diff --git a/crypto_kem/ledakemlt12/clean/bf_decoding.c b/crypto_kem/ledakemlt12/clean/bf_decoding.c index f03deb28..977eb6ea 100644 --- a/crypto_kem/ledakemlt12/clean/bf_decoding.c +++ b/crypto_kem/ledakemlt12/clean/bf_decoding.c @@ -4,7 +4,7 @@ #include #include -unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1}; +unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1}; int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[], const POSITION_T HtrPosOnes[N0][DV], @@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[], } /* iteration based threshold determination*/ - unsigned int corrt_syndrome_based = thresholds[iteration]; + unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[iteration]; //Computation of correlation with a full Q matrix for (int i = 0; i < N0; i++) { diff --git a/crypto_kem/ledakemlt12/clean/dfr_test.c b/crypto_kem/ledakemlt12/clean/dfr_test.c index bcea824c..157e77d8 100644 --- a/crypto_kem/ledakemlt12/clean/dfr_test.c +++ b/crypto_kem/ledakemlt12/clean/dfr_test.c @@ -9,7 +9,7 @@ * computes the threshold for the second iteration of the decoder and stores * it in the globally accessible vector */ -extern unsigned int thresholds[2]; +extern unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2]; int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { @@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { allBlockMaxSumstMinusOne; } if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { - thresholds[1] = allBlockMaxSumst + 1; + PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[1] = allBlockMaxSumst + 1; return 1; } return 0; diff --git a/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c index 80c2f72f..217b24f1 100644 --- a/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c @@ -7,7 +7,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) { - int i, j, posTrailingBit, maskOffset, to_copy; + int i, j, posTrailingBit, maskOffset; DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT]; memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); @@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) { } } - to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT; - - for (i = 0; i < to_copy; i++) { + for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i]; } @@ -440,17 +438,17 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones, } /* Returns random weight-t circulant block */ -void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence( - DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], - AES_XOF_struct *seed_expander_ctx) { +void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], + AES_XOF_struct *seed_expander_ctx) { int rndPos[NUM_ERRORS_T], duplicated, counter = 0; + int p, polyIndex, exponent; + memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); - while (counter < NUM_ERRORS_T) { - int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, - seed_expander_ctx); + p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, + seed_expander_ctx); duplicated = 0; for (int j = 0; j < counter; j++) { if (rndPos[j] == p) { @@ -463,8 +461,8 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence( } } for (int j = 0; j < counter; j++) { - int polyIndex = rndPos[j] / P; - int exponent = rndPos[j] % P; + polyIndex = rndPos[j] / P; + exponent = rndPos[j] % P; gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, ( (DIGIT) 1)); } @@ -475,7 +473,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) { size_t i, j; for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { for (j = 0; j < DIGIT_SIZE_B; j++) { - bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF); + bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j); } } } diff --git a/crypto_kem/ledakemlt12/clean/niederreiter.c b/crypto_kem/ledakemlt12/clean/niederreiter.c index 58c4542f..e2326bd4 100644 --- a/crypto_kem/ledakemlt12/clean/niederreiter.c +++ b/crypto_kem/ledakemlt12/clean/niederreiter.c @@ -10,25 +10,19 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) { - // sequence of N0 circ block matrices (p x p): Hi - POSITION_T HPosOnes[N0][DV]; - POSITION_T HtrPosOnes[N0][DV]; - /* Sparse representation of the transposed circulant matrix H, - with weight DV. Each index contains the position of a '1' digit in the - corresponding Htr block */ - /* Sparse representation of the matrix (Q). - A matrix containing the positions of the ones in the circulant - blocks of Q. Each row contains the position of the - ones of all the blocks of a row of Q as exponent+ - P*block_position */ - POSITION_T QPosOnes[N0][M]; - - /*Rejection-sample for a full L*/ + POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi + POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H + POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position POSITION_T LPosOnes[N0][DV * M]; + POSITION_T auxPosOnes[DV * M]; + unsigned char processedQOnes[N0]; + DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT]; + DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT]; int is_L_full = 0; int isDFRok = 0; sk->rejections = (int8_t) 0; + do { PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander); PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, keys_expander); @@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, } } - POSITION_T auxPosOnes[DV * M]; - unsigned char processedQOnes[N0] = {0}; + memset(processedQOnes, 0x00, sizeof(processedQOnes)); for (int colQ = 0; colQ < N0; colQ++) { for (int i = 0; i < N0; i++) { PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, @@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, } while (!is_L_full || !isDFRok); sk->rejections = sk->rejections - 1; - DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; + memset(Ln0dense, 0x00, sizeof(Ln0dense)); for (int j = 0; j < DV * M; j++) { if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) { gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1); } } - DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; + + memset(Ln0Inv, 0x00, sizeof(Ln0Inv)); PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense); for (int i = 0; i < N0 - 1; i++) { PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, @@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi DIGIT saux[NUM_DIGITS_GF2X_ELEMENT]; memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); - for (i = 0; i < N0 - 1; i++) { PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul(saux, pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, err + i * NUM_DIGITS_GF2X_ELEMENT); gf2x_mod_add(syndrome, syndrome, saux); - } // end for + } gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT); } int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) { - AES_XOF_struct niederreiter_decrypt_expander; - PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed); - - // sequence of N0 circ block matrices (p x p): POSITION_T HPosOnes[N0][DV]; POSITION_T HtrPosOnes[N0][DV]; POSITION_T QPosOnes[N0][M]; - int rejections = sk->rejections; + POSITION_T QtrPosOnes[N0][M]; + POSITION_T auxPosOnes[DV * M]; POSITION_T LPosOnes[N0][DV * M]; + POSITION_T auxSparse[DV * M]; + POSITION_T Ln0trSparse[DV * M]; + unsigned char processedQOnes[N0]; + unsigned transposed_ones_idx[N0]; + DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT]; + DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; + int rejections = sk->rejections; + int currQoneIdx, endQblockIdx; + int decryptOk, err_weight; + + PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed); + do { PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander); @@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } } - POSITION_T auxPosOnes[DV * M]; - unsigned char processedQOnes[N0] = {0}; + memset(processedQOnes, 0x00, sizeof(processedQOnes)); for (int colQ = 0; colQ < N0; colQ++) { for (int i = 0; i < N0; i++) { PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, @@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN rejections--; } while (rejections >= 0); - POSITION_T QtrPosOnes[N0][M]; - unsigned transposed_ones_idx[N0] = {0x00}; + memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx)); for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) { - int currQoneIdx = 0; // position in the column of QtrPosOnes[][...] - int endQblockIdx = 0; + currQoneIdx = 0; // position in the column of QtrPosOnes[][...] + endQblockIdx = 0; for (int blockIdx = 0; blockIdx < N0; blockIdx++) { endQblockIdx += qBlockWeights[source_row_idx][blockIdx]; for (; currQoneIdx < endQblockIdx; currQoneIdx++) { @@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } } - POSITION_T auxSparse[DV * M]; - POSITION_T Ln0trSparse[DV * M]; for (int i = 0; i < DV * M; i++) { Ln0trSparse[i] = INVALID_POS_VALUE; auxSparse[i] = INVALID_POS_VALUE; @@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse); - - DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT]; PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M); /* prepare mockup error vector in case a decoding failure occurs */ - DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander(&niederreiter_decrypt_expander, ((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B), TRNG_BYTE_LENGTH); - int decryptOk = 0; memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); decryptOk = PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes, (const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome); - int err_weight = 0; + err_weight = 0; for (int i = 0 ; i < N0; i++) { err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i)); } diff --git a/crypto_kem/ledakemlt32/clean/bf_decoding.c b/crypto_kem/ledakemlt32/clean/bf_decoding.c index 42639492..3ed29fb1 100644 --- a/crypto_kem/ledakemlt32/clean/bf_decoding.c +++ b/crypto_kem/ledakemlt32/clean/bf_decoding.c @@ -4,7 +4,7 @@ #include #include -unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1}; +unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1}; int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[], const POSITION_T HtrPosOnes[N0][DV], @@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[], } /* iteration based threshold determination*/ - unsigned int corrt_syndrome_based = thresholds[iteration]; + unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[iteration]; //Computation of correlation with a full Q matrix for (int i = 0; i < N0; i++) { diff --git a/crypto_kem/ledakemlt32/clean/dfr_test.c b/crypto_kem/ledakemlt32/clean/dfr_test.c index c9543ed3..da61675c 100644 --- a/crypto_kem/ledakemlt32/clean/dfr_test.c +++ b/crypto_kem/ledakemlt32/clean/dfr_test.c @@ -9,7 +9,7 @@ * computes the threshold for the second iteration of the decoder and stores * it in the globally accessible vector */ -extern unsigned int thresholds[2]; +extern unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2]; int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { @@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { allBlockMaxSumstMinusOne; } if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { - thresholds[1] = allBlockMaxSumst + 1; + PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[1] = allBlockMaxSumst + 1; return 1; } return 0; diff --git a/crypto_kem/ledakemlt32/clean/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt32/clean/gf2x_arith_mod_xPplusOne.c index 5464dfea..a81d5aeb 100644 --- a/crypto_kem/ledakemlt32/clean/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt32/clean/gf2x_arith_mod_xPplusOne.c @@ -7,7 +7,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) { - int i, j, posTrailingBit, maskOffset, to_copy; + int i, j, posTrailingBit, maskOffset; DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT]; memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); @@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) { } } - to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT; - - for (i = 0; i < to_copy; i++) { + for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i]; } @@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence( AES_XOF_struct *seed_expander_ctx) { int rndPos[NUM_ERRORS_T], duplicated, counter = 0; + int p, polyIndex, exponent; + memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); - while (counter < NUM_ERRORS_T) { - int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, - seed_expander_ctx); + p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, + seed_expander_ctx); duplicated = 0; for (int j = 0; j < counter; j++) { if (rndPos[j] == p) { @@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence( } } for (int j = 0; j < counter; j++) { - int polyIndex = rndPos[j] / P; - int exponent = rndPos[j] % P; + polyIndex = rndPos[j] / P; + exponent = rndPos[j] % P; gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, ( (DIGIT) 1)); } @@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) { size_t i, j; for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { for (j = 0; j < DIGIT_SIZE_B; j++) { - bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF); + bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j); } } } diff --git a/crypto_kem/ledakemlt32/clean/niederreiter.c b/crypto_kem/ledakemlt32/clean/niederreiter.c index 470d5bc1..9b72c104 100644 --- a/crypto_kem/ledakemlt32/clean/niederreiter.c +++ b/crypto_kem/ledakemlt32/clean/niederreiter.c @@ -10,25 +10,19 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) { - // sequence of N0 circ block matrices (p x p): Hi - POSITION_T HPosOnes[N0][DV]; - POSITION_T HtrPosOnes[N0][DV]; - /* Sparse representation of the transposed circulant matrix H, - with weight DV. Each index contains the position of a '1' digit in the - corresponding Htr block */ - /* Sparse representation of the matrix (Q). - A matrix containing the positions of the ones in the circulant - blocks of Q. Each row contains the position of the - ones of all the blocks of a row of Q as exponent+ - P*block_position */ - POSITION_T QPosOnes[N0][M]; - - /*Rejection-sample for a full L*/ + POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi + POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H + POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position POSITION_T LPosOnes[N0][DV * M]; + POSITION_T auxPosOnes[DV * M]; + unsigned char processedQOnes[N0]; + DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT]; + DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT]; int is_L_full = 0; int isDFRok = 0; sk->rejections = (int8_t) 0; + do { PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander); PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, keys_expander); @@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, } } - POSITION_T auxPosOnes[DV * M]; - unsigned char processedQOnes[N0] = {0}; + memset(processedQOnes, 0x00, sizeof(processedQOnes)); for (int colQ = 0; colQ < N0; colQ++) { for (int i = 0; i < N0; i++) { PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, @@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, } while (!is_L_full || !isDFRok); sk->rejections = sk->rejections - 1; - DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; + memset(Ln0dense, 0x00, sizeof(Ln0dense)); for (int j = 0; j < DV * M; j++) { if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) { gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1); } } - DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; + + memset(Ln0Inv, 0x00, sizeof(Ln0Inv)); PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense); for (int i = 0; i < N0 - 1; i++) { PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, @@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi DIGIT saux[NUM_DIGITS_GF2X_ELEMENT]; memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); - for (i = 0; i < N0 - 1; i++) { PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul(saux, pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, err + i * NUM_DIGITS_GF2X_ELEMENT); gf2x_mod_add(syndrome, syndrome, saux); - } // end for + } gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT); } int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) { - AES_XOF_struct niederreiter_decrypt_expander; - PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed); - - // sequence of N0 circ block matrices (p x p): POSITION_T HPosOnes[N0][DV]; POSITION_T HtrPosOnes[N0][DV]; POSITION_T QPosOnes[N0][M]; - int rejections = sk->rejections; + POSITION_T QtrPosOnes[N0][M]; + POSITION_T auxPosOnes[DV * M]; POSITION_T LPosOnes[N0][DV * M]; + POSITION_T auxSparse[DV * M]; + POSITION_T Ln0trSparse[DV * M]; + unsigned char processedQOnes[N0]; + unsigned transposed_ones_idx[N0]; + DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT]; + DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; + int rejections = sk->rejections; + int currQoneIdx, endQblockIdx; + int decryptOk, err_weight; + + PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed); + do { PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander); @@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } } - POSITION_T auxPosOnes[DV * M]; - unsigned char processedQOnes[N0] = {0}; + memset(processedQOnes, 0x00, sizeof(processedQOnes)); for (int colQ = 0; colQ < N0; colQ++) { for (int i = 0; i < N0; i++) { PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, @@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN rejections--; } while (rejections >= 0); - POSITION_T QtrPosOnes[N0][M]; - unsigned transposed_ones_idx[N0] = {0x00}; + memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx)); for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) { - int currQoneIdx = 0; // position in the column of QtrPosOnes[][...] - int endQblockIdx = 0; + currQoneIdx = 0; // position in the column of QtrPosOnes[][...] + endQblockIdx = 0; for (int blockIdx = 0; blockIdx < N0; blockIdx++) { endQblockIdx += qBlockWeights[source_row_idx][blockIdx]; for (; currQoneIdx < endQblockIdx; currQoneIdx++) { @@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } } - POSITION_T auxSparse[DV * M]; - POSITION_T Ln0trSparse[DV * M]; for (int i = 0; i < DV * M; i++) { Ln0trSparse[i] = INVALID_POS_VALUE; auxSparse[i] = INVALID_POS_VALUE; @@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse); - - DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT]; PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M); /* prepare mockup error vector in case a decoding failure occurs */ - DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander(&niederreiter_decrypt_expander, ((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B), TRNG_BYTE_LENGTH); - int decryptOk = 0; memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); decryptOk = PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes, (const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome); - int err_weight = 0; + err_weight = 0; for (int i = 0 ; i < N0; i++) { err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i)); } diff --git a/crypto_kem/ledakemlt52/clean/bf_decoding.c b/crypto_kem/ledakemlt52/clean/bf_decoding.c index 531a73d6..f52060f8 100644 --- a/crypto_kem/ledakemlt52/clean/bf_decoding.c +++ b/crypto_kem/ledakemlt52/clean/bf_decoding.c @@ -4,7 +4,7 @@ #include #include -unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1}; +unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1}; int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[], const POSITION_T HtrPosOnes[N0][DV], @@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[], } /* iteration based threshold determination*/ - unsigned int corrt_syndrome_based = thresholds[iteration]; + unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[iteration]; //Computation of correlation with a full Q matrix for (int i = 0; i < N0; i++) { diff --git a/crypto_kem/ledakemlt52/clean/dfr_test.c b/crypto_kem/ledakemlt52/clean/dfr_test.c index dde49feb..f5ff3a13 100644 --- a/crypto_kem/ledakemlt52/clean/dfr_test.c +++ b/crypto_kem/ledakemlt52/clean/dfr_test.c @@ -9,7 +9,7 @@ * computes the threshold for the second iteration of the decoder and stores * it in the globally accessible vector */ -extern unsigned int thresholds[2]; +extern unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2]; int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { @@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { allBlockMaxSumstMinusOne; } if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { - thresholds[1] = allBlockMaxSumst + 1; + PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[1] = allBlockMaxSumst + 1; return 1; } return 0; diff --git a/crypto_kem/ledakemlt52/clean/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt52/clean/gf2x_arith_mod_xPplusOne.c index a89ef1b1..cade74dd 100644 --- a/crypto_kem/ledakemlt52/clean/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt52/clean/gf2x_arith_mod_xPplusOne.c @@ -7,7 +7,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) { - int i, j, posTrailingBit, maskOffset, to_copy; + int i, j, posTrailingBit, maskOffset; DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT]; memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); @@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) { } } - to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT; - - for (i = 0; i < to_copy; i++) { + for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i]; } @@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence( AES_XOF_struct *seed_expander_ctx) { int rndPos[NUM_ERRORS_T], duplicated, counter = 0; + int p, polyIndex, exponent; + memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); - while (counter < NUM_ERRORS_T) { - int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, - seed_expander_ctx); + p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, + seed_expander_ctx); duplicated = 0; for (int j = 0; j < counter; j++) { if (rndPos[j] == p) { @@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence( } } for (int j = 0; j < counter; j++) { - int polyIndex = rndPos[j] / P; - int exponent = rndPos[j] % P; + polyIndex = rndPos[j] / P; + exponent = rndPos[j] % P; gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, ( (DIGIT) 1)); } @@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) { size_t i, j; for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { for (j = 0; j < DIGIT_SIZE_B; j++) { - bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF); + bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j); } } } diff --git a/crypto_kem/ledakemlt52/clean/niederreiter.c b/crypto_kem/ledakemlt52/clean/niederreiter.c index 8a60466a..6827af13 100644 --- a/crypto_kem/ledakemlt52/clean/niederreiter.c +++ b/crypto_kem/ledakemlt52/clean/niederreiter.c @@ -10,25 +10,19 