clean up of comments and packing
This commit is contained in:
parent
61b36e933b
commit
8378132c5e
@ -45,7 +45,7 @@ static void GenMatrix(polyvec *a, const unsigned char *seed) {
|
|||||||
|
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
||||||
polyvec a[SABER_K];// skpv;
|
polyvec a[SABER_K];
|
||||||
|
|
||||||
uint16_t skpv[SABER_K][SABER_N];
|
uint16_t skpv[SABER_K][SABER_N];
|
||||||
|
|
||||||
@ -58,43 +58,43 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char
|
|||||||
uint16_t res[SABER_K][SABER_N];
|
uint16_t res[SABER_K][SABER_N];
|
||||||
|
|
||||||
randombytes(seed, SABER_SEEDBYTES);
|
randombytes(seed, SABER_SEEDBYTES);
|
||||||
shake128(seed, SABER_SEEDBYTES, seed, SABER_SEEDBYTES); // for not revealing system RNG state
|
|
||||||
|
// for not revealing system RNG state
|
||||||
|
shake128(seed, SABER_SEEDBYTES, seed, SABER_SEEDBYTES);
|
||||||
randombytes(noiseseed, SABER_COINBYTES);
|
randombytes(noiseseed, SABER_COINBYTES);
|
||||||
|
|
||||||
GenMatrix(a, seed); //sample matrix A
|
GenMatrix(a, seed); //sample matrix A
|
||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_GenSecret(skpv, noiseseed); //generate secret from constant-time binomial distribution
|
// generate secret from constant-time binomial distribution
|
||||||
|
PQCLEAN_FIRESABER_CLEAN_GenSecret(skpv, noiseseed);
|
||||||
//------------------------do the matrix vector multiplication and rounding------------
|
|
||||||
|
|
||||||
|
// do the matrix vector multiplication and rounding
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = 0;
|
res[i][j] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MatrixVectorMul(a, skpv, res, SABER_Q - 1, 1);
|
MatrixVectorMul(a, skpv, res, SABER_Q - 1, 1);
|
||||||
|
|
||||||
//-----now rounding
|
// now rounding
|
||||||
for (i = 0; i < SABER_K; i++) { //shift right 3 bits
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
|
// shift right 3 bits
|
||||||
res[i][j] = (res[i][j] + h1) & (mod_q);
|
res[i][j] = (res[i][j] + h1) & (mod_q);
|
||||||
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP));
|
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//------------------unload and pack sk=3 x (256 coefficients of 14 bits)-------
|
// unload and pack sk=3 x (256 coefficients of 14 bits)
|
||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(sk, skpv, SABER_Q);
|
PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(sk, skpv, SABER_Q);
|
||||||
|
|
||||||
//------------------unload and pack pk=256 bits seed and 3 x (256 coefficients of 11 bits)-------
|
// unload and pack pk=256 bits seed and 3 x (256 coefficients of 11 bits)
|
||||||
|
// load the public-key coefficients
|
||||||
|
PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(pk, res, SABER_P);
|
||||||
|
|
||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(pk, res, SABER_P); // load the public-key coefficients
|
// now load the seedbytes in PK. Easy since seed bytes are kept in byte format.
|
||||||
|
for (i = 0; i < SABER_SEEDBYTES; i++) {
|
||||||
|
|
||||||
|
|
||||||
for (i = 0; i < SABER_SEEDBYTES; i++) { // now load the seedbytes in PK. Easy since seed bytes are kept in byte format.
|
|
||||||
pk[SABER_POLYVECCOMPRESSEDBYTES + i] = seed[i];
|
pk[SABER_POLYVECCOMPRESSEDBYTES + i] = seed[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -103,47 +103,39 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char
|
|||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, unsigned char *noiseseed, const unsigned char *pk, unsigned char *ciphertext) {
|
void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, unsigned char *noiseseed, const unsigned char *pk, unsigned char *ciphertext) {
|
||||||
uint32_t i, j, k;
|
uint32_t i, j, k;
|
||||||
polyvec a[SABER_K]; // skpv;
|
polyvec a[SABER_K];
|
||||||
unsigned char seed[SABER_SEEDBYTES];
|
unsigned char seed[SABER_SEEDBYTES];
|
||||||
uint16_t pkcl[SABER_K][SABER_N]; //public key of received by the client
|
// public key of received by the client
|
||||||
|
uint16_t pkcl[SABER_K][SABER_N];
|
||||||
|
|
||||||
|
|
||||||
uint16_t skpv1[SABER_K][SABER_N];
|
uint16_t skpv1[SABER_K][SABER_N];
|
||||||
|
|
||||||
uint16_t message[SABER_KEYBYTES * 8];
|
uint16_t message[SABER_KEYBYTES * 8];
|
||||||
|
|
||||||
uint16_t res[SABER_K][SABER_N];
|
uint16_t res[SABER_K][SABER_N];
|
||||||
uint16_t mod_p = SABER_P - 1;
|
uint16_t mod_p = SABER_P - 1;
|
||||||
uint16_t mod_q = SABER_Q - 1;
|
uint16_t mod_q = SABER_Q - 1;
|
||||||
|
|
||||||
uint16_t vprime[SABER_N];
|
uint16_t vprime[SABER_N];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
unsigned char msk_c[SABER_SCALEBYTES_KEM];
|
unsigned char msk_c[SABER_SCALEBYTES_KEM];
|
||||||
|
|
||||||
for (i = 0; i < SABER_SEEDBYTES; i++) { // extract the seedbytes from Public Key.
|
// extract the seedbytes from Public Key.
|
||||||
|
for (i = 0; i < SABER_SEEDBYTES; i++) {
|
||||||
seed[i] = pk[ SABER_POLYVECCOMPRESSEDBYTES + i];
|
seed[i] = pk[ SABER_POLYVECCOMPRESSEDBYTES + i];
|
||||||
}
|
}
|
||||||
|
|
||||||
GenMatrix(a, seed);
|
GenMatrix(a, seed);
|
||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_GenSecret(skpv1, noiseseed); //generate secret from constant-time binomial distribution
|
// generate secret from constant-time binomial distribution
|
||||||
|
PQCLEAN_FIRESABER_CLEAN_GenSecret(skpv1, noiseseed);
|
||||||
//-----------------matrix-vector multiplication and rounding
|
|
||||||
|
|
||||||
|
// matrix-vector multiplication and rounding
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = 0;
|
res[i][j] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MatrixVectorMul(a, skpv1, res, SABER_Q - 1, 0);
|
MatrixVectorMul(a, skpv1, res, SABER_Q - 1, 0);
|
||||||
|
|
||||||
//-----now rounding
|
// now rounding
|
||||||
|
//shift right 3 bits
|
||||||
for (i = 0; i < SABER_K; i++) { //shift right 3 bits
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = ( res[i][j] + h1 ) & mod_q;
|
res[i][j] = ( res[i][j] + h1 ) & mod_q;
|
||||||
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP) );
|
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP) );
|
||||||
@ -152,21 +144,15 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receive
|
|||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(ciphertext, res, SABER_P);
|
PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(ciphertext, res, SABER_P);
|
||||||
|
|
||||||
//*******************client matrix-vector multiplication ends************************************
|
// ************client matrix-vector multiplication ends************
|
||||||
|
|
||||||
//------now calculate the v'
|
|
||||||
|
|
||||||
//-------unpack the public_key
|
|
||||||
|
|
||||||
|
// now calculate the v'
|
||||||
|
// unpack the public_key
|
||||||
// pkcl is the b in the protocol
|
// pkcl is the b in the protocol
|
||||||
PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(pk, pkcl, SABER_P);
|
PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(pk, pkcl, SABER_P);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
vprime[i] = 0;
|
vprime[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
skpv1[i][j] = skpv1[i][j] & (mod_p);
|
skpv1[i][j] = skpv1[i][j] & (mod_p);
|
||||||
@ -181,7 +167,6 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receive
|
|||||||
vprime[i] = vprime[i] + h1;
|
vprime[i] = vprime[i] + h1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// unpack message_received;
|
// unpack message_received;
|
||||||
for (j = 0; j < SABER_KEYBYTES; j++) {
|
for (j = 0; j < SABER_KEYBYTES; j++) {
|
||||||
for (i = 0; i < 8; i++) {
|
for (i = 0; i < 8; i++) {
|
||||||
@ -194,9 +179,6 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receive
|
|||||||
message[i] = (message[i] << (SABER_EP - 1));
|
message[i] = (message[i] << (SABER_EP - 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
vprime[k] = ( (vprime[k] - message[k]) & (mod_p) ) >> (SABER_EP - SABER_ET);
|
vprime[k] = ( (vprime[k] - message[k]) & (mod_p) ) >> (SABER_EP - SABER_ET);
|
||||||
}
|
}
|
||||||
@ -204,7 +186,6 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receive
|
|||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_pack_6bit(msk_c, vprime);
|
PQCLEAN_FIRESABER_CLEAN_pack_6bit(msk_c, vprime);
|
||||||
|
|
||||||
|
|
||||||
for (j = 0; j < SABER_SCALEBYTES_KEM; j++) {
|
for (j = 0; j < SABER_SCALEBYTES_KEM; j++) {
|
||||||
ciphertext[SABER_POLYVECCOMPRESSEDBYTES + j] = msk_c[j];
|
ciphertext[SABER_POLYVECCOMPRESSEDBYTES + j] = msk_c[j];
|
||||||
}
|
}
|
||||||
@ -212,41 +193,31 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receive
|
|||||||
|
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsigned char *ciphertext, unsigned char message_dec[]) {
|
void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsigned char *ciphertext, unsigned char message_dec[]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
|
// secret key of the server
|
||||||
|
uint16_t sksv[SABER_K][SABER_N];
|
||||||
uint16_t sksv[SABER_K][SABER_N]; //secret key of the server
|
|
||||||
|
|
||||||
|
|
||||||
uint16_t pksv[SABER_K][SABER_N];
|
uint16_t pksv[SABER_K][SABER_N];
|
||||||
|
|
||||||
uint8_t scale_ar[SABER_SCALEBYTES_KEM];
|
uint8_t scale_ar[SABER_SCALEBYTES_KEM];
|
||||||
|
|
||||||
uint16_t mod_p = SABER_P - 1;
|
uint16_t mod_p = SABER_P - 1;
|
||||||
|
|
||||||
uint16_t v[SABER_N];
|
uint16_t v[SABER_N];
|
||||||
|
|
||||||
uint16_t op[SABER_N];
|
uint16_t op[SABER_N];
|
||||||
|
|
||||||
|
// sksv is the secret-key
|
||||||
PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(sk, sksv, SABER_Q); //sksv is the secret-key
|
PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(sk, sksv, SABER_Q);
|
||||||
PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(ciphertext, pksv, SABER_P); //pksv is the ciphertext
|
// pksv is the ciphertext
|
||||||
|
PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(ciphertext, pksv, SABER_P);
|
||||||
|
|
||||||
// vector-vector scalar multiplication with mod p
|
// vector-vector scalar multiplication with mod p
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
v[i] = 0;
|
v[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
sksv[i][j] = sksv[i][j] & (mod_p);
|
sksv[i][j] = sksv[i][j] & (mod_p);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
