variable declarations at the beginning, namespace extern variables
Этот коммит содержится в:
родитель
737cb1bb2e
Коммит
3caad74525
@ -4,7 +4,7 @@
|
|||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1};
|
unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[],
|
int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[],
|
||||||
const POSITION_T HtrPosOnes[N0][DV],
|
const POSITION_T HtrPosOnes[N0][DV],
|
||||||
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[],
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* iteration based threshold determination*/
|
/* iteration based threshold determination*/
|
||||||
unsigned int corrt_syndrome_based = thresholds[iteration];
|
unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[iteration];
|
||||||
|
|
||||||
//Computation of correlation with a full Q matrix
|
//Computation of correlation with a full Q matrix
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
* computes the threshold for the second iteration of the decoder and stores
|
* computes the threshold for the second iteration of the decoder and stores
|
||||||
* it in the globally accessible vector */
|
* it in the globally accessible vector */
|
||||||
|
|
||||||
extern unsigned int thresholds[2];
|
extern unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2];
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
||||||
|
|
||||||
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
|||||||
allBlockMaxSumstMinusOne;
|
allBlockMaxSumstMinusOne;
|
||||||
}
|
}
|
||||||
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
|
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
|
||||||
thresholds[1] = allBlockMaxSumst + 1;
|
PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
||||||
|
|
||||||
int i, j, posTrailingBit, maskOffset, to_copy;
|
int i, j, posTrailingBit, maskOffset;
|
||||||
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
|
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
|
||||||
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT;
|
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
||||||
|
|
||||||
for (i = 0; i < to_copy; i++) {
|
|
||||||
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
|
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -440,17 +438,17 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Returns random weight-t circulant block */
|
/* Returns random weight-t circulant block */
|
||||||
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(
|
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
||||||
DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
AES_XOF_struct *seed_expander_ctx) {
|
|
||||||
|
|
||||||
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
||||||
|
int p, polyIndex, exponent;
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
||||||
seed_expander_ctx);
|
seed_expander_ctx);
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) {
|
for (int j = 0; j < counter; j++) {
|
||||||
if (rndPos[j] == p) {
|
if (rndPos[j] == p) {
|
||||||
@ -463,8 +461,8 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (int j = 0; j < counter; j++) {
|
for (int j = 0; j < counter; j++) {
|
||||||
int polyIndex = rndPos[j] / P;
|
polyIndex = rndPos[j] / P;
|
||||||
int exponent = rndPos[j] % P;
|
exponent = rndPos[j] % P;
|
||||||
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
( (DIGIT) 1));
|
( (DIGIT) 1));
|
||||||
}
|
}
|
||||||
@ -475,7 +473,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
|
|||||||
size_t i, j;
|
size_t i, j;
|
||||||
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
||||||
for (j = 0; j < DIGIT_SIZE_B; j++) {
|
for (j = 0; j < DIGIT_SIZE_B; j++) {
|
||||||
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF);
|
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,25 +10,19 @@
|
|||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
|
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
|
||||||
|
|
||||||
// sequence of N0 circ block matrices (p x p): Hi
|
|
||||||
POSITION_T HPosOnes[N0][DV];
|
|
||||||
POSITION_T HtrPosOnes[N0][DV];
|
|
||||||
/* Sparse representation of the transposed circulant matrix H,
|
|
||||||
with weight DV. Each index contains the position of a '1' digit in the
|
|
||||||
corresponding Htr block */
|
|
||||||
|
|
||||||
/* Sparse representation of the matrix (Q).
