rename newhope1024ccakem -> newhope1024cca

This commit is contained in:
Matthias J. Kannwischer 2019-05-08 17:07:57 +02:00
parent d879595da3
commit 12fafb1bf0
23 changed files with 164 additions and 164 deletions

View File

@ -1,4 +1,4 @@
name: NewHope1024CCAKEM name: NewHope1024CCA
type: kem type: kem
claimed-nist-level: 5 claimed-nist-level: 5
length-public-key: 1824 length-public-key: 1824

View File

@ -1,6 +1,6 @@
# This Makefile can be used with GNU Make or BSD Make # This Makefile can be used with GNU Make or BSD Make
LIB=libnewhope1024ccakem_clean.a LIB=libnewhope1024cca_clean.a
HEADERS=api.h cpapke.h ntt.h params.h poly.h reduce.h verify.h HEADERS=api.h cpapke.h ntt.h params.h poly.h reduce.h verify.h
OBJECTS=cpapke.o kem.o ntt.o poly.o precomp.o reduce.o verify.o OBJECTS=cpapke.o kem.o ntt.o poly.o precomp.o reduce.o verify.o

View File

@ -1,7 +1,7 @@
# This Makefile can be used with Microsoft Visual Studio's nmake using the command: # This Makefile can be used with Microsoft Visual Studio's nmake using the command:
# nmake /f Makefile.Microsoft_nmake # nmake /f Makefile.Microsoft_nmake
LIBRARY=libnewhope1024ccakem_clean.lib LIBRARY=libnewhope1024cca_clean.lib
OBJECTS=cpapke.obj kem.obj ntt.obj poly.obj precomp.obj reduce.obj verify.obj OBJECTS=cpapke.obj kem.obj ntt.obj poly.obj precomp.obj reduce.obj verify.obj
CFLAGS=/nologo /I ..\..\..\common /W4 /WX CFLAGS=/nologo /I ..\..\..\common /W4 /WX

View File

@ -0,0 +1,15 @@
#ifndef PQCLEAN_NEWHOPE1024CCA_CLEAN_API_H
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_API_H
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_SECRETKEYBYTES 3680
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_PUBLICKEYBYTES 1824
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_CIPHERTEXTBYTES 2208
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_BYTES 32
#define PQCLEAN_NEWHOPE1024CCA_CLEAN_CRYPTO_ALGNAME "NewHope1024-CCAKEM"
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk);
int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk);
#endif

