variable declarations at the beginning, namespace extern variables

Этот коммит содержится в:
Leon 2019-06-11 14:21:49 +02:00
родитель 737cb1bb2e
Коммит 3caad74525
12 изменённых файлов: 137 добавлений и 159 удалений

Просмотреть файл

@ -4,7 +4,7 @@
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1}; unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[], int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[],
const POSITION_T HtrPosOnes[N0][DV], const POSITION_T HtrPosOnes[N0][DV],
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(DIGIT err[],
} }
/* iteration based threshold determination*/ /* iteration based threshold determination*/
unsigned int corrt_syndrome_based = thresholds[iteration]; unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[iteration];
//Computation of correlation with a full Q matrix //Computation of correlation with a full Q matrix
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {

Просмотреть файл

@ -9,7 +9,7 @@
* computes the threshold for the second iteration of the decoder and stores * computes the threshold for the second iteration of the decoder and stores
* it in the globally accessible vector */ * it in the globally accessible vector */
extern unsigned int thresholds[2]; extern unsigned int PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[2];
int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
allBlockMaxSumstMinusOne; allBlockMaxSumstMinusOne;
} }
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
thresholds[1] = allBlockMaxSumst + 1; PQCLEAN_LEDAKEMLT12_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
return 1; return 1;
} }
return 0; return 0;

Просмотреть файл

@ -7,7 +7,7 @@
static void gf2x_mod(DIGIT out[], const DIGIT in[]) { static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
int i, j, posTrailingBit, maskOffset, to_copy; int i, j, posTrailingBit, maskOffset;
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT]; DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
} }
} }
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT; for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (i = 0; i < to_copy; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i]; out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
} }
@ -440,17 +438,17 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones,
} }
/* Returns random weight-t circulant block */ /* Returns random weight-t circulant block */
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence( void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], AES_XOF_struct *seed_expander_ctx) {
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0; int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx); seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) { for (int j = 0; j < counter; j++) {
if (rndPos[j] == p) { if (rndPos[j] == p) {
@ -463,8 +461,8 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(
} }
} }
for (int j = 0; j < counter; j++) { for (int j = 0; j < counter; j++) {
int polyIndex = rndPos[j] / P; polyIndex = rndPos[j] / P;
int exponent = rndPos[j] % P; exponent = rndPos[j] % P;
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1)); ( (DIGIT) 1));
} }
@ -475,7 +473,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
size_t i, j; size_t i, j;
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (j = 0; j < DIGIT_SIZE_B; j++) { for (j = 0; j < DIGIT_SIZE_B; j++) {
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF); bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
} }
} }
} }

