
#include <stdint.h>
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Elements of R_q = Z_q[X]/(X^n + 1). Represents polynomial
|
|
||||||
* coeffs[0] + X*coeffs[1] + X^2*xoeffs[2] + ... + X^{n-1}*coeffs[n-1]
|
|
||||||
*/
|
|
||||||
typedef struct {
|
|
||||||
uint16_t coeffs[NEWHOPE_N];
|
|
||||||
} poly;
|
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(poly *a, const unsigned char *seed);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly *b);
|
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(poly *r);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b);
|
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char *a);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *p);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly *p);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned char *a);
|
|
||||||
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *msg);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *x);
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly *b);
|
|
||||||
|
|
||||||
#endif
|
|
@ -1,8 +0,0 @@
|
|||||||
#ifndef REDUCE_H
|
|
||||||
#define REDUCE_H
|
|
||||||
|
|
||||||
#include <stdint.h>
|
|
||||||
|
|
||||||
uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(uint32_t a);
|
|
||||||
|
|
||||||
#endif
|
|
@ -1,12 +0,0 @@
|
|||||||
#ifndef VERIFY_H
|
|
||||||
#define VERIFY_H
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
/* returns 0 for equal strings, 1 for non-equal strings */
|
|
||||||
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len);
|
|
||||||
|
|
||||||
/* b = 1 means mov, b = 0 means don't mov*/
|
|
||||||
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b);
|
|
||||||
|
|
||||||
#endif
|
|
Loading…
Reference in New Issue
Block a user