View File

@ -18,7 +18,7 @@
**************************************************/ **************************************************/
static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *seed) { static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *seed) {
int i; int i;
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(r, pk); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(r, pk);
for (i = 0; i < NEWHOPE_SYMBYTES; i++) { for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
r[NEWHOPE_POLYBYTES + i] = seed[i]; r[NEWHOPE_POLYBYTES + i] = seed[i];
} }
@ -35,7 +35,7 @@ static void encode_pk(unsigned char *r, const poly *pk, const unsigned char *see
**************************************************/ **************************************************/
static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) { static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) {
int i; int i;
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(pk, r); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(pk, r);
for (i = 0; i < NEWHOPE_SYMBYTES; i++) { for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
seed[i] = r[NEWHOPE_POLYBYTES + i]; seed[i] = r[NEWHOPE_POLYBYTES + i];
} }
@ -53,8 +53,8 @@ static void decode_pk(poly *pk, unsigned char *seed, const unsigned char *r) {
* - const poly *v: pointer to the input polynomial v * - const poly *v: pointer to the input polynomial v
**************************************************/ **************************************************/
static void encode_c(unsigned char *r, const poly *b, const poly *v) { static void encode_c(unsigned char *r, const poly *b, const poly *v) {
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(r, b); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(r, b);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(r + NEWHOPE_POLYBYTES, v); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(r + NEWHOPE_POLYBYTES, v);
} }
/************************************************* /*************************************************
@ -67,8 +67,8 @@ static void encode_c(unsigned char *r, const poly *b, const poly *v) {
* - const unsigned char *r: pointer to input byte array * - const unsigned char *r: pointer to input byte array
**************************************************/ **************************************************/
static void decode_c(poly *b, poly *v, const unsigned char *r) { static void decode_c(poly *b, poly *v, const unsigned char *r) {
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(b, r); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(b, r);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(v, r + NEWHOPE_POLYBYTES); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(v, r + NEWHOPE_POLYBYTES);
} }
/************************************************* /*************************************************
@ -80,7 +80,7 @@ static void decode_c(poly *b, poly *v, const unsigned char *r) {
* - const unsigned char *seed: pointer to input seed * - const unsigned char *seed: pointer to input seed
**************************************************/ **************************************************/
static void gen_a(poly *a, const unsigned char *seed) { static void gen_a(poly *a, const unsigned char *seed) {
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(a, seed); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(a, seed);
} }
@ -94,7 +94,7 @@ static void gen_a(poly *a, const unsigned char *seed) {
* Arguments: - unsigned char *pk: pointer to output public key * Arguments: - unsigned char *pk: pointer to output public key
* - unsigned char *sk: pointer to output private key * - unsigned char *sk: pointer to output private key
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk, void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(unsigned char *pk,
unsigned char *sk) { unsigned char *sk) {
poly ahat, ehat, ahat_shat, bhat, shat; poly ahat, ehat, ahat_shat, bhat, shat;
unsigned char z[2 * NEWHOPE_SYMBYTES]; unsigned char z[2 * NEWHOPE_SYMBYTES];
@ -106,16 +106,16 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk,
gen_a(&ahat, publicseed); gen_a(&ahat, publicseed);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&shat, noiseseed, 0); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&shat, noiseseed, 0);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&shat); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&shat);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&ehat, noiseseed, 1); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&ehat, noiseseed, 1);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&ehat); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&ehat);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&ahat_shat, &shat, &ahat); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&ahat_shat, &shat, &ahat);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&bhat, &ehat, &ahat_shat); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&bhat, &ehat, &ahat_shat);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(sk, &shat); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(sk, &shat);
encode_pk(pk, &bhat, publicseed); encode_pk(pk, &bhat, publicseed);
} }
@ -132,33 +132,33 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk,
* - const unsigned char *coin: pointer to input random coins used as seed * - const unsigned char *coin: pointer to input random coins used as seed
* to deterministically generate all randomness * to deterministically generate all randomness
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c, void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(unsigned char *c,
const unsigned char *m, const unsigned char *m,
const unsigned char *pk, const unsigned char *pk,
const unsigned char *coin) { const unsigned char *coin) {
poly sprime, eprime, vprime, ahat, bhat, eprimeprime, uhat, v; poly sprime, eprime, vprime, ahat, bhat, eprimeprime, uhat, v;
unsigned char publicseed[NEWHOPE_SYMBYTES]; unsigned char publicseed[NEWHOPE_SYMBYTES];
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(&v, m); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(&v, m);
decode_pk(&bhat, publicseed, pk); decode_pk(&bhat, publicseed, pk);
gen_a(&ahat, publicseed); gen_a(&ahat, publicseed);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&sprime, coin, 0); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&sprime, coin, 0);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&eprime, coin, 1); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&eprime, coin, 1);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(&eprimeprime, coin, 2); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(&eprimeprime, coin, 2);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&sprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&sprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(&eprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(&eprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&uhat, &ahat, &sprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&uhat, &ahat, &sprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&uhat, &uhat, &eprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&uhat, &uhat, &eprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&vprime, &bhat, &sprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&vprime, &bhat, &sprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(&vprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(&vprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&vprime, &vprime, &eprimeprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&vprime, &vprime, &eprimeprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(&vprime, &vprime, &v); // add message PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(&vprime, &vprime, &v); // add message
encode_c(c, &uhat, &vprime); encode_c(c, &uhat, &vprime);
} }
@ -175,18 +175,18 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c,
* - const unsigned char *c: pointer to input ciphertext * - const unsigned char *c: pointer to input ciphertext
* - const unsigned char *sk: pointer to input secret key * - const unsigned char *sk: pointer to input secret key
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(unsigned char *m, void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(unsigned char *m,
const unsigned char *c, const unsigned char *c,
const unsigned char *sk) { const unsigned char *sk) {
poly vprime, uhat, tmp, shat; poly vprime, uhat, tmp, shat;
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(&shat, sk); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(&shat, sk);
decode_c(&uhat, &vprime, c); decode_c(&uhat, &vprime, c);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(&tmp, &shat, &uhat); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(&tmp, &shat, &uhat);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(&tmp); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(&tmp);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(&tmp, &tmp, &vprime); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(&tmp, &tmp, &vprime);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(m, &tmp); PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(m, &tmp);
} }