|
POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
|
||||||
A matrix containing the positions of the ones in the circulant
|
POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
|
||||||
blocks of Q. Each row contains the position of the
|
POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
|
||||||
ones of all the blocks of a row of Q as exponent+
|
|
||||||
P*block_position */
|
|
||||||
POSITION_T QPosOnes[N0][M];
|
|
||||||
|
|
||||||
/*Rejection-sample for a full L*/
|
|
||||||
POSITION_T LPosOnes[N0][DV * M];
|
POSITION_T LPosOnes[N0][DV * M];
|
||||||
|
POSITION_T auxPosOnes[DV * M];
|
||||||
|
unsigned char processedQOnes[N0];
|
||||||
|
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
int is_L_full = 0;
|
int is_L_full = 0;
|
||||||
int isDFRok = 0;
|
int isDFRok = 0;
|
||||||
sk->rejections = (int8_t) 0;
|
sk->rejections = (int8_t) 0;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
|
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, keys_expander);
|
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, keys_expander);
|
||||||
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxPosOnes[DV * M];
|
memset(processedQOnes, 0x00, sizeof(processedQOnes));
|
||||||
unsigned char processedQOnes[N0] = {0};
|
|
||||||
for (int colQ = 0; colQ < N0; colQ++) {
|
for (int colQ = 0; colQ < N0; colQ++) {
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
||||||
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
|
|||||||
} while (!is_L_full || !isDFRok);
|
} while (!is_L_full || !isDFRok);
|
||||||
sk->rejections = sk->rejections - 1;
|
sk->rejections = sk->rejections - 1;
|
||||||
|
|
||||||
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
|
memset(Ln0dense, 0x00, sizeof(Ln0dense));
|
||||||
for (int j = 0; j < DV * M; j++) {
|
for (int j = 0; j < DV * M; j++) {
|
||||||
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
|
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
|
||||||
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
|
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
|
|
||||||
|
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
|
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
|
||||||
for (int i = 0; i < N0 - 1; i++) {
|
for (int i = 0; i < N0 - 1; i++) {
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
||||||
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
|
|||||||
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
|
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
|
||||||
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
for (i = 0; i < N0 - 1; i++) {
|
for (i = 0; i < N0 - 1; i++) {
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul(saux,
|
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul(saux,
|
||||||
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
||||||
err + i * NUM_DIGITS_GF2X_ELEMENT);
|
err + i * NUM_DIGITS_GF2X_ELEMENT);
|
||||||
gf2x_mod_add(syndrome, syndrome, saux);
|
gf2x_mod_add(syndrome, syndrome, saux);
|
||||||
} // end for
|
}
|
||||||
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
|
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
|
int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
|
||||||
|
|
||||||
AES_XOF_struct niederreiter_decrypt_expander;
|
AES_XOF_struct niederreiter_decrypt_expander;
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
|
|
||||||
|
|
||||||
// sequence of N0 circ block matrices (p x p):
|
|
||||||
POSITION_T HPosOnes[N0][DV];
|
POSITION_T HPosOnes[N0][DV];
|
||||||
POSITION_T HtrPosOnes[N0][DV];
|
POSITION_T HtrPosOnes[N0][DV];
|
||||||
POSITION_T QPosOnes[N0][M];
|
POSITION_T QPosOnes[N0][M];
|
||||||
int rejections = sk->rejections;
|
POSITION_T QtrPosOnes[N0][M];
|
||||||
|
POSITION_T auxPosOnes[DV * M];
|
||||||
POSITION_T LPosOnes[N0][DV * M];
|
POSITION_T LPosOnes[N0][DV * M];
|
||||||
|
POSITION_T auxSparse[DV * M];
|
||||||
|
POSITION_T Ln0trSparse[DV * M];
|
||||||
|
unsigned char processedQOnes[N0];
|
||||||
|
unsigned transposed_ones_idx[N0];
|
||||||
|
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
int rejections = sk->rejections;
|
||||||
|
int currQoneIdx, endQblockIdx;
|
||||||
|
int decryptOk, err_weight;
|
||||||
|
|
||||||
|
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
|
||||||
|
|
||||||
do {
|
do {
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
|
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
|
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
|
||||||
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxPosOnes[DV * M];
|
memset(processedQOnes, 0x00, sizeof(processedQOnes));
|
||||||
unsigned char processedQOnes[N0] = {0};
|
|
||||||
for (int colQ = 0; colQ < N0; colQ++) {
|
for (int colQ = 0; colQ < N0; colQ++) {
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
||||||
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
rejections--;
|
rejections--;
|
||||||
} while (rejections >= 0);
|
} while (rejections >= 0);
|
||||||
|
|
||||||
POSITION_T QtrPosOnes[N0][M];
|
memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
|
||||||
unsigned transposed_ones_idx[N0] = {0x00};
|
|
||||||
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
|
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
|
||||||
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
|
currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
|
||||||
int endQblockIdx = 0;
|
endQblockIdx = 0;
|
||||||
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
|
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
|
||||||
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
|
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
|
||||||
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