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) { - // sequence of N0 circ block matrices (p x p): Hi - POSITION_T HPosOnes[N0][DV]; - POSITION_T HtrPosOnes[N0][DV]; - /* Sparse representation of the transposed circulant matrix H, - with weight DV. Each index contains the position of a '1' digit in the - corresponding Htr block */ - /* Sparse representation of the matrix (Q). - A matrix containing the positions of the ones in the circulant - blocks of Q. Each row contains the position of the - ones of all the blocks of a row of Q as exponent+ - P*block_position */ - POSITION_T QPosOnes[N0][M]; - - /*Rejection-sample for a full L*/ + POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi + POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H + POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position POSITION_T LPosOnes[N0][DV * M]; + POSITION_T auxPosOnes[DV * M]; + unsigned char processedQOnes[N0]; + DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT]; + DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT]; int is_L_full = 0; int isDFRok = 0; sk->rejections = (int8_t) 0; + do { PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander); PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, keys_expander); @@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, } } - POSITION_T auxPosOnes[DV * M]; - unsigned char processedQOnes[N0] = {0}; + memset(processedQOnes, 0x00, sizeof(processedQOnes)); for (int colQ = 0; colQ < N0; colQ++) { for (int i = 0; i < N0; i++) { PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, @@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, } while (!is_L_full || !isDFRok); sk->rejections = sk->rejections - 1; - DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; + memset(Ln0dense, 0x00, sizeof(Ln0dense)); for (int j = 0; j < DV * M; j++) { if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) { gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1); } } - DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; + + memset(Ln0Inv, 0x00, sizeof(Ln0Inv)); PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense); for (int i = 0; i < N0 - 1; i++) { PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, @@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi DIGIT saux[NUM_DIGITS_GF2X_ELEMENT]; memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); - for (i = 0; i < N0 - 1; i++) { PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul(saux, pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, err + i * NUM_DIGITS_GF2X_ELEMENT); gf2x_mod_add(syndrome, syndrome, saux); - } // end for + } gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT); } int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) { - AES_XOF_struct niederreiter_decrypt_expander; - PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed); - - // sequence of N0 circ block matrices (p x p): POSITION_T HPosOnes[N0][DV]; POSITION_T HtrPosOnes[N0][DV]; POSITION_T QPosOnes[N0][M]; - int rejections = sk->rejections; + POSITION_T QtrPosOnes[N0][M]; + POSITION_T auxPosOnes[DV * M]; POSITION_T LPosOnes[N0][DV * M]; + POSITION_T auxSparse[DV * M]; + POSITION_T Ln0trSparse[DV * M]; + unsigned char processedQOnes[N0]; + unsigned transposed_ones_idx[N0]; + DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT]; + DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; + int rejections = sk->rejections; + int currQoneIdx, endQblockIdx; + int decryptOk, err_weight; + + PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed); + do { PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander); @@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } } - POSITION_T auxPosOnes[DV * M]; - unsigned char processedQOnes[N0] = {0}; + memset(processedQOnes, 0x00, sizeof(processedQOnes)); for (int colQ = 0; colQ < N0; colQ++) { for (int i = 0; i < N0; i++) { PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, @@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN rejections--; } while (rejections >= 0); - POSITION_T QtrPosOnes[N0][M]; - unsigned transposed_ones_idx[N0] = {0x00}; + memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx)); for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) { - int currQoneIdx = 0; // position in the column of QtrPosOnes[][...] - int endQblockIdx = 0; + currQoneIdx = 0; // position in the column of QtrPosOnes[][...] + endQblockIdx = 0; for (int blockIdx = 0; blockIdx < N0; blockIdx++) { endQblockIdx += qBlockWeights[source_row_idx][blockIdx]; for (; currQoneIdx < endQblockIdx; currQoneIdx++) { @@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } } - POSITION_T auxSparse[DV * M]; - POSITION_T Ln0trSparse[DV * M]; for (int i = 0; i < DV * M; i++) { Ln0trSparse[i] = INVALID_POS_VALUE; auxSparse[i] = INVALID_POS_VALUE; @@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN } PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse); - - DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT]; PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M); /* prepare mockup error vector in case a decoding failure occurs */ - DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT]; memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander(&niederreiter_decrypt_expander, ((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B), TRNG_BYTE_LENGTH); - int decryptOk = 0; memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); decryptOk = PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes, (const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome); - int err_weight = 0; + err_weight = 0; for (int i = 0 ; i < N0; i++) { err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i)); }