View File

@ -1,15 +1,15 @@
#ifndef INDCPA_H #ifndef INDCPA_H
#define INDCPA_H #define INDCPA_H
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(unsigned char *pk, void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(unsigned char *pk,
unsigned char *sk); unsigned char *sk);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(unsigned char *c, void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(unsigned char *c,
const unsigned char *m, const unsigned char *m,
const unsigned char *pk, const unsigned char *pk,
const unsigned char *coins); const unsigned char *coins);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(unsigned char *m, void PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(unsigned char *m,
const unsigned char *c, const unsigned char *c,
const unsigned char *sk); const unsigned char *sk);

View File

@ -19,10 +19,10 @@
* *
* Returns 0 (success) * Returns 0 (success)
**************************************************/ **************************************************/
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) { int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i; size_t i;
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_keypair(pk, sk); /* First put the actual secret key into sk */ PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_keypair(pk, sk); /* First put the actual secret key into sk */
sk += NEWHOPE_CPAPKE_SECRETKEYBYTES; sk += NEWHOPE_CPAPKE_SECRETKEYBYTES;
for (i = 0; i < NEWHOPE_CPAPKE_PUBLICKEYBYTES; i++) { /* Append the public key for re-encryption */ for (i = 0; i < NEWHOPE_CPAPKE_PUBLICKEYBYTES; i++) { /* Append the public key for re-encryption */
@ -50,7 +50,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsign
* *
* Returns 0 (success) * Returns 0 (success)
**************************************************/ **************************************************/
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) { int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */ unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */
unsigned char buf[2 * NEWHOPE_SYMBYTES]; unsigned char buf[2 * NEWHOPE_SYMBYTES];
int i; int i;
@ -61,7 +61,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned c
shake256(buf + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, pk, NEWHOPE_CCAKEM_PUBLICKEYBYTES); /* Multitarget countermeasure for coins + contributory KEM */ shake256(buf + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, pk, NEWHOPE_CCAKEM_PUBLICKEYBYTES); /* Multitarget countermeasure for coins + contributory KEM */
shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES); shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(ct, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */ PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(ct, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */
for (i = 0; i < NEWHOPE_SYMBYTES; i++) { for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
ct[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES]; /* copy Targhi-Unruh hash into ct */ ct[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES]; /* copy Targhi-Unruh hash into ct */
@ -86,30 +86,30 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned c
* *
* On failure, ss will contain a randomized value. * On failure, ss will contain a randomized value.
**************************************************/ **************************************************/
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) { int PQCLEAN_NEWHOPE1024CCA_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk) {
int i, fail; int i, fail;
unsigned char ct_cmp[NEWHOPE_CCAKEM_CIPHERTEXTBYTES]; unsigned char ct_cmp[NEWHOPE_CCAKEM_CIPHERTEXTBYTES];
unsigned char buf[2 * NEWHOPE_SYMBYTES]; unsigned char buf[2 * NEWHOPE_SYMBYTES];
unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */ unsigned char k_coins_d[3 * NEWHOPE_SYMBYTES]; /* Will contain key, coins, qrom-hash */
const unsigned char *pk = sk + NEWHOPE_CPAPKE_SECRETKEYBYTES; const unsigned char *pk = sk + NEWHOPE_CPAPKE_SECRETKEYBYTES;
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_dec(buf, ct, sk); PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_dec(buf, ct, sk);
for (i = 0; i < NEWHOPE_SYMBYTES; i++) { /* Use hash of pk stored in sk */ for (i = 0; i < NEWHOPE_SYMBYTES; i++) { /* Use hash of pk stored in sk */
buf[NEWHOPE_SYMBYTES + i] = sk[NEWHOPE_CCAKEM_SECRETKEYBYTES - 2 * NEWHOPE_SYMBYTES + i]; buf[NEWHOPE_SYMBYTES + i] = sk[NEWHOPE_CCAKEM_SECRETKEYBYTES - 2 * NEWHOPE_SYMBYTES + i];
} }
shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES); shake256(k_coins_d, 3 * NEWHOPE_SYMBYTES, buf, 2 * NEWHOPE_SYMBYTES);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cpapke_enc(ct_cmp, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */ PQCLEAN_NEWHOPE1024CCA_CLEAN_cpapke_enc(ct_cmp, buf, pk, k_coins_d + NEWHOPE_SYMBYTES); /* coins are in k_coins_d+NEWHOPE_SYMBYTES */
for (i = 0; i < NEWHOPE_SYMBYTES; i++) { for (i = 0; i < NEWHOPE_SYMBYTES; i++) {
ct_cmp[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES]; ct_cmp[i + NEWHOPE_CPAPKE_CIPHERTEXTBYTES] = k_coins_d[i + 2 * NEWHOPE_SYMBYTES];
} }
fail = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(ct, ct_cmp, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); fail = PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(ct, ct_cmp, NEWHOPE_CCAKEM_CIPHERTEXTBYTES);
shake256(k_coins_d + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, ct, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); /* overwrite coins in k_coins_d with h(c) */ shake256(k_coins_d + NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, ct, NEWHOPE_CCAKEM_CIPHERTEXTBYTES); /* overwrite coins in k_coins_d with h(c) */
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(k_coins_d, sk + NEWHOPE_CCAKEM_SECRETKEYBYTES - NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, (unsigned char) fail); /* Overwrite pre-k with z on re-encryption failure */ PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(k_coins_d, sk + NEWHOPE_CCAKEM_SECRETKEYBYTES - NEWHOPE_SYMBYTES, NEWHOPE_SYMBYTES, (unsigned char) fail); /* Overwrite pre-k with z on re-encryption failure */
shake256(ss, NEWHOPE_SYMBYTES, k_coins_d, 2 * NEWHOPE_SYMBYTES); /* hash concatenation of pre-k and h(c) to k */ shake256(ss, NEWHOPE_SYMBYTES, k_coins_d, 2 * NEWHOPE_SYMBYTES); /* hash concatenation of pre-k and h(c) to k */
return 0; return 0;