InnerProd(pksv, sksv, mod_p, v);
|
InnerProd(pksv, sksv, mod_p, v);
|
||||||
|
|
||||||
|
|
||||||
//Extraction
|
//Extraction
|
||||||
for (i = 0; i < SABER_SCALEBYTES_KEM; i++) {
|
for (i = 0; i < SABER_SCALEBYTES_KEM; i++) {
|
||||||
scale_ar[i] = ciphertext[SABER_POLYVECCOMPRESSEDBYTES + i];
|
scale_ar[i] = ciphertext[SABER_POLYVECCOMPRESSEDBYTES + i];
|
||||||
@ -254,20 +225,15 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsig
|
|||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_un_pack6bit(scale_ar, op);
|
PQCLEAN_FIRESABER_CLEAN_un_pack6bit(scale_ar, op);
|
||||||
|
|
||||||
|
|
||||||
//addition of h1
|
//addition of h1
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
v[i] = ( ( v[i] + h2 - (op[i] << (SABER_EP - SABER_ET)) ) & (mod_p) ) >> (SABER_EP - 1);
|
v[i] = ( ( v[i] + h2 - (op[i] << (SABER_EP - SABER_ET)) ) & (mod_p) ) >> (SABER_EP - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
// pack decrypted message
|
// pack decrypted message
|
||||||
|
|
||||||
POL2MSG(v, message_dec);
|
POL2MSG(v, message_dec);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_t res[SABER_K][SABER_N], uint16_t mod, int16_t transpose) {
|
static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_t res[SABER_K][SABER_N], uint16_t mod, int16_t transpose) {
|
||||||
|
|
||||||
uint16_t acc[SABER_N];
|
uint16_t acc[SABER_N];
|
||||||
int32_t i, j, k;
|
int32_t i, j, k;
|
||||||
|
|
||||||
@ -278,32 +244,30 @@ static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_
|
|||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[i][k] = res[i][k] + acc[k];
|
res[i][k] = res[i][k] + acc[k];
|
||||||
res[i][k] = (res[i][k] & mod); //reduction mod p
|
//reduction mod p
|
||||||
acc[k] = 0; //clear the accumulator
|
res[i][k] = (res[i][k] & mod);
|
||||||
|
//clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_K; j++) {
|
for (j = 0; j < SABER_K; j++) {
|
||||||
PQCLEAN_FIRESABER_CLEAN_pol_mul((uint16_t *)&a[i].vec[j], skpv[j], acc, SABER_Q, SABER_N);
|
PQCLEAN_FIRESABER_CLEAN_pol_mul((uint16_t *)&a[i].vec[j], skpv[j], acc, SABER_Q, SABER_N);
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[i][k] = res[i][k] + acc[k];
|
res[i][k] = res[i][k] + acc[k];
|
||||||
res[i][k] = res[i][k] & mod; //reduction
|
// reduction
|
||||||
acc[k] = 0; //clear the accumulator
|
res[i][k] = res[i][k] & mod;
|
||||||
}
|
// clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message_dec) {
|
static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message_dec) {
|
||||||
|
|
||||||
int32_t i, j;
|
int32_t i, j;
|
||||||
|
|
||||||
for (j = 0; j < SABER_KEYBYTES; j++) {
|
for (j = 0; j < SABER_KEYBYTES; j++) {
|
||||||
@ -312,13 +276,10 @@ static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message
|
|||||||
message_dec[j] = message_dec[j] | (uint8_t) (message_dec_unpacked[j * 8 + i] << i);
|
message_dec[j] = message_dec[j] | (uint8_t) (message_dec_unpacked[j * 8 + i] << i);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SABER_N], uint16_t mod, uint16_t res[SABER_N]) {
|
static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SABER_N], uint16_t mod, uint16_t res[SABER_N]) {
|
||||||
|
|
||||||
|
|
||||||
uint32_t j, k;
|
uint32_t j, k;
|
||||||
uint16_t acc[SABER_N];
|
uint16_t acc[SABER_N];
|
||||||
|
|
||||||
@ -328,8 +289,10 @@ static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SA
|
|||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[k] = res[k] + acc[k];
|
res[k] = res[k] + acc[k];
|
||||||
res[k] = res[k] & mod; //reduction
|
// reduction
|
||||||
acc[k] = 0; //clear the accumulator
|
res[k] = res[k] & mod;
|
||||||
|
// clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,37 +10,48 @@
|
|||||||
int PQCLEAN_FIRESABER_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
int PQCLEAN_FIRESABER_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
|
// sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
|
||||||
|
PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(pk, sk);
|
||||||
|
|
||||||
|
// sk[SABER_INDCPA_SECRETKEYBYTES:SABER_INDCPA_SECRETKEYBYTES+SABER_INDCPA_SECRETKEYBYTES-1] <-- pk
|
||||||
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
|
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
|
||||||
sk[i + SABER_INDCPA_SECRETKEYBYTES] = pk[i]; // sk[SABER_INDCPA_SECRETKEYBYTES:SABER_INDCPA_SECRETKEYBYTES+SABER_INDCPA_SECRETKEYBYTES-1] <-- pk
|
sk[i + SABER_INDCPA_SECRETKEYBYTES] = pk[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
sha3_256(sk + SABER_SECRETKEYBYTES - 64, pk, SABER_INDCPA_PUBLICKEYBYTES); // Then hash(pk) is appended.
|
// Then hash(pk) is appended.
|
||||||
|
sha3_256(sk + SABER_SECRETKEYBYTES - 64, pk, SABER_INDCPA_PUBLICKEYBYTES);
|
||||||
|
|
||||||
randombytes(sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES ); // Remaining part of sk contains a pseudo-random number.
|
// Remaining part of sk contains a pseudo-random number.
|
||||||
// This is output when check in crypto_kem_dec() fails.
|
// This is output when check in crypto_kem_dec() fails.
|
||||||
|
randombytes(sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES );
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int PQCLEAN_FIRESABER_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
int PQCLEAN_FIRESABER_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
||||||
|
// Will contain key, coins
|
||||||
unsigned char kr[64]; // Will contain key, coins
|
unsigned char kr[64];
|
||||||
unsigned char buf[64];
|
unsigned char buf[64];
|
||||||
|
|
||||||
randombytes(buf, 32);
|
randombytes(buf, 32);
|
||||||
|
|
||||||
sha3_256(buf, buf, 32); // BUF[0:31] <-- random message (will be used as the key for client) Note: hash doesnot release system RNG output
|
// BUF[0:31] <-- random message (will be used as the key for client) Note: hash doesnot release system RNG output
|
||||||
|
sha3_256(buf, buf, 32);
|
||||||
|
|
||||||
sha3_256(buf + 32, pk, SABER_INDCPA_PUBLICKEYBYTES); // BUF[32:63] <-- Hash(public key); Multitarget countermeasure for coins + contributory KEM
|
// BUF[32:63] <-- Hash(public key); Multitarget countermeasure for coins + contributory KEM
|
||||||
|
sha3_256(buf + 32, pk, SABER_INDCPA_PUBLICKEYBYTES);
|
||||||
|
|
||||||
|
// kr[0:63] <-- Hash(buf[0:63]);
|
||||||
|
sha3_512(kr, buf, 64);
|
||||||
|
|
||||||
sha3_512(kr, buf, 64); // kr[0:63] <-- Hash(buf[0:63]);
|
|
||||||
// K^ <-- kr[0:31]
|
// K^ <-- kr[0:31]
|
||||||
// noiseseed (r) <-- kr[32:63];
|
// noiseseed (r) <-- kr[32:63];
|
||||||
PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(buf, kr + 32, pk, ct); // buf[0:31] contains message; kr[32:63] contains randomness r;
|
// buf[0:31] contains message; kr[32:63] contains randomness r;
|
||||||
|
PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(buf, kr + 32, pk, ct);
|
||||||
|
|
||||||
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
sha3_256(ss, kr, 64); // hash concatenation of pre-k and h(c) to k
|
// hash concatenation of pre-k and h(c) to k
|
||||||
|
sha3_256(ss, kr, 64);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@ -51,14 +62,18 @@ int PQCLEAN_FIRESABER_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
|||||||
unsigned char fail;
|
unsigned char fail;
|
||||||
unsigned char cmp[SABER_BYTES_CCA_DEC];
|
unsigned char cmp[SABER_BYTES_CCA_DEC];
|
||||||
unsigned char buf[64];
|
unsigned char buf[64];
|
||||||
unsigned char kr[64]; // Will contain key, coins
|
|
||||||
|
// Will contain key, coins
|
||||||
|
unsigned char kr[64];
|
||||||
const unsigned char *pk = sk + SABER_INDCPA_SECRETKEYBYTES;
|
const unsigned char *pk = sk + SABER_INDCPA_SECRETKEYBYTES;
|
||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_indcpa_kem_dec(sk, ct, buf); // buf[0:31] <-- message
|
// buf[0:31] <-- message
|
||||||
|
PQCLEAN_FIRESABER_CLEAN_indcpa_kem_dec(sk, ct, buf);
|
||||||
|
|
||||||
|
|
||||||
// Multitarget countermeasure for coins + contributory KEM
|
// Multitarget countermeasure for coins + contributory KEM
|
||||||
for (i = 0; i < 32; i++) { // Save hash by storing h(pk) in sk
|
// Save hash by storing h(pk) in sk
|
||||||
|
for (i = 0; i < 32; i++) {
|
||||||
buf[32 + i] = sk[SABER_SECRETKEYBYTES - 64 + i];
|
buf[32 + i] = sk[SABER_SECRETKEYBYTES - 64 + i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -69,11 +84,13 @@ int PQCLEAN_FIRESABER_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned cha
|
|||||||
|
|
||||||
fail = PQCLEAN_FIRESABER_CLEAN_verify(ct, cmp, SABER_BYTES_CCA_DEC);
|
fail = PQCLEAN_FIRESABER_CLEAN_verify(ct, cmp, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC); // overwrite coins in kr with h(c)
|
// overwrite coins in kr with h(c)
|
||||||
|
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
PQCLEAN_FIRESABER_CLEAN_cmov(kr, sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES, fail);
|
PQCLEAN_FIRESABER_CLEAN_cmov(kr, sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES, fail);
|
||||||
|
|
||||||
sha3_256(ss, kr, 64); // hash concatenation of pre-k and h(c) to k
|
// hash concatenation of pre-k and h(c) to k
|
||||||
|
sha3_256(ss, kr, 64);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -1,21 +1,26 @@
|
|||||||
#include "pack_unpack.h"
|
#include "pack_unpack.h"
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_pack_3bit(uint8_t *bytes, const uint16_t *data) {
|
void PQCLEAN_FIRESABER_CLEAN_pack_3bit(uint8_t *bytes, const uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x7) | ( (data[offset_data + 1] & 0x7) << 3 ) | ((data[offset_data + 2] & 0x3) << 6);
|
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x7) |
|
||||||
bytes[offset_byte + 1] = ((data[offset_data + 2] >> 2 ) & 0x01) | ( (data[offset_data + 3] & 0x7) << 1 ) | ( (data[offset_data + 4] & 0x7) << 4 ) | (((data[offset_data + 5]) & 0x01) << 7);
|
((data[offset_data + 1] & 0x7) << 3) |
|
||||||
bytes[offset_byte + 2] = ((data[offset_data + 5] >> 1 ) & 0x03) | ( (data[offset_data + 6] & 0x7) << 2 ) | ( (data[offset_data + 7] & 0x7) << 5 );
|
((data[offset_data + 2] & 0x3) << 6);
|
||||||
|
bytes[offset_byte + 1] = ((data[offset_data + 2] >> 2 ) & 0x01) |
|
||||||
|
((data[offset_data + 3] & 0x7) << 1) |
|
||||||
|
((data[offset_data + 4] & 0x7) << 4) |
|
||||||
|
(((data[offset_data + 5]) & 0x01) << 7);
