kris/pqc
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

variable declarations at the beginning, namespace extern variables

Browse Source
This commit is contained in:
Leon 2019-06-11 14:21:49 +02:00
parent 737cb1bb2e
commit 3caad74525
12 changed files with 137 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto_kem/ledakemlt12/clean/bf_decoding.c
View File

@ -4,7 +4,7 @@
#include <assert.h>
#include <string.h>
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1};
unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[],
const POSITION_T HtrPosOnes[N0][DV],
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[],
}
/* iteration based threshold determination*/
unsigned int corrt_syndrome_based = thresholds[iteration];
unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[iteration];
//Computation of correlation with a full Q matrix
for (int i = 0; i < N0; i++) {

4
crypto_kem/ledakemlt12/clean/dfr_test.c
View File

@ -9,7 +9,7 @@
* computes the threshold for the second iteration of the decoder and stores
* it in the globally accessible vector */
extern unsigned int thresholds[2];
extern unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2];
int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
allBlockMaxSumstMinusOne;
}
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
thresholds[1] = allBlockMaxSumst + 1;
PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
return 1;
}
return 0;

24
crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c
View File

@ -7,7 +7,7 @@
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
int i, j, posTrailingBit, maskOffset, to_copy;
int i, j, posTrailingBit, maskOffset;
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
}
}
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT;
for (i = 0; i < to_copy; i++) {
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
}
@ -440,17 +438,17 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones,
}
/* Returns random weight-t circulant block */
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(
DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) {
if (rndPos[j] == p) {
@ -463,8 +461,8 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(
}
}
for (int j = 0; j < counter; j++) {
int polyIndex = rndPos[j] / P;
int exponent = rndPos[j] % P;
polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P;
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1));
}
@ -475,7 +473,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
size_t i, j;
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (j = 0; j < DIGIT_SIZE_B; j++) {
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF);
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
}
}
}

70
crypto_kem/ledakemlt12/clean/niederreiter.c
View File

@ -10,25 +10,19 @@
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H,
with weight DV. Each index contains the position of a '1' digit in the
corresponding Htr block */
/* Sparse representation of the matrix (Q).
A matrix containing the positions of the ones in the circulant
blocks of Q. Each row contains the position of the
ones of all the blocks of a row of Q as exponent+
P*block_position */
POSITION_T QPosOnes[N0][M];
/*Rejection-sample for a full L*/
POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0];
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
int is_L_full = 0;
int isDFRok = 0;
sk->rejections = (int8_t) 0;
do {
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, keys_expander);
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
}
}
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0] = {0};
memset(processedQOnes, 0x00, sizeof(processedQOnes));
for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} while (!is_L_full || !isDFRok);
sk->rejections = sk->rejections - 1;
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0dense, 0x00, sizeof(Ln0dense));
for (int j = 0; j < DV * M; j++) {
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
}
}
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
for (int i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul(saux,
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
err + i * NUM_DIGITS_GF2X_ELEMENT);
gf2x_mod_add(syndrome, syndrome, saux);
} // end for
}
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
}
int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
// sequence of N0 circ block matrices (p x p):
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
POSITION_T QPosOnes[N0][M];
int rejections = sk->rejections;
POSITION_T QtrPosOnes[N0][M];
POSITION_T auxPosOnes[DV * M];
POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
unsigned char processedQOnes[N0];
unsigned transposed_ones_idx[N0];
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
int rejections = sk->rejections;
int currQoneIdx, endQblockIdx;
int decryptOk, err_weight;
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
do {
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
}
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0] = {0};
memset(processedQOnes, 0x00, sizeof(processedQOnes));
for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
rejections--;
} while (rejections >= 0);
POSITION_T QtrPosOnes[N0][M];
unsigned transposed_ones_idx[N0] = {0x00};
memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
int endQblockIdx = 0;
currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
endQblockIdx = 0;
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
}
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
for (int i = 0; i < DV * M; i++) {
Ln0trSparse[i] = INVALID_POS_VALUE;
auxSparse[i] = INVALID_POS_VALUE;
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
/* prepare mockup error vector in case a decoding failure occurs */
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander(&niederreiter_decrypt_expander,
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
TRNG_BYTE_LENGTH);
int decryptOk = 0;
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
decryptOk = PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
int err_weight = 0;
err_weight = 0;
for (int i = 0 ; i < N0; i++) {
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
}

