kris
/
pqc
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

more endianness fixes

kyber
John M. Schanck 4 years ago
committed by Kris Kwiatkowski
parent
646f9f4a05
commit
26e0aea3e2
73 changed files with 594 additions and 742 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +16
    -9
      crypto_kem/hqc-128/avx2/parsing.c
  2. +2
    -2
      crypto_kem/hqc-128/clean/bch.c
  3. +12
    -15
      crypto_kem/hqc-128/clean/gf2x.c
  4. +11
    -7
      crypto_kem/hqc-128/clean/kem.c
  5. +19
    -12
      crypto_kem/hqc-128/clean/parsing.c
  6. +2
    -18
      crypto_kem/hqc-128/clean/vector.c
  7. +0
    -2
      crypto_kem/hqc-128/clean/vector.h
  8. +16
    -9
      crypto_kem/hqc-192/avx2/parsing.c
  9. +12
    -15
      crypto_kem/hqc-192/clean/gf2x.c
  10. +11
    -7
      crypto_kem/hqc-192/clean/kem.c
  11. +19
    -12
      crypto_kem/hqc-192/clean/parsing.c
  12. +3
    -18
      crypto_kem/hqc-192/clean/vector.c
  13. +0
    -2
      crypto_kem/hqc-192/clean/vector.h
  14. +16
    -9
      crypto_kem/hqc-256/avx2/parsing.c
  15. +12
    -15
      crypto_kem/hqc-256/clean/gf2x.c
  16. +11
    -7
      crypto_kem/hqc-256/clean/kem.c
  17. +19
    -12
      crypto_kem/hqc-256/clean/parsing.c
  18. +3
    -18
      crypto_kem/hqc-256/clean/vector.c
  19. +0
    -2
      crypto_kem/hqc-256/clean/vector.h
  20. +16
    -9
      crypto_kem/hqc-rmrs-128/avx2/parsing.c
  21. +4
    -5
      crypto_kem/hqc-rmrs-128/clean/code.c
  22. +2
    -2
      crypto_kem/hqc-rmrs-128/clean/code.h
  23. +12
    -15
      crypto_kem/hqc-rmrs-128/clean/gf2x.c
  24. +8
    -7
      crypto_kem/hqc-rmrs-128/clean/hqc.c
  25. +2
    -2
      crypto_kem/hqc-rmrs-128/clean/hqc.h
  26. +9
    -9
      crypto_kem/hqc-rmrs-128/clean/kem.c
  27. +19
    -12
      crypto_kem/hqc-rmrs-128/clean/parsing.c
  28. +44
    -37
      crypto_kem/hqc-rmrs-128/clean/reed_muller.c
  29. +2
    -2
      crypto_kem/hqc-rmrs-128/clean/reed_muller.h
  30. +12
    -21
      crypto_kem/hqc-rmrs-128/clean/reed_solomon.c
  31. +2
    -2
      crypto_kem/hqc-rmrs-128/clean/reed_solomon.h
  32. +3
    -18
      crypto_kem/hqc-rmrs-128/clean/vector.c
  33. +0
    -2
      crypto_kem/hqc-rmrs-128/clean/vector.h
  34. +16
    -9
      crypto_kem/hqc-rmrs-192/avx2/parsing.c
  35. +4
    -5
      crypto_kem/hqc-rmrs-192/clean/code.c
  36. +2
    -2
      crypto_kem/hqc-rmrs-192/clean/code.h
  37. +12
    -15
      crypto_kem/hqc-rmrs-192/clean/gf2x.c
  38. +8
    -7
      crypto_kem/hqc-rmrs-192/clean/hqc.c
  39. +2
    -2
      crypto_kem/hqc-rmrs-192/clean/hqc.h
  40. +9
    -9
      crypto_kem/hqc-rmrs-192/clean/kem.c
  41. +19
    -12
      crypto_kem/hqc-rmrs-192/clean/parsing.c
  42. +44
    -37
      crypto_kem/hqc-rmrs-192/clean/reed_muller.c
  43. +2
    -2
      crypto_kem/hqc-rmrs-192/clean/reed_muller.h
  44. +12
    -21
      crypto_kem/hqc-rmrs-192/clean/reed_solomon.c
  45. +2
    -2
      crypto_kem/hqc-rmrs-192/clean/reed_solomon.h
  46. +3
    -18
      crypto_kem/hqc-rmrs-192/clean/vector.c
  47. +0
    -2
      crypto_kem/hqc-rmrs-192/clean/vector.h
  48. +16
    -9
      crypto_kem/hqc-rmrs-256/avx2/parsing.c
  49. +4
    -5
      crypto_kem/hqc-rmrs-256/clean/code.c
  50. +2
    -2
      crypto_kem/hqc-rmrs-256/clean/code.h
  51. +12
    -15
      crypto_kem/hqc-rmrs-256/clean/gf2x.c
  52. +8
    -7
      crypto_kem/hqc-rmrs-256/clean/hqc.c
  53. +2
    -2
      crypto_kem/hqc-rmrs-256/clean/hqc.h
  54. +9
    -9
      crypto_kem/hqc-rmrs-256/clean/kem.c
  55. +19
    -12
      crypto_kem/hqc-rmrs-256/clean/parsing.c
  56. +44
    -37
      crypto_kem/hqc-rmrs-256/clean/reed_muller.c
  57. +2
    -2
      crypto_kem/hqc-rmrs-256/clean/reed_muller.h
  58. +12
    -21
      crypto_kem/hqc-rmrs-256/clean/reed_solomon.c
  59. +2
    -2
      crypto_kem/hqc-rmrs-256/clean/reed_solomon.h
  60. +3
    -18
      crypto_kem/hqc-rmrs-256/clean/vector.c
  61. +0
    -2
      crypto_kem/hqc-rmrs-256/clean/vector.h
  62. +0
    -6
      test/duplicate_consistency/hqc-128_avx2.yml
  63. +5
    -14
      test/duplicate_consistency/hqc-128_clean.yml
  64. +0
    -6
      test/duplicate_consistency/hqc-192_avx2.yml
  65. +0
    -12
      test/duplicate_consistency/hqc-192_clean.yml
  66. +0
    -6
      test/duplicate_consistency/hqc-256_avx2.yml
  67. +0
    -12
      test/duplicate_consistency/hqc-256_clean.yml
  68. +0
    -17
      test/duplicate_consistency/hqc-rmrs-128_avx2.yml
  69. +0
    -17
      test/duplicate_consistency/hqc-rmrs-128_clean.yml
  70. +0
    -11
      test/duplicate_consistency/hqc-rmrs-192_avx2.yml
  71. +0
    -11
      test/duplicate_consistency/hqc-rmrs-192_clean.yml
  72. +0
    -5
      test/duplicate_consistency/hqc-rmrs-256_avx2.yml
  73. +0
    -5
      test/duplicate_consistency/hqc-rmrs-256_clean.yml

+ 16
- 9
crypto_kem/hqc-128/avx2/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQC128_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t
*/
void PQCLEAN_HQC128_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQC128_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, ui
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC128_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQC128_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -138,10 +140,11 @@ void PQCLEAN_HQC128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQC128_AVX2_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC128_AVX2_vect_set_random(&pk_seedexpander, h);

PQCLEAN_HQC128_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -157,8 +160,10 @@ void PQCLEAN_HQC128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co
*/
void PQCLEAN_HQC128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
PQCLEAN_HQC128_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC128_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC128_AVX2_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -174,6 +179,8 @@ void PQCLEAN_HQC128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u
*/
void PQCLEAN_HQC128_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
PQCLEAN_HQC128_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
PQCLEAN_HQC128_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC128_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 2
- 2
crypto_kem/hqc-128/clean/bch.c View File

@@ -28,12 +28,12 @@ static void compute_roots(uint64_t *error, const uint16_t *sigma);
static void unpack_message(uint8_t *message_unpacked, const uint64_t *message) {
for (size_t i = 0; i < (VEC_K_SIZE_64 - (PARAM_K % 64 != 0)); ++i) {
for (size_t j = 0; j < 64; ++j) {
message_unpacked[j + 64 * i] = (message[i] >> j) & 0x0000000000000001;
message_unpacked[j + 64 * i] = (message[i] >> j) & 1;
}
}

for (int8_t j = 0; j < PARAM_K % 64; ++j) {
message_unpacked[j + 64 * (VEC_K_SIZE_64 - 1)] = (message[VEC_K_SIZE_64 - 1] >> j) & 0x0000000000000001;
message_unpacked[j + 64 * (VEC_K_SIZE_64 - 1)] = (message[VEC_K_SIZE_64 - 1] >> j) & 1;
}
}



+ 12
- 15
crypto_kem/hqc-128/clean/gf2x.c View File

@@ -1,10 +1,9 @@
#include "gf2x.h"
#include "nistseedexpander.h"
#include "parameters.h"
#include "parsing.h"
#include "randombytes.h"
#include <stdint.h>
#include <stdio.h>
#include <string.h>
/**
* \file gf2x.c
* \brief Implementation of multiplication of two polynomials
@@ -13,7 +12,7 @@

static inline void swap(uint16_t *tab, uint16_t elt1, uint16_t elt2);
static void reduce(uint64_t *o, const uint64_t *a);
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);

/**
* @brief swap two elements in a table
@@ -68,7 +67,7 @@ static void reduce(uint64_t *o, const uint64_t *a) {
* @param[in] weight Hamming wifht of the sparse polynomial a2
* @param[in] ctx Pointer to a seed expander used to randomize the multiplication process
*/
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
//static uint32_t fast_convolution_mult(const uint64_t *A, const uint32_t *vB, uint64_t *C, const uint16_t w, AES_XOF_struct *ctx)
uint64_t carry;
uint32_t dec, s;
@@ -77,8 +76,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
uint16_t permutation_table[16];
uint16_t permuted_sparse_vect[PARAM_OMEGA_E];
uint16_t permutation_sparse_vect[PARAM_OMEGA_E];
uint64_t tmp;
uint64_t *pt;
uint16_t *res_16;
uint8_t *res;
size_t i, j;

for (i = 0; i < 16; i++) {
@@ -120,14 +120,13 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
for (i = 0; i < weight; i++) {
dec = a1[permuted_sparse_vect[i]] & 0xf;
s = a1[permuted_sparse_vect[i]] >> 4;
res_16 = ((uint16_t *) o) + s;
res = o + 2 * s;
pt = table + (permuted_table[dec] * (VEC_N_SIZE_64 + 1));

for (j = 0; j < VEC_N_SIZE_64 + 1; j++) {
*res_16++ ^= (uint16_t) pt[j];
*res_16++ ^= (uint16_t) (pt[j] >> 16);
*res_16++ ^= (uint16_t) (pt[j] >> 32);
*res_16++ ^= (uint16_t) (pt[j] >> 48);
tmp = PQCLEAN_HQC128_CLEAN_load8(res);
PQCLEAN_HQC128_CLEAN_store8(res, tmp ^ pt[j]);
res += 8;
}
}
}
@@ -147,11 +146,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
* @param[in] ctx Pointer to the randomness context
*/
void PQCLEAN_HQC128_CLEAN_vect_mul(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
uint64_t tmp[2 * VEC_N_SIZE_64 + 1];
for (uint32_t j = 0; j < 2 * VEC_N_SIZE_64 + 1; j++) {
tmp[j] = 0;
}
uint64_t tmp[2 * VEC_N_SIZE_64 + 1] = {0};

fast_convolution_mult(tmp, a1, a2, weight, ctx);
fast_convolution_mult((uint8_t *) tmp, a1, a2, weight, ctx);
PQCLEAN_HQC128_CLEAN_load8_arr(tmp, 2 * VEC_N_SIZE_64 + 1, (uint8_t *) tmp, sizeof(tmp));
reduce(o, tmp);
}

+ 11
- 7
crypto_kem/hqc-128/clean/kem.c View File

@@ -47,6 +47,7 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk
int PQCLEAN_HQC128_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {

uint8_t theta[SHA512_BYTES] = {0};
uint8_t m_bytes[VEC_K_SIZE_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint64_t u[VEC_N_SIZE_64] = {0};
uint64_t v[VEC_N1N2_SIZE_64] = {0};
@@ -54,19 +55,20 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
unsigned char mc[VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES] = {0};

// Computing m
PQCLEAN_HQC128_CLEAN_vect_set_random_from_randombytes(m);
randombytes(m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC128_CLEAN_load8_arr(m, VEC_K_SIZE_64, m_bytes, VEC_K_SIZE_BYTES);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m_bytes, VEC_K_SIZE_BYTES);

// Encrypting m
PQCLEAN_HQC128_CLEAN_hqc_pke_encrypt(u, v, m, theta, pk);

// Computing d
sha512(d, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d, m_bytes, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQC128_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
@@ -95,6 +97,7 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char pk[PUBLIC_KEY_BYTES] = {0};
uint8_t m_bytes[VEC_K_SIZE_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t theta[SHA512_BYTES] = {0};
uint64_t u2[VEC_N_SIZE_64] = {0};
@@ -110,18 +113,19 @@ int PQCLEAN_HQC128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *

// Decryting
PQCLEAN_HQC128_CLEAN_hqc_pke_decrypt(m, u, v, sk);
PQCLEAN_HQC128_CLEAN_store8_arr(m_bytes, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m_bytes, VEC_K_SIZE_BYTES);

// Encrypting m'
PQCLEAN_HQC128_CLEAN_hqc_pke_encrypt(u2, v2, m, theta, pk);

// Computing d'
sha512(d2, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d2, m_bytes, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQC128_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);


+ 19
- 12
crypto_kem/hqc-128/clean/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQC128_CLEAN_store8_arr(uint8_t *out8, size_t outlen, const uint64_
*/
void PQCLEAN_HQC128_CLEAN_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQC128_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *y, u
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC128_CLEAN_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQC128_CLEAN_vect_set_random_fixed_weight_by_coordinates(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -119,7 +121,7 @@ void PQCLEAN_HQC128_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *y, u
*/
void PQCLEAN_HQC128_CLEAN_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) {
memcpy(pk, pk_seed, SEED_BYTES);
memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES);
PQCLEAN_HQC128_CLEAN_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64);
}


@@ -138,10 +140,11 @@ void PQCLEAN_HQC128_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *s, c
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQC128_CLEAN_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC128_CLEAN_vect_set_random(&pk_seedexpander, h);

memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -156,9 +159,11 @@ void PQCLEAN_HQC128_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *s, c
* @param[in] d String containing the hash d
*/
void PQCLEAN_HQC128_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
memcpy(ct, u, VEC_N_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
PQCLEAN_HQC128_CLEAN_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC128_CLEAN_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -173,7 +178,9 @@ void PQCLEAN_HQC128_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *
* @param[in] ct String containing the ciphertext
*/
void PQCLEAN_HQC128_CLEAN_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
memcpy(u, ct, VEC_N_SIZE_BYTES);
memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
PQCLEAN_HQC128_CLEAN_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC128_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 2
- 18
crypto_kem/hqc-128/clean/vector.c View File

@@ -154,22 +154,6 @@ void PQCLEAN_HQC128_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v) {