Просмотреть файл

@ -10,25 +10,19 @@
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) { void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H,
with weight DV. Each index contains the position of a '1' digit in the
corresponding Htr block */
/* Sparse representation of the matrix (Q). POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
A matrix containing the positions of the ones in the circulant POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
blocks of Q. Each row contains the position of the POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
ones of all the blocks of a row of Q as exponent+
P*block_position */
POSITION_T QPosOnes[N0][M];
/*Rejection-sample for a full L*/
POSITION_T LPosOnes[N0][DV * M]; POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0];
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
int is_L_full = 0; int is_L_full = 0;
int isDFRok = 0; int isDFRok = 0;
sk->rejections = (int8_t) 0; sk->rejections = (int8_t) 0;
do { do {
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander); PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, keys_expander); PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, keys_expander);
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} }
} }
POSITION_T auxPosOnes[DV * M]; memset(processedQOnes, 0x00, sizeof(processedQOnes));
unsigned char processedQOnes[N0] = {0};
for (int colQ = 0; colQ < N0; colQ++) { for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} while (!is_L_full || !isDFRok); } while (!is_L_full || !isDFRok);
sk->rejections = sk->rejections - 1; sk->rejections = sk->rejections - 1;
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; memset(Ln0dense, 0x00, sizeof(Ln0dense));
for (int j = 0; j < DV * M; j++) { for (int j = 0; j < DV * M; j++) {
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) { if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1); gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
} }
} }
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense); PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
for (int i = 0; i < N0 - 1; i++) { for (int i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT]; DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (i = 0; i < N0 - 1; i++) { for (i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul(saux, PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul(saux,
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
err + i * NUM_DIGITS_GF2X_ELEMENT); err + i * NUM_DIGITS_GF2X_ELEMENT);
gf2x_mod_add(syndrome, syndrome, saux); gf2x_mod_add(syndrome, syndrome, saux);
} // end for }
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT); gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
} }
int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) { int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander; AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
// sequence of N0 circ block matrices (p x p):
POSITION_T HPosOnes[N0][DV]; POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV]; POSITION_T HtrPosOnes[N0][DV];
POSITION_T QPosOnes[N0][M]; POSITION_T QPosOnes[N0][M];
int rejections = sk->rejections; POSITION_T QtrPosOnes[N0][M];
POSITION_T auxPosOnes[DV * M];
POSITION_T LPosOnes[N0][DV * M]; POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
unsigned char processedQOnes[N0];
unsigned transposed_ones_idx[N0];
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
int rejections = sk->rejections;
int currQoneIdx, endQblockIdx;
int decryptOk, err_weight;
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
do { do {
PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT12_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT12_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
} }
POSITION_T auxPosOnes[DV * M]; memset(processedQOnes, 0x00, sizeof(processedQOnes));
unsigned char processedQOnes[N0] = {0};
for (int colQ = 0; colQ < N0; colQ++) { for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
rejections--; rejections--;
} while (rejections >= 0); } while (rejections >= 0);
POSITION_T QtrPosOnes[N0][M]; memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
unsigned transposed_ones_idx[N0] = {0x00};
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) { for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...] currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
int endQblockIdx = 0; endQblockIdx = 0;
for (int blockIdx = 0; blockIdx < N0; blockIdx++) { for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
endQblockIdx += qBlockWeights[source_row_idx][blockIdx]; endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
for (; currQoneIdx < endQblockIdx; currQoneIdx++) { for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
} }
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
for (int i = 0; i < DV * M; i++) { for (int i = 0; i < DV * M; i++) {
Ln0trSparse[i] = INVALID_POS_VALUE; Ln0trSparse[i] = INVALID_POS_VALUE;
auxSparse[i] = INVALID_POS_VALUE; auxSparse[i] = INVALID_POS_VALUE;
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse); PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M); PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
/* prepare mockup error vector in case a decoding failure occurs */ /* prepare mockup error vector in case a decoding failure occurs */
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander(&niederreiter_decrypt_expander, PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander(&niederreiter_decrypt_expander,
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B), ((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
TRNG_BYTE_LENGTH); TRNG_BYTE_LENGTH);
int decryptOk = 0;
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
decryptOk = PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes, decryptOk = PQCLEAN_LEDAKEMLT12_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome); (const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
int err_weight = 0; err_weight = 0;
for (int i = 0 ; i < N0; i++) { for (int i = 0 ; i < N0; i++) {
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i)); err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
} }

Просмотреть файл

@ -4,7 +4,7 @@
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1}; unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[], int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[],
const POSITION_T HtrPosOnes[N0][DV], const POSITION_T HtrPosOnes[N0][DV],
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(DIGIT err[],
} }
/* iteration based threshold determination*/ /* iteration based threshold determination*/
unsigned int corrt_syndrome_based = thresholds[iteration]; unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[iteration];
//Computation of correlation with a full Q matrix //Computation of correlation with a full Q matrix
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {

Просмотреть файл

@ -9,7 +9,7 @@
* computes the threshold for the second iteration of the decoder and stores * computes the threshold for the second iteration of the decoder and stores
* it in the globally accessible vector */ * it in the globally accessible vector */
extern unsigned int thresholds[2]; extern unsigned int PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[2];
int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
allBlockMaxSumstMinusOne; allBlockMaxSumstMinusOne;
} }
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
thresholds[1] = allBlockMaxSumst + 1; PQCLEAN_LEDAKEMLT32_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
return 1; return 1;
} }
return 0; return 0;