View File

@ -51,7 +51,7 @@ static uint16_t bitrev_table[NEWHOPE_N] = {
* *
* Arguments: - uint16_t* poly: pointer to in/output polynomial * Arguments: - uint16_t* poly: pointer to in/output polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(uint16_t *poly) {
unsigned int i, r; unsigned int i, r;
uint16_t tmp; uint16_t tmp;
@ -74,11 +74,11 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly) {
* - const uint16_t* factors: pointer to input polynomial, coefficients * - const uint16_t* factors: pointer to input polynomial, coefficients
* are assumed to be in Montgomery representation * are assumed to be in Montgomery representation
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors) {
unsigned int i; unsigned int i;
for (i = 0; i < NEWHOPE_N; i++) { for (i = 0; i < NEWHOPE_N; i++) {
poly[i] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((poly[i] * factors[i])); poly[i] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((poly[i] * factors[i]));
} }
} }
@ -94,7 +94,7 @@ void /*************************************************
* - const uint16_t* omega: pointer to input powers of root of unity omega; * - const uint16_t* omega: pointer to input powers of root of unity omega;
* assumed to be in Montgomery domain * assumed to be in Montgomery domain
**************************************************/ **************************************************/
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) { PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt(uint16_t *a, const uint16_t *omega) {
int i, start, j, jTwiddle, distance; int i, start, j, jTwiddle, distance;
uint16_t temp, W; uint16_t temp, W;
@ -108,7 +108,7 @@ PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) {
W = omega[jTwiddle++]; W = omega[jTwiddle++];
temp = a[j]; temp = a[j];
a[j] = (temp + a[j + distance]); // Omit reduction (be lazy) a[j] = (temp + a[j + distance]); // Omit reduction (be lazy)
a[j + distance] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance]))); a[j + distance] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance])));
} }
} }
@ -120,7 +120,7 @@ PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omega) {
W = omega[jTwiddle++]; W = omega[jTwiddle++];
temp = a[j]; temp = a[j];
a[j] = (temp + a[j + distance]) % NEWHOPE_Q; a[j] = (temp + a[j + distance]) % NEWHOPE_Q;
a[j + distance] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance]))); a[j + distance] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce((W * ((uint32_t)temp + 3 * NEWHOPE_Q - a[j + distance])));
} }
} }
} }