/**
* @brief Generates a random vector
*
* This function generates a random binary vector. It uses the the randombytes function.
*
* @param[in] v Pointer to an array
*/
void PQCLEAN_HQC128_CLEAN_vect_set_random_from_randombytes(uint64_t *v) {
uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0};

randombytes(rand_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC128_CLEAN_load8_arr(v, VEC_K_SIZE_64, rand_bytes, VEC_K_SIZE_BYTES);
}



/**
* @brief Adds two vectors
*
@@ -217,12 +201,12 @@ void PQCLEAN_HQC128_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64
val = 64 - (size_o % 64);
}

memcpy(o, v, VEC_N1N2_SIZE_BYTES);
memcpy(o, v, 8 * VEC_N1N2_SIZE_64);

for (int8_t i = 0; i < val; ++i) {
o[VEC_N1N2_SIZE_64 - 1] &= (mask >> i);
}
} else {
memcpy(o, v, CEIL_DIVIDE(size_v, 8));
memcpy(o, v, 8 * CEIL_DIVIDE(size_v, 64));
}
}

+ 0
- 2
crypto_kem/hqc-128/clean/vector.h View File

@@ -18,8 +18,6 @@ void PQCLEAN_HQC128_CLEAN_vect_set_random_fixed_weight(AES_XOF_struct *ctx, uint

void PQCLEAN_HQC128_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v);

void PQCLEAN_HQC128_CLEAN_vect_set_random_from_randombytes(uint64_t *v);


void PQCLEAN_HQC128_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size);



+ 16
- 9
crypto_kem/hqc-192/avx2/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQC192_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t
*/
void PQCLEAN_HQC192_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQC192_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, ui
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC192_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQC192_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -138,10 +140,11 @@ void PQCLEAN_HQC192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQC192_AVX2_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC192_AVX2_vect_set_random(&pk_seedexpander, h);

PQCLEAN_HQC192_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -157,8 +160,10 @@ void PQCLEAN_HQC192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co
*/
void PQCLEAN_HQC192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
PQCLEAN_HQC192_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC192_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC192_AVX2_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -174,6 +179,8 @@ void PQCLEAN_HQC192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u
*/
void PQCLEAN_HQC192_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
PQCLEAN_HQC192_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
PQCLEAN_HQC192_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC192_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 12
- 15
crypto_kem/hqc-192/clean/gf2x.c View File

@@ -1,10 +1,9 @@
#include "gf2x.h"
#include "nistseedexpander.h"
#include "parameters.h"
#include "parsing.h"
#include "randombytes.h"
#include <stdint.h>
#include <stdio.h>
#include <string.h>
/**
* \file gf2x.c
* \brief Implementation of multiplication of two polynomials
@@ -13,7 +12,7 @@

static inline void swap(uint16_t *tab, uint16_t elt1, uint16_t elt2);
static void reduce(uint64_t *o, const uint64_t *a);
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);

/**
* @brief swap two elements in a table
@@ -68,7 +67,7 @@ static void reduce(uint64_t *o, const uint64_t *a) {
* @param[in] weight Hamming wifht of the sparse polynomial a2
* @param[in] ctx Pointer to a seed expander used to randomize the multiplication process
*/
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
//static uint32_t fast_convolution_mult(const uint64_t *A, const uint32_t *vB, uint64_t *C, const uint16_t w, AES_XOF_struct *ctx)
uint64_t carry;
uint32_t dec, s;
@@ -77,8 +76,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
uint16_t permutation_table[16];
uint16_t permuted_sparse_vect[PARAM_OMEGA_E];
uint16_t permutation_sparse_vect[PARAM_OMEGA_E];
uint64_t tmp;
uint64_t *pt;
uint16_t *res_16;
uint8_t *res;
size_t i, j;

for (i = 0; i < 16; i++) {
@@ -120,14 +120,13 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
for (i = 0; i < weight; i++) {
dec = a1[permuted_sparse_vect[i]] & 0xf;
s = a1[permuted_sparse_vect[i]] >> 4;
res_16 = ((uint16_t *) o) + s;
res = o + 2 * s;
pt = table + (permuted_table[dec] * (VEC_N_SIZE_64 + 1));

for (j = 0; j < VEC_N_SIZE_64 + 1; j++) {
*res_16++ ^= (uint16_t) pt[j];
*res_16++ ^= (uint16_t) (pt[j] >> 16);
*res_16++ ^= (uint16_t) (pt[j] >> 32);
*res_16++ ^= (uint16_t) (pt[j] >> 48);
tmp = PQCLEAN_HQC192_CLEAN_load8(res);
PQCLEAN_HQC192_CLEAN_store8(res, tmp ^ pt[j]);
res += 8;
}
}
}
@@ -147,11 +146,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
* @param[in] ctx Pointer to the randomness context
*/
void PQCLEAN_HQC192_CLEAN_vect_mul(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
uint64_t tmp[2 * VEC_N_SIZE_64 + 1];
for (uint32_t j = 0; j < 2 * VEC_N_SIZE_64 + 1; j++) {
tmp[j] = 0;
}
uint64_t tmp[2 * VEC_N_SIZE_64 + 1] = {0};

fast_convolution_mult(tmp, a1, a2, weight, ctx);
fast_convolution_mult((uint8_t *) tmp, a1, a2, weight, ctx);
PQCLEAN_HQC192_CLEAN_load8_arr(tmp, 2 * VEC_N_SIZE_64 + 1, (uint8_t *) tmp, sizeof(tmp));
reduce(o, tmp);
}

+ 11
- 7
crypto_kem/hqc-192/clean/kem.c View File

@@ -47,6 +47,7 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk
int PQCLEAN_HQC192_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {

uint8_t theta[SHA512_BYTES] = {0};
uint8_t m_bytes[VEC_K_SIZE_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint64_t u[VEC_N_SIZE_64] = {0};
uint64_t v[VEC_N1N2_SIZE_64] = {0};
@@ -54,19 +55,20 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
unsigned char mc[VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES] = {0};

// Computing m
PQCLEAN_HQC192_CLEAN_vect_set_random_from_randombytes(m);
randombytes(m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC192_CLEAN_load8_arr(m, VEC_K_SIZE_64, m_bytes, VEC_K_SIZE_BYTES);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m_bytes, VEC_K_SIZE_BYTES);

// Encrypting m
PQCLEAN_HQC192_CLEAN_hqc_pke_encrypt(u, v, m, theta, pk);

// Computing d
sha512(d, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d, m_bytes, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQC192_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
@@ -95,6 +97,7 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char pk[PUBLIC_KEY_BYTES] = {0};
uint8_t m_bytes[VEC_K_SIZE_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t theta[SHA512_BYTES] = {0};
uint64_t u2[VEC_N_SIZE_64] = {0};
@@ -110,18 +113,19 @@ int PQCLEAN_HQC192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *

// Decryting
PQCLEAN_HQC192_CLEAN_hqc_pke_decrypt(m, u, v, sk);
PQCLEAN_HQC192_CLEAN_store8_arr(m_bytes, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m_bytes, VEC_K_SIZE_BYTES);

// Encrypting m'
PQCLEAN_HQC192_CLEAN_hqc_pke_encrypt(u2, v2, m, theta, pk);

// Computing d'
sha512(d2, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d2, m_bytes, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQC192_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);


+ 19
- 12
crypto_kem/hqc-192/clean/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQC192_CLEAN_store8_arr(uint8_t *out8, size_t outlen, const uint64_
*/
void PQCLEAN_HQC192_CLEAN_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQC192_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *y, u
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC192_CLEAN_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQC192_CLEAN_vect_set_random_fixed_weight_by_coordinates(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -119,7 +121,7 @@ void PQCLEAN_HQC192_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *y, u
*/
void PQCLEAN_HQC192_CLEAN_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) {
memcpy(pk, pk_seed, SEED_BYTES);
memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES);
PQCLEAN_HQC192_CLEAN_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64);
}


@@ -138,10 +140,11 @@ void PQCLEAN_HQC192_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *s, c
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQC192_CLEAN_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC192_CLEAN_vect_set_random(&pk_seedexpander, h);

memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -156,9 +159,11 @@ void PQCLEAN_HQC192_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *s, c
* @param[in] d String containing the hash d
*/
void PQCLEAN_HQC192_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
memcpy(ct, u, VEC_N_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
PQCLEAN_HQC192_CLEAN_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC192_CLEAN_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -173,7 +178,9 @@ void PQCLEAN_HQC192_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *
* @param[in] ct String containing the ciphertext
*/
void PQCLEAN_HQC192_CLEAN_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
memcpy(u, ct, VEC_N_SIZE_BYTES);
memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
PQCLEAN_HQC192_CLEAN_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC192_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 3
- 18
crypto_kem/hqc-192/clean/vector.c View File

@@ -154,22 +154,6 @@ void PQCLEAN_HQC192_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v) {



/**
* @brief Generates a random vector
*
* This function generates a random binary vector. It uses the the randombytes function.
*
* @param[in] v Pointer to an array
*/
void PQCLEAN_HQC192_CLEAN_vect_set_random_from_randombytes(uint64_t *v) {
uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0};

randombytes(rand_bytes, VEC_K_SIZE_BYTES);
memcpy(v, rand_bytes, VEC_K_SIZE_BYTES);
}



/**
* @brief Adds two vectors
*
@@ -185,6 +169,7 @@ void PQCLEAN_HQC192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64
}



/**
* @brief Compares two vectors
*
@@ -216,12 +201,12 @@ void PQCLEAN_HQC192_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64
val = 64 - (size_o % 64);
}

memcpy(o, v, VEC_N1N2_SIZE_BYTES);
memcpy(o, v, 8 * VEC_N1N2_SIZE_64);

for (int8_t i = 0; i < val; ++i) {
o[VEC_N1N2_SIZE_64 - 1] &= (mask >> i);
}
} else {
memcpy(o, v, CEIL_DIVIDE(size_v, 8));
memcpy(o, v, 8 * CEIL_DIVIDE(size_v, 64));
}
}

+ 0
- 2
crypto_kem/hqc-192/clean/vector.h View File

@@ -18,8 +18,6 @@ void PQCLEAN_HQC192_CLEAN_vect_set_random_fixed_weight(AES_XOF_struct *ctx, uint

void PQCLEAN_HQC192_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v);

void PQCLEAN_HQC192_CLEAN_vect_set_random_from_randombytes(uint64_t *v);


void PQCLEAN_HQC192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size);



+ 16
- 9
crypto_kem/hqc-256/avx2/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQC256_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint64_t
*/
void PQCLEAN_HQC256_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQC256_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y, ui
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC256_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQC256_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -138,10 +140,11 @@ void PQCLEAN_HQC256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQC256_AVX2_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC256_AVX2_vect_set_random(&pk_seedexpander, h);

PQCLEAN_HQC256_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -157,8 +160,10 @@ void PQCLEAN_HQC256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s, co
*/
void PQCLEAN_HQC256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
PQCLEAN_HQC256_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC256_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC256_AVX2_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -174,6 +179,8 @@ void PQCLEAN_HQC256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u
*/
void PQCLEAN_HQC256_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
PQCLEAN_HQC256_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
PQCLEAN_HQC256_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC256_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 12
- 15
crypto_kem/hqc-256/clean/gf2x.c View File

@@ -1,10 +1,9 @@
#include "gf2x.h"
#include "nistseedexpander.h"
#include "parameters.h"
#include "parsing.h"
#include "randombytes.h"
#include <stdint.h>
#include <stdio.h>
#include <string.h>
/**
* \file gf2x.c
* \brief Implementation of multiplication of two polynomials
@@ -13,7 +12,7 @@

static inline void swap(uint16_t *tab, uint16_t elt1, uint16_t elt2);
static void reduce(uint64_t *o, const uint64_t *a);
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);

/**
* @brief swap two elements in a table
@@ -68,7 +67,7 @@ static void reduce(uint64_t *o, const uint64_t *a) {
* @param[in] weight Hamming wifht of the sparse polynomial a2
* @param[in] ctx Pointer to a seed expander used to randomize the multiplication process
*/
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
//static uint32_t fast_convolution_mult(const uint64_t *A, const uint32_t *vB, uint64_t *C, const uint16_t w, AES_XOF_struct *ctx)
uint64_t carry;
uint32_t dec, s;
@@ -77,8 +76,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
uint16_t permutation_table[16];
uint16_t permuted_sparse_vect[PARAM_OMEGA_E];
uint16_t permutation_sparse_vect[PARAM_OMEGA_E];
uint64_t tmp;
uint64_t *pt;
uint16_t *res_16;
uint8_t *res;
size_t i, j;

for (i = 0; i < 16; i++) {
@@ -120,14 +120,13 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
for (i = 0; i < weight; i++) {
dec = a1[permuted_sparse_vect[i]] & 0xf;
s = a1[permuted_sparse_vect[i]] >> 4;
res_16 = ((uint16_t *) o) + s;
res = o + 2 * s;
pt = table + (permuted_table[dec] * (VEC_N_SIZE_64 + 1));

for (j = 0; j < VEC_N_SIZE_64 + 1; j++) {
*res_16++ ^= (uint16_t) pt[j];
*res_16++ ^= (uint16_t) (pt[j] >> 16);
*res_16++ ^= (uint16_t) (pt[j] >> 32);
*res_16++ ^= (uint16_t) (pt[j] >> 48);
tmp = PQCLEAN_HQC256_CLEAN_load8(res);
PQCLEAN_HQC256_CLEAN_store8(res, tmp ^ pt[j]);
res += 8;
}
}
}
@@ -147,11 +146,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
* @param[in] ctx Pointer to the randomness context
*/
void PQCLEAN_HQC256_CLEAN_vect_mul(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
uint64_t tmp[2 * VEC_N_SIZE_64 + 1];
for (uint32_t j = 0; j < 2 * VEC_N_SIZE_64 + 1; j++) {
tmp[j] = 0;
}
uint64_t tmp[2 * VEC_N_SIZE_64 + 1] = {0};

fast_convolution_mult(tmp, a1, a2, weight, ctx);
fast_convolution_mult((uint8_t *) tmp, a1, a2, weight, ctx);
PQCLEAN_HQC256_CLEAN_load8_arr(tmp, 2 * VEC_N_SIZE_64 + 1, (uint8_t *) tmp, sizeof(tmp));
reduce(o, tmp);
}

+ 11
- 7
crypto_kem/hqc-256/clean/kem.c View File

@@ -47,6 +47,7 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk
int PQCLEAN_HQC256_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {

uint8_t theta[SHA512_BYTES] = {0};
uint8_t m_bytes[VEC_K_SIZE_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint64_t u[VEC_N_SIZE_64] = {0};
uint64_t v[VEC_N1N2_SIZE_64] = {0};
@@ -54,19 +55,20 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, co
unsigned char mc[VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES] = {0};

// Computing m
PQCLEAN_HQC256_CLEAN_vect_set_random_from_randombytes(m);
randombytes(m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC256_CLEAN_load8_arr(m, VEC_K_SIZE_64, m_bytes, VEC_K_SIZE_BYTES);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m_bytes, VEC_K_SIZE_BYTES);

// Encrypting m
PQCLEAN_HQC256_CLEAN_hqc_pke_encrypt(u, v, m, theta, pk);

// Computing d
sha512(d, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d, m_bytes, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQC256_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
@@ -95,6 +97,7 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char pk[PUBLIC_KEY_BYTES] = {0};
uint8_t m_bytes[VEC_K_SIZE_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t theta[SHA512_BYTES] = {0};
uint64_t u2[VEC_N_SIZE_64] = {0};
@@ -110,18 +113,19 @@ int PQCLEAN_HQC256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *

// Decryting
PQCLEAN_HQC256_CLEAN_hqc_pke_decrypt(m, u, v, sk);
PQCLEAN_HQC256_CLEAN_store8_arr(m_bytes, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m_bytes, VEC_K_SIZE_BYTES);

// Encrypting m'
PQCLEAN_HQC256_CLEAN_hqc_pke_encrypt(u2, v2, m, theta, pk);

// Computing d'
sha512(d2, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d2, m_bytes, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQC256_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m_bytes, VEC_K_SIZE_BYTES);
PQCLEAN_HQC256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQC256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);


+ 19
- 12
crypto_kem/hqc-256/clean/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQC256_CLEAN_store8_arr(uint8_t *out8, size_t outlen, const uint64_
*/
void PQCLEAN_HQC256_CLEAN_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQC256_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *y, u
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC256_CLEAN_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQC256_CLEAN_vect_set_random_fixed_weight_by_coordinates(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -119,7 +121,7 @@ void PQCLEAN_HQC256_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *y, u
*/
void PQCLEAN_HQC256_CLEAN_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) {
memcpy(pk, pk_seed, SEED_BYTES);
memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES);
PQCLEAN_HQC256_CLEAN_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64);
}


@@ -138,10 +140,11 @@ void PQCLEAN_HQC256_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *s, c
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQC256_CLEAN_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQC256_CLEAN_vect_set_random(&pk_seedexpander, h);

memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -156,9 +159,11 @@ void PQCLEAN_HQC256_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *s, c
* @param[in] d String containing the hash d
*/
void PQCLEAN_HQC256_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
memcpy(ct, u, VEC_N_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
PQCLEAN_HQC256_CLEAN_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC256_CLEAN_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -173,7 +178,9 @@ void PQCLEAN_HQC256_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *
* @param[in] ct String containing the ciphertext
*/
void PQCLEAN_HQC256_CLEAN_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
memcpy(u, ct, VEC_N_SIZE_BYTES);
memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
PQCLEAN_HQC256_CLEAN_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQC256_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 3
- 18
crypto_kem/hqc-256/clean/vector.c View File

@@ -154,22 +154,6 @@ void PQCLEAN_HQC256_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v) {



/**
* @brief Generates a random vector
*
* This function generates a random binary vector. It uses the the randombytes function.
*
* @param[in] v Pointer to an array
*/
void PQCLEAN_HQC256_CLEAN_vect_set_random_from_randombytes(uint64_t *v) {
uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0};

randombytes(rand_bytes, VEC_K_SIZE_BYTES);
memcpy(v, rand_bytes, VEC_K_SIZE_BYTES);
}



/**
* @brief Adds two vectors
*
@@ -185,6 +169,7 @@ void PQCLEAN_HQC256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64
}



/**
* @brief Compares two vectors
*
@@ -216,12 +201,12 @@ void PQCLEAN_HQC256_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const uint64
val = 64 - (size_o % 64);
}

memcpy(o, v, VEC_N1N2_SIZE_BYTES);
memcpy(o, v, 8 * VEC_N1N2_SIZE_64);

for (int8_t i = 0; i < val; ++i) {
o[VEC_N1N2_SIZE_64 - 1] &= (mask >> i);
}
} else {
memcpy(o, v, CEIL_DIVIDE(size_v, 8));
memcpy(o, v, 8 * CEIL_DIVIDE(size_v, 64));
}
}

+ 0
- 2
crypto_kem/hqc-256/clean/vector.h View File

@@ -18,8 +18,6 @@ void PQCLEAN_HQC256_CLEAN_vect_set_random_fixed_weight(AES_XOF_struct *ctx, uint

void PQCLEAN_HQC256_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v);

void PQCLEAN_HQC256_CLEAN_vect_set_random_from_randombytes(uint64_t *v);


void PQCLEAN_HQC256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size);



+ 16
- 9
crypto_kem/hqc-rmrs-128/avx2/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQCRMRS128_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint
*/
void PQCLEAN_HQCRMRS128_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS128_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQCRMRS128_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -138,10 +140,11 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQCRMRS128_AVX2_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS128_AVX2_vect_set_random(&pk_seedexpander, h);

PQCLEAN_HQCRMRS128_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -157,8 +160,10 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s
*/
void PQCLEAN_HQCRMRS128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
PQCLEAN_HQCRMRS128_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS128_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS128_AVX2_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -174,6 +179,8 @@ void PQCLEAN_HQCRMRS128_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_
*/
void PQCLEAN_HQCRMRS128_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
PQCLEAN_HQCRMRS128_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
PQCLEAN_HQCRMRS128_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS128_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 4
- 5
crypto_kem/hqc-rmrs-128/clean/code.c View File

@@ -21,8 +21,8 @@
* @param[out] em Pointer to an array that is the tensor code word
* @param[in] m Pointer to an array that is the message
*/
void PQCLEAN_HQCRMRS128_CLEAN_code_encode(uint64_t *em, const uint64_t *m) {
uint64_t tmp[VEC_N1_SIZE_64] = {0};
void PQCLEAN_HQCRMRS128_CLEAN_code_encode(uint8_t *em, const uint8_t *m) {
uint8_t tmp[VEC_N1_SIZE_BYTES] = {0};

PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_encode(tmp, m);
PQCLEAN_HQCRMRS128_CLEAN_reed_muller_encode(em, tmp);
@@ -37,11 +37,10 @@ void PQCLEAN_HQCRMRS128_CLEAN_code_encode(uint64_t *em, const uint64_t *m) {
* @param[out] m Pointer to an array that is the message
* @param[in] em Pointer to an array that is the code word
*/
void PQCLEAN_HQCRMRS128_CLEAN_code_decode(uint64_t *m, const uint64_t *em) {
uint64_t tmp[VEC_N1_SIZE_64] = {0};
void PQCLEAN_HQCRMRS128_CLEAN_code_decode(uint8_t *m, const uint8_t *em) {
uint8_t tmp[VEC_N1_SIZE_BYTES] = {0};

PQCLEAN_HQCRMRS128_CLEAN_reed_muller_decode(tmp, em);
PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_decode(m, tmp);


}

+ 2
- 2
crypto_kem/hqc-rmrs-128/clean/code.h View File

@@ -12,9 +12,9 @@
#include <stddef.h>
#include <stdint.h>

void PQCLEAN_HQCRMRS128_CLEAN_code_encode(uint64_t *em, const uint64_t *message);
void PQCLEAN_HQCRMRS128_CLEAN_code_encode(uint8_t *em, const uint8_t *message);

void PQCLEAN_HQCRMRS128_CLEAN_code_decode(uint64_t *m, const uint64_t *em);
void PQCLEAN_HQCRMRS128_CLEAN_code_decode(uint8_t *m, const uint8_t *em);


#endif

+ 12
- 15
crypto_kem/hqc-rmrs-128/clean/gf2x.c View File

@@ -1,10 +1,9 @@
#include "gf2x.h"
#include "nistseedexpander.h"
#include "parameters.h"
#include "parsing.h"
#include "randombytes.h"
#include <stdint.h>
#include <stdio.h>
#include <string.h>
/**
* \file gf2x.c
* \brief Implementation of multiplication of two polynomials
@@ -13,7 +12,7 @@

static inline void swap(uint16_t *tab, uint16_t elt1, uint16_t elt2);
static void reduce(uint64_t *o, const uint64_t *a);
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);

/**
* @brief swap two elements in a table
@@ -68,7 +67,7 @@ static void reduce(uint64_t *o, const uint64_t *a) {
* @param[in] weight Hamming wifht of the sparse polynomial a2
* @param[in] ctx Pointer to a seed expander used to randomize the multiplication process
*/
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
//static uint32_t fast_convolution_mult(const uint64_t *A, const uint32_t *vB, uint64_t *C, const uint16_t w, AES_XOF_struct *ctx)
uint64_t carry;
uint32_t dec, s;
@@ -77,8 +76,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
uint16_t permutation_table[16];
uint16_t permuted_sparse_vect[PARAM_OMEGA_E];
uint16_t permutation_sparse_vect[PARAM_OMEGA_E];
uint64_t tmp;
uint64_t *pt;
uint16_t *res_16;
uint8_t *res;
size_t i, j;

for (i = 0; i < 16; i++) {
@@ -120,14 +120,13 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
for (i = 0; i < weight; i++) {
dec = a1[permuted_sparse_vect[i]] & 0xf;
s = a1[permuted_sparse_vect[i]] >> 4;
res_16 = ((uint16_t *) o) + s;
res = o + 2 * s;
pt = table + (permuted_table[dec] * (VEC_N_SIZE_64 + 1));

for (j = 0; j < VEC_N_SIZE_64 + 1; j++) {
*res_16++ ^= (uint16_t) pt[j];
*res_16++ ^= (uint16_t) (pt[j] >> 16);
*res_16++ ^= (uint16_t) (pt[j] >> 32);
*res_16++ ^= (uint16_t) (pt[j] >> 48);
tmp = PQCLEAN_HQCRMRS128_CLEAN_load8(res);
PQCLEAN_HQCRMRS128_CLEAN_store8(res, tmp ^ pt[j]);
res += 8;
}
}
}
@@ -147,11 +146,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
* @param[in] ctx Pointer to the randomness context
*/
void PQCLEAN_HQCRMRS128_CLEAN_vect_mul(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
uint64_t tmp[2 * VEC_N_SIZE_64 + 1];
for (uint32_t j = 0; j < 2 * VEC_N_SIZE_64 + 1; j++) {
tmp[j] = 0;
}
uint64_t tmp[2 * VEC_N_SIZE_64 + 1] = {0};

fast_convolution_mult(tmp, a1, a2, weight, ctx);
fast_convolution_mult((uint8_t *) tmp, a1, a2, weight, ctx);
PQCLEAN_HQCRMRS128_CLEAN_load8_arr(tmp, 2 * VEC_N_SIZE_64 + 1, (uint8_t *) tmp, sizeof(tmp));
reduce(o, tmp);
}

+ 8
- 7
crypto_kem/hqc-rmrs-128/clean/hqc.c View File

@@ -70,7 +70,7 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_keygen(unsigned char *pk, unsigned char *s
* @param[in] theta Seed used to derive randomness required for encryption
* @param[in] pk String containing the public key
*/
void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t *m, unsigned char *theta, const unsigned char *pk) {
void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint8_t *m, unsigned char *theta, const unsigned char *pk) {
AES_XOF_struct seedexpander;
uint64_t h[VEC_N_SIZE_64] = {0};
uint64_t s[VEC_N_SIZE_64] = {0};
@@ -96,7 +96,8 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t
PQCLEAN_HQCRMRS128_CLEAN_vect_add(u, r1, u, VEC_N_SIZE_64);

// Compute v = m.G by encoding the message
PQCLEAN_HQCRMRS128_CLEAN_code_encode(v, m);
PQCLEAN_HQCRMRS128_CLEAN_code_encode((uint8_t *)v, m);
PQCLEAN_HQCRMRS128_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, (uint8_t *)v, VEC_N1N2_SIZE_BYTES);
PQCLEAN_HQCRMRS128_CLEAN_vect_resize(tmp1, PARAM_N, v, PARAM_N1N2);

// Compute v = m.G + s.r2 + e
@@ -117,17 +118,16 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t
* @param[in] v Vector v (second part of the ciphertext)
* @param[in] sk String containing the secret key
*/
void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk) {
uint64_t x[VEC_N_SIZE_64] = {0};
uint32_t y[PARAM_OMEGA] = {0};
void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_decrypt(uint8_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk) {
uint8_t pk[PUBLIC_KEY_BYTES] = {0};
uint64_t tmp1[VEC_N_SIZE_64] = {0};
uint64_t tmp2[VEC_N_SIZE_64] = {0};
uint32_t y[PARAM_OMEGA] = {0};
AES_XOF_struct perm_seedexpander;
uint8_t perm_seed[SEED_BYTES] = {0};

// Retrieve x, y, pk from secret key
PQCLEAN_HQCRMRS128_CLEAN_hqc_secret_key_from_string(x, y, pk, sk);
PQCLEAN_HQCRMRS128_CLEAN_hqc_secret_key_from_string(tmp1, y, pk, sk);

randombytes(perm_seed, SEED_BYTES);
seedexpander_init(&perm_seedexpander, perm_seed, perm_seed + 32, SEEDEXPANDER_MAX_LENGTH);
@@ -139,5 +139,6 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, co


// Compute m by decoding v - u.y
PQCLEAN_HQCRMRS128_CLEAN_code_decode(m, tmp2);
PQCLEAN_HQCRMRS128_CLEAN_store8_arr((uint8_t *)tmp1, VEC_N_SIZE_BYTES, tmp2, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS128_CLEAN_code_decode(m, (uint8_t *)tmp1);
}

+ 2
- 2
crypto_kem/hqc-rmrs-128/clean/hqc.h View File

@@ -13,9 +13,9 @@

void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_keygen(unsigned char *pk, unsigned char *sk);

void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t *m, unsigned char *theta, const unsigned char *pk);
void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint8_t *m, unsigned char *theta, const unsigned char *pk);

void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk);
void PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_decrypt(uint8_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk);


#endif

+ 9
- 9
crypto_kem/hqc-rmrs-128/clean/kem.c View File

@@ -47,26 +47,26 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char
int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {

uint8_t theta[SHA512_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t m[VEC_K_SIZE_BYTES] = {0};
uint64_t u[VEC_N_SIZE_64] = {0};
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char mc[VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES] = {0};

// Computing m
PQCLEAN_HQCRMRS128_CLEAN_vect_set_random_from_randombytes(m);
randombytes(m, VEC_K_SIZE_BYTES);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m, VEC_K_SIZE_BYTES);

// Encrypting m
PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(u, v, m, theta, pk);

// Computing d
sha512(d, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d, m, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m, VEC_K_SIZE_BYTES);
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
@@ -95,7 +95,7 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char pk[PUBLIC_KEY_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t m[VEC_K_SIZE_BYTES] = {0};
uint8_t theta[SHA512_BYTES] = {0};
uint64_t u2[VEC_N_SIZE_64] = {0};
uint64_t v2[VEC_N1N2_SIZE_64] = {0};
@@ -112,16 +112,16 @@ int PQCLEAN_HQCRMRS128_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_decrypt(m, u, v, sk);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m, VEC_K_SIZE_BYTES);

// Encrypting m'
PQCLEAN_HQCRMRS128_CLEAN_hqc_pke_encrypt(u2, v2, m, theta, pk);

// Computing d'
sha512(d2, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d2, m, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m, VEC_K_SIZE_BYTES);
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);


+ 19
- 12
crypto_kem/hqc-rmrs-128/clean/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQCRMRS128_CLEAN_store8_arr(uint8_t *out8, size_t outlen, const uin
*/
void PQCLEAN_HQCRMRS128_CLEAN_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS128_CLEAN_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQCRMRS128_CLEAN_vect_set_random_fixed_weight_by_coordinates(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -119,7 +121,7 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *
*/
void PQCLEAN_HQCRMRS128_CLEAN_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) {
memcpy(pk, pk_seed, SEED_BYTES);
memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES);
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64);
}