Просмотреть файл

@ -7,7 +7,7 @@
static void gf2x_mod(DIGIT out[], const DIGIT in[]) { static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
int i, j, posTrailingBit, maskOffset, to_copy; int i, j, posTrailingBit, maskOffset;
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT]; DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
} }
} }
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT; for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (i = 0; i < to_copy; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i]; out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
} }
@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence(
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0; int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx); seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) { for (int j = 0; j < counter; j++) {
if (rndPos[j] == p) { if (rndPos[j] == p) {
@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_rand_circulant_blocks_sequence(
} }
} }
for (int j = 0; j < counter; j++) { for (int j = 0; j < counter; j++) {
int polyIndex = rndPos[j] / P; polyIndex = rndPos[j] / P;
int exponent = rndPos[j] % P; exponent = rndPos[j] % P;
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1)); ( (DIGIT) 1));
} }
@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
size_t i, j; size_t i, j;
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (j = 0; j < DIGIT_SIZE_B; j++) { for (j = 0; j < DIGIT_SIZE_B; j++) {
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF); bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
} }
} }
} }

Просмотреть файл

@ -10,25 +10,19 @@
void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) { void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H,
with weight DV. Each index contains the position of a '1' digit in the
corresponding Htr block */
/* Sparse representation of the matrix (Q). POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
A matrix containing the positions of the ones in the circulant POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
blocks of Q. Each row contains the position of the POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
ones of all the blocks of a row of Q as exponent+
P*block_position */
POSITION_T QPosOnes[N0][M];
/*Rejection-sample for a full L*/
POSITION_T LPosOnes[N0][DV * M]; POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0];
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
int is_L_full = 0; int is_L_full = 0;
int isDFRok = 0; int isDFRok = 0;
sk->rejections = (int8_t) 0; sk->rejections = (int8_t) 0;
do { do {
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander); PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, keys_expander); PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, keys_expander);
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} }
} }
POSITION_T auxPosOnes[DV * M]; memset(processedQOnes, 0x00, sizeof(processedQOnes));
unsigned char processedQOnes[N0] = {0};
for (int colQ = 0; colQ < N0; colQ++) { for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} while (!is_L_full || !isDFRok); } while (!is_L_full || !isDFRok);
sk->rejections = sk->rejections - 1; sk->rejections = sk->rejections - 1;
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; memset(Ln0dense, 0x00, sizeof(Ln0dense));
for (int j = 0; j < DV * M; j++) { for (int j = 0; j < DV * M; j++) {
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) { if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1); gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
} }
} }
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense); PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
for (int i = 0; i < N0 - 1; i++) { for (int i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT]; DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (i = 0; i < N0 - 1; i++) { for (i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul(saux, PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul(saux,
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
err + i * NUM_DIGITS_GF2X_ELEMENT); err + i * NUM_DIGITS_GF2X_ELEMENT);
gf2x_mod_add(syndrome, syndrome, saux); gf2x_mod_add(syndrome, syndrome, saux);
} // end for }
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT); gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
} }
int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) { int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander; AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
// sequence of N0 circ block matrices (p x p):
POSITION_T HPosOnes[N0][DV]; POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV]; POSITION_T HtrPosOnes[N0][DV];
POSITION_T QPosOnes[N0][M]; POSITION_T QPosOnes[N0][M];
int rejections = sk->rejections; POSITION_T QtrPosOnes[N0][M];
POSITION_T auxPosOnes[DV * M];
POSITION_T LPosOnes[N0][DV * M]; POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
unsigned char processedQOnes[N0];
unsigned transposed_ones_idx[N0];
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
int rejections = sk->rejections;
int currQoneIdx, endQblockIdx;
int decryptOk, err_weight;
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
do { do {
PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT32_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT32_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
} }
POSITION_T auxPosOnes[DV * M]; memset(processedQOnes, 0x00, sizeof(processedQOnes));
unsigned char processedQOnes[N0] = {0};
for (int colQ = 0; colQ < N0; colQ++) { for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
rejections--; rejections--;
} while (rejections >= 0); } while (rejections >= 0);
POSITION_T QtrPosOnes[N0][M]; memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
unsigned transposed_ones_idx[N0] = {0x00};
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) { for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...] currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
int endQblockIdx = 0; endQblockIdx = 0;
for (int blockIdx = 0; blockIdx < N0; blockIdx++) { for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
endQblockIdx += qBlockWeights[source_row_idx][blockIdx]; endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
for (; currQoneIdx < endQblockIdx; currQoneIdx++) { for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
} }
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
for (int i = 0; i < DV * M; i++) { for (int i = 0; i < DV * M; i++) {
Ln0trSparse[i] = INVALID_POS_VALUE; Ln0trSparse[i] = INVALID_POS_VALUE;
auxSparse[i] = INVALID_POS_VALUE; auxSparse[i] = INVALID_POS_VALUE;
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT32_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse); PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M); PQCLEAN_LEDAKEMLT32_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
/* prepare mockup error vector in case a decoding failure occurs */ /* prepare mockup error vector in case a decoding failure occurs */
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander(&niederreiter_decrypt_expander, PQCLEAN_LEDAKEMLT32_CLEAN_seedexpander(&niederreiter_decrypt_expander,
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B), ((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
TRNG_BYTE_LENGTH); TRNG_BYTE_LENGTH);
int decryptOk = 0;
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
decryptOk = PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes, decryptOk = PQCLEAN_LEDAKEMLT32_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome); (const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
int err_weight = 0; err_weight = 0;
for (int i = 0 ; i < N0; i++) { for (int i = 0 ; i < N0; i++) {
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i)); err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
} }