View File

@ -0,0 +1,14 @@
#ifndef NTT_H
#define NTT_H
#include "inttypes.h"
extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery[];
extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery[];
extern const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery[];
void PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(uint16_t *poly);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt(uint16_t *a, const uint16_t *omegas);
#endif

View File

@ -1,5 +1,5 @@
#ifndef PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_PARAMS_H #ifndef PQCLEAN_NEWHOPE1024CCA_CLEAN_PARAMS_H
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_PARAMS_H #define PQCLEAN_NEWHOPE1024CCA_CLEAN_PARAMS_H
#define NEWHOPE_N 1024 #define NEWHOPE_N 1024
#define NEWHOPE_Q 12289 #define NEWHOPE_Q 12289

View File

@ -51,7 +51,7 @@ static uint16_t flipabs(uint16_t x) {
* Arguments: - poly *r: pointer to output polynomial * Arguments: - poly *r: pointer to output polynomial
* - const unsigned char *a: pointer to input byte array * - const unsigned char *a: pointer to input byte array
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char *a) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(poly *r, const unsigned char *a) {
int i; int i;
for (i = 0; i < NEWHOPE_N / 4; i++) { for (i = 0; i < NEWHOPE_N / 4; i++) {
r->coeffs[4 * i + 0] = a[7 * i + 0] | (((uint16_t)a[7 * i + 1] & 0x3f) << 8); r->coeffs[4 * i + 0] = a[7 * i + 0] | (((uint16_t)a[7 * i + 1] & 0x3f) << 8);
@ -69,7 +69,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char
* Arguments: - unsigned char *r: pointer to output byte array * Arguments: - unsigned char *r: pointer to output byte array
* - const poly *p: pointer to input polynomial * - const poly *p: pointer to input polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *p) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(unsigned char *r, const poly *p) {
int i; int i;
uint16_t t0, t1, t2, t3; uint16_t t0, t1, t2, t3;
for (i = 0; i < NEWHOPE_N / 4; i++) { for (i = 0; i < NEWHOPE_N / 4; i++) {
@ -96,7 +96,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *
* Arguments: - unsigned char *r: pointer to output byte array * Arguments: - unsigned char *r: pointer to output byte array
* - const poly *p: pointer to input polynomial * - const poly *p: pointer to input polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly *p) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(unsigned char *r, const poly *p) {
unsigned int i, j, k = 0; unsigned int i, j, k = 0;
uint32_t t[8]; uint32_t t[8];
@ -123,7 +123,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly
* Arguments: - poly *r: pointer to output polynomial * Arguments: - poly *r: pointer to output polynomial
* - const unsigned char *a: pointer to input byte array * - const unsigned char *a: pointer to input byte array
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned char *a) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(poly *r, const unsigned char *a) {
unsigned int i, j; unsigned int i, j;
for (i = 0; i < NEWHOPE_N; i += 8) { for (i = 0; i < NEWHOPE_N; i += 8) {
r->coeffs[i + 0] = a[0] & 7; r->coeffs[i + 0] = a[0] & 7;
@ -149,7 +149,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned cha
* Arguments: - poly *r: pointer to output polynomial * Arguments: - poly *r: pointer to output polynomial
* - const unsigned char *msg: pointer to input message * - const unsigned char *msg: pointer to input message
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *msg) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(poly *r, const unsigned char *msg) {
unsigned int i, j, mask; unsigned int i, j, mask;
for (i = 0; i < 32; i++) { // XXX: MACRO for 32 for (i = 0; i < 32; i++) { // XXX: MACRO for 32
for (j = 0; j < 8; j++) { for (j = 0; j < 8; j++) {
@ -170,7 +170,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *
* Arguments: - unsigned char *msg: pointer to output message * Arguments: - unsigned char *msg: pointer to output message
* - const poly *x: pointer to input polynomial * - const poly *x: pointer to input polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *x) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(unsigned char *msg, const poly *x) {
unsigned int i; unsigned int i;
uint16_t t; uint16_t t;
@ -199,7 +199,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *
* Arguments: - poly *a: pointer to output polynomial * Arguments: - poly *a: pointer to output polynomial
* - const unsigned char *seed: pointer to input seed * - const unsigned char *seed: pointer to input seed
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(poly *a, const unsigned char *seed) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(poly *a, const unsigned char *seed) {
unsigned int ctr = 0; unsigned int ctr = 0;
uint16_t val; uint16_t val;
uint64_t state[25]; uint64_t state[25];
@ -254,7 +254,7 @@ static unsigned char hw(unsigned char a) {
* - const unsigned char *seed: pointer to input seed * - const unsigned char *seed: pointer to input seed
* - unsigned char nonce: one-byte input nonce * - unsigned char nonce: one-byte input nonce
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce) {
unsigned char buf[128], a, b; unsigned char buf[128], a, b;
// uint32_t t, d, a, b, c; // uint32_t t, d, a, b, c;
int i, j; int i, j;
@ -298,12 +298,12 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *s
* - const poly *a: pointer to first input polynomial * - const poly *a: pointer to first input polynomial
* - const poly *b: pointer to second input polynomial * - const poly *b: pointer to second input polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b) {
int i; int i;
uint16_t t; uint16_t t;
for (i = 0; i < NEWHOPE_N; i++) { for (i = 0; i < NEWHOPE_N; i++) {
t = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(3186 * b->coeffs[i]); /* t is now in Montgomery domain */ t = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(3186 * b->coeffs[i]); /* t is now in Montgomery domain */
r->coeffs[i] = PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(a->coeffs[i] * t); /* r->coeffs[i] is back in normal domain */ r->coeffs[i] = PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(a->coeffs[i] * t); /* r->coeffs[i] is back in normal domain */
} }
} }
@ -316,7 +316,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a,
* - const poly *a: pointer to first input polynomial * - const poly *a: pointer to first input polynomial
* - const poly *b: pointer to second input polynomial * - const poly *b: pointer to second input polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly *b) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(poly *r, const poly *a, const poly *b) {
int i; int i;
for (i = 0; i < NEWHOPE_N; i++) { for (i = 0; i < NEWHOPE_N; i++) {
r->coeffs[i] = (a->coeffs[i] + b->coeffs[i]) % NEWHOPE_Q; r->coeffs[i] = (a->coeffs[i] + b->coeffs[i]) % NEWHOPE_Q;
@ -332,7 +332,7 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly
* - const poly *a: pointer to first input polynomial * - const poly *a: pointer to first input polynomial
* - const poly *b: pointer to second input polynomial * - const poly *b: pointer to second input polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) {
int i; int i;
for (i = 0; i < NEWHOPE_N; i++) { for (i = 0; i < NEWHOPE_N; i++) {
r->coeffs[i] = (a->coeffs[i] + 3 * NEWHOPE_Q - b->coeffs[i]) % NEWHOPE_Q; r->coeffs[i] = (a->coeffs[i] + 3 * NEWHOPE_Q - b->coeffs[i]) % NEWHOPE_Q;
@ -348,9 +348,9 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly
* *
* Arguments: - poly *r: pointer to in/output polynomial * Arguments: - poly *r: pointer to in/output polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(poly *r) {
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery); PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery); PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery);
} }
/************************************************* /*************************************************
@ -362,9 +362,9 @@ void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r) {
* *
* Arguments: - poly *r: pointer to in/output polynomial * Arguments: - poly *r: pointer to in/output polynomial
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(poly *r) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(poly *r) {
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(r->coeffs); PQCLEAN_NEWHOPE1024CCA_CLEAN_bitrev_vector(r->coeffs);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery); PQCLEAN_NEWHOPE1024CCA_CLEAN_ntt((uint16_t *)r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery);
PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery); PQCLEAN_NEWHOPE1024CCA_CLEAN_mul_coefficients(r->coeffs, PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery);
} }