|
||||||
|
bytes[offset_byte + 2] = ((data[offset_data + 5] >> 1 ) & 0x03) |
|
||||||
|
((data[offset_data + 6] & 0x7) << 2) |
|
||||||
|
((data[offset_data + 7] & 0x7) << 5);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
void PQCLEAN_FIRESABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
@ -24,29 +29,29 @@ void PQCLEAN_FIRESABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
|||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[offset_data + 0] = (bytes[offset_byte + 0]) & 0x07;
|
data[offset_data + 0] = (bytes[offset_byte + 0]) & 0x07;
|
||||||
data[offset_data + 1] = ((bytes[offset_byte + 0]) >> 3 ) & 0x07;
|
data[offset_data + 1] = ((bytes[offset_byte + 0]) >> 3 ) & 0x07;
|
||||||
data[offset_data + 2] = ( ( (bytes[offset_byte + 0]) >> 6 ) & 0x03) | ( ( (bytes[offset_byte + 1]) & 0x01) << 2 );
|
data[offset_data + 2] = (((bytes[offset_byte + 0]) >> 6 ) & 0x03) |
|
||||||
|
(((bytes[offset_byte + 1]) & 0x01) << 2);
|
||||||
data[offset_data + 3] = ((bytes[offset_byte + 1]) >> 1 ) & 0x07;
|
data[offset_data + 3] = ((bytes[offset_byte + 1]) >> 1 ) & 0x07;
|
||||||
data[offset_data + 4] = ((bytes[offset_byte + 1]) >> 4 ) & 0x07;
|
data[offset_data + 4] = ((bytes[offset_byte + 1]) >> 4 ) & 0x07;
|
||||||
data[offset_data + 5] = ( ( (bytes[offset_byte + 1]) >> 7 ) & 0x01) | ( ( (bytes[offset_byte + 2]) & 0x03) << 1 );
|
data[offset_data + 5] = (((bytes[offset_byte + 1]) >> 7 ) & 0x01) |
|
||||||
|
(((bytes[offset_byte + 2]) & 0x03) << 1);
|
||||||
data[offset_data + 6] = ((bytes[offset_byte + 2] >> 2) & 0x07);
|
data[offset_data + 6] = ((bytes[offset_byte + 2] >> 2) & 0x07);
|
||||||
data[offset_data + 7] = ((bytes[offset_byte + 2] >> 5) & 0x07);
|
data[offset_data + 7] = ((bytes[offset_byte + 2] >> 5) & 0x07);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_pack_4bit(uint8_t *bytes, const uint16_t *data) {
|
void PQCLEAN_FIRESABER_CLEAN_pack_4bit(uint8_t *bytes, const uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data;
|
uint32_t offset_data;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 2; j++) {
|
for (j = 0; j < SABER_N / 2; j++) {
|
||||||
offset_data = 2 * j;
|
offset_data = 2 * j;
|
||||||
bytes[j] = (data[offset_data] & 0x0f) | ( (data[offset_data + 1] & 0x0f) << 4 );
|
bytes[j] = (data[offset_data] & 0x0f) |
|
||||||
|
((data[offset_data + 1] & 0x0f) << 4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_un_pack4bit(const unsigned char *bytes, uint16_t *ar) {
|
void PQCLEAN_FIRESABER_CLEAN_un_pack4bit(const unsigned char *bytes, uint16_t *ar) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data;
|
uint32_t offset_data;
|
||||||
|
|
||||||
@ -64,9 +69,12 @@ void PQCLEAN_FIRESABER_CLEAN_pack_6bit(uint8_t *bytes, const uint16_t *data) {
|
|||||||
for (j = 0; j < SABER_N / 4; j++) {
|
for (j = 0; j < SABER_N / 4; j++) {
|
||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x3f) | ((data[offset_data + 1] & 0x03) << 6);
|
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x3f) |
|
||||||
bytes[offset_byte + 1] = ((data[offset_data + 1] >> 2) & 0x0f) | ((data[offset_data + 2] & 0x0f) << 4);
|
((data[offset_data + 1] & 0x03) << 6);
|
||||||
bytes[offset_byte + 2] = ((data[offset_data + 2] >> 4) & 0x03) | ((data[offset_data + 3] & 0x3f) << 2);
|
bytes[offset_byte + 1] = ((data[offset_data + 1] >> 2) & 0x0f) |
|
||||||
|
((data[offset_data + 2] & 0x0f) << 4);
|
||||||
|
bytes[offset_byte + 2] = ((data[offset_data + 2] >> 4) & 0x03) |
|
||||||
|
((data[offset_data + 3] & 0x3f) << 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,11 +87,12 @@ void PQCLEAN_FIRESABER_CLEAN_un_pack6bit(const unsigned char *bytes, uint16_t *d
|
|||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
data[offset_data + 0] = bytes[offset_byte + 0] & 0x3f;
|
data[offset_data + 0] = bytes[offset_byte + 0] & 0x3f;
|
||||||
data[offset_data + 1] = ((bytes[offset_byte + 0] >> 6) & 0x03) | ((bytes[offset_byte + 1] & 0x0f) << 2) ;
|
data[offset_data + 1] = ((bytes[offset_byte + 0] >> 6) & 0x03) |
|
||||||
data[offset_data + 2] = ((bytes[offset_byte + 1] & 0xff) >> 4) | ((bytes[offset_byte + 2] & 0x03) << 4) ;
|
((bytes[offset_byte + 1] & 0x0f) << 2);
|
||||||
|
data[offset_data + 2] = ((bytes[offset_byte + 1] & 0xff) >> 4) |
|
||||||
|
((bytes[offset_byte + 2] & 0x03) << 4);
|
||||||
data[offset_data + 3] = ((bytes[offset_byte + 2] & 0xff) >> 2);
|
data[offset_data + 3] = ((bytes[offset_byte + 2] & 0xff) >> 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -97,22 +106,18 @@ static void POLVECp2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
|||||||
offset_byte = offset_byte1 + 5 * j;
|
offset_byte = offset_byte1 + 5 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
||||||
|
bytes[offset_byte + 1] = ((data[i][offset_data + 0] >> 8) & 0x03) |
|
||||||
bytes[offset_byte + 1] = ( (data[i][ offset_data + 0 ] >> 8) & 0x03 ) | ((data[i][ offset_data + 1 ] & 0x3f) << 2);
|
((data[i][offset_data + 1] & 0x3f) << 2);
|
||||||
|
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 6) & 0x0f) |
|
||||||
bytes[offset_byte + 2] = ( (data[i][ offset_data + 1 ] >> 6) & 0x0f ) | ( (data[i][ offset_data + 2 ] & 0x0f) << 4);
|
((data[i][offset_data + 2] & 0x0f) << 4);
|
||||||
|
bytes[offset_byte + 3] = ((data[i][offset_data + 2] >> 4) & 0x3f) |
|
||||||
bytes[offset_byte + 3] = ( (data[i][ offset_data + 2 ] >> 4) & 0x3f ) | ((data[i][ offset_data + 3 ] & 0x03) << 6);
|
((data[i][offset_data + 3] & 0x03) << 6);
|
||||||
|
|
||||||
bytes[offset_byte + 4] = ((data[i][offset_data + 3] >> 2) & 0xff);
|
bytes[offset_byte + 4] = ((data[i][offset_data + 3] >> 2) & 0xff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -121,21 +126,21 @@ static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_
|
|||||||
for (j = 0; j < SABER_N / 4; j++) {
|
for (j = 0; j < SABER_N / 4; j++) {
|
||||||
offset_byte = offset_byte1 + 5 * j;
|
offset_byte = offset_byte1 + 5 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
data[i][offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[ offset_byte + 1 ] & 0x03) << 8);
|
data[i][offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[i][offset_data + 1] = ( (bytes[ offset_byte + 1 ] >> 2) & (0x3f)) | ((bytes[ offset_byte + 2 ] & 0x0f) << 6);
|
((bytes[offset_byte + 1] & 0x03) << 8);
|
||||||
data[i][offset_data + 2] = ( (bytes[ offset_byte + 2 ] >> 4) & (0x0f)) | ((bytes[ offset_byte + 3 ] & 0x3f) << 4);
|
data[i][offset_data + 1] = ((bytes[offset_byte + 1] >> 2) & (0x3f)) |
|
||||||
data[i][offset_data + 3] = ( (bytes[ offset_byte + 3 ] >> 6) & (0x03)) | ((bytes[ offset_byte + 4 ] & 0xff) << 2);
|
((bytes[offset_byte + 2] & 0x0f) << 6);
|
||||||
|
data[i][offset_data + 2] = ((bytes[offset_byte + 2] >> 4) & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 3] & 0x3f) << 4);
|
||||||
|
data[i][offset_data + 3] = ((bytes[offset_byte + 3] >> 6) & (0x03)) |
|
||||||
|
((bytes[offset_byte + 4] & 0xff) << 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -145,39 +150,30 @@ static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
|||||||
offset_byte = offset_byte1 + 13 * j;
|
offset_byte = offset_byte1 + 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
||||||
|
bytes[offset_byte + 1] = ((data[i][offset_data + 0] >> 8) & 0x1f) |
|
||||||
bytes[offset_byte + 1] = ( (data[i][ offset_data + 0 ] >> 8) & 0x1f ) | ((data[i][ offset_data + 1 ] & 0x07) << 5);
|
((data[i][offset_data + 1] & 0x07) << 5);
|
||||||
|
|
||||||
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 3) & 0xff);
|
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 3) & 0xff);
|
||||||
|
bytes[offset_byte + 3] = ((data[i][offset_data + 1] >> 11) & 0x03) |
|
||||||
bytes[offset_byte + 3] = ( (data[i][ offset_data + 1 ] >> 11) & 0x03 ) | ((data[i][ offset_data + 2 ] & 0x3f) << 2);
|
((data[i][offset_data + 2] & 0x3f) << 2);
|
||||||
|
bytes[offset_byte + 4] = ((data[i][offset_data + 2] >> 6) & 0x7f) |
|
||||||
bytes[offset_byte + 4] = ( (data[i][ offset_data + 2 ] >> 6) & 0x7f ) | ( (data[i][ offset_data + 3 ] & 0x01) << 7 );
|
((data[i][offset_data + 3] & 0x01) << 7);
|
||||||
|
|
||||||
bytes[offset_byte + 5] = ((data[i][offset_data + 3] >> 1) & 0xff);
|
bytes[offset_byte + 5] = ((data[i][offset_data + 3] >> 1) & 0xff);
|
||||||
|
bytes[offset_byte + 6] = ((data[i][offset_data + 3] >> 9) & 0x0f) |
|
||||||
bytes[offset_byte + 6] = ( (data[i][ offset_data + 3 ] >> 9) & 0x0f ) | ( (data[i][ offset_data + 4 ] & 0x0f) << 4 );
|
((data[i][offset_data + 4] & 0x0f) << 4);
|
||||||
|
|
||||||
bytes[offset_byte + 7] = ((data[i][offset_data + 4] >> 4) & 0xff);
|
bytes[offset_byte + 7] = ((data[i][offset_data + 4] >> 4) & 0xff);
|
||||||
|
bytes[offset_byte + 8] = ((data[i][offset_data + 4] >> 12) & 0x01) |
|
||||||
bytes[offset_byte + 8] = ( (data[i][ offset_data + 4 ] >> 12) & 0x01 ) | ( (data[i][ offset_data + 5 ] & 0x7f) << 1 );
|
((data[i][offset_data + 5] & 0x7f) << 1);
|
||||||
|
bytes[offset_byte + 9] = ((data[i][offset_data + 5] >> 7) & 0x3f) |
|
||||||
bytes[offset_byte + 9] = ( (data[i][ offset_data + 5 ] >> 7) & 0x3f ) | ( (data[i][ offset_data + 6 ] & 0x03) << 6 );
|
((data[i][offset_data + 6] & 0x03) << 6);
|
||||||
|
|
||||||
bytes[offset_byte + 10] = ((data[i][offset_data + 6] >> 2) & 0xff);
|
bytes[offset_byte + 10] = ((data[i][offset_data + 6] >> 2) & 0xff);
|
||||||
|
bytes[offset_byte + 11] = ((data[i][offset_data + 6] >> 10) & 0x07) |
|
||||||
bytes[offset_byte + 11] = ( (data[i][ offset_data + 6 ] >> 10) & 0x07 ) | ( (data[i][ offset_data + 7 ] & 0x1f) << 3 );
|
((data[i][offset_data + 7] & 0x1f) << 3);
|
||||||
|
|
||||||
bytes[offset_byte + 12] = ((data[i][offset_data + 7] >> 5) & 0xff);
|
bytes[offset_byte + 12] = ((data[i][offset_data + 7] >> 5) & 0xff);
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -186,44 +182,62 @@ static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_
|
|||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = offset_byte1 + 13 * j;
|
offset_byte = offset_byte1 + 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[i][offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[offset_byte + 1] & 0x1f) << 8);
|
data[i][offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[i][offset_data + 1] = ( bytes[ offset_byte + 1 ] >> 5 & (0x07)) | ((bytes[offset_byte + 2] & 0xff) << 3) | ((bytes[offset_byte + 3] & 0x03) << 11);