4
crypto_kem/ledakemlt32/clean/bf_decoding.c
View File

@ -4,7 +4,7 @@
#include <assert.h>
#include <string.h>
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1};
unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[],
const POSITION_T HtrPosOnes[N0][DV],
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[],
}
/* iteration based threshold determination*/
unsigned int corrt_syndrome_based = thresholds[iteration];
unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[iteration];
//Computation of correlation with a full Q matrix
for (int i = 0; i < N0; i++) {

4
crypto_kem/ledakemlt32/clean/dfr_test.c
View File

@ -9,7 +9,7 @@
* computes the threshold for the second iteration of the decoder and stores
* it in the globally accessible vector */
extern unsigned int thresholds[2];
extern unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2];
int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
allBlockMaxSumstMinusOne;
}
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
thresholds[1] = allBlockMaxSumst + 1;
PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
return 1;
}
return 0;

19
crypto_kem/ledakemlt32/clean/gf2x_arith_mod_xPplusOne.c
View File

@ -7,7 +7,7 @@
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
int i, j, posTrailingBit, maskOffset, to_copy;
int i, j, posTrailingBit, maskOffset;
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
}
}
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT;
for (i = 0; i < to_copy; i++) {
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
}
@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence(
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) {
if (rndPos[j] == p) {
@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence(
}
}
for (int j = 0; j < counter; j++) {
int polyIndex = rndPos[j] / P;
int exponent = rndPos[j] % P;
polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P;
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1));
}
@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
size_t i, j;
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (j = 0; j < DIGIT_SIZE_B; j++) {
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF);
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
}
}
}

70
crypto_kem/ledakemlt32/clean/niederreiter.c
View File

@ -10,25 +10,19 @@
void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H,
with weight DV. Each index contains the position of a '1' digit in the
corresponding Htr block */
/* Sparse representation of the matrix (Q).
A matrix containing the positions of the ones in the circulant
blocks of Q. Each row contains the position of the
ones of all the blocks of a row of Q as exponent+
P*block_position */
POSITION_T QPosOnes[N0][M];
/*Rejection-sample for a full L*/
POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0];
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
int is_L_full = 0;
int isDFRok = 0;
sk->rejections = (int8_t) 0;
do {
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, keys_expander);
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
}
}
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0] = {0};
memset(processedQOnes, 0x00, sizeof(processedQOnes));
for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} while (!is_L_full || !isDFRok);
sk->rejections = sk->rejections - 1;
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0dense, 0x00, sizeof(Ln0dense));
for (int j = 0; j < DV * M; j++) {
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
}
}
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
for (int i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul(saux,
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
err + i * NUM_DIGITS_GF2X_ELEMENT);
gf2x_mod_add(syndrome, syndrome, saux);
} // end for
}
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
}
int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
// sequence of N0 circ block matrices (p x p):
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
POSITION_T QPosOnes[N0][M];
int rejections = sk->rejections;
POSITION_T QtrPosOnes[N0][M];
POSITION_T auxPosOnes[DV * M];
POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
unsigned char processedQOnes[N0];
unsigned transposed_ones_idx[N0];
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
int rejections = sk->rejections;
int currQoneIdx, endQblockIdx;
int decryptOk, err_weight;
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
do {
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
}
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0] = {0};
memset(processedQOnes, 0x00, sizeof(processedQOnes));
for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
rejections--;
} while (rejections >= 0);
POSITION_T QtrPosOnes[N0][M];
unsigned transposed_ones_idx[N0] = {0x00};
memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
int endQblockIdx = 0;
currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
endQblockIdx = 0;
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
}
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
for (int i = 0; i < DV * M; i++) {
Ln0trSparse[i] = INVALID_POS_VALUE;
auxSparse[i] = INVALID_POS_VALUE;
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
/* prepare mockup error vector in case a decoding failure occurs */
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander(&niederreiter_decrypt_expander,
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
TRNG_BYTE_LENGTH);
int decryptOk = 0;
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
decryptOk = PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
int err_weight = 0;
err_weight = 0;
for (int i = 0 ; i < N0; i++) {
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
}