@@ -138,10 +140,11 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQCRMRS128_CLEAN_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS128_CLEAN_vect_set_random(&pk_seedexpander, h);

memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -156,9 +159,11 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *
* @param[in] d String containing the hash d
*/
void PQCLEAN_HQCRMRS128_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
memcpy(ct, u, VEC_N_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS128_CLEAN_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -173,7 +178,9 @@ void PQCLEAN_HQCRMRS128_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64
* @param[in] ct String containing the ciphertext
*/
void PQCLEAN_HQCRMRS128_CLEAN_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
memcpy(u, ct, VEC_N_SIZE_BYTES);
memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
PQCLEAN_HQCRMRS128_CLEAN_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS128_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 44
- 37
crypto_kem/hqc-rmrs-128/clean/reed_muller.c View File

@@ -16,9 +16,9 @@
#define BIT0MASK(x) (-((x) & 1))


static void encode(uint32_t *word, uint8_t message);
static void encode(uint8_t *word, uint8_t message);
static void hadamard(uint16_t src[128], uint16_t dst[128]);
static void expand_and_sum(uint16_t dest[128], const uint32_t src[4 * MULTIPLICITY]);
static void expand_and_sum(uint16_t dest[128], const uint8_t src[16 * MULTIPLICITY]);
static uint8_t find_peaks(const uint16_t transform[128]);


@@ -40,28 +40,38 @@ static uint8_t find_peaks(const uint16_t transform[128]);
* @param[out] word An RM(1,7) codeword
* @param[in] message A message
*/
static void encode(uint32_t *word, uint8_t message) {
// the four parts of the word are identical
// except for encoding bits 5 and 6
uint32_t first_word;
static void encode(uint8_t *word, uint8_t message) {
uint32_t e;
// bit 7 flips all the bits, do that first to save work
first_word = BIT0MASK(message >> 7);
e = BIT0MASK(message >> 7);
// bits 0, 1, 2, 3, 4 are the same for all four longs
// (Warning: in the bit matrix above, low bits are at the left!)
first_word ^= BIT0MASK(message >> 0) & 0xaaaaaaaa;
first_word ^= BIT0MASK(message >> 1) & 0xcccccccc;
first_word ^= BIT0MASK(message >> 2) & 0xf0f0f0f0;
first_word ^= BIT0MASK(message >> 3) & 0xff00ff00;
first_word ^= BIT0MASK(message >> 4) & 0xffff0000;
e ^= BIT0MASK(message >> 0) & 0xaaaaaaaa;
e ^= BIT0MASK(message >> 1) & 0xcccccccc;
e ^= BIT0MASK(message >> 2) & 0xf0f0f0f0;
e ^= BIT0MASK(message >> 3) & 0xff00ff00;
e ^= BIT0MASK(message >> 4) & 0xffff0000;
// we can store this in the first quarter
word[0] = first_word;
word[0 + 0] = (e >> 0x00) & 0xff;
word[0 + 1] = (e >> 0x08) & 0xff;
word[0 + 2] = (e >> 0x10) & 0xff;
word[0 + 3] = (e >> 0x18) & 0xff;
// bit 5 flips entries 1 and 3; bit 6 flips 2 and 3
first_word ^= BIT0MASK(message >> 5);
word[1] = first_word;
first_word ^= BIT0MASK(message >> 6);
word[3] = first_word;
first_word ^= BIT0MASK(message >> 5);
word[2] = first_word;
e ^= BIT0MASK(message >> 5);
word[4 + 0] = (e >> 0x00) & 0xff;
word[4 + 1] = (e >> 0x08) & 0xff;
word[4 + 2] = (e >> 0x10) & 0xff;
word[4 + 3] = (e >> 0x18) & 0xff;
e ^= BIT0MASK(message >> 6);
word[12 + 0] = (e >> 0x00) & 0xff;
word[12 + 1] = (e >> 0x08) & 0xff;
word[12 + 2] = (e >> 0x10) & 0xff;
word[12 + 3] = (e >> 0x18) & 0xff;
e ^= BIT0MASK(message >> 5);
word[8 + 0] = (e >> 0x00) & 0xff;
word[8 + 1] = (e >> 0x08) & 0xff;
word[8 + 2] = (e >> 0x10) & 0xff;
word[8 + 3] = (e >> 0x18) & 0xff;
}


@@ -131,18 +141,19 @@ static void hadamard(uint16_t src[128], uint16_t dst[128]) {
* @param[out] dest Structure that contain the expanded codeword
* @param[in] src Structure that contain the codeword
*/
static void expand_and_sum(uint16_t dest[128], const uint32_t src[4 * MULTIPLICITY]) {
static void expand_and_sum(uint16_t dest[128], const uint8_t src[16 * MULTIPLICITY]) {
size_t part, bit, copy;
// start with the first copy
for (uint32_t part = 0; part < 4; part++) {
for (uint32_t bit = 0; bit < 32; bit++) {
dest[part * 32 + bit] = (uint16_t) ((src[part] >> bit) & 1);
for (part = 0; part < 16; part++) {
for (bit = 0; bit < 8; bit++) {
dest[part * 8 + bit] = (uint16_t) ((src[part] >> bit) & 1);
}
}
// sum the rest of the copies
for (uint32_t copy = 1; copy < MULTIPLICITY; copy++) {
for (uint32_t part = 0; part < 4; part++) {
for (uint32_t bit = 0; bit < 32; bit++) {
dest[part * 32 + bit] += (uint16_t) ((src[4 * copy + part] >> bit) & 1);
for (copy = 1; copy < MULTIPLICITY; copy++) {
for (part = 0; part < 16; part++) {
for (bit = 0; bit < 8; bit++) {
dest[part * 8 + bit] += (uint16_t) ((src[16 * copy + part] >> bit) & 1);
}
}
}
@@ -188,15 +199,13 @@ static uint8_t find_peaks(const uint16_t transform[128]) {
* @param[out] cdw Array of size VEC_N1N2_SIZE_64 receiving the encoded message
* @param[in] msg Array of size VEC_N1_SIZE_64 storing the message
*/
void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *msg) {
uint8_t *message_array = (uint8_t *) msg;
uint32_t *codeArray = (uint32_t *) cdw;
void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_encode(uint8_t *cdw, const uint8_t *msg) {
for (size_t i = 0; i < VEC_N1_SIZE_BYTES; i++) {
// encode first word
encode(&codeArray[4 * i * MULTIPLICITY], message_array[i]);
encode(&cdw[16 * i * MULTIPLICITY], msg[i]);
// copy to other identical codewords
for (size_t copy = 1; copy < MULTIPLICITY; copy++) {
memcpy(&codeArray[4 * i * MULTIPLICITY + 4 * copy], &codeArray[4 * i * MULTIPLICITY], 4 * sizeof(uint32_t));
memcpy(&cdw[16 * i * MULTIPLICITY + 16 * copy], &cdw[16 * i * MULTIPLICITY], 16);
}
}
}
@@ -212,19 +221,17 @@ void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *
* @param[out] msg Array of size VEC_N1_SIZE_64 receiving the decoded message
* @param[in] cdw Array of size VEC_N1N2_SIZE_64 storing the received word
*/
void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_decode(uint64_t *msg, const uint64_t *cdw) {
uint8_t *message_array = (uint8_t *) msg;
uint32_t *codeArray = (uint32_t *) cdw;
void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_decode(uint8_t *msg, const uint8_t *cdw) {
uint16_t expanded[128];
uint16_t transform[128];
for (size_t i = 0; i < VEC_N1_SIZE_BYTES; i++) {
// collect the codewords
expand_and_sum(expanded, &codeArray[4 * i * MULTIPLICITY]);
expand_and_sum(expanded, &cdw[16 * i * MULTIPLICITY]);
// apply hadamard transform
hadamard(expanded, transform);
// fix the first entry to get the half Hadamard transform
transform[0] -= 64 * MULTIPLICITY;
// finish the decoding
message_array[i] = find_peaks(transform);
msg[i] = find_peaks(transform);
}
}

+ 2
- 2
crypto_kem/hqc-rmrs-128/clean/reed_muller.h View File

@@ -12,9 +12,9 @@
#include <stddef.h>
#include <stdint.h>

void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *msg);
void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_encode(uint8_t *cdw, const uint8_t *msg);

void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_decode(uint64_t *msg, const uint64_t *cdw);
void PQCLEAN_HQCRMRS128_CLEAN_reed_muller_decode(uint8_t *msg, const uint8_t *cdw);


#endif

+ 12
- 21
crypto_kem/hqc-rmrs-128/clean/reed_solomon.c View File

@@ -1,6 +1,7 @@
#include "fft.h"
#include "gf.h"
#include "parameters.h"
#include "parsing.h"
#include "reed_solomon.h"
#include <stdint.h>
#include <stdio.h>
@@ -30,37 +31,31 @@ static void correct_errors(uint8_t *cdw, const uint16_t *error_values);
* @param[out] cdw Array of size VEC_N1_SIZE_64 receiving the encoded message
* @param[in] msg Array of size VEC_K_SIZE_64 storing the message
*/
void PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_encode(uint64_t *cdw, const uint64_t *msg) {
void PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_encode(uint8_t *cdw, const uint8_t *msg) {
uint8_t gate_value = 0;

uint16_t tmp[PARAM_G] = {0};
uint16_t PARAM_RS_POLY [] = {RS_POLY_COEFS};

uint8_t msg_bytes[PARAM_K] = {0};
uint8_t cdw_bytes[PARAM_N1] = {0};

for (size_t i = 0; i < VEC_K_SIZE_64; ++i) {
for (size_t j = 0; j < 8; ++j) {
msg_bytes[i * 8 + j] = (uint8_t) (msg[i] >> (j * 8));
}
for (size_t i = 0; i < PARAM_N1; i++) {
cdw[i] = 0;
}

for (int i = PARAM_K - 1; i >= 0; --i) {
gate_value = msg_bytes[i] ^ cdw_bytes[PARAM_N1 - PARAM_K - 1];
gate_value = msg[i] ^ cdw[PARAM_N1 - PARAM_K - 1];

for (size_t j = 0; j < PARAM_G; ++j) {
tmp[j] = PQCLEAN_HQCRMRS128_CLEAN_gf_mul(gate_value, PARAM_RS_POLY[j]);
}

for (size_t k = PARAM_N1 - PARAM_K - 1; k; --k) {
cdw_bytes[k] = cdw_bytes[k - 1] ^ tmp[k];
cdw[k] = cdw[k - 1] ^ tmp[k];
}

cdw_bytes[0] = tmp[0];
cdw[0] = tmp[0];
}

memcpy(cdw_bytes + PARAM_N1 - PARAM_K, msg_bytes, PARAM_K);
memcpy(cdw, cdw_bytes, PARAM_N1);
memcpy(cdw + PARAM_N1 - PARAM_K, msg, PARAM_K);
}


@@ -312,8 +307,7 @@ static void correct_errors(uint8_t *cdw, const uint16_t *error_values) {
* @param[out] msg Array of size VEC_K_SIZE_64 receiving the decoded message
* @param[in] cdw Array of size VEC_N1_SIZE_64 storing the received word
*/
void PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw) {
uint8_t cdw_bytes[PARAM_N1] = {0};
void PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_decode(uint8_t *msg, uint8_t *cdw) {
uint16_t syndromes[2 * PARAM_DELTA] = {0};
uint16_t sigma[1 << PARAM_FFT] = {0};
uint8_t error[1 << PARAM_M] = {0};
@@ -321,11 +315,8 @@ void PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw)
uint16_t error_values[PARAM_N1] = {0};
uint16_t deg;

// Copy the vector in an array of bytes
memcpy(cdw_bytes, cdw, PARAM_N1);

// Calculate the 2*PARAM_DELTA syndromes
compute_syndromes(syndromes, cdw_bytes);
compute_syndromes(syndromes, cdw);

// Compute the error locator polynomial sigma
// Sigma's degree is at most PARAM_DELTA but the FFT requires the extra room
@@ -341,9 +332,9 @@ void PQCLEAN_HQCRMRS128_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw)
compute_error_values(error_values, z, error);

// Correct the errors
correct_errors(cdw_bytes, error_values);
correct_errors(cdw, error_values);

// Retrieve the message from the decoded codeword
memcpy(msg, cdw_bytes + (PARAM_G - 1), PARAM_K);
memcpy(msg, cdw + (PARAM_G - 1), PARAM_K);

}

+ 2
- 2
crypto_kem/hqc-rmrs-128/clean/reed_solomon.h
File diff suppressed because it is too large
View File


+ 3
- 18
crypto_kem/hqc-rmrs-128/clean/vector.c View File

@@ -154,22 +154,6 @@ void PQCLEAN_HQCRMRS128_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v)



/**
* @brief Generates a random vector
*
* This function generates a random binary vector. It uses the the randombytes function.
*
* @param[in] v Pointer to an array
*/
void PQCLEAN_HQCRMRS128_CLEAN_vect_set_random_from_randombytes(uint64_t *v) {
uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0};

randombytes(rand_bytes, VEC_K_SIZE_BYTES);
memcpy(v, rand_bytes, VEC_K_SIZE_BYTES);
}



/**
* @brief Adds two vectors
*
@@ -185,6 +169,7 @@ void PQCLEAN_HQCRMRS128_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const ui
}



/**
* @brief Compares two vectors
*
@@ -216,12 +201,12 @@ void PQCLEAN_HQCRMRS128_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const ui
val = 64 - (size_o % 64);
}

memcpy(o, v, VEC_N1N2_SIZE_BYTES);
memcpy(o, v, 8 * VEC_N1N2_SIZE_64);

for (int8_t i = 0; i < val; ++i) {
o[VEC_N1N2_SIZE_64 - 1] &= (mask >> i);
}
} else {
memcpy(o, v, CEIL_DIVIDE(size_v, 8));
memcpy(o, v, 8 * CEIL_DIVIDE(size_v, 64));
}
}

+ 0
- 2
crypto_kem/hqc-rmrs-128/clean/vector.h View File

@@ -18,8 +18,6 @@ void PQCLEAN_HQCRMRS128_CLEAN_vect_set_random_fixed_weight(AES_XOF_struct *ctx,

void PQCLEAN_HQCRMRS128_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v);

void PQCLEAN_HQCRMRS128_CLEAN_vect_set_random_from_randombytes(uint64_t *v);


void PQCLEAN_HQCRMRS128_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size);



+ 16
- 9
crypto_kem/hqc-rmrs-192/avx2/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQCRMRS192_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint
*/
void PQCLEAN_HQCRMRS192_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS192_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQCRMRS192_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -138,10 +140,11 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQCRMRS192_AVX2_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS192_AVX2_vect_set_random(&pk_seedexpander, h);

PQCLEAN_HQCRMRS192_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -157,8 +160,10 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s
*/
void PQCLEAN_HQCRMRS192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
PQCLEAN_HQCRMRS192_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS192_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS192_AVX2_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -174,6 +179,8 @@ void PQCLEAN_HQCRMRS192_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_
*/
void PQCLEAN_HQCRMRS192_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
PQCLEAN_HQCRMRS192_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
PQCLEAN_HQCRMRS192_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS192_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 4
- 5
crypto_kem/hqc-rmrs-192/clean/code.c View File