|
((bytes[offset_byte + 1] & 0x1f) << 8);
|
||||||
data[i][offset_data + 2] = ( bytes[ offset_byte + 3 ] >> 2 & (0x3f)) | ((bytes[offset_byte + 4] & 0x7f) << 6);
|
data[i][offset_data + 1] = (bytes[offset_byte + 1] >> 5 & (0x07)) |
|
||||||
data[i][offset_data + 3] = ( bytes[ offset_byte + 4 ] >> 7 & (0x01)) | ((bytes[offset_byte + 5] & 0xff) << 1) | ((bytes[offset_byte + 6] & 0x0f) << 9);
|
((bytes[offset_byte + 2] & 0xff) << 3) |
|
||||||
data[i][offset_data + 4] = ( bytes[ offset_byte + 6 ] >> 4 & (0x0f)) | ((bytes[offset_byte + 7] & 0xff) << 4) | ((bytes[offset_byte + 8] & 0x01) << 12);
|
((bytes[offset_byte + 3] & 0x03) << 11);
|
||||||
data[i][offset_data + 5] = ( bytes[ offset_byte + 8] >> 1 & (0x7f)) | ((bytes[offset_byte + 9] & 0x3f) << 7);
|
data[i][offset_data + 2] = (bytes[offset_byte + 3] >> 2 & (0x3f)) |
|
||||||
data[i][offset_data + 6] = ( bytes[ offset_byte + 9] >> 6 & (0x03)) | ((bytes[offset_byte + 10] & 0xff) << 2) | ((bytes[offset_byte + 11] & 0x07) << 10);
|
((bytes[offset_byte + 4] & 0x7f) << 6);
|
||||||
data[i][offset_data + 7] = ( bytes[ offset_byte + 11] >> 3 & (0x1f)) | ((bytes[offset_byte + 12] & 0xff) << 5);
|
data[i][offset_data + 3] = (bytes[offset_byte + 4] >> 7 & (0x01)) |
|
||||||
|
((bytes[offset_byte + 5] & 0xff) << 1) |
|
||||||
|
((bytes[offset_byte + 6] & 0x0f) << 9);
|
||||||
|
data[i][offset_data + 4] = (bytes[offset_byte + 6] >> 4 & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 7] & 0xff) << 4) |
|
||||||
|
((bytes[offset_byte + 8] & 0x01) << 12);
|
||||||
|
data[i][offset_data + 5] = (bytes[offset_byte + 8] >> 1 & (0x7f)) |
|
||||||
|
((bytes[offset_byte + 9] & 0x3f) << 7);
|
||||||
|
data[i][offset_data + 6] = (bytes[offset_byte + 9] >> 6 & (0x03)) |
|
||||||
|
((bytes[offset_byte + 10] & 0xff) << 2) |
|
||||||
|
((bytes[offset_byte + 11] & 0x07) << 10);
|
||||||
|
data[i][offset_data + 7] = (bytes[offset_byte + 11] >> 3 & (0x1f)) |
|
||||||
|
((bytes[offset_byte + 12] & 0xff) << 5);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//only BS2POLq no BS2POLp
|
||||||
}
|
void PQCLEAN_FIRESABER_CLEAN_BS2POL(const unsigned char *bytes, uint16_t data[SABER_N]) {
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_BS2POL(const unsigned char *bytes, uint16_t data[SABER_N]) { //only BS2POLq no BS2POLp
|
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = 13 * j;
|
offset_byte = 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[offset_byte + 1] & 0x1f) << 8);
|
data[offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[offset_data + 1] = ( bytes[ offset_byte + 1 ] >> 5 & (0x07)) | ((bytes[offset_byte + 2] & 0xff) << 3) | ((bytes[offset_byte + 3] & 0x03) << 11);
|
((bytes[offset_byte + 1] & 0x1f) << 8);
|
||||||
data[offset_data + 2] = ( bytes[ offset_byte + 3 ] >> 2 & (0x3f)) | ((bytes[offset_byte + 4] & 0x7f) << 6);
|
data[offset_data + 1] = (bytes[offset_byte + 1] >> 5 & (0x07)) |
|
||||||
data[offset_data + 3] = ( bytes[ offset_byte + 4 ] >> 7 & (0x01)) | ((bytes[offset_byte + 5] & 0xff) << 1) | ((bytes[offset_byte + 6] & 0x0f) << 9);
|
((bytes[offset_byte + 2] & 0xff) << 3) |
|
||||||
data[offset_data + 4] = ( bytes[ offset_byte + 6 ] >> 4 & (0x0f)) | ((bytes[offset_byte + 7] & 0xff) << 4) | ((bytes[offset_byte + 8] & 0x01) << 12);
|
((bytes[offset_byte + 3] & 0x03) << 11);
|
||||||
data[offset_data + 5] = ( bytes[ offset_byte + 8] >> 1 & (0x7f)) | ((bytes[offset_byte + 9] & 0x3f) << 7);
|
data[offset_data + 2] = (bytes[offset_byte + 3] >> 2 & (0x3f)) |
|
||||||
data[offset_data + 6] = ( bytes[ offset_byte + 9] >> 6 & (0x03)) | ((bytes[offset_byte + 10] & 0xff) << 2) | ((bytes[offset_byte + 11] & 0x07) << 10);
|
((bytes[offset_byte + 4] & 0x7f) << 6);
|
||||||
data[offset_data + 7] = ( bytes[ offset_byte + 11] >> 3 & (0x1f)) | ((bytes[offset_byte + 12] & 0xff) << 5);
|
data[offset_data + 3] = (bytes[offset_byte + 4] >> 7 & (0x01)) |
|
||||||
|
((bytes[offset_byte + 5] & 0xff) << 1) |
|
||||||
|
((bytes[offset_byte + 6] & 0x0f) << 9);
|
||||||
|
data[offset_data + 4] = (bytes[offset_byte + 6] >> 4 & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 7] & 0xff) << 4) |
|
||||||
|
((bytes[offset_byte + 8] & 0x01) << 12);
|
||||||
|
data[offset_data + 5] = (bytes[offset_byte + 8] >> 1 & (0x7f)) |
|
||||||
|
((bytes[offset_byte + 9] & 0x3f) << 7);
|
||||||
|
data[offset_data + 6] = (bytes[offset_byte + 9] >> 6 & (0x03)) |
|
||||||
|
((bytes[offset_byte + 10] & 0xff) << 2) |
|
||||||
|
((bytes[offset_byte + 11] & 0x07) << 10);
|
||||||
|
data[offset_data + 7] = (bytes[offset_byte + 11] >> 3 & (0x1f)) |
|
||||||
|
((bytes[offset_byte + 12] & 0xff) << 5);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
void PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
||||||
|
|
||||||
if (modulus == 1024) {
|
if (modulus == 1024) {
|
||||||
POLVECp2BS(bytes, data);
|
POLVECp2BS(bytes, data);
|
||||||
} else if (modulus == 8192) {
|
} else if (modulus == 8192) {
|
||||||
@ -232,11 +246,9 @@ void PQCLEAN_FIRESABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SA
|
|||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
void PQCLEAN_FIRESABER_CLEAN_BS2POLVEC(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
||||||
|
|
||||||
if (modulus == 1024) {
|
if (modulus == 1024) {
|
||||||
BS2POLVECp(bytes, data);
|
BS2POLVECp(bytes, data);
|
||||||
} else if (modulus == 8192) {
|
} else if (modulus == 8192) {
|
||||||
BS2POLVECq(bytes, data);
|
BS2POLVECq(bytes, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -45,7 +45,7 @@ static void GenMatrix(polyvec *a, const unsigned char *seed) {
|
|||||||
|
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
||||||
polyvec a[SABER_K];// skpv;
|
polyvec a[SABER_K];
|
||||||
|
|
||||||
uint16_t skpv[SABER_K][SABER_N];
|
uint16_t skpv[SABER_K][SABER_N];
|
||||||
|
|
||||||
@ -58,43 +58,43 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned cha
|
|||||||
uint16_t res[SABER_K][SABER_N];
|
uint16_t res[SABER_K][SABER_N];
|
||||||
|
|
||||||
randombytes(seed, SABER_SEEDBYTES);
|
randombytes(seed, SABER_SEEDBYTES);
|
||||||
shake128(seed, SABER_SEEDBYTES, seed, SABER_SEEDBYTES); // for not revealing system RNG state
|
|
||||||
|
// for not revealing system RNG state
|
||||||
|
shake128(seed, SABER_SEEDBYTES, seed, SABER_SEEDBYTES);
|
||||||
randombytes(noiseseed, SABER_COINBYTES);
|
randombytes(noiseseed, SABER_COINBYTES);
|
||||||
|
|
||||||
GenMatrix(a, seed); //sample matrix A
|
GenMatrix(a, seed); //sample matrix A
|
||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_GenSecret(skpv, noiseseed); //generate secret from constant-time binomial distribution
|
// generate secret from constant-time binomial distribution
|
||||||
|
PQCLEAN_LIGHTSABER_CLEAN_GenSecret(skpv, noiseseed);
|
||||||
//------------------------do the matrix vector multiplication and rounding------------
|
|
||||||
|
|
||||||
|
// do the matrix vector multiplication and rounding
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = 0;
|
res[i][j] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MatrixVectorMul(a, skpv, res, SABER_Q - 1, 1);
|
MatrixVectorMul(a, skpv, res, SABER_Q - 1, 1);
|
||||||
|
|
||||||
//-----now rounding
|
// now rounding
|
||||||
for (i = 0; i < SABER_K; i++) { //shift right 3 bits
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
|
// shift right 3 bits
|
||||||
res[i][j] = (res[i][j] + h1) & (mod_q);
|
res[i][j] = (res[i][j] + h1) & (mod_q);
|
||||||
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP));
|
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//------------------unload and pack sk=3 x (256 coefficients of 14 bits)-------
|
// unload and pack sk=3 x (256 coefficients of 14 bits)
|
||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(sk, skpv, SABER_Q);
|
PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(sk, skpv, SABER_Q);
|
||||||
|
|
||||||
//------------------unload and pack pk=256 bits seed and 3 x (256 coefficients of 11 bits)-------
|
// unload and pack pk=256 bits seed and 3 x (256 coefficients of 11 bits)
|
||||||
|
// load the public-key coefficients
|
||||||
|
PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(pk, res, SABER_P);
|
||||||
|
|
||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(pk, res, SABER_P); // load the public-key coefficients
|
// now load the seedbytes in PK. Easy since seed bytes are kept in byte format.
|
||||||
|
for (i = 0; i < SABER_SEEDBYTES; i++) {
|
||||||
|
|
||||||
|
|
||||||
for (i = 0; i < SABER_SEEDBYTES; i++) { // now load the seedbytes in PK. Easy since seed bytes are kept in byte format.
|
|
||||||
pk[SABER_POLYVECCOMPRESSEDBYTES + i] = seed[i];
|
pk[SABER_POLYVECCOMPRESSEDBYTES + i] = seed[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -103,47 +103,39 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned cha
|
|||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, unsigned char *noiseseed, const unsigned char *pk, unsigned char *ciphertext) {
|
void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, unsigned char *noiseseed, const unsigned char *pk, unsigned char *ciphertext) {
|
||||||
uint32_t i, j, k;
|
uint32_t i, j, k;
|
||||||
polyvec a[SABER_K]; // skpv;
|
polyvec a[SABER_K];
|
||||||
unsigned char seed[SABER_SEEDBYTES];
|
unsigned char seed[SABER_SEEDBYTES];
|
||||||
uint16_t pkcl[SABER_K][SABER_N]; //public key of received by the client
|
// public key of received by the client
|
||||||
|
uint16_t pkcl[SABER_K][SABER_N];
|
||||||
|
|
||||||
|
|
||||||
uint16_t skpv1[SABER_K][SABER_N];
|
uint16_t skpv1[SABER_K][SABER_N];
|
||||||
|
|
||||||
uint16_t message[SABER_KEYBYTES * 8];
|
uint16_t message[SABER_KEYBYTES * 8];
|
||||||
|
|
||||||
uint16_t res[SABER_K][SABER_N];
|
uint16_t res[SABER_K][SABER_N];
|
||||||
uint16_t mod_p = SABER_P - 1;
|
uint16_t mod_p = SABER_P - 1;
|
||||||
uint16_t mod_q = SABER_Q - 1;
|
uint16_t mod_q = SABER_Q - 1;
|
||||||
|
|
||||||
uint16_t vprime[SABER_N];
|
uint16_t vprime[SABER_N];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
unsigned char msk_c[SABER_SCALEBYTES_KEM];
|
unsigned char msk_c[SABER_SCALEBYTES_KEM];
|
||||||
|
|
||||||
for (i = 0; i < SABER_SEEDBYTES; i++) { // extract the seedbytes from Public Key.
|
// extract the seedbytes from Public Key.
