WIP
This commit is contained in:
джерело
00ee00401b
коміт
4634b9804c
@ -555,6 +555,23 @@ target_link_libraries(
|
||||
pqclean_dilithium5_clean
|
||||
)
|
||||
|
||||
add_executable(
|
||||
mytest
|
||||
|
||||
test/mytest.cpp
|
||||
)
|
||||
|
||||
target_link_libraries(
|
||||
mytest
|
||||
gtest
|
||||
gtest_main)
|
||||
|
||||
target_include_directories(
|
||||
mytest PRIVATE
|
||||
|
||||
${CMAKE_SOURCE_DIR})
|
||||
|
||||
|
||||
install(TARGETS pqclean pqclean_s
|
||||
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE WORLD_READ WORLD_WRITE
|
||||
LIBRARY DESTINATION lib
|
||||
|
@ -35,10 +35,22 @@ int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a) {
|
||||
* Returns: integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q.
|
||||
**************************************************/
|
||||
int16_t PQCLEAN_KYBER1024_CLEAN_barrett_reduce(int16_t a) {
|
||||
int16_t t;
|
||||
const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
|
||||
int16_t p;
|
||||
int32_t t;
|
||||
|
||||
t = ((int32_t)v * a + (1 << 25)) >> 26;
|
||||
t *= KYBER_Q;
|
||||
return a - t;
|
||||
// Montgomery constant R=2^16
|
||||
#define KYBER_MONT_Re 16U
|
||||
// -1/KYBER_Q mod KYBER_MONT_R
|
||||
#define KYBER_MONT_qinv 3327U
|
||||
|
||||
// -Q^(-1)*a mod 2^16
|
||||
p = (uint32_t)a*KYBER_MONT_qinv;
|
||||
t = KYBER_Q*p;
|
||||
t += a;
|
||||
// Final result not in a Montgomery domain
|
||||
return t>>KYBER_MONT_Re;
|
||||
|
||||
// only because I include .c file in test
|
||||
#undef KYBER_MONT_M
|
||||
#undef KYBER_MONT_qinv
|
||||
}
|
||||
|
@ -21,18 +21,6 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
|
||||
return r;
|
||||
}
|
||||
|
||||
/*************************************************
|
||||
* Name: load24_littleendian
|
||||
*
|
||||
* Description: load 3 bytes into a 32-bit integer
|
||||
* in little-endian order.
|
||||
* This function is only needed for Kyber-512
|
||||
*
|
||||
* Arguments: - const uint8_t *x: pointer to input byte array
|
||||
*
|
||||
* Returns 32-bit unsigned integer loaded from x (most significant byte is zero)
|
||||
**************************************************/
|
||||
|
||||
|
||||
/*************************************************
|
||||
* Name: cbd2
|
||||
|
@ -1,6 +1,7 @@
|
||||
#include "params.h"
|
||||
#include "reduce.h"
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
|
||||
/*************************************************
|
||||
* Name: PQCLEAN_KYBER768_CLEAN_montgomery_reduce
|
||||
@ -11,7 +12,7 @@
|
||||
* Arguments: - int32_t a: input integer to be reduced;
|
||||
* has to be in {-q2^15,...,q2^15-1}
|
||||
*
|
||||
* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q.
|
||||
* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo 2*q.
|
||||
**************************************************/
|
||||
int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) {
|
||||
int32_t t;
|
||||
@ -35,10 +36,34 @@ int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) {
|
||||
* Returns: integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q.
|
||||
**************************************************/
|
||||
int16_t PQCLEAN_KYBER768_CLEAN_barrett_reduce(int16_t a) {
|
||||
int16_t t;
|
||||
const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
|
||||
|
||||
t = ((int32_t)v * a + (1 << 25)) >> 26;
|
||||
t *= KYBER_Q;
|
||||
return a - t;
|
||||
int32_t t;
|
||||
|
||||
/*
|
||||
* Barrett reduction is applied to 16-bit signed
|
||||
* integers. We use q=26 to compute the reprociacal
|
||||
* floor(2^q / KYBER_Q), which is much larger than
|
||||
* any value of 'a'. That way, the final subtraction
|
||||
* can be avoided. (OZAPTF): perform bounds analysis
|
||||
* check if that's true).
