This commit is contained in:
Henry Case 2021-03-22 16:24:58 +00:00
джерело 00ee00401b
коміт 4634b9804c
6 змінених файлів з 86 додано та 29 видалено

@ -555,6 +555,23 @@ target_link_libraries(
pqclean_dilithium5_clean
)
add_executable(
mytest
test/mytest.cpp
)
target_link_libraries(
mytest
gtest
gtest_main)
target_include_directories(
mytest PRIVATE
${CMAKE_SOURCE_DIR})
install(TARGETS pqclean pqclean_s
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE WORLD_READ WORLD_WRITE
LIBRARY DESTINATION lib

@ -35,10 +35,22 @@ int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a) {
* Returns: integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q.
**************************************************/
int16_t PQCLEAN_KYBER1024_CLEAN_barrett_reduce(int16_t a) {
int16_t t;
const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
int16_t p;
int32_t t;
t = ((int32_t)v * a + (1 << 25)) >> 26;
t *= KYBER_Q;
return a - t;
// Montgomery constant R=2^16
#define KYBER_MONT_Re 16U
// -1/KYBER_Q mod KYBER_MONT_R
#define KYBER_MONT_qinv 3327U
// -Q^(-1)*a mod 2^16
p = (uint32_t)a*KYBER_MONT_qinv;
t = KYBER_Q*p;
t += a;
// Final result not in a Montgomery domain
return t>>KYBER_MONT_Re;
// only because I include .c file in test
#undef KYBER_MONT_M
#undef KYBER_MONT_qinv
}

@ -21,18 +21,6 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
return r;
}
/*************************************************
* Name: load24_littleendian
*
* Description: load 3 bytes into a 32-bit integer
* in little-endian order.
* This function is only needed for Kyber-512
*
* Arguments: - const uint8_t *x: pointer to input byte array
*
* Returns 32-bit unsigned integer loaded from x (most significant byte is zero)
**************************************************/
/*************************************************
* Name: cbd2

@ -1,6 +1,7 @@
#include "params.h"
#include "reduce.h"
#include <stdint.h>
#include <stdio.h>
/*************************************************
* Name: PQCLEAN_KYBER768_CLEAN_montgomery_reduce
@ -11,7 +12,7 @@
* Arguments: - int32_t a: input integer to be reduced;
* has to be in {-q2^15,...,q2^15-1}
*
* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q.
* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo 2*q.
**************************************************/
int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) {
int32_t t;
@ -35,10 +36,34 @@ int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) {
* Returns: integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q.
**************************************************/
int16_t PQCLEAN_KYBER768_CLEAN_barrett_reduce(int16_t a) {
int16_t t;
const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
t = ((int32_t)v * a + (1 << 25)) >> 26;
t *= KYBER_Q;
return a - t;
int32_t t;
/*
* Barrett reduction is applied to 16-bit signed
* integers. We use q=26 to compute the reprociacal
* floor(2^q / KYBER_Q), which is much larger than
* any value of 'a'. That way, the final subtraction
* can be avoided. (OZAPTF): perform bounds analysis
* check if that's true).
*/
#define KYBER_BARETT_q 26
/*
* Reprocical used by Barrett reduction
* floor(2^q / KYBER_Q)
*/
#define KYBER_BARETT_U 20158
// Round the reprocical up
t = (KYBER_BARETT_U+1)*a;
// Add 1/2 * 2^25 to centrize
// in {-(q-1)/2,...,(q-1)/2} mod KYBER_Q.
t += 1<<25;
// Last 4 bytes
t >>= 26;
// Final multiplication and subtraction
return a - ((int16_t)t)*KYBER_Q;
#undef KYBER_BARETT_q
#undef KYBER_BARETT_U
}

@ -1,6 +1,8 @@
#include "params.h"
#include "rounding.h"
#include <stdint.h>
#include <stdio.h>
#include <assert.h>
/*************************************************
* Name: PQCLEAN_DILITHIUM3_CLEAN_power2round
@ -38,10 +40,19 @@ int32_t PQCLEAN_DILITHIUM3_CLEAN_power2round(int32_t *a0, int32_t a) {
**************************************************/
int32_t PQCLEAN_DILITHIUM3_CLEAN_decompose(int32_t *a0, int32_t a) {
int32_t a1;
a=8176979;
printf("0>%d\n", a);
a1 = (a + 127) >> 7;
a1 = (a1 * 1025 + (1 << 21)) >> 22;
printf("1>%d\n", a1);
a1 = (a1 * 1025);
printf("2>%d\n", a1);
a1 += (1 << 21);
printf("3>%d\n", a1);
a1 >>= 22;
printf("4>%d\n", a1);
a1 &= 15;
printf("5>%d\n", a1);
assert(0);
*a0 = a - a1 * 2 * GAMMA2;
*a0 -= (((Q - 1) / 2 - *a0) >> 31) & Q;

@ -1,8 +1,10 @@
#include <gtest/gtest.h>
#include "crypto_sign/dilithium/dilithium2/clean/ntt.c"
#include "crypto_sign/dilithium/dilithium2/clean/reduce.c"
#include "crypto_kem/kyber/kyber768/clean/reduce.c"
//#include "src/sign/dilithium/dilithium2/clean/ntt.c"
//#include "src/sign/dilithium/dilithium2/clean/reduce.c"
#include "src/kem/kyber/kyber768/clean/reduce.h"
#include "src/kem/kyber/kyber768/clean/reduce.c"
#if 0
TEST(X,XXX) {
uint32_t a_in[] = {
8185875, 3328957, 6049449, 4344158, 5817506, 4415885, 4890107, 4537720, 2601260,
@ -18,7 +20,9 @@ TEST(X,XXX) {
printf("%08X, ", a_in[i]);
}
}
#endif
TEST(Kyber,k) {
ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(1<<16), 1);
ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(((-KYBER_Q)*(1<<15))), 0);
ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(((-KYBER_Q)*(1<<15))+1), -3160);
}