|
||||||
|
for (i = 0; i < SABER_SEEDBYTES; i++) {
|
||||||
seed[i] = pk[ SABER_POLYVECCOMPRESSEDBYTES + i];
|
seed[i] = pk[ SABER_POLYVECCOMPRESSEDBYTES + i];
|
||||||
}
|
}
|
||||||
|
|
||||||
GenMatrix(a, seed);
|
GenMatrix(a, seed);
|
||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_GenSecret(skpv1, noiseseed); //generate secret from constant-time binomial distribution
|
// generate secret from constant-time binomial distribution
|
||||||
|
PQCLEAN_LIGHTSABER_CLEAN_GenSecret(skpv1, noiseseed);
|
||||||
//-----------------matrix-vector multiplication and rounding
|
|
||||||
|
|
||||||
|
// matrix-vector multiplication and rounding
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = 0;
|
res[i][j] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MatrixVectorMul(a, skpv1, res, SABER_Q - 1, 0);
|
MatrixVectorMul(a, skpv1, res, SABER_Q - 1, 0);
|
||||||
|
|
||||||
//-----now rounding
|
// now rounding
|
||||||
|
//shift right 3 bits
|
||||||
for (i = 0; i < SABER_K; i++) { //shift right 3 bits
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = ( res[i][j] + h1 ) & mod_q;
|
res[i][j] = ( res[i][j] + h1 ) & mod_q;
|
||||||
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP) );
|
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP) );
|
||||||
@ -152,21 +144,15 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receiv
|
|||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(ciphertext, res, SABER_P);
|
PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(ciphertext, res, SABER_P);
|
||||||
|
|
||||||
//*******************client matrix-vector multiplication ends************************************
|
// ************client matrix-vector multiplication ends************
|
||||||
|
|
||||||
//------now calculate the v'
|
|
||||||
|
|
||||||
//-------unpack the public_key
|
|
||||||
|
|
||||||
|
// now calculate the v'
|
||||||
|
// unpack the public_key
|
||||||
// pkcl is the b in the protocol
|
// pkcl is the b in the protocol
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(pk, pkcl, SABER_P);
|
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(pk, pkcl, SABER_P);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
vprime[i] = 0;
|
vprime[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
skpv1[i][j] = skpv1[i][j] & (mod_p);
|
skpv1[i][j] = skpv1[i][j] & (mod_p);
|
||||||
@ -181,7 +167,6 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receiv
|
|||||||
vprime[i] = vprime[i] + h1;
|
vprime[i] = vprime[i] + h1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// unpack message_received;
|
// unpack message_received;
|
||||||
for (j = 0; j < SABER_KEYBYTES; j++) {
|
for (j = 0; j < SABER_KEYBYTES; j++) {
|
||||||
for (i = 0; i < 8; i++) {
|
for (i = 0; i < 8; i++) {
|
||||||
@ -194,9 +179,6 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receiv
|
|||||||
message[i] = (message[i] << (SABER_EP - 1));
|
message[i] = (message[i] << (SABER_EP - 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
vprime[k] = ( (vprime[k] - message[k]) & (mod_p) ) >> (SABER_EP - SABER_ET);
|
vprime[k] = ( (vprime[k] - message[k]) & (mod_p) ) >> (SABER_EP - SABER_ET);
|
||||||
}
|
}
|
||||||
@ -204,7 +186,6 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receiv
|
|||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_pack_3bit(msk_c, vprime);
|
PQCLEAN_LIGHTSABER_CLEAN_pack_3bit(msk_c, vprime);
|
||||||
|
|
||||||
|
|
||||||
for (j = 0; j < SABER_SCALEBYTES_KEM; j++) {
|
for (j = 0; j < SABER_SCALEBYTES_KEM; j++) {
|
||||||
ciphertext[SABER_POLYVECCOMPRESSEDBYTES + j] = msk_c[j];
|
ciphertext[SABER_POLYVECCOMPRESSEDBYTES + j] = msk_c[j];
|
||||||
}
|
}
|
||||||
@ -212,41 +193,31 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(const unsigned char *message_receiv
|
|||||||
|
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsigned char *ciphertext, unsigned char message_dec[]) {
|
void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsigned char *ciphertext, unsigned char message_dec[]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
|
// secret key of the server
|
||||||
|
uint16_t sksv[SABER_K][SABER_N];
|
||||||
uint16_t sksv[SABER_K][SABER_N]; //secret key of the server
|
|
||||||
|
|
||||||
|
|
||||||
uint16_t pksv[SABER_K][SABER_N];
|
uint16_t pksv[SABER_K][SABER_N];
|
||||||
|
|
||||||
uint8_t scale_ar[SABER_SCALEBYTES_KEM];
|
uint8_t scale_ar[SABER_SCALEBYTES_KEM];
|
||||||
|
|
||||||
uint16_t mod_p = SABER_P - 1;
|
uint16_t mod_p = SABER_P - 1;
|
||||||
|
|
||||||
uint16_t v[SABER_N];
|
uint16_t v[SABER_N];
|
||||||
|
|
||||||
uint16_t op[SABER_N];
|
uint16_t op[SABER_N];
|
||||||
|
|
||||||
|
// sksv is the secret-key
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(sk, sksv, SABER_Q); //sksv is the secret-key
|
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(sk, sksv, SABER_Q);
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(ciphertext, pksv, SABER_P); //pksv is the ciphertext
|
// pksv is the ciphertext
|
||||||
|
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(ciphertext, pksv, SABER_P);
|
||||||
|
|
||||||
// vector-vector scalar multiplication with mod p
|
// vector-vector scalar multiplication with mod p
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
v[i] = 0;
|
v[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
sksv[i][j] = sksv[i][j] & (mod_p);
|
sksv[i][j] = sksv[i][j] & (mod_p);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
InnerProd(pksv, sksv, mod_p, v);
|
InnerProd(pksv, sksv, mod_p, v);
|
||||||
|
|
||||||
|
|
||||||
//Extraction
|
//Extraction
|
||||||
for (i = 0; i < SABER_SCALEBYTES_KEM; i++) {
|
for (i = 0; i < SABER_SCALEBYTES_KEM; i++) {
|
||||||
scale_ar[i] = ciphertext[SABER_POLYVECCOMPRESSEDBYTES + i];
|
scale_ar[i] = ciphertext[SABER_POLYVECCOMPRESSEDBYTES + i];
|
||||||
@ -254,20 +225,15 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsi
|
|||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_un_pack3bit(scale_ar, op);
|
PQCLEAN_LIGHTSABER_CLEAN_un_pack3bit(scale_ar, op);
|
||||||
|
|
||||||
|
|
||||||
//addition of h1
|
//addition of h1
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
v[i] = ( ( v[i] + h2 - (op[i] << (SABER_EP - SABER_ET)) ) & (mod_p) ) >> (SABER_EP - 1);
|
v[i] = ( ( v[i] + h2 - (op[i] << (SABER_EP - SABER_ET)) ) & (mod_p) ) >> (SABER_EP - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
// pack decrypted message
|
// pack decrypted message
|
||||||
|
|
||||||
POL2MSG(v, message_dec);
|
POL2MSG(v, message_dec);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_t res[SABER_K][SABER_N], uint16_t mod, int16_t transpose) {
|
static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_t res[SABER_K][SABER_N], uint16_t mod, int16_t transpose) {
|
||||||
|
|
||||||
uint16_t acc[SABER_N];
|
uint16_t acc[SABER_N];
|
||||||
int32_t i, j, k;
|
int32_t i, j, k;
|
||||||
|
|
||||||
@ -278,32 +244,30 @@ static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_
|
|||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[i][k] = res[i][k] + acc[k];
|
res[i][k] = res[i][k] + acc[k];
|
||||||
res[i][k] = (res[i][k] & mod); //reduction mod p
|
//reduction mod p
|
||||||
acc[k] = 0; //clear the accumulator
|
res[i][k] = (res[i][k] & mod);
|
||||||
|
//clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_K; j++) {
|
for (j = 0; j < SABER_K; j++) {
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_pol_mul((uint16_t *)&a[i].vec[j], skpv[j], acc, SABER_Q, SABER_N);
|
PQCLEAN_LIGHTSABER_CLEAN_pol_mul((uint16_t *)&a[i].vec[j], skpv[j], acc, SABER_Q, SABER_N);
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[i][k] = res[i][k] + acc[k];
|
res[i][k] = res[i][k] + acc[k];
|
||||||
res[i][k] = res[i][k] & mod; //reduction
|
// reduction
|
||||||
acc[k] = 0; //clear the accumulator
|
res[i][k] = res[i][k] & mod;
|
||||||
}
|
// clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message_dec) {
|
static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message_dec) {
|
||||||
|
|
||||||
int32_t i, j;
|
int32_t i, j;
|
||||||
|
|
||||||
for (j = 0; j < SABER_KEYBYTES; j++) {
|
for (j = 0; j < SABER_KEYBYTES; j++) {
|
||||||
@ -312,13 +276,10 @@ static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message
|
|||||||
message_dec[j] = message_dec[j] | (uint8_t) (message_dec_unpacked[j * 8 + i] << i);
|
message_dec[j] = message_dec[j] | (uint8_t) (message_dec_unpacked[j * 8 + i] << i);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SABER_N], uint16_t mod, uint16_t res[SABER_N]) {
|
static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SABER_N], uint16_t mod, uint16_t res[SABER_N]) {
|
||||||
|
|
||||||
|
|
||||||
uint32_t j, k;
|
uint32_t j, k;
|
||||||
uint16_t acc[SABER_N];
|
uint16_t acc[SABER_N];
|
||||||
|
|
||||||
@ -328,8 +289,10 @@ static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SA
|
|||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[k] = res[k] + acc[k];
|
res[k] = res[k] + acc[k];
|
||||||
res[k] = res[k] & mod; //reduction
|
// reduction
|
||||||
acc[k] = 0; //clear the accumulator
|
res[k] = res[k] & mod;
|
||||||
|
// clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,37 +10,48 @@
|
|||||||
int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
|
// sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
|
||||||
|
PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(pk, sk);
|
||||||
|
|
||||||
|
// sk[SABER_INDCPA_SECRETKEYBYTES:SABER_INDCPA_SECRETKEYBYTES+SABER_INDCPA_SECRETKEYBYTES-1] <-- pk
|
||||||
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
|
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
|
||||||
sk[i + SABER_INDCPA_SECRETKEYBYTES] = pk[i]; // sk[SABER_INDCPA_SECRETKEYBYTES:SABER_INDCPA_SECRETKEYBYTES+SABER_INDCPA_SECRETKEYBYTES-1] <-- pk
|
sk[i + SABER_INDCPA_SECRETKEYBYTES] = pk[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
sha3_256(sk + SABER_SECRETKEYBYTES - 64, pk, SABER_INDCPA_PUBLICKEYBYTES); // Then hash(pk) is appended.
|
// Then hash(pk) is appended.
|
||||||
|
sha3_256(sk + SABER_SECRETKEYBYTES - 64, pk, SABER_INDCPA_PUBLICKEYBYTES);
|
||||||
|
|
||||||
randombytes(sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES ); // Remaining part of sk contains a pseudo-random number.
|
// Remaining part of sk contains a pseudo-random number.
|
||||||
// This is output when check in crypto_kem_dec() fails.
|
// This is output when check in crypto_kem_dec() fails.