View File

@ -0,0 +1,32 @@
#ifndef POLY_H
#define POLY_H
#include "params.h"
#include <stdint.h>
/*
* Elements of R_q = Z_q[X]/(X^n + 1). Represents polynomial
* coeffs[0] + X*coeffs[1] + X^2*xoeffs[2] + ... + X^{n-1}*coeffs[n-1]
*/
typedef struct {
uint16_t coeffs[NEWHOPE_N];
} poly;
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_uniform(poly *a, const unsigned char *seed);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_ntt(poly *r);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_invntt(poly *r);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frombytes(poly *r, const unsigned char *a);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tobytes(unsigned char *r, const poly *p);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_compress(unsigned char *r, const poly *p);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_decompress(poly *r, const unsigned char *a);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_frommsg(poly *r, const unsigned char *msg);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_tomsg(unsigned char *msg, const poly *x);
void PQCLEAN_NEWHOPE1024CCA_CLEAN_poly_sub(poly *r, const poly *a, const poly *b);
#endif

View File

@ -78,7 +78,7 @@
* Description: Contains inverses of powers of nth root of unity * Description: Contains inverses of powers of nth root of unity
* in Montgomery domain with R=2^18 in bit-reversed order * in Montgomery domain with R=2^18 in bit-reversed order
************************************************************/ ************************************************************/
const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[NEWHOPE_N / 2] = { const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_omegas_inv_bitrev_montgomery[NEWHOPE_N / 2] = {
4075, 5315, 4324, 4916, 10120, 11767, 7210, 9027, 10316, 6715, 1278, 9945, 3514, 11248, 11271, 5925, 4075, 5315, 4324, 4916, 10120, 11767, 7210, 9027, 10316, 6715, 1278, 9945, 3514, 11248, 11271, 5925,
147, 8500, 7840, 6833, 5537, 4749, 4467, 7500, 11099, 9606, 6171, 8471, 8429, 5445, 11239, 7753, 147, 8500, 7840, 6833, 5537, 4749, 4467, 7500, 11099, 9606, 6171, 8471, 8429, 5445, 11239, 7753,
9090, 12233, 5529, 5206, 10587, 1987, 11635, 3565, 5415, 8646, 6153, 6427, 7341, 6152, 10561, 400, 9090, 12233, 5529, 5206, 10587, 1987, 11635, 3565, 5415, 8646, 6153, 6427, 7341, 6152, 10561, 400,
@ -119,7 +119,7 @@ const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[NEWH
* Description: Contains powers of nth root of -1 in Montgomery * Description: Contains powers of nth root of -1 in Montgomery
* domain with R=2^18 in bit-reversed order * domain with R=2^18 in bit-reversed order
************************************************************/ ************************************************************/
const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[NEWHOPE_N] = { const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_bitrev_montgomery[NEWHOPE_N] = {
4075, 6974, 7373, 7965, 3262, 5079, 522, 2169, 6364, 1018, 1041, 8775, 2344, 11011, 5574, 1973, 4075, 6974, 7373, 7965, 3262, 5079, 522, 2169, 6364, 1018, 1041, 8775, 2344, 11011, 5574, 1973,
4536, 1050, 6844, 3860, 3818, 6118, 2683, 1190, 4789, 7822, 7540, 6752, 5456, 4449, 3789, 12142, 4536, 1050, 6844, 3860, 3818, 6118, 2683, 1190, 4789, 7822, 7540, 6752, 5456, 4449, 3789, 12142,
11973, 382, 3988, 468, 6843, 5339, 6196, 3710, 11316, 1254, 5435, 10930, 3998, 10256, 10367, 3879, 11973, 382, 3988, 468, 6843, 5339, 6196, 3710, 11316, 1254, 5435, 10930, 3998, 10256, 10367, 3879,
@ -192,7 +192,7 @@ const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[NEWHOPE_
* Description: Contains inverses of powers of nth root of -1 * Description: Contains inverses of powers of nth root of -1
* divided by n in Montgomery domain with R=2^18 * divided by n in Montgomery domain with R=2^18
************************************************************/ ************************************************************/
const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery[NEWHOPE_N] = { const uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_gammas_inv_montgomery[NEWHOPE_N] = {
256, 10570, 1510, 7238, 1034, 7170, 6291, 7921, 11665, 3422, 4000, 2327, 2088, 5565, 795, 10647, 256, 10570, 1510, 7238, 1034, 7170, 6291, 7921, 11665, 3422, 4000, 2327, 2088, 5565, 795, 10647,
1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, 1669, 1994, 3796, 5809, 4341, 9398, 11876, 12230, 1521, 5484, 2539, 7385, 1055, 7173, 8047, 11683, 1669, 1994, 3796, 5809, 4341, 9398, 11876, 12230,
10525, 12037, 12253, 3506, 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553, 7387, 6322, 10525, 12037, 12253, 3506, 4012, 9351, 4847, 2448, 7372, 9831, 3160, 2207, 5582, 2553, 7387, 6322,