|
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
|
||||||
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxSparse[DV * M];
|
|
||||||
POSITION_T Ln0trSparse[DV * M];
|
|
||||||
for (int i = 0; i < DV * M; i++) {
|
for (int i = 0; i < DV * M; i++) {
|
||||||
Ln0trSparse[i] = INVALID_POS_VALUE;
|
Ln0trSparse[i] = INVALID_POS_VALUE;
|
||||||
auxSparse[i] = INVALID_POS_VALUE;
|
auxSparse[i] = INVALID_POS_VALUE;
|
||||||
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
|
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
|
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
|
||||||
|
|
||||||
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
|
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
|
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
|
||||||
|
|
||||||
/* prepare mockup error vector in case a decoding failure occurs */
|
/* prepare mockup error vector in case a decoding failure occurs */
|
||||||
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
|
||||||
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander(&niederreiter_decrypt_expander,
|
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander(&niederreiter_decrypt_expander,
|
||||||
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
|
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
|
||||||
TRNG_BYTE_LENGTH);
|
TRNG_BYTE_LENGTH);
|
||||||
|
|
||||||
int decryptOk = 0;
|
|
||||||
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
decryptOk = PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
|
decryptOk = PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
|
||||||
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
|
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
|
||||||
|
|
||||||
int err_weight = 0;
|
err_weight = 0;
|
||||||
for (int i = 0 ; i < N0; i++) {
|
for (int i = 0 ; i < N0; i++) {
|
||||||
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
|
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1};
|
unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[],
|
int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[],
|
||||||
const POSITION_T HtrPosOnes[N0][DV],
|
const POSITION_T HtrPosOnes[N0][DV],
|
||||||
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[],
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* iteration based threshold determination*/
|
/* iteration based threshold determination*/
|
||||||
unsigned int corrt_syndrome_based = thresholds[iteration];
|
unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[iteration];
|
||||||
|
|
||||||
//Computation of correlation with a full Q matrix
|
//Computation of correlation with a full Q matrix
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
* computes the threshold for the second iteration of the decoder and stores
|
* computes the threshold for the second iteration of the decoder and stores
|
||||||
* it in the globally accessible vector */
|
* it in the globally accessible vector */
|
||||||
|
|
||||||
extern unsigned int thresholds[2];
|
extern unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2];
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
||||||
|
|
||||||
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
|||||||
allBlockMaxSumstMinusOne;
|
allBlockMaxSumstMinusOne;
|
||||||
}
|
}
|
||||||
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
|
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
|
||||||
thresholds[1] = allBlockMaxSumst + 1;
|
PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
||||||
|
|
||||||
int i, j, posTrailingBit, maskOffset, to_copy;
|
int i, j, posTrailingBit, maskOffset;
|
||||||
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
|
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
|
||||||
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT;
|
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
||||||
|
|
||||||
for (i = 0; i < to_copy; i++) {
|
|
||||||
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
|
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence(
|
|||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
||||||
|
int p, polyIndex, exponent;
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
||||||
seed_expander_ctx);
|
seed_expander_ctx);
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) {
|
for (int j = 0; j < counter; j++) {
|
||||||
if (rndPos[j] == p) {
|
if (rndPos[j] == p) {
|
||||||
@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (int j = 0; j < counter; j++) {
|
for (int j = 0; j < counter; j++) {
|
||||||
int polyIndex = rndPos[j] / P;
|
polyIndex = rndPos[j] / P;
|
||||||
int exponent = rndPos[j] % P;
|
exponent = rndPos[j] % P;
|
||||||
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
( (DIGIT) 1));
|
( (DIGIT) 1));
|
||||||
}
|
}
|
||||||
@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
|
|||||||
size_t i, j;
|
size_t i, j;
|
||||||
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
||||||
for (j = 0; j < DIGIT_SIZE_B; j++) {
|
for (j = 0; j < DIGIT_SIZE_B; j++) {
|
||||||
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF);
|
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,25 +10,19 @@
|
|||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
|
void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
|
||||||
|
|
||||||
// sequence of N0 circ block matrices (p x p): Hi
|
|
||||||
POSITION_T HPosOnes[N0][DV];
|
|
||||||
POSITION_T HtrPosOnes[N0][DV];
|
|
||||||
/* Sparse representation of the transposed circulant matrix H,
|
|
||||||
with weight DV. Each index contains the position of a '1' digit in the
|
|
||||||
corresponding Htr block */
|
|
||||||
|
|
||||||
/* Sparse representation of the matrix (Q).