Просмотреть файл

@ -4,7 +4,7 @@
#include <assert.h> #include <assert.h>
#include <string.h> #include <string.h>
unsigned int thresholds[2] = {B0, (DV * M) / 2 + 1}; unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2] = {B0, (DV * M) / 2 + 1};
int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[], int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[],
const POSITION_T HtrPosOnes[N0][DV], const POSITION_T HtrPosOnes[N0][DV],
@ -32,7 +32,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(DIGIT err[],
} }
/* iteration based threshold determination*/ /* iteration based threshold determination*/
unsigned int corrt_syndrome_based = thresholds[iteration]; unsigned int corrt_syndrome_based = PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[iteration];
//Computation of correlation with a full Q matrix //Computation of correlation with a full Q matrix
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {

Просмотреть файл

@ -9,7 +9,7 @@
* computes the threshold for the second iteration of the decoder and stores * computes the threshold for the second iteration of the decoder and stores
* it in the globally accessible vector */ * it in the globally accessible vector */
extern unsigned int thresholds[2]; extern unsigned int PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[2];
int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) { int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
@ -113,7 +113,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_DFR_test(POSITION_T LSparse[N0][DV * M]) {
allBlockMaxSumstMinusOne; allBlockMaxSumstMinusOne;
} }
if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) { if (DV * M > (allBlockMaxSumstMinusOne + allBlockMaxSumst)) {
thresholds[1] = allBlockMaxSumst + 1; PQCLEAN_LEDAKEMLT52_CLEAN_thresholds[1] = allBlockMaxSumst + 1;
return 1; return 1;
} }
return 0; return 0;

Просмотреть файл

@ -7,7 +7,7 @@
static void gf2x_mod(DIGIT out[], const DIGIT in[]) { static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
int i, j, posTrailingBit, maskOffset, to_copy; int i, j, posTrailingBit, maskOffset;
DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT]; DIGIT mask, aux[2 * NUM_DIGITS_GF2X_ELEMENT];
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
@ -37,9 +37,7 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
} }
} }
to_copy = (2 * NUM_DIGITS_GF2X_ELEMENT > NUM_DIGITS_GF2X_ELEMENT) ? NUM_DIGITS_GF2X_ELEMENT : 2 * NUM_DIGITS_GF2X_ELEMENT; for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (i = 0; i < to_copy; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i]; out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = aux[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
} }
@ -445,12 +443,13 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence(
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0; int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
int p, polyIndex, exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx); seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) { for (int j = 0; j < counter; j++) {
if (rndPos[j] == p) { if (rndPos[j] == p) {
@ -463,8 +462,8 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_rand_circulant_blocks_sequence(
} }
} }
for (int j = 0; j < counter; j++) { for (int j = 0; j < counter; j++) {
int polyIndex = rndPos[j] / P; polyIndex = rndPos[j] / P;
int exponent = rndPos[j] % P; exponent = rndPos[j] % P;
gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1)); ( (DIGIT) 1));
} }
@ -475,7 +474,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly) {
size_t i, j; size_t i, j;
for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) { for (i = 0; i < NUM_DIGITS_GF2X_ELEMENT; i++) {
for (j = 0; j < DIGIT_SIZE_B; j++) { for (j = 0; j < DIGIT_SIZE_B; j++) {
bytes[i * DIGIT_SIZE_B + j] = (uint8_t) ((poly[i] >> (8 * j)) & 0xFF); bytes[i * DIGIT_SIZE_B + j] = (uint8_t) (poly[i] >> 8 * j);
} }
} }
} }