|
||||
*/
|
||||
#define KYBER_BARETT_q 26
|
||||
/*
|
||||
* Reprocical used by Barrett reduction
|
||||
* floor(2^q / KYBER_Q)
|
||||
*/
|
||||
#define KYBER_BARETT_U 20158
|
||||
|
||||
// Round the reprocical up
|
||||
t = (KYBER_BARETT_U+1)*a;
|
||||
// Add 1/2 * 2^25 to centrize
|
||||
// in {-(q-1)/2,...,(q-1)/2} mod KYBER_Q.
|
||||
t += 1<<25;
|
||||
// Last 4 bytes
|
||||
t >>= 26;
|
||||
// Final multiplication and subtraction
|
||||
return a - ((int16_t)t)*KYBER_Q;
|
||||
|
||||
#undef KYBER_BARETT_q
|
||||
#undef KYBER_BARETT_U
|
||||
}
|
||||
|
@ -1,6 +1,8 @@
|
||||
#include "params.h"
|
||||
#include "rounding.h"
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <assert.h>
|
||||
|
||||
/*************************************************
|
||||
* Name: PQCLEAN_DILITHIUM3_CLEAN_power2round
|
||||
@ -38,10 +40,19 @@ int32_t PQCLEAN_DILITHIUM3_CLEAN_power2round(int32_t *a0, int32_t a) {
|
||||
**************************************************/
|
||||
int32_t PQCLEAN_DILITHIUM3_CLEAN_decompose(int32_t *a0, int32_t a) {
|
||||
int32_t a1;
|
||||
|
||||
a=8176979;
|
||||
printf("0>%d\n", a);
|
||||
a1 = (a + 127) >> 7;
|
||||
a1 = (a1 * 1025 + (1 << 21)) >> 22;
|
||||
printf("1>%d\n", a1);
|
||||
a1 = (a1 * 1025);
|
||||
printf("2>%d\n", a1);
|
||||
a1 += (1 << 21);
|
||||
printf("3>%d\n", a1);
|
||||
a1 >>= 22;
|
||||
printf("4>%d\n", a1);
|
||||
a1 &= 15;
|
||||
printf("5>%d\n", a1);
|
||||
assert(0);
|
||||
|
||||
*a0 = a - a1 * 2 * GAMMA2;
|
||||
*a0 -= (((Q - 1) / 2 - *a0) >> 31) & Q;
|
||||
|
@ -1,8 +1,10 @@
|
||||
#include <gtest/gtest.h>
|
||||
#include "crypto_sign/dilithium/dilithium2/clean/ntt.c"
|
||||
#include "crypto_sign/dilithium/dilithium2/clean/reduce.c"
|
||||
#include "crypto_kem/kyber/kyber768/clean/reduce.c"
|
||||
//#include "src/sign/dilithium/dilithium2/clean/ntt.c"
|
||||
//#include "src/sign/dilithium/dilithium2/clean/reduce.c"
|
||||
#include "src/kem/kyber/kyber768/clean/reduce.h"
|
||||
#include "src/kem/kyber/kyber768/clean/reduce.c"
|
||||
|
||||
#if 0
|
||||
TEST(X,XXX) {
|
||||
uint32_t a_in[] = {
|
||||
8185875, 3328957, 6049449, 4344158, 5817506, 4415885, 4890107, 4537720, 2601260,
|
||||
@ -18,7 +20,9 @@ TEST(X,XXX) {
|
||||
printf("%08X, ", a_in[i]);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
TEST(Kyber,k) {
|
||||
ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(1<<16), 1);
|
||||
ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(((-KYBER_Q)*(1<<15))), 0);
|
||||
ASSERT_EQ(PQCLEAN_KYBER768_CLEAN_montgomery_reduce(((-KYBER_Q)*(1<<15))+1), -3160);
|
||||
}
|
Завантаження…
Посилання в новій задачі
Block a user