|
POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
|
||||||
A matrix containing the positions of the ones in the circulant
|
POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
|
||||||
blocks of Q. Each row contains the position of the
|
POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
|
||||||
ones of all the blocks of a row of Q as exponent+
|
|
||||||
P*block_position */
|
|
||||||
POSITION_T QPosOnes[N0][M];
|
|
||||||
|
|
||||||
/*Rejection-sample for a full L*/
|
|
||||||
POSITION_T LPosOnes[N0][DV * M];
|
POSITION_T LPosOnes[N0][DV * M];
|
||||||
|
POSITION_T auxPosOnes[DV * M];
|
||||||
|
unsigned char processedQOnes[N0];
|
||||||
|
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
int is_L_full = 0;
|
int is_L_full = 0;
|
||||||
int isDFRok = 0;
|
int isDFRok = 0;
|
||||||
sk->rejections = (int8_t) 0;
|
sk->rejections = (int8_t) 0;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
|
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, keys_expander);
|
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, keys_expander);
|
||||||
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxPosOnes[DV * M];
|
memset(processedQOnes, 0x00, sizeof(processedQOnes));
|
||||||
unsigned char processedQOnes[N0] = {0};
|
|
||||||
for (int colQ = 0; colQ < N0; colQ++) {
|
for (int colQ = 0; colQ < N0; colQ++) {
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
||||||
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
|
|||||||
} while (!is_L_full || !isDFRok);
|
} while (!is_L_full || !isDFRok);
|
||||||
sk->rejections = sk->rejections - 1;
|
sk->rejections = sk->rejections - 1;
|
||||||
|
|
||||||
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
|
memset(Ln0dense, 0x00, sizeof(Ln0dense));
|
||||||
for (int j = 0; j < DV * M; j++) {
|
for (int j = 0; j < DV * M; j++) {
|
||||||
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
|
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
|
||||||
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
|
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
|
|
||||||
|
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
|
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
|
||||||
for (int i = 0; i < N0 - 1; i++) {
|
for (int i = 0; i < N0 - 1; i++) {
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
||||||
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
|
|||||||
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
|
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
|
||||||
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
for (i = 0; i < N0 - 1; i++) {
|
for (i = 0; i < N0 - 1; i++) {
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul(saux,
|
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul(saux,
|
||||||
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
||||||
err + i * NUM_DIGITS_GF2X_ELEMENT);
|
err + i * NUM_DIGITS_GF2X_ELEMENT);
|
||||||
gf2x_mod_add(syndrome, syndrome, saux);
|
gf2x_mod_add(syndrome, syndrome, saux);
|
||||||
} // end for
|
}
|
||||||
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
|
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
|
int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
|
||||||
|
|
||||||
AES_XOF_struct niederreiter_decrypt_expander;
|
AES_XOF_struct niederreiter_decrypt_expander;
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
|
|
||||||
|
|
||||||
// sequence of N0 circ block matrices (p x p):
|
|
||||||
POSITION_T HPosOnes[N0][DV];
|
POSITION_T HPosOnes[N0][DV];
|
||||||
POSITION_T HtrPosOnes[N0][DV];
|
POSITION_T HtrPosOnes[N0][DV];
|
||||||
POSITION_T QPosOnes[N0][M];
|
POSITION_T QPosOnes[N0][M];
|
||||||
int rejections = sk->rejections;
|
POSITION_T QtrPosOnes[N0][M];
|
||||||
|
POSITION_T auxPosOnes[DV * M];
|
||||||
POSITION_T LPosOnes[N0][DV * M];
|
POSITION_T LPosOnes[N0][DV * M];
|
||||||
|
POSITION_T auxSparse[DV * M];
|
||||||
|
POSITION_T Ln0trSparse[DV * M];
|
||||||
|
unsigned char processedQOnes[N0];
|
||||||
|
unsigned transposed_ones_idx[N0];
|
||||||
|
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
int rejections = sk->rejections;
|
||||||
|
int currQoneIdx, endQblockIdx;
|
||||||
|
int decryptOk, err_weight;
|
||||||
|
|
||||||
|
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
|
||||||
|
|
||||||
do {
|
do {
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
|
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
|
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
|
||||||
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxPosOnes[DV * M];
|
memset(processedQOnes, 0x00, sizeof(processedQOnes));
|
||||||
unsigned char processedQOnes[N0] = {0};
|
|
||||||
for (int colQ = 0; colQ < N0; colQ++) {
|
for (int colQ = 0; colQ < N0; colQ++) {
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
||||||
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
rejections--;
|
rejections--;
|
||||||