@@ -21,8 +21,8 @@
* @param[out] em Pointer to an array that is the tensor code word
* @param[in] m Pointer to an array that is the message
*/
void PQCLEAN_HQCRMRS192_CLEAN_code_encode(uint64_t *em, const uint64_t *m) {
uint64_t tmp[VEC_N1_SIZE_64] = {0};
void PQCLEAN_HQCRMRS192_CLEAN_code_encode(uint8_t *em, const uint8_t *m) {
uint8_t tmp[VEC_N1_SIZE_BYTES] = {0};

PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_encode(tmp, m);
PQCLEAN_HQCRMRS192_CLEAN_reed_muller_encode(em, tmp);
@@ -37,11 +37,10 @@ void PQCLEAN_HQCRMRS192_CLEAN_code_encode(uint64_t *em, const uint64_t *m) {
* @param[out] m Pointer to an array that is the message
* @param[in] em Pointer to an array that is the code word
*/
void PQCLEAN_HQCRMRS192_CLEAN_code_decode(uint64_t *m, const uint64_t *em) {
uint64_t tmp[VEC_N1_SIZE_64] = {0};
void PQCLEAN_HQCRMRS192_CLEAN_code_decode(uint8_t *m, const uint8_t *em) {
uint8_t tmp[VEC_N1_SIZE_BYTES] = {0};

PQCLEAN_HQCRMRS192_CLEAN_reed_muller_decode(tmp, em);
PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_decode(m, tmp);


}

+ 2
- 2
crypto_kem/hqc-rmrs-192/clean/code.h View File

@@ -12,9 +12,9 @@
#include <stddef.h>
#include <stdint.h>

void PQCLEAN_HQCRMRS192_CLEAN_code_encode(uint64_t *em, const uint64_t *message);
void PQCLEAN_HQCRMRS192_CLEAN_code_encode(uint8_t *em, const uint8_t *message);

void PQCLEAN_HQCRMRS192_CLEAN_code_decode(uint64_t *m, const uint64_t *em);
void PQCLEAN_HQCRMRS192_CLEAN_code_decode(uint8_t *m, const uint8_t *em);


#endif

+ 12
- 15
crypto_kem/hqc-rmrs-192/clean/gf2x.c View File

@@ -1,10 +1,9 @@
#include "gf2x.h"
#include "nistseedexpander.h"
#include "parameters.h"
#include "parsing.h"
#include "randombytes.h"
#include <stdint.h>
#include <stdio.h>
#include <string.h>
/**
* \file gf2x.c
* \brief Implementation of multiplication of two polynomials
@@ -13,7 +12,7 @@

static inline void swap(uint16_t *tab, uint16_t elt1, uint16_t elt2);
static void reduce(uint64_t *o, const uint64_t *a);
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);

/**
* @brief swap two elements in a table
@@ -68,7 +67,7 @@ static void reduce(uint64_t *o, const uint64_t *a) {
* @param[in] weight Hamming wifht of the sparse polynomial a2
* @param[in] ctx Pointer to a seed expander used to randomize the multiplication process
*/
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
//static uint32_t fast_convolution_mult(const uint64_t *A, const uint32_t *vB, uint64_t *C, const uint16_t w, AES_XOF_struct *ctx)
uint64_t carry;
uint32_t dec, s;
@@ -77,8 +76,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
uint16_t permutation_table[16];
uint16_t permuted_sparse_vect[PARAM_OMEGA_E];
uint16_t permutation_sparse_vect[PARAM_OMEGA_E];
uint64_t tmp;
uint64_t *pt;
uint16_t *res_16;
uint8_t *res;
size_t i, j;

for (i = 0; i < 16; i++) {
@@ -120,14 +120,13 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
for (i = 0; i < weight; i++) {
dec = a1[permuted_sparse_vect[i]] & 0xf;
s = a1[permuted_sparse_vect[i]] >> 4;
res_16 = ((uint16_t *) o) + s;
res = o + 2 * s;
pt = table + (permuted_table[dec] * (VEC_N_SIZE_64 + 1));

for (j = 0; j < VEC_N_SIZE_64 + 1; j++) {
*res_16++ ^= (uint16_t) pt[j];
*res_16++ ^= (uint16_t) (pt[j] >> 16);
*res_16++ ^= (uint16_t) (pt[j] >> 32);
*res_16++ ^= (uint16_t) (pt[j] >> 48);
tmp = PQCLEAN_HQCRMRS192_CLEAN_load8(res);
PQCLEAN_HQCRMRS192_CLEAN_store8(res, tmp ^ pt[j]);
res += 8;
}
}
}
@@ -147,11 +146,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
* @param[in] ctx Pointer to the randomness context
*/
void PQCLEAN_HQCRMRS192_CLEAN_vect_mul(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
uint64_t tmp[2 * VEC_N_SIZE_64 + 1];
for (uint32_t j = 0; j < 2 * VEC_N_SIZE_64 + 1; j++) {
tmp[j] = 0;
}
uint64_t tmp[2 * VEC_N_SIZE_64 + 1] = {0};

fast_convolution_mult(tmp, a1, a2, weight, ctx);
fast_convolution_mult((uint8_t *) tmp, a1, a2, weight, ctx);
PQCLEAN_HQCRMRS192_CLEAN_load8_arr(tmp, 2 * VEC_N_SIZE_64 + 1, (uint8_t *) tmp, sizeof(tmp));
reduce(o, tmp);
}

+ 8
- 7
crypto_kem/hqc-rmrs-192/clean/hqc.c View File

@@ -70,7 +70,7 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_keygen(unsigned char *pk, unsigned char *s
* @param[in] theta Seed used to derive randomness required for encryption
* @param[in] pk String containing the public key
*/
void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t *m, unsigned char *theta, const unsigned char *pk) {
void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint8_t *m, unsigned char *theta, const unsigned char *pk) {
AES_XOF_struct seedexpander;
uint64_t h[VEC_N_SIZE_64] = {0};
uint64_t s[VEC_N_SIZE_64] = {0};
@@ -96,7 +96,8 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t
PQCLEAN_HQCRMRS192_CLEAN_vect_add(u, r1, u, VEC_N_SIZE_64);

// Compute v = m.G by encoding the message
PQCLEAN_HQCRMRS192_CLEAN_code_encode(v, m);
PQCLEAN_HQCRMRS192_CLEAN_code_encode((uint8_t *)v, m);
PQCLEAN_HQCRMRS192_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, (uint8_t *)v, VEC_N1N2_SIZE_BYTES);
PQCLEAN_HQCRMRS192_CLEAN_vect_resize(tmp1, PARAM_N, v, PARAM_N1N2);

// Compute v = m.G + s.r2 + e
@@ -117,17 +118,16 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t
* @param[in] v Vector v (second part of the ciphertext)
* @param[in] sk String containing the secret key
*/
void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk) {
uint64_t x[VEC_N_SIZE_64] = {0};
uint32_t y[PARAM_OMEGA] = {0};
void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_decrypt(uint8_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk) {
uint8_t pk[PUBLIC_KEY_BYTES] = {0};
uint64_t tmp1[VEC_N_SIZE_64] = {0};
uint64_t tmp2[VEC_N_SIZE_64] = {0};
uint32_t y[PARAM_OMEGA] = {0};
AES_XOF_struct perm_seedexpander;
uint8_t perm_seed[SEED_BYTES] = {0};

// Retrieve x, y, pk from secret key
PQCLEAN_HQCRMRS192_CLEAN_hqc_secret_key_from_string(x, y, pk, sk);
PQCLEAN_HQCRMRS192_CLEAN_hqc_secret_key_from_string(tmp1, y, pk, sk);

randombytes(perm_seed, SEED_BYTES);
seedexpander_init(&perm_seedexpander, perm_seed, perm_seed + 32, SEEDEXPANDER_MAX_LENGTH);
@@ -139,5 +139,6 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, co


// Compute m by decoding v - u.y
PQCLEAN_HQCRMRS192_CLEAN_code_decode(m, tmp2);
PQCLEAN_HQCRMRS192_CLEAN_store8_arr((uint8_t *)tmp1, VEC_N_SIZE_BYTES, tmp2, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS192_CLEAN_code_decode(m, (uint8_t *)tmp1);
}

+ 2
- 2
crypto_kem/hqc-rmrs-192/clean/hqc.h View File

@@ -13,9 +13,9 @@

void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_keygen(unsigned char *pk, unsigned char *sk);

void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t *m, unsigned char *theta, const unsigned char *pk);
void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint8_t *m, unsigned char *theta, const unsigned char *pk);

void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk);
void PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_decrypt(uint8_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk);


#endif

+ 9
- 9
crypto_kem/hqc-rmrs-192/clean/kem.c View File

@@ -47,26 +47,26 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char
int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {

uint8_t theta[SHA512_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t m[VEC_K_SIZE_BYTES] = {0};
uint64_t u[VEC_N_SIZE_64] = {0};
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char mc[VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES] = {0};

// Computing m
PQCLEAN_HQCRMRS192_CLEAN_vect_set_random_from_randombytes(m);
randombytes(m, VEC_K_SIZE_BYTES);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m, VEC_K_SIZE_BYTES);

// Encrypting m
PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(u, v, m, theta, pk);

// Computing d
sha512(d, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d, m, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m, VEC_K_SIZE_BYTES);
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
@@ -95,7 +95,7 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char pk[PUBLIC_KEY_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t m[VEC_K_SIZE_BYTES] = {0};
uint8_t theta[SHA512_BYTES] = {0};
uint64_t u2[VEC_N_SIZE_64] = {0};
uint64_t v2[VEC_N1N2_SIZE_64] = {0};
@@ -112,16 +112,16 @@ int PQCLEAN_HQCRMRS192_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_decrypt(m, u, v, sk);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m, VEC_K_SIZE_BYTES);

// Encrypting m'
PQCLEAN_HQCRMRS192_CLEAN_hqc_pke_encrypt(u2, v2, m, theta, pk);

// Computing d'
sha512(d2, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d2, m, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m, VEC_K_SIZE_BYTES);
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);


+ 19
- 12
crypto_kem/hqc-rmrs-192/clean/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQCRMRS192_CLEAN_store8_arr(uint8_t *out8, size_t outlen, const uin
*/
void PQCLEAN_HQCRMRS192_CLEAN_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS192_CLEAN_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQCRMRS192_CLEAN_vect_set_random_fixed_weight_by_coordinates(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -119,7 +121,7 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *
*/
void PQCLEAN_HQCRMRS192_CLEAN_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) {
memcpy(pk, pk_seed, SEED_BYTES);
memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES);
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64);
}


@@ -138,10 +140,11 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQCRMRS192_CLEAN_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS192_CLEAN_vect_set_random(&pk_seedexpander, h);

memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -156,9 +159,11 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *
* @param[in] d String containing the hash d
*/
void PQCLEAN_HQCRMRS192_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
memcpy(ct, u, VEC_N_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS192_CLEAN_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -173,7 +178,9 @@ void PQCLEAN_HQCRMRS192_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64
* @param[in] ct String containing the ciphertext
*/
void PQCLEAN_HQCRMRS192_CLEAN_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
memcpy(u, ct, VEC_N_SIZE_BYTES);
memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
PQCLEAN_HQCRMRS192_CLEAN_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS192_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 44
- 37
crypto_kem/hqc-rmrs-192/clean/reed_muller.c View File

@@ -16,9 +16,9 @@
#define BIT0MASK(x) (-((x) & 1))


static void encode(uint32_t *word, uint8_t message);
static void encode(uint8_t *word, uint8_t message);
static void hadamard(uint16_t src[128], uint16_t dst[128]);
static void expand_and_sum(uint16_t dest[128], const uint32_t src[4 * MULTIPLICITY]);
static void expand_and_sum(uint16_t dest[128], const uint8_t src[16 * MULTIPLICITY]);
static uint8_t find_peaks(const uint16_t transform[128]);


@@ -40,28 +40,38 @@ static uint8_t find_peaks(const uint16_t transform[128]);
* @param[out] word An RM(1,7) codeword
* @param[in] message A message
*/
static void encode(uint32_t *word, uint8_t message) {
// the four parts of the word are identical
// except for encoding bits 5 and 6
uint32_t first_word;
static void encode(uint8_t *word, uint8_t message) {
uint32_t e;
// bit 7 flips all the bits, do that first to save work
first_word = BIT0MASK(message >> 7);
e = BIT0MASK(message >> 7);
// bits 0, 1, 2, 3, 4 are the same for all four longs
// (Warning: in the bit matrix above, low bits are at the left!)
first_word ^= BIT0MASK(message >> 0) & 0xaaaaaaaa;
first_word ^= BIT0MASK(message >> 1) & 0xcccccccc;
first_word ^= BIT0MASK(message >> 2) & 0xf0f0f0f0;
first_word ^= BIT0MASK(message >> 3) & 0xff00ff00;
first_word ^= BIT0MASK(message >> 4) & 0xffff0000;
e ^= BIT0MASK(message >> 0) & 0xaaaaaaaa;
e ^= BIT0MASK(message >> 1) & 0xcccccccc;
e ^= BIT0MASK(message >> 2) & 0xf0f0f0f0;
e ^= BIT0MASK(message >> 3) & 0xff00ff00;
e ^= BIT0MASK(message >> 4) & 0xffff0000;
// we can store this in the first quarter
word[0] = first_word;
word[0 + 0] = (e >> 0x00) & 0xff;
word[0 + 1] = (e >> 0x08) & 0xff;
word[0 + 2] = (e >> 0x10) & 0xff;
word[0 + 3] = (e >> 0x18) & 0xff;
// bit 5 flips entries 1 and 3; bit 6 flips 2 and 3
first_word ^= BIT0MASK(message >> 5);
word[1] = first_word;
first_word ^= BIT0MASK(message >> 6);
word[3] = first_word;
first_word ^= BIT0MASK(message >> 5);
word[2] = first_word;
e ^= BIT0MASK(message >> 5);
word[4 + 0] = (e >> 0x00) & 0xff;
word[4 + 1] = (e >> 0x08) & 0xff;
word[4 + 2] = (e >> 0x10) & 0xff;
word[4 + 3] = (e >> 0x18) & 0xff;
e ^= BIT0MASK(message >> 6);
word[12 + 0] = (e >> 0x00) & 0xff;
word[12 + 1] = (e >> 0x08) & 0xff;
word[12 + 2] = (e >> 0x10) & 0xff;
word[12 + 3] = (e >> 0x18) & 0xff;
e ^= BIT0MASK(message >> 5);
word[8 + 0] = (e >> 0x00) & 0xff;
word[8 + 1] = (e >> 0x08) & 0xff;
word[8 + 2] = (e >> 0x10) & 0xff;
word[8 + 3] = (e >> 0x18) & 0xff;
}