4
crypto_kem/ledakemlt52/clean/bf_decoding.c
View File

@ -4,7 +4,7 @@
#include <assert.h>
#include <string.h>
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1};
unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[],
const POSITION_T HtrPosOnes[N0][DV],
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[],
}
/* iteration based threshold determination*/
unsigned int corrt_syndrome_based = thresholds[iteration];
unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[iteration];
//Computation of correlation with a full Q matrix
for (int i = 0; i < N0; i++) {

4
crypto_kem/ledakemlt52/clean/dfr_test.c
View File

@ -9,7 +9,7 @@
* computes the threshold for the second iteration of the decoder and stores
* it in the globally accessible vector */
extern unsigned int thresholds[2];
extern unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2];
int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
allBlockMaxSumstMinusOne;
}
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
thresholds[1] = allBlockMaxSumst + 1;
PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
return 1;
}
return 0;

19
crypto_kem/ledakemlt52/clean/gf2x_arith_mod_xPplusOne.c
View File

@ -7,7 +7,7 @@
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
int i, j, posTrailingBit, maskOffset, to_copy;
int i, j, posTrailingBit, maskOffset;
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
}
}
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT;
for (i = 0; i < to_copy; i++) {
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
}
@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence(
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx);
duplicated = 0;
for (int j = 0; j < counter; j++) {
if (rndPos[j] == p) {
@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence(
}
}
for (int j = 0; j < counter; j++) {
int polyIndex = rndPos[j] / P;
int exponent = rndPos[j] % P;
polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P;
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1));
}
@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
size_t i, j;
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (j = 0; j < DIGIT_SIZE_B; j++) {
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF);
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
}
}
}

70
crypto_kem/ledakemlt52/clean/niederreiter.c
View File

@ -10,25 +10,19 @@
void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H,
with weight DV. Each index contains the position of a '1' digit in the
corresponding Htr block */
/* Sparse representation of the matrix (Q).
A matrix containing the positions of the ones in the circulant
blocks of Q. Each row contains the position of the
ones of all the blocks of a row of Q as exponent+
P*block_position */
POSITION_T QPosOnes[N0][M];
/*Rejection-sample for a full L*/
POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0];
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
int is_L_full = 0;
int isDFRok = 0;
sk->rejections = (int8_t) 0;
do {
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, keys_expander);
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
}
}
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0] = {0};
memset(processedQOnes, 0x00, sizeof(processedQOnes));
for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} while (!is_L_full || !isDFRok);
sk->rejections = sk->rejections - 1;
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0dense, 0x00, sizeof(Ln0dense));
for (int j = 0; j < DV * M; j++) {
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
}
}
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
for (int i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul(saux,
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
err + i * NUM_DIGITS_GF2X_ELEMENT);
gf2x_mod_add(syndrome, syndrome, saux);
} // end for
}
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
}
int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
// sequence of N0 circ block matrices (p x p):
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
POSITION_T QPosOnes[N0][M];
int rejections = sk->rejections;
POSITION_T QtrPosOnes[N0][M];
POSITION_T auxPosOnes[DV * M];
POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
unsigned char processedQOnes[N0];
unsigned transposed_ones_idx[N0];
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
int rejections = sk->rejections;
int currQoneIdx, endQblockIdx;
int decryptOk, err_weight;
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
do {
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
}
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0] = {0};
memset(processedQOnes, 0x00, sizeof(processedQOnes));
for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
rejections--;
} while (rejections >= 0);
POSITION_T QtrPosOnes[N0][M];
unsigned transposed_ones_idx[N0] = {0x00};
memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
int endQblockIdx = 0;
currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
endQblockIdx = 0;
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
}
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
for (int i = 0; i < DV * M; i++) {
Ln0trSparse[i] = INVALID_POS_VALUE;
auxSparse[i] = INVALID_POS_VALUE;
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
}
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
/* prepare mockup error vector in case a decoding failure occurs */
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander(&niederreiter_decrypt_expander,
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
TRNG_BYTE_LENGTH);
int decryptOk = 0;
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
decryptOk = PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
int err_weight = 0;
err_weight = 0;
for (int i = 0 ; i < N0; i++) {
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
}