|
||||||
|
randombytes(sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES );
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
||||||
|
// Will contain key, coins
|
||||||
unsigned char kr[64]; // Will contain key, coins
|
unsigned char kr[64];
|
||||||
unsigned char buf[64];
|
unsigned char buf[64];
|
||||||
|
|
||||||
randombytes(buf, 32);
|
randombytes(buf, 32);
|
||||||
|
|
||||||
sha3_256(buf, buf, 32); // BUF[0:31] <-- random message (will be used as the key for client) Note: hash doesnot release system RNG output
|
// BUF[0:31] <-- random message (will be used as the key for client) Note: hash doesnot release system RNG output
|
||||||
|
sha3_256(buf, buf, 32);
|
||||||
|
|
||||||
sha3_256(buf + 32, pk, SABER_INDCPA_PUBLICKEYBYTES); // BUF[32:63] <-- Hash(public key); Multitarget countermeasure for coins + contributory KEM
|
// BUF[32:63] <-- Hash(public key); Multitarget countermeasure for coins + contributory KEM
|
||||||
|
sha3_256(buf + 32, pk, SABER_INDCPA_PUBLICKEYBYTES);
|
||||||
|
|
||||||
|
// kr[0:63] <-- Hash(buf[0:63]);
|
||||||
|
sha3_512(kr, buf, 64);
|
||||||
|
|
||||||
sha3_512(kr, buf, 64); // kr[0:63] <-- Hash(buf[0:63]);
|
|
||||||
// K^ <-- kr[0:31]
|
// K^ <-- kr[0:31]
|
||||||
// noiseseed (r) <-- kr[32:63];
|
// noiseseed (r) <-- kr[32:63];
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(buf, kr + 32, pk, ct); // buf[0:31] contains message; kr[32:63] contains randomness r;
|
// buf[0:31] contains message; kr[32:63] contains randomness r;
|
||||||
|
PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(buf, kr + 32, pk, ct);
|
||||||
|
|
||||||
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
sha3_256(ss, kr, 64); // hash concatenation of pre-k and h(c) to k
|
// hash concatenation of pre-k and h(c) to k
|
||||||
|
sha3_256(ss, kr, 64);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@ -51,14 +62,18 @@ int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
|||||||
unsigned char fail;
|
unsigned char fail;
|
||||||
unsigned char cmp[SABER_BYTES_CCA_DEC];
|
unsigned char cmp[SABER_BYTES_CCA_DEC];
|
||||||
unsigned char buf[64];
|
unsigned char buf[64];
|
||||||
unsigned char kr[64]; // Will contain key, coins
|
|
||||||
|
// Will contain key, coins
|
||||||
|
unsigned char kr[64];
|
||||||
const unsigned char *pk = sk + SABER_INDCPA_SECRETKEYBYTES;
|
const unsigned char *pk = sk + SABER_INDCPA_SECRETKEYBYTES;
|
||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_dec(sk, ct, buf); // buf[0:31] <-- message
|
// buf[0:31] <-- message
|
||||||
|
PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_dec(sk, ct, buf);
|
||||||
|
|
||||||
|
|
||||||
// Multitarget countermeasure for coins + contributory KEM
|
// Multitarget countermeasure for coins + contributory KEM
|
||||||
for (i = 0; i < 32; i++) { // Save hash by storing h(pk) in sk
|
// Save hash by storing h(pk) in sk
|
||||||
|
for (i = 0; i < 32; i++) {
|
||||||
buf[32 + i] = sk[SABER_SECRETKEYBYTES - 64 + i];
|
buf[32 + i] = sk[SABER_SECRETKEYBYTES - 64 + i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -69,11 +84,13 @@ int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned ch
|
|||||||
|
|
||||||
fail = PQCLEAN_LIGHTSABER_CLEAN_verify(ct, cmp, SABER_BYTES_CCA_DEC);
|
fail = PQCLEAN_LIGHTSABER_CLEAN_verify(ct, cmp, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC); // overwrite coins in kr with h(c)
|
// overwrite coins in kr with h(c)
|
||||||
|
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
PQCLEAN_LIGHTSABER_CLEAN_cmov(kr, sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES, fail);
|
PQCLEAN_LIGHTSABER_CLEAN_cmov(kr, sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES, fail);
|
||||||
|
|
||||||
sha3_256(ss, kr, 64); // hash concatenation of pre-k and h(c) to k
|
// hash concatenation of pre-k and h(c) to k
|
||||||
|
sha3_256(ss, kr, 64);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -1,21 +1,26 @@
|
|||||||
#include "pack_unpack.h"
|
#include "pack_unpack.h"
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_pack_3bit(uint8_t *bytes, const uint16_t *data) {
|
void PQCLEAN_LIGHTSABER_CLEAN_pack_3bit(uint8_t *bytes, const uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x7) | ( (data[offset_data + 1] & 0x7) << 3 ) | ((data[offset_data + 2] & 0x3) << 6);
|
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x7) |
|
||||||
bytes[offset_byte + 1] = ((data[offset_data + 2] >> 2 ) & 0x01) | ( (data[offset_data + 3] & 0x7) << 1 ) | ( (data[offset_data + 4] & 0x7) << 4 ) | (((data[offset_data + 5]) & 0x01) << 7);
|
((data[offset_data + 1] & 0x7) << 3) |
|
||||||
bytes[offset_byte + 2] = ((data[offset_data + 5] >> 1 ) & 0x03) | ( (data[offset_data + 6] & 0x7) << 2 ) | ( (data[offset_data + 7] & 0x7) << 5 );
|
((data[offset_data + 2] & 0x3) << 6);
|
||||||
|
bytes[offset_byte + 1] = ((data[offset_data + 2] >> 2 ) & 0x01) |
|
||||||
|
((data[offset_data + 3] & 0x7) << 1) |
|
||||||
|
((data[offset_data + 4] & 0x7) << 4) |
|
||||||
|
(((data[offset_data + 5]) & 0x01) << 7);
|
||||||
|
bytes[offset_byte + 2] = ((data[offset_data + 5] >> 1 ) & 0x03) |
|
||||||
|
((data[offset_data + 6] & 0x7) << 2) |
|
||||||
|
((data[offset_data + 7] & 0x7) << 5);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
void PQCLEAN_LIGHTSABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
@ -24,29 +29,29 @@ void PQCLEAN_LIGHTSABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data)
|
|||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[offset_data + 0] = (bytes[offset_byte + 0]) & 0x07;
|
data[offset_data + 0] = (bytes[offset_byte + 0]) & 0x07;
|
||||||
data[offset_data + 1] = ((bytes[offset_byte + 0]) >> 3 ) & 0x07;
|
data[offset_data + 1] = ((bytes[offset_byte + 0]) >> 3 ) & 0x07;
|
||||||
data[offset_data + 2] = ( ( (bytes[offset_byte + 0]) >> 6 ) & 0x03) | ( ( (bytes[offset_byte + 1]) & 0x01) << 2 );
|
data[offset_data + 2] = (((bytes[offset_byte + 0]) >> 6 ) & 0x03) |
|
||||||
|
(((bytes[offset_byte + 1]) & 0x01) << 2);
|
||||||
data[offset_data + 3] = ((bytes[offset_byte + 1]) >> 1 ) & 0x07;
|
data[offset_data + 3] = ((bytes[offset_byte + 1]) >> 1 ) & 0x07;
|
||||||
data[offset_data + 4] = ((bytes[offset_byte + 1]) >> 4 ) & 0x07;
|
data[offset_data + 4] = ((bytes[offset_byte + 1]) >> 4 ) & 0x07;
|
||||||
data[offset_data + 5] = ( ( (bytes[offset_byte + 1]) >> 7 ) & 0x01) | ( ( (bytes[offset_byte + 2]) & 0x03) << 1 );
|
data[offset_data + 5] = (((bytes[offset_byte + 1]) >> 7 ) & 0x01) |
|
||||||
|
(((bytes[offset_byte + 2]) & 0x03) << 1);
|
||||||
data[offset_data + 6] = ((bytes[offset_byte + 2] >> 2) & 0x07);
|
data[offset_data + 6] = ((bytes[offset_byte + 2] >> 2) & 0x07);
|
||||||
data[offset_data + 7] = ((bytes[offset_byte + 2] >> 5) & 0x07);
|
data[offset_data + 7] = ((bytes[offset_byte + 2] >> 5) & 0x07);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_pack_4bit(uint8_t *bytes, const uint16_t *data) {
|
void PQCLEAN_LIGHTSABER_CLEAN_pack_4bit(uint8_t *bytes, const uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data;
|
uint32_t offset_data;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 2; j++) {
|
for (j = 0; j < SABER_N / 2; j++) {
|
||||||
offset_data = 2 * j;
|
offset_data = 2 * j;
|
||||||
bytes[j] = (data[offset_data] & 0x0f) | ( (data[offset_data + 1] & 0x0f) << 4 );
|
bytes[j] = (data[offset_data] & 0x0f) |
|
||||||
|
((data[offset_data + 1] & 0x0f) << 4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_un_pack4bit(const unsigned char *bytes, uint16_t *ar) {
|
void PQCLEAN_LIGHTSABER_CLEAN_un_pack4bit(const unsigned char *bytes, uint16_t *ar) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data;
|
uint32_t offset_data;
|
||||||
|
|
||||||
@ -64,9 +69,12 @@ void PQCLEAN_LIGHTSABER_CLEAN_pack_6bit(uint8_t *bytes, const uint16_t *data) {
|
|||||||
for (j = 0; j < SABER_N / 4; j++) {
|
for (j = 0; j < SABER_N / 4; j++) {
|
||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x3f) | ((data[offset_data + 1] & 0x03) << 6);
|
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x3f) |
|
||||||
bytes[offset_byte + 1] = ((data[offset_data + 1] >> 2) & 0x0f) | ((data[offset_data + 2] & 0x0f) << 4);
|
((data[offset_data + 1] & 0x03) << 6);
|
||||||
bytes[offset_byte + 2] = ((data[offset_data + 2] >> 4) & 0x03) | ((data[offset_data + 3] & 0x3f) << 2);
|
bytes[offset_byte + 1] = ((data[offset_data + 1] >> 2) & 0x0f) |
|
||||||
|
((data[offset_data + 2] & 0x0f) << 4);
|
||||||
|
bytes[offset_byte + 2] = ((data[offset_data + 2] >> 4) & 0x03) |
|
||||||
|
((data[offset_data + 3] & 0x3f) << 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,11 +87,12 @@ void PQCLEAN_LIGHTSABER_CLEAN_un_pack6bit(const unsigned char *bytes, uint16_t *
|
|||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
data[offset_data + 0] = bytes[offset_byte + 0] & 0x3f;
|
data[offset_data + 0] = bytes[offset_byte + 0] & 0x3f;
|
||||||
data[offset_data + 1] = ((bytes[offset_byte + 0] >> 6) & 0x03) | ((bytes[offset_byte + 1] & 0x0f) << 2) ;
|
data[offset_data + 1] = ((bytes[offset_byte + 0] >> 6) & 0x03) |
|
||||||
data[offset_data + 2] = ((bytes[offset_byte + 1] & 0xff) >> 4) | ((bytes[offset_byte + 2] & 0x03) << 4) ;
|
((bytes[offset_byte + 1] & 0x0f) << 2);
|
||||||
|
data[offset_data + 2] = ((bytes[offset_byte + 1] & 0xff) >> 4) |
|
||||||
|
((bytes[offset_byte + 2] & 0x03) << 4);
|
||||||
data[offset_data + 3] = ((bytes[offset_byte + 2] & 0xff) >> 2);
|
data[offset_data + 3] = ((bytes[offset_byte + 2] & 0xff) >> 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -97,22 +106,18 @@ static void POLVECp2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
|||||||
offset_byte = offset_byte1 + 5 * j;
|
offset_byte = offset_byte1 + 5 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
||||||
|
bytes[offset_byte + 1] = ((data[i][offset_data + 0] >> 8) & 0x03) |
|
||||||
bytes[offset_byte + 1] = ( (data[i][ offset_data + 0 ] >> 8) & 0x03 ) | ((data[i][ offset_data + 1 ] & 0x3f) << 2);
|
((data[i][offset_data + 1] & 0x3f) << 2);
|
||||||
|
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 6) & 0x0f) |
|
||||||
bytes[offset_byte + 2] = ( (data[i][ offset_data + 1 ] >> 6) & 0x0f ) | ( (data[i][ offset_data + 2 ] & 0x0f) << 4);
|
((data[i][offset_data + 2] & 0x0f) << 4);
|
||||||
|
bytes[offset_byte + 3] = ((data[i][offset_data + 2] >> 4) & 0x3f) |
|
||||||
bytes[offset_byte + 3] = ( (data[i][ offset_data + 2 ] >> 4) & 0x3f ) | ((data[i][ offset_data + 3 ] & 0x03) << 6);
|
((data[i][offset_data + 3] & 0x03) << 6);
|
||||||
|
|
||||||
bytes[offset_byte + 4] = ((data[i][offset_data + 3] >> 2) & 0xff);
|
bytes[offset_byte + 4] = ((data[i][offset_data + 3] >> 2) & 0xff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -121,21 +126,21 @@ static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_
|
|||||||
for (j = 0; j < SABER_N / 4; j++) {
|
for (j = 0; j < SABER_N / 4; j++) {
|
||||||
offset_byte = offset_byte1 + 5 * j;
|
offset_byte = offset_byte1 + 5 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
data[i][offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[ offset_byte + 1 ] & 0x03) << 8);
|
data[i][offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[i][offset_data + 1] = ( (bytes[ offset_byte + 1 ] >> 2) & (0x3f)) | ((bytes[ offset_byte + 2 ] & 0x0f) << 6);
|
((bytes[offset_byte + 1] & 0x03) << 8);
|
||||||
data[i][offset_data + 2] = ( (bytes[ offset_byte + 2 ] >> 4) & (0x0f)) | ((bytes[ offset_byte + 3 ] & 0x3f) << 4);
|
data[i][offset_data + 1] = ((bytes[offset_byte + 1] >> 2) & (0x3f)) |
|
||||||
data[i][offset_data + 3] = ( (bytes[ offset_byte + 3 ] >> 6) & (0x03)) | ((bytes[ offset_byte + 4 ] & 0xff) << 2);
|
((bytes[offset_byte + 2] & 0x0f) << 6);
|
||||||
|
data[i][offset_data + 2] = ((bytes[offset_byte + 2] >> 4) & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 3] & 0x3f) << 4);
|
||||||
|
data[i][offset_data + 3] = ((bytes[offset_byte + 3] >> 6) & (0x03)) |