View File

@ -15,7 +15,7 @@ static const uint32_t rlog = 18;
* *
* Returns: unsigned integer in {0,...,2^14-1} congruent to a * R^-1 modulo q. * Returns: unsigned integer in {0,...,2^14-1} congruent to a * R^-1 modulo q.
**************************************************/ **************************************************/
uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(uint32_t a) { uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(uint32_t a) {
uint32_t u; uint32_t u;
u = (a * qinv); u = (a * qinv);

View File

@ -0,0 +1,8 @@
#ifndef REDUCE_H
#define REDUCE_H
#include <stdint.h>
uint16_t PQCLEAN_NEWHOPE1024CCA_CLEAN_montgomery_reduce(uint32_t a);
#endif

View File

@ -13,7 +13,7 @@
* *
* Returns 0 if the byte arrays are equal, 1 otherwise * Returns 0 if the byte arrays are equal, 1 otherwise
**************************************************/ **************************************************/
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len) { int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len) {
uint64_t r; uint64_t r;
size_t i; size_t i;
r = 0; r = 0;
@ -39,7 +39,7 @@ int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigne
* size_t len: Amount of bytes to be copied * size_t len: Amount of bytes to be copied
* unsigned char b: Condition bit; has to be in {0,1} * unsigned char b: Condition bit; has to be in {0,1}
**************************************************/ **************************************************/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b) { void PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b) {
size_t i; size_t i;
b = -b; b = -b;

View File

@ -0,0 +1,12 @@
#ifndef VERIFY_H
#define VERIFY_H
#include <stdio.h>
/* returns 0 for equal strings, 1 for non-equal strings */
int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len);
/* b = 1 means mov, b = 0 means don't mov*/
void PQCLEAN_NEWHOPE1024CCA_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b);
#endif

View File

@ -1,15 +0,0 @@
#ifndef PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_API_H
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_API_H
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_SECRETKEYBYTES 3680
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_PUBLICKEYBYTES 1824
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_CIPHERTEXTBYTES 2208
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_BYTES 32
#define PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_CRYPTO_ALGNAME "NewHope1024-CCAKEM"
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk);
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk);
#endif

View File

@ -1,14 +0,0 @@
#ifndef NTT_H
#define NTT_H
#include "inttypes.h"
extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_omegas_inv_bitrev_montgomery[];
extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_bitrev_montgomery[];
extern const uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_gammas_inv_montgomery[];
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_bitrev_vector(uint16_t *poly);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_mul_coefficients(uint16_t *poly, const uint16_t *factors);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_ntt(uint16_t *a, const uint16_t *omegas);
#endif

View File

@ -1,32 +0,0 @@
#ifndef POLY_H
#define POLY_H
#include "params.h"
#include <stdint.h>
/*
* Elements of R_q = Z_q[X]/(X^n + 1). Represents polynomial
* coeffs[0] + X*coeffs[1] + X^2*xoeffs[2] + ... + X^{n-1}*coeffs[n-1]
*/
typedef struct {
uint16_t coeffs[NEWHOPE_N];
} poly;
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_uniform(poly *a, const unsigned char *seed);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sample(poly *r, const unsigned char *seed, unsigned char nonce);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_ntt(poly *r);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_invntt(poly *r);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_mul_pointwise(poly *r, const poly *a, const poly *b);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frombytes(poly *r, const unsigned char *a);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tobytes(unsigned char *r, const poly *p);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_compress(unsigned char *r, const poly *p);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_decompress(poly *r, const unsigned char *a);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_frommsg(poly *r, const unsigned char *msg);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_tomsg(unsigned char *msg, const poly *x);
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_poly_sub(poly *r, const poly *a, const poly *b);
#endif

View File

@ -1,8 +0,0 @@
#ifndef REDUCE_H
#define REDUCE_H
#include <stdint.h>
uint16_t PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_montgomery_reduce(uint32_t a);
#endif

View File

@ -1,12 +0,0 @@
#ifndef VERIFY_H
#define VERIFY_H
#include <stdio.h>
/* returns 0 for equal strings, 1 for non-equal strings */
int PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_verify(const unsigned char *a, const unsigned char *b, size_t len);
/* b = 1 means mov, b = 0 means don't mov*/
void PQCLEAN_NEWHOPE1024CCAKEM_CLEAN_cmov(unsigned char *r, const unsigned char *x, size_t len, unsigned char b);
#endif