} while (rejections >= 0);
|
} while (rejections >= 0);
|
||||||
|
|
||||||
POSITION_T QtrPosOnes[N0][M];
|
memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
|
||||||
unsigned transposed_ones_idx[N0] = {0x00};
|
|
||||||
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
|
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
|
||||||
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
|
currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
|
||||||
int endQblockIdx = 0;
|
endQblockIdx = 0;
|
||||||
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
|
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
|
||||||
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
|
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
|
||||||
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
|
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
|
||||||
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxSparse[DV * M];
|
|
||||||
POSITION_T Ln0trSparse[DV * M];
|
|
||||||
for (int i = 0; i < DV * M; i++) {
|
for (int i = 0; i < DV * M; i++) {
|
||||||
Ln0trSparse[i] = INVALID_POS_VALUE;
|
Ln0trSparse[i] = INVALID_POS_VALUE;
|
||||||
auxSparse[i] = INVALID_POS_VALUE;
|
auxSparse[i] = INVALID_POS_VALUE;
|
||||||
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
|
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
|
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
|
||||||
|
|
||||||
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
|
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
|
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
|
||||||
|
|
||||||
/* prepare mockup error vector in case a decoding failure occurs */
|
/* prepare mockup error vector in case a decoding failure occurs */
|
||||||
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
|
||||||
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander(&niederreiter_decrypt_expander,
|
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander(&niederreiter_decrypt_expander,
|
||||||
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
|
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
|
||||||
TRNG_BYTE_LENGTH);
|
TRNG_BYTE_LENGTH);
|
||||||
|
|
||||||
int decryptOk = 0;
|
|
||||||
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
decryptOk = PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
|
decryptOk = PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
|
||||||
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
|
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
|
||||||
|
|
||||||
int err_weight = 0;
|
err_weight = 0;
|
||||||
for (int i = 0 ; i < N0; i++) {
|
for (int i = 0 ; i < N0; i++) {
|
||||||
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
|
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1};
|
unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[],
|
int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[],
|
||||||
const POSITION_T HtrPosOnes[N0][DV],
|
const POSITION_T HtrPosOnes[N0][DV],
|
||||||
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[],
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* iteration based threshold determination*/
|
/* iteration based threshold determination*/
|
||||||
unsigned int corrt_syndrome_based = thresholds[iteration];
|
unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[iteration];
|
||||||
|
|
||||||
//Computation of correlation with a full Q matrix
|
//Computation of correlation with a full Q matrix
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
* computes the threshold for the second iteration of the decoder and stores
|
* computes the threshold for the second iteration of the decoder and stores
|
||||||
* it in the globally accessible vector */
|
* it in the globally accessible vector */
|
||||||
|
|
||||||
extern unsigned int thresholds[2];
|
extern unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2];
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
||||||
|
|
||||||
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
|
|||||||
allBlockMaxSumstMinusOne;
|
allBlockMaxSumstMinusOne;
|
||||||
}
|
}
|
||||||
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
|
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
|
||||||
thresholds[1] = allBlockMaxSumst + 1;
|
PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
||||||
|
|
||||||
int i, j, posTrailingBit, maskOffset, to_copy;
|
int i, j, posTrailingBit, maskOffset;
|
||||||
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
|
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
|
||||||
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT;
|
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
||||||
|
|
||||||
for (i = 0; i < to_copy; i++) {
|
|
||||||
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
|
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence(
|
|||||||
AES_XOF_struct *seed_expander_ctx) {
|
AES_XOF_struct *seed_expander_ctx) {