Просмотреть файл

@ -10,25 +10,19 @@
void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) { void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk, privateKeyNiederreiter_t *sk, AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H,
with weight DV. Each index contains the position of a '1' digit in the
corresponding Htr block */
/* Sparse representation of the matrix (Q). POSITION_T HPosOnes[N0][DV]; // sequence of N0 circ block matrices (p x p): Hi
A matrix containing the positions of the ones in the circulant POSITION_T HtrPosOnes[N0][DV]; // Sparse tranposed circulant H
blocks of Q. Each row contains the position of the POSITION_T QPosOnes[N0][M]; // Sparse Q, Each row contains the position of the ones of all the blocks of a row of Q as exponent+P*block_position
ones of all the blocks of a row of Q as exponent+
P*block_position */
POSITION_T QPosOnes[N0][M];
/*Rejection-sample for a full L*/
POSITION_T LPosOnes[N0][DV * M]; POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxPosOnes[DV * M];
unsigned char processedQOnes[N0];
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT];
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT];
int is_L_full = 0; int is_L_full = 0;
int isDFRok = 0; int isDFRok = 0;
sk->rejections = (int8_t) 0; sk->rejections = (int8_t) 0;
do { do {
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander); PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, keys_expander);
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, keys_expander); PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, keys_expander);
@ -38,8 +32,7 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} }
} }
POSITION_T auxPosOnes[DV * M]; memset(processedQOnes, 0x00, sizeof(processedQOnes));
unsigned char processedQOnes[N0] = {0};
for (int colQ = 0; colQ < N0; colQ++) { for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -62,13 +55,14 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
} while (!is_L_full || !isDFRok); } while (!is_L_full || !isDFRok);
sk->rejections = sk->rejections - 1; sk->rejections = sk->rejections - 1;
DIGIT Ln0dense[NUM_DIGITS_GF2X_ELEMENT] = {0x00}; memset(Ln0dense, 0x00, sizeof(Ln0dense));
for (int j = 0; j < DV * M; j++) { for (int j = 0; j < DV * M; j++) {
if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) { if (LPosOnes[N0 - 1][j] != INVALID_POS_VALUE) {
gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1); gf2x_set_coeff(Ln0dense, LPosOnes[N0 - 1][j], 1);
} }
} }
DIGIT Ln0Inv[NUM_DIGITS_GF2X_ELEMENT] = {0x00};
memset(Ln0Inv, 0x00, sizeof(Ln0Inv));
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense); PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_inverse(Ln0Inv, Ln0dense);
for (int i = 0; i < N0 - 1; i++) { for (int i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
@ -88,28 +82,36 @@ void PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_encrypt(DIGIT *syndrome, const publi
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT]; DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(syndrome, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (i = 0; i < N0 - 1; i++) { for (i = 0; i < N0 - 1; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul(saux, PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul(saux,
pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT, pk->Mtr + i * NUM_DIGITS_GF2X_ELEMENT,
err + i * NUM_DIGITS_GF2X_ELEMENT); err + i * NUM_DIGITS_GF2X_ELEMENT);
gf2x_mod_add(syndrome, syndrome, saux); gf2x_mod_add(syndrome, syndrome, saux);
} // end for }
gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT); gf2x_mod_add(syndrome, syndrome, err + (N0 - 1)*NUM_DIGITS_GF2X_ELEMENT);
} }
int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) { int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyNiederreiter_t *sk, const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander; AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
// sequence of N0 circ block matrices (p x p):
POSITION_T HPosOnes[N0][DV]; POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV]; POSITION_T HtrPosOnes[N0][DV];
POSITION_T QPosOnes[N0][M]; POSITION_T QPosOnes[N0][M];
int rejections = sk->rejections; POSITION_T QtrPosOnes[N0][M];
POSITION_T auxPosOnes[DV * M];