|
||||||
|
((bytes[offset_byte + 4] & 0xff) << 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -145,39 +150,30 @@ static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
|||||||
offset_byte = offset_byte1 + 13 * j;
|
offset_byte = offset_byte1 + 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
||||||
|
bytes[offset_byte + 1] = ((data[i][offset_data + 0] >> 8) & 0x1f) |
|
||||||
bytes[offset_byte + 1] = ( (data[i][ offset_data + 0 ] >> 8) & 0x1f ) | ((data[i][ offset_data + 1 ] & 0x07) << 5);
|
((data[i][offset_data + 1] & 0x07) << 5);
|
||||||
|
|
||||||
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 3) & 0xff);
|
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 3) & 0xff);
|
||||||
|
bytes[offset_byte + 3] = ((data[i][offset_data + 1] >> 11) & 0x03) |
|
||||||
bytes[offset_byte + 3] = ( (data[i][ offset_data + 1 ] >> 11) & 0x03 ) | ((data[i][ offset_data + 2 ] & 0x3f) << 2);
|
((data[i][offset_data + 2] & 0x3f) << 2);
|
||||||
|
bytes[offset_byte + 4] = ((data[i][offset_data + 2] >> 6) & 0x7f) |
|
||||||
bytes[offset_byte + 4] = ( (data[i][ offset_data + 2 ] >> 6) & 0x7f ) | ( (data[i][ offset_data + 3 ] & 0x01) << 7 );
|
((data[i][offset_data + 3] & 0x01) << 7);
|
||||||
|
|
||||||
bytes[offset_byte + 5] = ((data[i][offset_data + 3] >> 1) & 0xff);
|
bytes[offset_byte + 5] = ((data[i][offset_data + 3] >> 1) & 0xff);
|
||||||
|
bytes[offset_byte + 6] = ((data[i][offset_data + 3] >> 9) & 0x0f) |
|
||||||
bytes[offset_byte + 6] = ( (data[i][ offset_data + 3 ] >> 9) & 0x0f ) | ( (data[i][ offset_data + 4 ] & 0x0f) << 4 );
|
((data[i][offset_data + 4] & 0x0f) << 4);
|
||||||
|
|
||||||
bytes[offset_byte + 7] = ((data[i][offset_data + 4] >> 4) & 0xff);
|
bytes[offset_byte + 7] = ((data[i][offset_data + 4] >> 4) & 0xff);
|
||||||
|
bytes[offset_byte + 8] = ((data[i][offset_data + 4] >> 12) & 0x01) |
|
||||||
bytes[offset_byte + 8] = ( (data[i][ offset_data + 4 ] >> 12) & 0x01 ) | ( (data[i][ offset_data + 5 ] & 0x7f) << 1 );
|
((data[i][offset_data + 5] & 0x7f) << 1);
|
||||||
|
bytes[offset_byte + 9] = ((data[i][offset_data + 5] >> 7) & 0x3f) |
|
||||||
bytes[offset_byte + 9] = ( (data[i][ offset_data + 5 ] >> 7) & 0x3f ) | ( (data[i][ offset_data + 6 ] & 0x03) << 6 );
|
((data[i][offset_data + 6] & 0x03) << 6);
|
||||||
|
|
||||||
bytes[offset_byte + 10] = ((data[i][offset_data + 6] >> 2) & 0xff);
|
bytes[offset_byte + 10] = ((data[i][offset_data + 6] >> 2) & 0xff);
|
||||||
|
bytes[offset_byte + 11] = ((data[i][offset_data + 6] >> 10) & 0x07) |
|
||||||
bytes[offset_byte + 11] = ( (data[i][ offset_data + 6 ] >> 10) & 0x07 ) | ( (data[i][ offset_data + 7 ] & 0x1f) << 3 );
|
((data[i][offset_data + 7] & 0x1f) << 3);
|
||||||
|
|
||||||
bytes[offset_byte + 12] = ((data[i][offset_data + 7] >> 5) & 0xff);
|
bytes[offset_byte + 12] = ((data[i][offset_data + 7] >> 5) & 0xff);
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -186,44 +182,62 @@ static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_
|
|||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = offset_byte1 + 13 * j;
|
offset_byte = offset_byte1 + 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[i][offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[offset_byte + 1] & 0x1f) << 8);
|
data[i][offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[i][offset_data + 1] = ( bytes[ offset_byte + 1 ] >> 5 & (0x07)) | ((bytes[offset_byte + 2] & 0xff) << 3) | ((bytes[offset_byte + 3] & 0x03) << 11);
|
((bytes[offset_byte + 1] & 0x1f) << 8);
|
||||||
data[i][offset_data + 2] = ( bytes[ offset_byte + 3 ] >> 2 & (0x3f)) | ((bytes[offset_byte + 4] & 0x7f) << 6);
|
data[i][offset_data + 1] = (bytes[offset_byte + 1] >> 5 & (0x07)) |
|
||||||
data[i][offset_data + 3] = ( bytes[ offset_byte + 4 ] >> 7 & (0x01)) | ((bytes[offset_byte + 5] & 0xff) << 1) | ((bytes[offset_byte + 6] & 0x0f) << 9);
|
((bytes[offset_byte + 2] & 0xff) << 3) |
|
||||||
data[i][offset_data + 4] = ( bytes[ offset_byte + 6 ] >> 4 & (0x0f)) | ((bytes[offset_byte + 7] & 0xff) << 4) | ((bytes[offset_byte + 8] & 0x01) << 12);
|
((bytes[offset_byte + 3] & 0x03) << 11);
|
||||||
data[i][offset_data + 5] = ( bytes[ offset_byte + 8] >> 1 & (0x7f)) | ((bytes[offset_byte + 9] & 0x3f) << 7);
|
data[i][offset_data + 2] = (bytes[offset_byte + 3] >> 2 & (0x3f)) |
|
||||||
data[i][offset_data + 6] = ( bytes[ offset_byte + 9] >> 6 & (0x03)) | ((bytes[offset_byte + 10] & 0xff) << 2) | ((bytes[offset_byte + 11] & 0x07) << 10);
|
((bytes[offset_byte + 4] & 0x7f) << 6);
|
||||||
data[i][offset_data + 7] = ( bytes[ offset_byte + 11] >> 3 & (0x1f)) | ((bytes[offset_byte + 12] & 0xff) << 5);
|
data[i][offset_data + 3] = (bytes[offset_byte + 4] >> 7 & (0x01)) |
|
||||||
|
((bytes[offset_byte + 5] & 0xff) << 1) |
|
||||||
|
((bytes[offset_byte + 6] & 0x0f) << 9);
|
||||||
|
data[i][offset_data + 4] = (bytes[offset_byte + 6] >> 4 & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 7] & 0xff) << 4) |
|
||||||
|
((bytes[offset_byte + 8] & 0x01) << 12);
|
||||||
|
data[i][offset_data + 5] = (bytes[offset_byte + 8] >> 1 & (0x7f)) |
|
||||||
|
((bytes[offset_byte + 9] & 0x3f) << 7);
|
||||||
|
data[i][offset_data + 6] = (bytes[offset_byte + 9] >> 6 & (0x03)) |
|
||||||
|
((bytes[offset_byte + 10] & 0xff) << 2) |
|
||||||
|
((bytes[offset_byte + 11] & 0x07) << 10);
|
||||||
|
data[i][offset_data + 7] = (bytes[offset_byte + 11] >> 3 & (0x1f)) |
|
||||||
|
((bytes[offset_byte + 12] & 0xff) << 5);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//only BS2POLq no BS2POLp
|
||||||
}
|
void PQCLEAN_LIGHTSABER_CLEAN_BS2POL(const unsigned char *bytes, uint16_t data[SABER_N]) {
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_BS2POL(const unsigned char *bytes, uint16_t data[SABER_N]) { //only BS2POLq no BS2POLp
|
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = 13 * j;
|
offset_byte = 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[offset_byte + 1] & 0x1f) << 8);
|
data[offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[offset_data + 1] = ( bytes[ offset_byte + 1 ] >> 5 & (0x07)) | ((bytes[offset_byte + 2] & 0xff) << 3) | ((bytes[offset_byte + 3] & 0x03) << 11);
|
((bytes[offset_byte + 1] & 0x1f) << 8);
|
||||||
data[offset_data + 2] = ( bytes[ offset_byte + 3 ] >> 2 & (0x3f)) | ((bytes[offset_byte + 4] & 0x7f) << 6);
|
data[offset_data + 1] = (bytes[offset_byte + 1] >> 5 & (0x07)) |
|
||||||
data[offset_data + 3] = ( bytes[ offset_byte + 4 ] >> 7 & (0x01)) | ((bytes[offset_byte + 5] & 0xff) << 1) | ((bytes[offset_byte + 6] & 0x0f) << 9);
|
((bytes[offset_byte + 2] & 0xff) << 3) |
|
||||||
data[offset_data + 4] = ( bytes[ offset_byte + 6 ] >> 4 & (0x0f)) | ((bytes[offset_byte + 7] & 0xff) << 4) | ((bytes[offset_byte + 8] & 0x01) << 12);
|
((bytes[offset_byte + 3] & 0x03) << 11);
|
||||||
data[offset_data + 5] = ( bytes[ offset_byte + 8] >> 1 & (0x7f)) | ((bytes[offset_byte + 9] & 0x3f) << 7);
|
data[offset_data + 2] = (bytes[offset_byte + 3] >> 2 & (0x3f)) |
|
||||||
data[offset_data + 6] = ( bytes[ offset_byte + 9] >> 6 & (0x03)) | ((bytes[offset_byte + 10] & 0xff) << 2) | ((bytes[offset_byte + 11] & 0x07) << 10);
|
((bytes[offset_byte + 4] & 0x7f) << 6);
|
||||||
data[offset_data + 7] = ( bytes[ offset_byte + 11] >> 3 & (0x1f)) | ((bytes[offset_byte + 12] & 0xff) << 5);
|
data[offset_data + 3] = (bytes[offset_byte + 4] >> 7 & (0x01)) |
|
||||||
|
((bytes[offset_byte + 5] & 0xff) << 1) |
|
||||||
|
((bytes[offset_byte + 6] & 0x0f) << 9);
|
||||||
|
data[offset_data + 4] = (bytes[offset_byte + 6] >> 4 & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 7] & 0xff) << 4) |
|
||||||
|
((bytes[offset_byte + 8] & 0x01) << 12);
|
||||||
|
data[offset_data + 5] = (bytes[offset_byte + 8] >> 1 & (0x7f)) |
|
||||||
|
((bytes[offset_byte + 9] & 0x3f) << 7);
|
||||||
|
data[offset_data + 6] = (bytes[offset_byte + 9] >> 6 & (0x03)) |
|
||||||
|
((bytes[offset_byte + 10] & 0xff) << 2) |
|
||||||
|
((bytes[offset_byte + 11] & 0x07) << 10);
|
||||||
|
data[offset_data + 7] = (bytes[offset_byte + 11] >> 3 & (0x1f)) |
|
||||||
|
((bytes[offset_byte + 12] & 0xff) << 5);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
void PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
||||||
|
|
||||||
if (modulus == 1024) {
|
if (modulus == 1024) {
|
||||||
POLVECp2BS(bytes, data);
|
POLVECp2BS(bytes, data);
|
||||||
} else if (modulus == 8192) {
|
} else if (modulus == 8192) {
|
||||||
@ -232,11 +246,9 @@ void PQCLEAN_LIGHTSABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][S
|
|||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
void PQCLEAN_LIGHTSABER_CLEAN_BS2POLVEC(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
||||||
|
|
||||||
if (modulus == 1024) {
|
if (modulus == 1024) {
|
||||||
BS2POLVECp(bytes, data);
|
BS2POLVECp(bytes, data);
|
||||||
} else if (modulus == 8192) {
|
} else if (modulus == 8192) {
|
||||||
BS2POLVECq(bytes, data);
|
BS2POLVECq(bytes, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -45,7 +45,7 @@ static void GenMatrix(polyvec *a, const unsigned char *seed) {
|
|||||||
|
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
void PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
||||||
polyvec a[SABER_K];// skpv;
|
polyvec a[SABER_K];
|
||||||
|
|
||||||
uint16_t skpv[SABER_K][SABER_N];
|
uint16_t skpv[SABER_K][SABER_N];
|
||||||
|
|
||||||
@ -58,43 +58,43 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk
|
|||||||
uint16_t res[SABER_K][SABER_N];
|
uint16_t res[SABER_K][SABER_N];
|
||||||
|
|
||||||
randombytes(seed, SABER_SEEDBYTES);
|
randombytes(seed, SABER_SEEDBYTES);
|
||||||
shake128(seed, SABER_SEEDBYTES, seed, SABER_SEEDBYTES); // for not revealing system RNG state
|
|
||||||
|
// for not revealing system RNG state
|
||||||
|
shake128(seed, SABER_SEEDBYTES, seed, SABER_SEEDBYTES);
|
||||||
randombytes(noiseseed, SABER_COINBYTES);
|
randombytes(noiseseed, SABER_COINBYTES);
|
||||||
|
|
||||||
GenMatrix(a, seed); //sample matrix A
|
GenMatrix(a, seed); //sample matrix A
|
||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_GenSecret(skpv, noiseseed); //generate secret from constant-time binomial distribution
|
// generate secret from constant-time binomial distribution
|
||||||
|
PQCLEAN_SABER_CLEAN_GenSecret(skpv, noiseseed);
|
||||||
//------------------------do the matrix vector multiplication and rounding------------
|
|
||||||
|
|
||||||
|
// do the matrix vector multiplication and rounding
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = 0;
|
res[i][j] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MatrixVectorMul(a, skpv, res, SABER_Q - 1, 1);
|
MatrixVectorMul(a, skpv, res, SABER_Q - 1, 1);
|
||||||
|
|
||||||
//-----now rounding
|
// now rounding
|
||||||
for (i = 0; i < SABER_K; i++) { //shift right 3 bits
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
|
// shift right 3 bits
|
||||||
res[i][j] = (res[i][j] + h1) & (mod_q);
|
res[i][j] = (res[i][j] + h1) & (mod_q);
|
||||||
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP));
|
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//------------------unload and pack sk=3 x (256 coefficients of 14 bits)-------
|
// unload and pack sk=3 x (256 coefficients of 14 bits)
|
||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_POLVEC2BS(sk, skpv, SABER_Q);
|
PQCLEAN_SABER_CLEAN_POLVEC2BS(sk, skpv, SABER_Q);
|
||||||
|
|
||||||
//------------------unload and pack pk=256 bits seed and 3 x (256 coefficients of 11 bits)-------
|
// unload and pack pk=256 bits seed and 3 x (256 coefficients of 11 bits)
|
||||||
|
// load the public-key coefficients
|
||||||
|
PQCLEAN_SABER_CLEAN_POLVEC2BS(pk, res, SABER_P);
|
||||||
|
|
||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_POLVEC2BS(pk, res, SABER_P); // load the public-key coefficients
|
// now load the seedbytes in PK. Easy since seed bytes are kept in byte format.