|
||||||
|
|
||||||
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
|
||||||
|
int p, polyIndex, exponent;
|
||||||
|
|
||||||
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
|
|
||||||
while (counter < NUM_ERRORS_T) {
|
while (counter < NUM_ERRORS_T) {
|
||||||
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
|
||||||
seed_expander_ctx);
|
seed_expander_ctx);
|
||||||
duplicated = 0;
|
duplicated = 0;
|
||||||
for (int j = 0; j < counter; j++) {
|
for (int j = 0; j < counter; j++) {
|
||||||
if (rndPos[j] == p) {
|
if (rndPos[j] == p) {
|
||||||
@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (int j = 0; j < counter; j++) {
|
for (int j = 0; j < counter; j++) {
|
||||||
int polyIndex = rndPos[j] / P;
|
polyIndex = rndPos[j] / P;
|
||||||
int exponent = rndPos[j] % P;
|
exponent = rndPos[j] % P;
|
||||||
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
|
||||||
( (DIGIT) 1));
|
( (DIGIT) 1));
|
||||||
}
|
}
|
||||||
@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
|
|||||||
size_t i, j;
|
size_t i, j;
|
||||||
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
|
||||||
for (j = 0; j < DIGIT_SIZE_B; j++) {
|
for (j = 0; j < DIGIT_SIZE_B; j++) {
|
||||||
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF);
|
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,25 +10,19 @@
|
|||||||
|
|
||||||
void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
|
void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
|
||||||
|
|
||||||
// sequence of N0 circ block matrices (p x p): Hi
|
|
||||||
POSITION_T HPosOnes[N0][DV];
|
|
||||||
POSITION_T HtrPosOnes[N0][DV];
|
|
||||||
/* Sparse representation of the transposed circulant matrix H,
|
|
||||||
with weight DV. Each index contains the position of a '1' digit in the
|
|
||||||
corresponding Htr block */
|
|
||||||
|
|
||||||
/* Sparse representation of the matrix (Q).
|
POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
|
||||||
A matrix containing the positions of the ones in the circulant
|
POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
|
||||||
blocks of Q. Each row contains the position of the
|
POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
|
||||||
ones of all the blocks of a row of Q as exponent+
|
|
||||||
P*block_position */
|
|
||||||
POSITION_T QPosOnes[N0][M];
|
|
||||||
|
|
||||||
/*Rejection-sample for a full L*/
|
|
||||||
POSITION_T LPosOnes[N0][DV * M];
|
POSITION_T LPosOnes[N0][DV * M];
|
||||||
|
POSITION_T auxPosOnes[DV * M];
|
||||||
|
unsigned char processedQOnes[N0];
|
||||||
|
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
int is_L_full = 0;
|
int is_L_full = 0;
|
||||||
int isDFRok = 0;
|
int isDFRok = 0;
|
||||||
sk->rejections = (int8_t) 0;
|
sk->rejections = (int8_t) 0;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
|
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, keys_expander);
|
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, keys_expander);
|
||||||
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxPosOnes[DV * M];
|
memset(processedQOnes, 0x00, sizeof(processedQOnes));
|
||||||
unsigned char processedQOnes[N0] = {0};
|
|
||||||
for (int colQ = 0; colQ < N0; colQ++) {
|
for (int colQ = 0; colQ < N0; colQ++) {
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
||||||
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
|
|||||||
} while (!is_L_full || !isDFRok);
|
} while (!is_L_full || !isDFRok);
|
||||||
sk->rejections = sk->rejections - 1;
|
sk->rejections = sk->rejections - 1;
|
||||||
|
|
||||||
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
|
memset(Ln0dense, 0x00, sizeof(Ln0dense));
|
||||||
for (int j = 0; j < DV * M; j++) {
|
for (int j = 0; j < DV * M; j++) {
|
||||||
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
|
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
|
||||||
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
|
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
|
|
||||||
|
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
|
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
|
||||||
for (int i = 0; i < N0 - 1; i++) {
|
for (int i = 0; i < N0 - 1; i++) {
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
||||||
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
|
|||||||
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
|
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
|
||||||
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
|
|
||||||
for (i = 0; i < N0 - 1; i++) {
|
for (i = 0; i < N0 - 1; i++) {
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul(saux,
|
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul(saux,
|
||||||
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
|
||||||
err + i * NUM_DIGITS_GF2X_ELEMENT);
|
err + i * NUM_DIGITS_GF2X_ELEMENT);
|
||||||
gf2x_mod_add(syndrome, syndrome, saux);
|
gf2x_mod_add(syndrome, syndrome, saux);