@@ -131,18 +141,19 @@ static void hadamard(uint16_t src[128], uint16_t dst[128]) {
* @param[out] dest Structure that contain the expanded codeword
* @param[in] src Structure that contain the codeword
*/
static void expand_and_sum(uint16_t dest[128], const uint32_t src[4 * MULTIPLICITY]) {
static void expand_and_sum(uint16_t dest[128], const uint8_t src[16 * MULTIPLICITY]) {
size_t part, bit, copy;
// start with the first copy
for (uint32_t part = 0; part < 4; part++) {
for (uint32_t bit = 0; bit < 32; bit++) {
dest[part * 32 + bit] = (uint16_t) ((src[part] >> bit) & 1);
for (part = 0; part < 16; part++) {
for (bit = 0; bit < 8; bit++) {
dest[part * 8 + bit] = (uint16_t) ((src[part] >> bit) & 1);
}
}
// sum the rest of the copies
for (uint32_t copy = 1; copy < MULTIPLICITY; copy++) {
for (uint32_t part = 0; part < 4; part++) {
for (uint32_t bit = 0; bit < 32; bit++) {
dest[part * 32 + bit] += (uint16_t) ((src[4 * copy + part] >> bit) & 1);
for (copy = 1; copy < MULTIPLICITY; copy++) {
for (part = 0; part < 16; part++) {
for (bit = 0; bit < 8; bit++) {
dest[part * 8 + bit] += (uint16_t) ((src[16 * copy + part] >> bit) & 1);
}
}
}
@@ -188,15 +199,13 @@ static uint8_t find_peaks(const uint16_t transform[128]) {
* @param[out] cdw Array of size VEC_N1N2_SIZE_64 receiving the encoded message
* @param[in] msg Array of size VEC_N1_SIZE_64 storing the message
*/
void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *msg) {
uint8_t *message_array = (uint8_t *) msg;
uint32_t *codeArray = (uint32_t *) cdw;
void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_encode(uint8_t *cdw, const uint8_t *msg) {
for (size_t i = 0; i < VEC_N1_SIZE_BYTES; i++) {
// encode first word
encode(&codeArray[4 * i * MULTIPLICITY], message_array[i]);
encode(&cdw[16 * i * MULTIPLICITY], msg[i]);
// copy to other identical codewords
for (size_t copy = 1; copy < MULTIPLICITY; copy++) {
memcpy(&codeArray[4 * i * MULTIPLICITY + 4 * copy], &codeArray[4 * i * MULTIPLICITY], 4 * sizeof(uint32_t));
memcpy(&cdw[16 * i * MULTIPLICITY + 16 * copy], &cdw[16 * i * MULTIPLICITY], 16);
}
}
}
@@ -212,19 +221,17 @@ void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *
* @param[out] msg Array of size VEC_N1_SIZE_64 receiving the decoded message
* @param[in] cdw Array of size VEC_N1N2_SIZE_64 storing the received word
*/
void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_decode(uint64_t *msg, const uint64_t *cdw) {
uint8_t *message_array = (uint8_t *) msg;
uint32_t *codeArray = (uint32_t *) cdw;
void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_decode(uint8_t *msg, const uint8_t *cdw) {
uint16_t expanded[128];
uint16_t transform[128];
for (size_t i = 0; i < VEC_N1_SIZE_BYTES; i++) {
// collect the codewords
expand_and_sum(expanded, &codeArray[4 * i * MULTIPLICITY]);
expand_and_sum(expanded, &cdw[16 * i * MULTIPLICITY]);
// apply hadamard transform
hadamard(expanded, transform);
// fix the first entry to get the half Hadamard transform
transform[0] -= 64 * MULTIPLICITY;
// finish the decoding
message_array[i] = find_peaks(transform);
msg[i] = find_peaks(transform);
}
}

+ 2
- 2
crypto_kem/hqc-rmrs-192/clean/reed_muller.h View File

@@ -12,9 +12,9 @@
#include <stddef.h>
#include <stdint.h>

void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *msg);
void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_encode(uint8_t *cdw, const uint8_t *msg);

void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_decode(uint64_t *msg, const uint64_t *cdw);
void PQCLEAN_HQCRMRS192_CLEAN_reed_muller_decode(uint8_t *msg, const uint8_t *cdw);


#endif

+ 12
- 21
crypto_kem/hqc-rmrs-192/clean/reed_solomon.c View File

@@ -1,6 +1,7 @@
#include "fft.h"
#include "gf.h"
#include "parameters.h"
#include "parsing.h"
#include "reed_solomon.h"
#include <stdint.h>
#include <stdio.h>
@@ -30,37 +31,31 @@ static void correct_errors(uint8_t *cdw, const uint16_t *error_values);
* @param[out] cdw Array of size VEC_N1_SIZE_64 receiving the encoded message
* @param[in] msg Array of size VEC_K_SIZE_64 storing the message
*/
void PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_encode(uint64_t *cdw, const uint64_t *msg) {
void PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_encode(uint8_t *cdw, const uint8_t *msg) {
uint8_t gate_value = 0;

uint16_t tmp[PARAM_G] = {0};
uint16_t PARAM_RS_POLY [] = {RS_POLY_COEFS};

uint8_t msg_bytes[PARAM_K] = {0};
uint8_t cdw_bytes[PARAM_N1] = {0};

for (size_t i = 0; i < VEC_K_SIZE_64; ++i) {
for (size_t j = 0; j < 8; ++j) {
msg_bytes[i * 8 + j] = (uint8_t) (msg[i] >> (j * 8));
}
for (size_t i = 0; i < PARAM_N1; i++) {
cdw[i] = 0;
}

for (int i = PARAM_K - 1; i >= 0; --i) {
gate_value = msg_bytes[i] ^ cdw_bytes[PARAM_N1 - PARAM_K - 1];
gate_value = msg[i] ^ cdw[PARAM_N1 - PARAM_K - 1];

for (size_t j = 0; j < PARAM_G; ++j) {
tmp[j] = PQCLEAN_HQCRMRS192_CLEAN_gf_mul(gate_value, PARAM_RS_POLY[j]);
}

for (size_t k = PARAM_N1 - PARAM_K - 1; k; --k) {
cdw_bytes[k] = cdw_bytes[k - 1] ^ tmp[k];
cdw[k] = cdw[k - 1] ^ tmp[k];
}

cdw_bytes[0] = tmp[0];
cdw[0] = tmp[0];
}

memcpy(cdw_bytes + PARAM_N1 - PARAM_K, msg_bytes, PARAM_K);
memcpy(cdw, cdw_bytes, PARAM_N1);
memcpy(cdw + PARAM_N1 - PARAM_K, msg, PARAM_K);
}


@@ -312,8 +307,7 @@ static void correct_errors(uint8_t *cdw, const uint16_t *error_values) {
* @param[out] msg Array of size VEC_K_SIZE_64 receiving the decoded message
* @param[in] cdw Array of size VEC_N1_SIZE_64 storing the received word
*/
void PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw) {
uint8_t cdw_bytes[PARAM_N1] = {0};
void PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_decode(uint8_t *msg, uint8_t *cdw) {
uint16_t syndromes[2 * PARAM_DELTA] = {0};
uint16_t sigma[1 << PARAM_FFT] = {0};
uint8_t error[1 << PARAM_M] = {0};
@@ -321,11 +315,8 @@ void PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw)
uint16_t error_values[PARAM_N1] = {0};
uint16_t deg;

// Copy the vector in an array of bytes
memcpy(cdw_bytes, cdw, PARAM_N1);

// Calculate the 2*PARAM_DELTA syndromes
compute_syndromes(syndromes, cdw_bytes);
compute_syndromes(syndromes, cdw);

// Compute the error locator polynomial sigma
// Sigma's degree is at most PARAM_DELTA but the FFT requires the extra room
@@ -341,9 +332,9 @@ void PQCLEAN_HQCRMRS192_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw)
compute_error_values(error_values, z, error);

// Correct the errors
correct_errors(cdw_bytes, error_values);
correct_errors(cdw, error_values);

// Retrieve the message from the decoded codeword
memcpy(msg, cdw_bytes + (PARAM_G - 1), PARAM_K);
memcpy(msg, cdw + (PARAM_G - 1), PARAM_K);

}

+ 2
- 2
crypto_kem/hqc-rmrs-192/clean/reed_solomon.h
File diff suppressed because it is too large
View File


+ 3
- 18
crypto_kem/hqc-rmrs-192/clean/vector.c View File

@@ -154,22 +154,6 @@ void PQCLEAN_HQCRMRS192_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v)



/**
* @brief Generates a random vector
*
* This function generates a random binary vector. It uses the the randombytes function.
*
* @param[in] v Pointer to an array
*/
void PQCLEAN_HQCRMRS192_CLEAN_vect_set_random_from_randombytes(uint64_t *v) {
uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0};

randombytes(rand_bytes, VEC_K_SIZE_BYTES);
memcpy(v, rand_bytes, VEC_K_SIZE_BYTES);
}



/**
* @brief Adds two vectors
*
@@ -185,6 +169,7 @@ void PQCLEAN_HQCRMRS192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const ui
}



/**
* @brief Compares two vectors
*
@@ -216,12 +201,12 @@ void PQCLEAN_HQCRMRS192_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const ui
val = 64 - (size_o % 64);
}

memcpy(o, v, VEC_N1N2_SIZE_BYTES);
memcpy(o, v, 8 * VEC_N1N2_SIZE_64);

for (int8_t i = 0; i < val; ++i) {
o[VEC_N1N2_SIZE_64 - 1] &= (mask >> i);
}
} else {
memcpy(o, v, CEIL_DIVIDE(size_v, 8));
memcpy(o, v, 8 * CEIL_DIVIDE(size_v, 64));
}
}

+ 0
- 2
crypto_kem/hqc-rmrs-192/clean/vector.h View File

@@ -18,8 +18,6 @@ void PQCLEAN_HQCRMRS192_CLEAN_vect_set_random_fixed_weight(AES_XOF_struct *ctx,

void PQCLEAN_HQCRMRS192_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v);

void PQCLEAN_HQCRMRS192_CLEAN_vect_set_random_from_randombytes(uint64_t *v);


void PQCLEAN_HQCRMRS192_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size);



+ 16
- 9
crypto_kem/hqc-rmrs-256/avx2/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQCRMRS256_AVX2_store8_arr(uint8_t *out8, size_t outlen, const uint
*/
void PQCLEAN_HQCRMRS256_AVX2_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_secret_key_from_string(uint64_t *x, uint64_t *y
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS256_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQCRMRS256_AVX2_vect_set_random_fixed_weight(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -138,10 +140,11 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQCRMRS256_AVX2_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS256_AVX2_vect_set_random(&pk_seedexpander, h);

PQCLEAN_HQCRMRS256_AVX2_load8_arr(s, VEC_N_SIZE_64, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -157,8 +160,10 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_public_key_from_string(uint64_t *h, uint64_t *s
*/
void PQCLEAN_HQCRMRS256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
PQCLEAN_HQCRMRS256_AVX2_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS256_AVX2_store8_arr(ct + VEC_N_SIZE_BYTES, VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS256_AVX2_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -174,6 +179,8 @@ void PQCLEAN_HQCRMRS256_AVX2_hqc_ciphertext_to_string(uint8_t *ct, const uint64_
*/
void PQCLEAN_HQCRMRS256_AVX2_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
PQCLEAN_HQCRMRS256_AVX2_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
PQCLEAN_HQCRMRS256_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS256_AVX2_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 4
- 5
crypto_kem/hqc-rmrs-256/clean/code.c View File

@@ -21,8 +21,8 @@
* @param[out] em Pointer to an array that is the tensor code word
* @param[in] m Pointer to an array that is the message
*/
void PQCLEAN_HQCRMRS256_CLEAN_code_encode(uint64_t *em, const uint64_t *m) {
uint64_t tmp[VEC_N1_SIZE_64] = {0};
void PQCLEAN_HQCRMRS256_CLEAN_code_encode(uint8_t *em, const uint8_t *m) {
uint8_t tmp[VEC_N1_SIZE_BYTES] = {0};

PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_encode(tmp, m);
PQCLEAN_HQCRMRS256_CLEAN_reed_muller_encode(em, tmp);
@@ -37,11 +37,10 @@ void PQCLEAN_HQCRMRS256_CLEAN_code_encode(uint64_t *em, const uint64_t *m) {
* @param[out] m Pointer to an array that is the message
* @param[in] em Pointer to an array that is the code word
*/
void PQCLEAN_HQCRMRS256_CLEAN_code_decode(uint64_t *m, const uint64_t *em) {
uint64_t tmp[VEC_N1_SIZE_64] = {0};
void PQCLEAN_HQCRMRS256_CLEAN_code_decode(uint8_t *m, const uint8_t *em) {
uint8_t tmp[VEC_N1_SIZE_BYTES] = {0};

PQCLEAN_HQCRMRS256_CLEAN_reed_muller_decode(tmp, em);
PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_decode(m, tmp);


}

+ 2
- 2
crypto_kem/hqc-rmrs-256/clean/code.h View File

@@ -12,9 +12,9 @@
#include <stddef.h>
#include <stdint.h>

void PQCLEAN_HQCRMRS256_CLEAN_code_encode(uint64_t *em, const uint64_t *message);
void PQCLEAN_HQCRMRS256_CLEAN_code_encode(uint8_t *em, const uint8_t *message);

void PQCLEAN_HQCRMRS256_CLEAN_code_decode(uint64_t *m, const uint64_t *em);
void PQCLEAN_HQCRMRS256_CLEAN_code_decode(uint8_t *m, const uint8_t *em);


#endif

+ 12
- 15
crypto_kem/hqc-rmrs-256/clean/gf2x.c View File

@@ -1,10 +1,9 @@
#include "gf2x.h"
#include "nistseedexpander.h"
#include "parameters.h"
#include "parsing.h"
#include "randombytes.h"
#include <stdint.h>
#include <stdio.h>
#include <string.h>
/**
* \file gf2x.c
* \brief Implementation of multiplication of two polynomials
@@ -13,7 +12,7 @@

static inline void swap(uint16_t *tab, uint16_t elt1, uint16_t elt2);
static void reduce(uint64_t *o, const uint64_t *a);
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx);

/**
* @brief swap two elements in a table
@@ -68,7 +67,7 @@ static void reduce(uint64_t *o, const uint64_t *a) {
* @param[in] weight Hamming wifht of the sparse polynomial a2
* @param[in] ctx Pointer to a seed expander used to randomize the multiplication process
*/
static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
static void fast_convolution_mult(uint8_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
//static uint32_t fast_convolution_mult(const uint64_t *A, const uint32_t *vB, uint64_t *C, const uint16_t w, AES_XOF_struct *ctx)
uint64_t carry;
uint32_t dec, s;
@@ -77,8 +76,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
uint16_t permutation_table[16];
uint16_t permuted_sparse_vect[PARAM_OMEGA_E];
uint16_t permutation_sparse_vect[PARAM_OMEGA_E];
uint64_t tmp;
uint64_t *pt;
uint16_t *res_16;
uint8_t *res;
size_t i, j;

for (i = 0; i < 16; i++) {
@@ -120,14 +120,13 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
for (i = 0; i < weight; i++) {
dec = a1[permuted_sparse_vect[i]] & 0xf;
s = a1[permuted_sparse_vect[i]] >> 4;
res_16 = ((uint16_t *) o) + s;
res = o + 2 * s;
pt = table + (permuted_table[dec] * (VEC_N_SIZE_64 + 1));

for (j = 0; j < VEC_N_SIZE_64 + 1; j++) {
*res_16++ ^= (uint16_t) pt[j];
*res_16++ ^= (uint16_t) (pt[j] >> 16);
*res_16++ ^= (uint16_t) (pt[j] >> 32);
*res_16++ ^= (uint16_t) (pt[j] >> 48);
tmp = PQCLEAN_HQCRMRS256_CLEAN_load8(res);
PQCLEAN_HQCRMRS256_CLEAN_store8(res, tmp ^ pt[j]);
res += 8;
}
}
}
@@ -147,11 +146,9 @@ static void fast_convolution_mult(uint64_t *o, const uint32_t *a1, const uint64_
* @param[in] ctx Pointer to the randomness context
*/
void PQCLEAN_HQCRMRS256_CLEAN_vect_mul(uint64_t *o, const uint32_t *a1, const uint64_t *a2, uint16_t weight, AES_XOF_struct *ctx) {
uint64_t tmp[2 * VEC_N_SIZE_64 + 1];
for (uint32_t j = 0; j < 2 * VEC_N_SIZE_64 + 1; j++) {
tmp[j] = 0;
}
uint64_t tmp[2 * VEC_N_SIZE_64 + 1] = {0};

fast_convolution_mult(tmp, a1, a2, weight, ctx);
fast_convolution_mult((uint8_t *) tmp, a1, a2, weight, ctx);
PQCLEAN_HQCRMRS256_CLEAN_load8_arr(tmp, 2 * VEC_N_SIZE_64 + 1, (uint8_t *) tmp, sizeof(tmp));
reduce(o, tmp);
}

