kris
/
pqc
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

NTRU Prime: Match the NIST submission's sequence of calls to randombytes

kyber
John M. Schanck 4 years ago
committed by Kris Kwiatkowski
parent
431dbada45
commit
7b5a4c494b
14 changed files with 206 additions and 38 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +16
    -2
      crypto_kem/ntrulpr653/avx2/kem.c
  2. +16
    -2
      crypto_kem/ntrulpr653/clean/kem.c
  3. +16
    -2
      crypto_kem/ntrulpr761/avx2/kem.c
  4. +16
    -2
      crypto_kem/ntrulpr761/clean/kem.c
  5. +16
    -2
      crypto_kem/ntrulpr857/avx2/kem.c
  6. +16
    -2
      crypto_kem/ntrulpr857/clean/kem.c
  7. +18
    -4
      crypto_kem/sntrup653/avx2/kem.c
  8. +18
    -4
      crypto_kem/sntrup653/clean/kem.c
  9. +18
    -4
      crypto_kem/sntrup761/avx2/kem.c
  10. +1
    -1
      crypto_kem/sntrup761/avx2/params.h
  11. +18
    -4
      crypto_kem/sntrup761/clean/kem.c
  12. +1
    -1
      crypto_kem/sntrup761/clean/params.h
  13. +18
    -4
      crypto_kem/sntrup857/avx2/kem.c
  14. +18
    -4
      crypto_kem/sntrup857/clean/kem.c

+ 16
- 2
crypto_kem/ntrulpr653/avx2/kem.c View File

@@ -107,11 +107,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
Short_fromlist(out, L);
}



+ 16
- 2
crypto_kem/ntrulpr653/clean/kem.c View File

@@ -107,11 +107,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
Short_fromlist(out, L);
}



+ 16
- 2
crypto_kem/ntrulpr761/avx2/kem.c View File

@@ -107,11 +107,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
Short_fromlist(out, L);
}



+ 16
- 2
crypto_kem/ntrulpr761/clean/kem.c View File

@@ -107,11 +107,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
Short_fromlist(out, L);
}



+ 16
- 2
crypto_kem/ntrulpr857/avx2/kem.c View File

@@ -107,11 +107,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
Short_fromlist(out, L);
}



+ 16
- 2
crypto_kem/ntrulpr857/clean/kem.c View File

@@ -107,11 +107,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
Short_fromlist(out, L);
}



+ 18
- 4
crypto_kem/sntrup653/avx2/kem.c View File

@@ -73,12 +73,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[ppadsort];
int i;

randombytes((unsigned char *) L, 4 * p);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < ppadsort; ++i) {
L[i] = urandom32();
}
for (i = 0; i < w; ++i) {
L[i] = L[i] & (uint32) - 2;
}
@@ -98,8 +111,9 @@ static void Small_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
for (i = 0; i < p; ++i) {
out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1;
}


+ 18
- 4
crypto_kem/sntrup653/clean/kem.c View File

@@ -73,12 +73,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[ppadsort];
int i;

randombytes((unsigned char *) L, 4 * p);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < ppadsort; ++i) {
L[i] = urandom32();
}
for (i = 0; i < w; ++i) {
L[i] = L[i] & (uint32) - 2;
}
@@ -98,8 +111,9 @@ static void Small_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
for (i = 0; i < p; ++i) {
out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1;
}


+ 18
- 4
crypto_kem/sntrup761/avx2/kem.c View File

@@ -73,12 +73,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[ppadsort];
int i;

randombytes((unsigned char *) L, 4 * p);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < ppadsort; ++i) {
L[i] = urandom32();
}
for (i = 0; i < w; ++i) {
L[i] = L[i] & (uint32) - 2;
}
@@ -98,8 +111,9 @@ static void Small_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
for (i = 0; i < p; ++i) {
out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1;
}


+ 1
- 1
crypto_kem/sntrup761/avx2/params.h View File

@@ -31,7 +31,7 @@
#define q 4591
#define w 286

#define ppadsort 768
#define ppadsort 761

#define crypto_verify_clen PQCLEAN_SNTRUP761_AVX2_crypto_verify_1039



+ 18
- 4
crypto_kem/sntrup761/clean/kem.c View File

@@ -73,12 +73,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[ppadsort];
int i;

randombytes((unsigned char *) L, 4 * p);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < ppadsort; ++i) {
L[i] = urandom32();
}
for (i = 0; i < w; ++i) {
L[i] = L[i] & (uint32) - 2;
}
@@ -98,8 +111,9 @@ static void Small_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
for (i = 0; i < p; ++i) {
out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1;
}


+ 1
- 1
crypto_kem/sntrup761/clean/params.h View File

@@ -28,7 +28,7 @@
#define q 4591
#define w 286

#define ppadsort 768
#define ppadsort 761

#define crypto_verify_clen PQCLEAN_SNTRUP761_CLEAN_crypto_verify_1039



+ 18
- 4
crypto_kem/sntrup857/avx2/kem.c View File

@@ -73,12 +73,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[ppadsort];
int i;

randombytes((unsigned char *) L, 4 * p);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < ppadsort; ++i) {
L[i] = urandom32();
}
for (i = 0; i < w; ++i) {
L[i] = L[i] & (uint32) - 2;
}
@@ -98,8 +111,9 @@ static void Small_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
for (i = 0; i < p; ++i) {
out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1;
}


+ 18
- 4
crypto_kem/sntrup857/clean/kem.c View File

@@ -73,12 +73,25 @@ static void Hash(unsigned char *out, const unsigned char *in, int inlen) {

/* ----- higher-level randomness */

static uint32 urandom32(void) {
unsigned char c[4];
uint32 out[4];

randombytes(c, 4);
out[0] = (uint32)c[0];
out[1] = ((uint32)c[1]) << 8;
out[2] = ((uint32)c[2]) << 16;
out[3] = ((uint32)c[3]) << 24;
return out[0] + out[1] + out[2] + out[3];
}

static void Short_random(small *out) {
uint32 L[ppadsort];
int i;

randombytes((unsigned char *) L, 4 * p);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < ppadsort; ++i) {
L[i] = urandom32();
}
for (i = 0; i < w; ++i) {
L[i] = L[i] & (uint32) - 2;
}
@@ -98,8 +111,9 @@ static void Small_random(small *out) {
uint32 L[p];
int i;

randombytes((unsigned char *) L, sizeof L);
crypto_decode_pxint32(L, (unsigned char *) L);
for (i = 0; i < p; ++i) {
L[i] = urandom32();
}
for (i = 0; i < p; ++i) {
out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1;
}


Write Preview
Loading…
Cancel
Save