POSITION_T LPosOnes[N0][DV * M]; POSITION_T LPosOnes[N0][DV * M];
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
unsigned char processedQOnes[N0];
unsigned transposed_ones_idx[N0];
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
int rejections = sk->rejections;
int currQoneIdx, endQblockIdx;
int decryptOk, err_weight;
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, sk->prng_seed);
do { do {
PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT52_CLEAN_generateHPosOnes_HtrPosOnes(HPosOnes, HtrPosOnes, &niederreiter_decrypt_expander);
PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander); PQCLEAN_LEDAKEMLT52_CLEAN_generateQsparse(QPosOnes, &niederreiter_decrypt_expander);
@ -119,8 +121,7 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
} }
POSITION_T auxPosOnes[DV * M]; memset(processedQOnes, 0x00, sizeof(processedQOnes));
unsigned char processedQOnes[N0] = {0};
for (int colQ = 0; colQ < N0; colQ++) { for (int colQ = 0; colQ < N0; colQ++) {
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes, PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_sparse(DV * M, auxPosOnes,
@ -135,11 +136,10 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
rejections--; rejections--;
} while (rejections >= 0); } while (rejections >= 0);
POSITION_T QtrPosOnes[N0][M]; memset(transposed_ones_idx, 0x00, sizeof(transposed_ones_idx));
unsigned transposed_ones_idx[N0] = {0x00};
for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) { for (unsigned source_row_idx = 0; source_row_idx < N0 ; source_row_idx++) {
int currQoneIdx = 0; // position in the column of QtrPosOnes[][...] currQoneIdx = 0; // position in the column of QtrPosOnes[][...]
int endQblockIdx = 0; endQblockIdx = 0;
for (int blockIdx = 0; blockIdx < N0; blockIdx++) { for (int blockIdx = 0; blockIdx < N0; blockIdx++) {
endQblockIdx += qBlockWeights[source_row_idx][blockIdx]; endQblockIdx += qBlockWeights[source_row_idx][blockIdx];
for (; currQoneIdx < endQblockIdx; currQoneIdx++) { for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
@ -150,8 +150,6 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
} }
POSITION_T auxSparse[DV * M];
POSITION_T Ln0trSparse[DV * M];
for (int i = 0; i < DV * M; i++) { for (int i = 0; i < DV * M; i++) {
Ln0trSparse[i] = INVALID_POS_VALUE; Ln0trSparse[i] = INVALID_POS_VALUE;
auxSparse[i] = INVALID_POS_VALUE; auxSparse[i] = INVALID_POS_VALUE;
@ -167,24 +165,20 @@ int PQCLEAN_LEDAKEMLT52_CLEAN_niederreiter_decrypt(DIGIT *err, const privateKeyN
} }
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse); PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_transpose_in_place_sparse(DV * M, Ln0trSparse);
DIGIT privateSyndrome[NUM_DIGITS_GF2X_ELEMENT];
PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M); PQCLEAN_LEDAKEMLT52_CLEAN_gf2x_mod_mul_dense_to_sparse(privateSyndrome, syndrome, Ln0trSparse, DV * M);
/* prepare mockup error vector in case a decoding failure occurs */ /* prepare mockup error vector in case a decoding failure occurs */
DIGIT mockup_error_vector[N0 * NUM_DIGITS_GF2X_ELEMENT];
memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(mockup_error_vector, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(mockup_error_vector, syndrome, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander(&niederreiter_decrypt_expander, PQCLEAN_LEDAKEMLT52_CLEAN_seedexpander(&niederreiter_decrypt_expander,
((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B), ((unsigned char *) mockup_error_vector) + (NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B),
TRNG_BYTE_LENGTH); TRNG_BYTE_LENGTH);
int decryptOk = 0;
memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(err, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
decryptOk = PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes, decryptOk = PQCLEAN_LEDAKEMLT52_CLEAN_bf_decoding(err, (const POSITION_T (*)[DV]) HtrPosOnes,
(const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome); (const POSITION_T (*)[M]) QtrPosOnes, privateSyndrome);
int err_weight = 0; err_weight = 0;
for (int i = 0 ; i < N0; i++) { for (int i = 0 ; i < N0; i++) {
err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i)); err_weight += population_count(err + (NUM_DIGITS_GF2X_ELEMENT * i));
} }