+ 8
- 7
crypto_kem/hqc-rmrs-256/clean/hqc.c View File

@@ -70,7 +70,7 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_keygen(unsigned char *pk, unsigned char *s
* @param[in] theta Seed used to derive randomness required for encryption
* @param[in] pk String containing the public key
*/
void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t *m, unsigned char *theta, const unsigned char *pk) {
void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint8_t *m, unsigned char *theta, const unsigned char *pk) {
AES_XOF_struct seedexpander;
uint64_t h[VEC_N_SIZE_64] = {0};
uint64_t s[VEC_N_SIZE_64] = {0};
@@ -96,7 +96,8 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t
PQCLEAN_HQCRMRS256_CLEAN_vect_add(u, r1, u, VEC_N_SIZE_64);

// Compute v = m.G by encoding the message
PQCLEAN_HQCRMRS256_CLEAN_code_encode(v, m);
PQCLEAN_HQCRMRS256_CLEAN_code_encode((uint8_t *)v, m);
PQCLEAN_HQCRMRS256_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, (uint8_t *)v, VEC_N1N2_SIZE_BYTES);
PQCLEAN_HQCRMRS256_CLEAN_vect_resize(tmp1, PARAM_N, v, PARAM_N1N2);

// Compute v = m.G + s.r2 + e
@@ -117,17 +118,16 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t
* @param[in] v Vector v (second part of the ciphertext)
* @param[in] sk String containing the secret key
*/
void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk) {
uint64_t x[VEC_N_SIZE_64] = {0};
uint32_t y[PARAM_OMEGA] = {0};
void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_decrypt(uint8_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk) {
uint8_t pk[PUBLIC_KEY_BYTES] = {0};
uint64_t tmp1[VEC_N_SIZE_64] = {0};
uint64_t tmp2[VEC_N_SIZE_64] = {0};
uint32_t y[PARAM_OMEGA] = {0};
AES_XOF_struct perm_seedexpander;
uint8_t perm_seed[SEED_BYTES] = {0};

// Retrieve x, y, pk from secret key
PQCLEAN_HQCRMRS256_CLEAN_hqc_secret_key_from_string(x, y, pk, sk);
PQCLEAN_HQCRMRS256_CLEAN_hqc_secret_key_from_string(tmp1, y, pk, sk);

randombytes(perm_seed, SEED_BYTES);
seedexpander_init(&perm_seedexpander, perm_seed, perm_seed + 32, SEEDEXPANDER_MAX_LENGTH);
@@ -139,5 +139,6 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, co


// Compute m by decoding v - u.y
PQCLEAN_HQCRMRS256_CLEAN_code_decode(m, tmp2);
PQCLEAN_HQCRMRS256_CLEAN_store8_arr((uint8_t *)tmp1, VEC_N_SIZE_BYTES, tmp2, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS256_CLEAN_code_decode(m, (uint8_t *)tmp1);
}

+ 2
- 2
crypto_kem/hqc-rmrs-256/clean/hqc.h View File

@@ -13,9 +13,9 @@

void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_keygen(unsigned char *pk, unsigned char *sk);

void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint64_t *m, unsigned char *theta, const unsigned char *pk);
void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(uint64_t *u, uint64_t *v, uint8_t *m, unsigned char *theta, const unsigned char *pk);

void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_decrypt(uint64_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk);
void PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_decrypt(uint8_t *m, const uint64_t *u, const uint64_t *v, const unsigned char *sk);


#endif

+ 9
- 9
crypto_kem/hqc-rmrs-256/clean/kem.c View File

@@ -47,26 +47,26 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char
int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {

uint8_t theta[SHA512_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t m[VEC_K_SIZE_BYTES] = {0};
uint64_t u[VEC_N_SIZE_64] = {0};
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char mc[VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES] = {0};

// Computing m
PQCLEAN_HQCRMRS256_CLEAN_vect_set_random_from_randombytes(m);
randombytes(m, VEC_K_SIZE_BYTES);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m, VEC_K_SIZE_BYTES);

// Encrypting m
PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(u, v, m, theta, pk);

// Computing d
sha512(d, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d, m, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m, VEC_K_SIZE_BYTES);
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);
@@ -95,7 +95,7 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
uint64_t v[VEC_N1N2_SIZE_64] = {0};
unsigned char d[SHA512_BYTES] = {0};
unsigned char pk[PUBLIC_KEY_BYTES] = {0};
uint64_t m[VEC_K_SIZE_64] = {0};
uint8_t m[VEC_K_SIZE_BYTES] = {0};
uint8_t theta[SHA512_BYTES] = {0};
uint64_t u2[VEC_N_SIZE_64] = {0};
uint64_t v2[VEC_N1N2_SIZE_64] = {0};
@@ -112,16 +112,16 @@ int PQCLEAN_HQCRMRS256_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_decrypt(m, u, v, sk);

// Computing theta
sha3_512(theta, (uint8_t *) m, VEC_K_SIZE_BYTES);
sha3_512(theta, m, VEC_K_SIZE_BYTES);

// Encrypting m'
PQCLEAN_HQCRMRS256_CLEAN_hqc_pke_encrypt(u2, v2, m, theta, pk);

// Computing d'
sha512(d2, (unsigned char *) m, VEC_K_SIZE_BYTES);
sha512(d2, m, VEC_K_SIZE_BYTES);

// Computing shared secret
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(mc, VEC_K_SIZE_BYTES, m, VEC_K_SIZE_64);
memcpy(mc, m, VEC_K_SIZE_BYTES);
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(mc + VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
sha512(ss, mc, VEC_K_SIZE_BYTES + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES);


+ 19
- 12
crypto_kem/hqc-rmrs-256/clean/parsing.c View File

@@ -82,7 +82,8 @@ void PQCLEAN_HQCRMRS256_CLEAN_store8_arr(uint8_t *out8, size_t outlen, const uin
*/
void PQCLEAN_HQCRMRS256_CLEAN_hqc_secret_key_to_string(uint8_t *sk, const uint8_t *sk_seed, const uint8_t *pk) {
memcpy(sk, sk_seed, SEED_BYTES);
memcpy(sk + SEED_BYTES, pk, PUBLIC_KEY_BYTES);
sk += SEED_BYTES;
memcpy(sk, pk, PUBLIC_KEY_BYTES);
}

/**
@@ -101,11 +102,12 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *
uint8_t sk_seed[SEED_BYTES] = {0};

memcpy(sk_seed, sk, SEED_BYTES);
seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
sk += SEED_BYTES;
memcpy(pk, sk, PUBLIC_KEY_BYTES);

seedexpander_init(&sk_seedexpander, sk_seed, sk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS256_CLEAN_vect_set_random_fixed_weight(&sk_seedexpander, x, PARAM_OMEGA);
PQCLEAN_HQCRMRS256_CLEAN_vect_set_random_fixed_weight_by_coordinates(&sk_seedexpander, y, PARAM_OMEGA);
memcpy(pk, sk + SEED_BYTES, PUBLIC_KEY_BYTES);
}

/**
@@ -119,7 +121,7 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_secret_key_from_string(uint64_t *x, uint32_t *
*/
void PQCLEAN_HQCRMRS256_CLEAN_hqc_public_key_to_string(uint8_t *pk, const uint8_t *pk_seed, const uint64_t *s) {
memcpy(pk, pk_seed, SEED_BYTES);
memcpy(pk + SEED_BYTES, s, VEC_N_SIZE_BYTES);
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(pk + SEED_BYTES, VEC_N_SIZE_BYTES, s, VEC_N_SIZE_64);
}


@@ -138,10 +140,11 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *
uint8_t pk_seed[SEED_BYTES] = {0};

memcpy(pk_seed, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_HQCRMRS256_CLEAN_load8_arr(s, VEC_N_SIZE_64, pk, VEC_N_SIZE_BYTES);

seedexpander_init(&pk_seedexpander, pk_seed, pk_seed + 32, SEEDEXPANDER_MAX_LENGTH);
PQCLEAN_HQCRMRS256_CLEAN_vect_set_random(&pk_seedexpander, h);

memcpy(s, pk + SEED_BYTES, VEC_N_SIZE_BYTES);
}


@@ -156,9 +159,11 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_public_key_from_string(uint64_t *h, uint64_t *
* @param[in] d String containing the hash d
*/
void PQCLEAN_HQCRMRS256_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64_t *u, const uint64_t *v, const uint8_t *d) {
memcpy(ct, u, VEC_N_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES, v, VEC_N1N2_SIZE_BYTES);
memcpy(ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, d, SHA512_BYTES);
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(ct, VEC_N_SIZE_BYTES, u, VEC_N_SIZE_64);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS256_CLEAN_store8_arr(ct, VEC_N1N2_SIZE_BYTES, v, VEC_N1N2_SIZE_64);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(ct, d, SHA512_BYTES);
}


@@ -173,7 +178,9 @@ void PQCLEAN_HQCRMRS256_CLEAN_hqc_ciphertext_to_string(uint8_t *ct, const uint64
* @param[in] ct String containing the ciphertext
*/
void PQCLEAN_HQCRMRS256_CLEAN_hqc_ciphertext_from_string(uint64_t *u, uint64_t *v, uint8_t *d, const uint8_t *ct) {
memcpy(u, ct, VEC_N_SIZE_BYTES);
memcpy(v, ct + VEC_N_SIZE_BYTES, VEC_N1N2_SIZE_BYTES);
memcpy(d, ct + VEC_N_SIZE_BYTES + VEC_N1N2_SIZE_BYTES, SHA512_BYTES);
PQCLEAN_HQCRMRS256_CLEAN_load8_arr(u, VEC_N_SIZE_64, ct, VEC_N_SIZE_BYTES);
ct += VEC_N_SIZE_BYTES;
PQCLEAN_HQCRMRS256_CLEAN_load8_arr(v, VEC_N1N2_SIZE_64, ct, VEC_N1N2_SIZE_BYTES);
ct += VEC_N1N2_SIZE_BYTES;
memcpy(d, ct, SHA512_BYTES);
}

+ 44
- 37
crypto_kem/hqc-rmrs-256/clean/reed_muller.c View File

@@ -16,9 +16,9 @@
#define BIT0MASK(x) (-((x) & 1))


static void encode(uint32_t *word, uint8_t message);
static void encode(uint8_t *word, uint8_t message);
static void hadamard(uint16_t src[128], uint16_t dst[128]);
static void expand_and_sum(uint16_t dest[128], const uint32_t src[4 * MULTIPLICITY]);
static void expand_and_sum(uint16_t dest[128], const uint8_t src[16 * MULTIPLICITY]);
static uint8_t find_peaks(const uint16_t transform[128]);


@@ -40,28 +40,38 @@ static uint8_t find_peaks(const uint16_t transform[128]);
* @param[out] word An RM(1,7) codeword
* @param[in] message A message
*/
static void encode(uint32_t *word, uint8_t message) {
// the four parts of the word are identical
// except for encoding bits 5 and 6
uint32_t first_word;
static void encode(uint8_t *word, uint8_t message) {
uint32_t e;
// bit 7 flips all the bits, do that first to save work
first_word = BIT0MASK(message >> 7);
e = BIT0MASK(message >> 7);
// bits 0, 1, 2, 3, 4 are the same for all four longs
// (Warning: in the bit matrix above, low bits are at the left!)
first_word ^= BIT0MASK(message >> 0) & 0xaaaaaaaa;
first_word ^= BIT0MASK(message >> 1) & 0xcccccccc;
first_word ^= BIT0MASK(message >> 2) & 0xf0f0f0f0;
first_word ^= BIT0MASK(message >> 3) & 0xff00ff00;
first_word ^= BIT0MASK(message >> 4) & 0xffff0000;
e ^= BIT0MASK(message >> 0) & 0xaaaaaaaa;
e ^= BIT0MASK(message >> 1) & 0xcccccccc;
e ^= BIT0MASK(message >> 2) & 0xf0f0f0f0;
e ^= BIT0MASK(message >> 3) & 0xff00ff00;
e ^= BIT0MASK(message >> 4) & 0xffff0000;
// we can store this in the first quarter
word[0] = first_word;
word[0 + 0] = (e >> 0x00) & 0xff;
word[0 + 1] = (e >> 0x08) & 0xff;
word[0 + 2] = (e >> 0x10) & 0xff;
word[0 + 3] = (e >> 0x18) & 0xff;
// bit 5 flips entries 1 and 3; bit 6 flips 2 and 3
first_word ^= BIT0MASK(message >> 5);
word[1] = first_word;
first_word ^= BIT0MASK(message >> 6);
word[3] = first_word;
first_word ^= BIT0MASK(message >> 5);
word[2] = first_word;
e ^= BIT0MASK(message >> 5);
word[4 + 0] = (e >> 0x00) & 0xff;
word[4 + 1] = (e >> 0x08) & 0xff;
word[4 + 2] = (e >> 0x10) & 0xff;
word[4 + 3] = (e >> 0x18) & 0xff;
e ^= BIT0MASK(message >> 6);
word[12 + 0] = (e >> 0x00) & 0xff;
word[12 + 1] = (e >> 0x08) & 0xff;
word[12 + 2] = (e >> 0x10) & 0xff;
word[12 + 3] = (e >> 0x18) & 0xff;
e ^= BIT0MASK(message >> 5);
word[8 + 0] = (e >> 0x00) & 0xff;
word[8 + 1] = (e >> 0x08) & 0xff;
word[8 + 2] = (e >> 0x10) & 0xff;
word[8 + 3] = (e >> 0x18) & 0xff;
}