|
||||||
} // end for
|
}
|
||||||
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
|
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
|
int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
|
||||||
|
|
||||||
AES_XOF_struct niederreiter_decrypt_expander;
|
AES_XOF_struct niederreiter_decrypt_expander;
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
|
|
||||||
|
|
||||||
// sequence of N0 circ block matrices (p x p):
|
|
||||||
POSITION_T HPosOnes[N0][DV];
|
POSITION_T HPosOnes[N0][DV];
|
||||||
POSITION_T HtrPosOnes[N0][DV];
|
POSITION_T HtrPosOnes[N0][DV];
|
||||||
POSITION_T QPosOnes[N0][M];
|
POSITION_T QPosOnes[N0][M];
|
||||||
int rejections = sk->rejections;
|
POSITION_T QtrPosOnes[N0][M];
|
||||||
|
POSITION_T auxPosOnes[DV * M];
|
||||||
POSITION_T LPosOnes[N0][DV * M];
|
POSITION_T LPosOnes[N0][DV * M];
|
||||||
|
POSITION_T auxSparse[DV * M];
|
||||||
|
POSITION_T Ln0trSparse[DV * M];
|
||||||
|
unsigned char processedQOnes[N0];
|
||||||
|
unsigned transposed_ones_idx[N0];
|
||||||
|
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
||||||
|
int rejections = sk->rejections;
|
||||||
|
int currQoneIdx, endQblockIdx;
|
||||||
|
int decryptOk, err_weight;
|
||||||
|
|
||||||
|
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
|
||||||
|
|
||||||
do {
|
do {
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
|
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
|
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
|
||||||
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxPosOnes[DV * M];
|
memset(processedQOnes, 0x00, sizeof(processedQOnes));
|
||||||
unsigned char processedQOnes[N0] = {0};
|
|
||||||
for (int colQ = 0; colQ < N0; colQ++) {
|
for (int colQ = 0; colQ < N0; colQ++) {
|
||||||
for (int i = 0; i < N0; i++) {
|
for (int i = 0; i < N0; i++) {
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
|
||||||
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
rejections--;
|
rejections--;
|
||||||
} while (rejections >= 0);
|
} while (rejections >= 0);
|
||||||
|
|
||||||
POSITION_T QtrPosOnes[N0][M];
|
memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
|
||||||
unsigned transposed_ones_idx[N0] = {0x00};
|
|
||||||
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
|
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
|
||||||
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
|
currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
|
||||||
int endQblockIdx = 0;
|
endQblockIdx = 0;
|
||||||
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
|
for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
|
||||||
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
|
endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
|
||||||
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
|
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
|
||||||
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
POSITION_T auxSparse[DV * M];
|
|
||||||
POSITION_T Ln0trSparse[DV * M];
|
|
||||||
for (int i = 0; i < DV * M; i++) {
|
for (int i = 0; i < DV * M; i++) {
|
||||||
Ln0trSparse[i] = INVALID_POS_VALUE;
|
Ln0trSparse[i] = INVALID_POS_VALUE;
|
||||||
auxSparse[i] = INVALID_POS_VALUE;
|
auxSparse[i] = INVALID_POS_VALUE;
|
||||||
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
|
|||||||
}
|
}
|
||||||
|
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
|
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
|
||||||
|
|
||||||
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
|
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
|
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
|
||||||
|
|
||||||
/* prepare mockup error vector in case a decoding failure occurs */
|
/* prepare mockup error vector in case a decoding failure occurs */
|
||||||
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
|
|
||||||
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander(&niederreiter_decrypt_expander,
|
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander(&niederreiter_decrypt_expander,
|
||||||
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
|
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
|
||||||
TRNG_BYTE_LENGTH);
|
TRNG_BYTE_LENGTH);
|
||||||
|
|
||||||
int decryptOk = 0;
|
|
||||||
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
|
||||||
decryptOk = PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
|
decryptOk = PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
|
||||||
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
|
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
|
||||||
|
|
||||||
int err_weight = 0;
|
err_weight = 0;
|
||||||
for (int i = 0 ; i < N0; i++) {
|
for (int i = 0 ; i < N0; i++) {
|
||||||
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
|
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
|
||||||
}
|
}
|
||||||
|
Загрузка…
Ссылка в новой задаче
Block a user