@@ -131,18 +141,19 @@ static void hadamard(uint16_t src[128], uint16_t dst[128]) {
* @param[out] dest Structure that contain the expanded codeword
* @param[in] src Structure that contain the codeword
*/
static void expand_and_sum(uint16_t dest[128], const uint32_t src[4 * MULTIPLICITY]) {
static void expand_and_sum(uint16_t dest[128], const uint8_t src[16 * MULTIPLICITY]) {
size_t part, bit, copy;
// start with the first copy
for (uint32_t part = 0; part < 4; part++) {
for (uint32_t bit = 0; bit < 32; bit++) {
dest[part * 32 + bit] = (uint16_t) ((src[part] >> bit) & 1);
for (part = 0; part < 16; part++) {
for (bit = 0; bit < 8; bit++) {
dest[part * 8 + bit] = (uint16_t) ((src[part] >> bit) & 1);
}
}
// sum the rest of the copies
for (uint32_t copy = 1; copy < MULTIPLICITY; copy++) {
for (uint32_t part = 0; part < 4; part++) {
for (uint32_t bit = 0; bit < 32; bit++) {
dest[part * 32 + bit] += (uint16_t) ((src[4 * copy + part] >> bit) & 1);
for (copy = 1; copy < MULTIPLICITY; copy++) {
for (part = 0; part < 16; part++) {
for (bit = 0; bit < 8; bit++) {
dest[part * 8 + bit] += (uint16_t) ((src[16 * copy + part] >> bit) & 1);
}
}
}
@@ -188,15 +199,13 @@ static uint8_t find_peaks(const uint16_t transform[128]) {
* @param[out] cdw Array of size VEC_N1N2_SIZE_64 receiving the encoded message
* @param[in] msg Array of size VEC_N1_SIZE_64 storing the message
*/
void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *msg) {
uint8_t *message_array = (uint8_t *) msg;
uint32_t *codeArray = (uint32_t *) cdw;
void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_encode(uint8_t *cdw, const uint8_t *msg) {
for (size_t i = 0; i < VEC_N1_SIZE_BYTES; i++) {
// encode first word
encode(&codeArray[4 * i * MULTIPLICITY], message_array[i]);
encode(&cdw[16 * i * MULTIPLICITY], msg[i]);
// copy to other identical codewords
for (size_t copy = 1; copy < MULTIPLICITY; copy++) {
memcpy(&codeArray[4 * i * MULTIPLICITY + 4 * copy], &codeArray[4 * i * MULTIPLICITY], 4 * sizeof(uint32_t));
memcpy(&cdw[16 * i * MULTIPLICITY + 16 * copy], &cdw[16 * i * MULTIPLICITY], 16);
}
}
}
@@ -212,19 +221,17 @@ void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *
* @param[out] msg Array of size VEC_N1_SIZE_64 receiving the decoded message
* @param[in] cdw Array of size VEC_N1N2_SIZE_64 storing the received word
*/
void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_decode(uint64_t *msg, const uint64_t *cdw) {
uint8_t *message_array = (uint8_t *) msg;
uint32_t *codeArray = (uint32_t *) cdw;
void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_decode(uint8_t *msg, const uint8_t *cdw) {
uint16_t expanded[128];
uint16_t transform[128];
for (size_t i = 0; i < VEC_N1_SIZE_BYTES; i++) {
// collect the codewords
expand_and_sum(expanded, &codeArray[4 * i * MULTIPLICITY]);
expand_and_sum(expanded, &cdw[16 * i * MULTIPLICITY]);
// apply hadamard transform
hadamard(expanded, transform);
// fix the first entry to get the half Hadamard transform
transform[0] -= 64 * MULTIPLICITY;
// finish the decoding
message_array[i] = find_peaks(transform);
msg[i] = find_peaks(transform);
}
}

+ 2
- 2
crypto_kem/hqc-rmrs-256/clean/reed_muller.h View File

@@ -12,9 +12,9 @@
#include <stddef.h>
#include <stdint.h>

void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_encode(uint64_t *cdw, const uint64_t *msg);
void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_encode(uint8_t *cdw, const uint8_t *msg);

void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_decode(uint64_t *msg, const uint64_t *cdw);
void PQCLEAN_HQCRMRS256_CLEAN_reed_muller_decode(uint8_t *msg, const uint8_t *cdw);


#endif

+ 12
- 21
crypto_kem/hqc-rmrs-256/clean/reed_solomon.c View File

@@ -1,6 +1,7 @@
#include "fft.h"
#include "gf.h"
#include "parameters.h"
#include "parsing.h"
#include "reed_solomon.h"
#include <stdint.h>
#include <stdio.h>
@@ -30,37 +31,31 @@ static void correct_errors(uint8_t *cdw, const uint16_t *error_values);
* @param[out] cdw Array of size VEC_N1_SIZE_64 receiving the encoded message
* @param[in] msg Array of size VEC_K_SIZE_64 storing the message
*/
void PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_encode(uint64_t *cdw, const uint64_t *msg) {
void PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_encode(uint8_t *cdw, const uint8_t *msg) {
uint8_t gate_value = 0;

uint16_t tmp[PARAM_G] = {0};
uint16_t PARAM_RS_POLY [] = {RS_POLY_COEFS};

uint8_t msg_bytes[PARAM_K] = {0};
uint8_t cdw_bytes[PARAM_N1] = {0};

for (size_t i = 0; i < VEC_K_SIZE_64; ++i) {
for (size_t j = 0; j < 8; ++j) {
msg_bytes[i * 8 + j] = (uint8_t) (msg[i] >> (j * 8));
}
for (size_t i = 0; i < PARAM_N1; i++) {
cdw[i] = 0;
}

for (int i = PARAM_K - 1; i >= 0; --i) {
gate_value = msg_bytes[i] ^ cdw_bytes[PARAM_N1 - PARAM_K - 1];
gate_value = msg[i] ^ cdw[PARAM_N1 - PARAM_K - 1];

for (size_t j = 0; j < PARAM_G; ++j) {
tmp[j] = PQCLEAN_HQCRMRS256_CLEAN_gf_mul(gate_value, PARAM_RS_POLY[j]);
}

for (size_t k = PARAM_N1 - PARAM_K - 1; k; --k) {
cdw_bytes[k] = cdw_bytes[k - 1] ^ tmp[k];
cdw[k] = cdw[k - 1] ^ tmp[k];
}

cdw_bytes[0] = tmp[0];
cdw[0] = tmp[0];
}

memcpy(cdw_bytes + PARAM_N1 - PARAM_K, msg_bytes, PARAM_K);
memcpy(cdw, cdw_bytes, PARAM_N1);
memcpy(cdw + PARAM_N1 - PARAM_K, msg, PARAM_K);
}


@@ -312,8 +307,7 @@ static void correct_errors(uint8_t *cdw, const uint16_t *error_values) {
* @param[out] msg Array of size VEC_K_SIZE_64 receiving the decoded message
* @param[in] cdw Array of size VEC_N1_SIZE_64 storing the received word
*/
void PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw) {
uint8_t cdw_bytes[PARAM_N1] = {0};
void PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_decode(uint8_t *msg, uint8_t *cdw) {
uint16_t syndromes[2 * PARAM_DELTA] = {0};
uint16_t sigma[1 << PARAM_FFT] = {0};
uint8_t error[1 << PARAM_M] = {0};
@@ -321,11 +315,8 @@ void PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw)
uint16_t error_values[PARAM_N1] = {0};
uint16_t deg;

// Copy the vector in an array of bytes
memcpy(cdw_bytes, cdw, PARAM_N1);

// Calculate the 2*PARAM_DELTA syndromes
compute_syndromes(syndromes, cdw_bytes);
compute_syndromes(syndromes, cdw);

// Compute the error locator polynomial sigma
// Sigma's degree is at most PARAM_DELTA but the FFT requires the extra room
@@ -341,9 +332,9 @@ void PQCLEAN_HQCRMRS256_CLEAN_reed_solomon_decode(uint64_t *msg, uint64_t *cdw)
compute_error_values(error_values, z, error);

// Correct the errors
correct_errors(cdw_bytes, error_values);
correct_errors(cdw, error_values);

// Retrieve the message from the decoded codeword
memcpy(msg, cdw_bytes + (PARAM_G - 1), PARAM_K);
memcpy(msg, cdw + (PARAM_G - 1), PARAM_K);

}

+ 2
- 2
crypto_kem/hqc-rmrs-256/clean/reed_solomon.h
File diff suppressed because it is too large
View File


+ 3
- 18
crypto_kem/hqc-rmrs-256/clean/vector.c View File

@@ -154,22 +154,6 @@ void PQCLEAN_HQCRMRS256_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v)



/**
* @brief Generates a random vector
*
* This function generates a random binary vector. It uses the the randombytes function.
*
* @param[in] v Pointer to an array
*/
void PQCLEAN_HQCRMRS256_CLEAN_vect_set_random_from_randombytes(uint64_t *v) {
uint8_t rand_bytes [VEC_K_SIZE_BYTES] = {0};

randombytes(rand_bytes, VEC_K_SIZE_BYTES);
memcpy(v, rand_bytes, VEC_K_SIZE_BYTES);
}



/**
* @brief Adds two vectors
*
@@ -185,6 +169,7 @@ void PQCLEAN_HQCRMRS256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const ui
}



/**
* @brief Compares two vectors
*
@@ -216,12 +201,12 @@ void PQCLEAN_HQCRMRS256_CLEAN_vect_resize(uint64_t *o, uint32_t size_o, const ui
val = 64 - (size_o % 64);
}

memcpy(o, v, VEC_N1N2_SIZE_BYTES);
memcpy(o, v, 8 * VEC_N1N2_SIZE_64);

for (int8_t i = 0; i < val; ++i) {
o[VEC_N1N2_SIZE_64 - 1] &= (mask >> i);
}
} else {
memcpy(o, v, CEIL_DIVIDE(size_v, 8));
memcpy(o, v, 8 * CEIL_DIVIDE(size_v, 64));
}
}

+ 0
- 2
crypto_kem/hqc-rmrs-256/clean/vector.h View File

@@ -18,8 +18,6 @@ void PQCLEAN_HQCRMRS256_CLEAN_vect_set_random_fixed_weight(AES_XOF_struct *ctx,

void PQCLEAN_HQCRMRS256_CLEAN_vect_set_random(AES_XOF_struct *ctx, uint64_t *v);

void PQCLEAN_HQCRMRS256_CLEAN_vect_set_random_from_randombytes(uint64_t *v);


void PQCLEAN_HQCRMRS256_CLEAN_vect_add(uint64_t *o, const uint64_t *v1, const uint64_t *v2, uint32_t size);



+ 0
- 6
test/duplicate_consistency/hqc-128_avx2.yml View File

@@ -63,8 +63,6 @@ consistency_checks:
scheme: hqc-rmrs-128
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-128
implementation: avx2
@@ -83,8 +81,6 @@ consistency_checks:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-192
implementation: avx2
@@ -102,8 +98,6 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-256
implementation: avx2


+ 5
- 14
test/duplicate_consistency/hqc-128_clean.yml View File

@@ -19,7 +19,6 @@ consistency_checks:
- parsing.h
- repetition.h
- vector.h
- bch.c
- code.c
- fft.c
- gf2x.c
@@ -27,6 +26,7 @@ consistency_checks:
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
scheme: hqc-192
implementation: avx2
@@ -46,7 +46,6 @@ consistency_checks:
- parsing.h
- repetition.h
- vector.h
- bch.c
- code.c
- fft.c
- gf2x.c
@@ -54,6 +53,7 @@ consistency_checks:
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
scheme: hqc-256
implementation: avx2
@@ -64,16 +64,13 @@ consistency_checks:
scheme: hqc-rmrs-128
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
scheme: hqc-rmrs-128
implementation: avx2
@@ -84,16 +81,13 @@ consistency_checks:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
scheme: hqc-rmrs-192
implementation: avx2
@@ -104,16 +98,13 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
scheme: hqc-rmrs-256
implementation: avx2


+ 0
- 6
test/duplicate_consistency/hqc-192_avx2.yml View File

@@ -36,8 +36,6 @@ consistency_checks:
scheme: hqc-rmrs-128
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-128
implementation: avx2
@@ -54,8 +52,6 @@ consistency_checks:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-192
implementation: avx2
@@ -73,8 +69,6 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-256
implementation: avx2


+ 0
- 12
test/duplicate_consistency/hqc-192_clean.yml View File

@@ -38,15 +38,11 @@ consistency_checks:
scheme: hqc-rmrs-128
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
@@ -59,15 +55,11 @@ consistency_checks:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
@@ -80,15 +72,11 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:


+ 0
- 6
test/duplicate_consistency/hqc-256_avx2.yml View File

@@ -10,8 +10,6 @@ consistency_checks:
scheme: hqc-rmrs-128
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-128
implementation: avx2
@@ -28,8 +26,6 @@ consistency_checks:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-192
implementation: avx2
@@ -46,8 +42,6 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- hqc.h
- source:
scheme: hqc-rmrs-256
implementation: avx2


+ 0
- 12
test/duplicate_consistency/hqc-256_clean.yml View File

@@ -10,15 +10,11 @@ consistency_checks:
scheme: hqc-rmrs-128
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
@@ -31,15 +27,11 @@ consistency_checks:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:
@@ -52,15 +44,11 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- gf2x.h
- hqc.h
- parsing.h
- vector.h
- gf2x.c
- gf.c
- hqc.c
- kem.c
- parsing.c
- vector.c
- source:


+ 0
- 17
test/duplicate_consistency/hqc-rmrs-128_avx2.yml View File

@@ -4,27 +4,16 @@ consistency_checks:
implementation: clean
files:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-192
implementation: clean
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-192
implementation: avx2
@@ -50,15 +39,9 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-256
implementation: avx2


+ 0
- 17
test/duplicate_consistency/hqc-rmrs-128_clean.yml View File

@@ -4,15 +4,9 @@ consistency_checks:
implementation: avx2
files:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-192
implementation: clean
@@ -39,14 +33,9 @@ consistency_checks:
scheme: hqc-rmrs-192
implementation: avx2
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-256
implementation: clean
@@ -58,7 +47,6 @@ consistency_checks:
- hqc.h
- parsing.h
- reed_muller.h
- reed_solomon.h
- vector.h
- code.c
- fft.c
@@ -74,11 +62,6 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: avx2
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- code.c
- fft.c
- reed_solomon.c

+ 0
- 11
test/duplicate_consistency/hqc-rmrs-192_avx2.yml View File

@@ -4,27 +4,16 @@ consistency_checks:
implementation: clean
files:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-256
implementation: clean
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-256
implementation: avx2


+ 0
- 11
test/duplicate_consistency/hqc-rmrs-192_clean.yml View File

@@ -4,15 +4,9 @@ consistency_checks:
implementation: avx2
files:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- reed_solomon.h
- code.c
- fft.c
- reed_solomon.c
- source:
scheme: hqc-rmrs-256
implementation: clean
@@ -39,11 +33,6 @@ consistency_checks:
scheme: hqc-rmrs-256
implementation: avx2
files:
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- code.c
- fft.c
- reed_solomon.c

+ 0
- 5
test/duplicate_consistency/hqc-rmrs-256_avx2.yml View File

@@ -4,11 +4,6 @@ consistency_checks:
implementation: clean
files:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- code.c
- fft.c
- reed_solomon.c

+ 0
- 5
test/duplicate_consistency/hqc-rmrs-256_clean.yml View File

@@ -4,11 +4,6 @@ consistency_checks:
implementation: avx2
files:
- api.h
- code.h
- fft.h
- gf.h
- hqc.h
- reed_muller.h
- code.c
- fft.c
- reed_solomon.c

Write Preview
Loading…
Cancel
Save