|
||||||
|
for (i = 0; i < SABER_SEEDBYTES; i++) {
|
||||||
|
|
||||||
|
|
||||||
for (i = 0; i < SABER_SEEDBYTES; i++) { // now load the seedbytes in PK. Easy since seed bytes are kept in byte format.
|
|
||||||
pk[SABER_POLYVECCOMPRESSEDBYTES + i] = seed[i];
|
pk[SABER_POLYVECCOMPRESSEDBYTES + i] = seed[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -103,47 +103,39 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(unsigned char *pk, unsigned char *sk
|
|||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, unsigned char *noiseseed, const unsigned char *pk, unsigned char *ciphertext) {
|
void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, unsigned char *noiseseed, const unsigned char *pk, unsigned char *ciphertext) {
|
||||||
uint32_t i, j, k;
|
uint32_t i, j, k;
|
||||||
polyvec a[SABER_K]; // skpv;
|
polyvec a[SABER_K];
|
||||||
unsigned char seed[SABER_SEEDBYTES];
|
unsigned char seed[SABER_SEEDBYTES];
|
||||||
uint16_t pkcl[SABER_K][SABER_N]; //public key of received by the client
|
// public key of received by the client
|
||||||
|
uint16_t pkcl[SABER_K][SABER_N];
|
||||||
|
|
||||||
|
|
||||||
uint16_t skpv1[SABER_K][SABER_N];
|
uint16_t skpv1[SABER_K][SABER_N];
|
||||||
|
|
||||||
uint16_t message[SABER_KEYBYTES * 8];
|
uint16_t message[SABER_KEYBYTES * 8];
|
||||||
|
|
||||||
uint16_t res[SABER_K][SABER_N];
|
uint16_t res[SABER_K][SABER_N];
|
||||||
uint16_t mod_p = SABER_P - 1;
|
uint16_t mod_p = SABER_P - 1;
|
||||||
uint16_t mod_q = SABER_Q - 1;
|
uint16_t mod_q = SABER_Q - 1;
|
||||||
|
|
||||||
uint16_t vprime[SABER_N];
|
uint16_t vprime[SABER_N];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
unsigned char msk_c[SABER_SCALEBYTES_KEM];
|
unsigned char msk_c[SABER_SCALEBYTES_KEM];
|
||||||
|
|
||||||
for (i = 0; i < SABER_SEEDBYTES; i++) { // extract the seedbytes from Public Key.
|
// extract the seedbytes from Public Key.
|
||||||
|
for (i = 0; i < SABER_SEEDBYTES; i++) {
|
||||||
seed[i] = pk[ SABER_POLYVECCOMPRESSEDBYTES + i];
|
seed[i] = pk[ SABER_POLYVECCOMPRESSEDBYTES + i];
|
||||||
}
|
}
|
||||||
|
|
||||||
GenMatrix(a, seed);
|
GenMatrix(a, seed);
|
||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_GenSecret(skpv1, noiseseed); //generate secret from constant-time binomial distribution
|
// generate secret from constant-time binomial distribution
|
||||||
|
PQCLEAN_SABER_CLEAN_GenSecret(skpv1, noiseseed);
|
||||||
//-----------------matrix-vector multiplication and rounding
|
|
||||||
|
|
||||||
|
// matrix-vector multiplication and rounding
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = 0;
|
res[i][j] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MatrixVectorMul(a, skpv1, res, SABER_Q - 1, 0);
|
MatrixVectorMul(a, skpv1, res, SABER_Q - 1, 0);
|
||||||
|
|
||||||
//-----now rounding
|
// now rounding
|
||||||
|
//shift right 3 bits
|
||||||
for (i = 0; i < SABER_K; i++) { //shift right 3 bits
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
res[i][j] = ( res[i][j] + h1 ) & mod_q;
|
res[i][j] = ( res[i][j] + h1 ) & mod_q;
|
||||||
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP) );
|
res[i][j] = (res[i][j] >> (SABER_EQ - SABER_EP) );
|
||||||
@ -152,21 +144,15 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, u
|
|||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_POLVEC2BS(ciphertext, res, SABER_P);
|
PQCLEAN_SABER_CLEAN_POLVEC2BS(ciphertext, res, SABER_P);
|
||||||
|
|
||||||
//*******************client matrix-vector multiplication ends************************************
|
// ************client matrix-vector multiplication ends************
|
||||||
|
|
||||||
//------now calculate the v'
|
|
||||||
|
|
||||||
//-------unpack the public_key
|
|
||||||
|
|
||||||
|
// now calculate the v'
|
||||||
|
// unpack the public_key
|
||||||
// pkcl is the b in the protocol
|
// pkcl is the b in the protocol
|
||||||
PQCLEAN_SABER_CLEAN_BS2POLVEC(pk, pkcl, SABER_P);
|
PQCLEAN_SABER_CLEAN_BS2POLVEC(pk, pkcl, SABER_P);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
vprime[i] = 0;
|
vprime[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
skpv1[i][j] = skpv1[i][j] & (mod_p);
|
skpv1[i][j] = skpv1[i][j] & (mod_p);
|
||||||
@ -181,7 +167,6 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, u
|
|||||||
vprime[i] = vprime[i] + h1;
|
vprime[i] = vprime[i] + h1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// unpack message_received;
|
// unpack message_received;
|
||||||
for (j = 0; j < SABER_KEYBYTES; j++) {
|
for (j = 0; j < SABER_KEYBYTES; j++) {
|
||||||
for (i = 0; i < 8; i++) {
|
for (i = 0; i < 8; i++) {
|
||||||
@ -194,9 +179,6 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, u
|
|||||||
message[i] = (message[i] << (SABER_EP - 1));
|
message[i] = (message[i] << (SABER_EP - 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
vprime[k] = ( (vprime[k] - message[k]) & (mod_p) ) >> (SABER_EP - SABER_ET);
|
vprime[k] = ( (vprime[k] - message[k]) & (mod_p) ) >> (SABER_EP - SABER_ET);
|
||||||
}
|
}
|
||||||
@ -204,7 +186,6 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, u
|
|||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_pack_4bit(msk_c, vprime);
|
PQCLEAN_SABER_CLEAN_pack_4bit(msk_c, vprime);
|
||||||
|
|
||||||
|
|
||||||
for (j = 0; j < SABER_SCALEBYTES_KEM; j++) {
|
for (j = 0; j < SABER_SCALEBYTES_KEM; j++) {
|
||||||
ciphertext[SABER_POLYVECCOMPRESSEDBYTES + j] = msk_c[j];
|
ciphertext[SABER_POLYVECCOMPRESSEDBYTES + j] = msk_c[j];
|
||||||
}
|
}
|
||||||
@ -212,41 +193,31 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(const unsigned char *message_received, u
|
|||||||
|
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsigned char *ciphertext, unsigned char message_dec[]) {
|
void PQCLEAN_SABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsigned char *ciphertext, unsigned char message_dec[]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
|
// secret key of the server
|
||||||
|
uint16_t sksv[SABER_K][SABER_N];
|
||||||
uint16_t sksv[SABER_K][SABER_N]; //secret key of the server
|
|
||||||
|
|
||||||
|
|
||||||
uint16_t pksv[SABER_K][SABER_N];
|
uint16_t pksv[SABER_K][SABER_N];
|
||||||
|
|
||||||
uint8_t scale_ar[SABER_SCALEBYTES_KEM];
|
uint8_t scale_ar[SABER_SCALEBYTES_KEM];
|
||||||
|
|
||||||
uint16_t mod_p = SABER_P - 1;
|
uint16_t mod_p = SABER_P - 1;
|
||||||
|
|
||||||
uint16_t v[SABER_N];
|
uint16_t v[SABER_N];
|
||||||
|
|
||||||
uint16_t op[SABER_N];
|
uint16_t op[SABER_N];
|
||||||
|
|
||||||
|
// sksv is the secret-key
|
||||||
PQCLEAN_SABER_CLEAN_BS2POLVEC(sk, sksv, SABER_Q); //sksv is the secret-key
|
PQCLEAN_SABER_CLEAN_BS2POLVEC(sk, sksv, SABER_Q);
|
||||||
PQCLEAN_SABER_CLEAN_BS2POLVEC(ciphertext, pksv, SABER_P); //pksv is the ciphertext
|
// pksv is the ciphertext
|
||||||
|
PQCLEAN_SABER_CLEAN_BS2POLVEC(ciphertext, pksv, SABER_P);
|
||||||
|
|
||||||
// vector-vector scalar multiplication with mod p
|
// vector-vector scalar multiplication with mod p
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
v[i] = 0;
|
v[i] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_N; j++) {
|
for (j = 0; j < SABER_N; j++) {
|
||||||
sksv[i][j] = sksv[i][j] & (mod_p);
|
sksv[i][j] = sksv[i][j] & (mod_p);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
InnerProd(pksv, sksv, mod_p, v);
|
InnerProd(pksv, sksv, mod_p, v);
|
||||||
|
|
||||||
|
|
||||||
//Extraction
|
//Extraction
|
||||||
for (i = 0; i < SABER_SCALEBYTES_KEM; i++) {
|
for (i = 0; i < SABER_SCALEBYTES_KEM; i++) {
|
||||||
scale_ar[i] = ciphertext[SABER_POLYVECCOMPRESSEDBYTES + i];
|
scale_ar[i] = ciphertext[SABER_POLYVECCOMPRESSEDBYTES + i];
|
||||||
@ -254,20 +225,15 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_dec(const unsigned char *sk, const unsigned
|
|||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_un_pack4bit(scale_ar, op);
|
PQCLEAN_SABER_CLEAN_un_pack4bit(scale_ar, op);
|
||||||
|
|
||||||
|
|
||||||
//addition of h1
|
//addition of h1
|
||||||
for (i = 0; i < SABER_N; i++) {
|
for (i = 0; i < SABER_N; i++) {
|
||||||
v[i] = ( ( v[i] + h2 - (op[i] << (SABER_EP - SABER_ET)) ) & (mod_p) ) >> (SABER_EP - 1);
|
v[i] = ( ( v[i] + h2 - (op[i] << (SABER_EP - SABER_ET)) ) & (mod_p) ) >> (SABER_EP - 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
// pack decrypted message
|
// pack decrypted message
|
||||||
|
|
||||||
POL2MSG(v, message_dec);
|
POL2MSG(v, message_dec);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_t res[SABER_K][SABER_N], uint16_t mod, int16_t transpose) {
|
static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_t res[SABER_K][SABER_N], uint16_t mod, int16_t transpose) {
|
||||||
|
|
||||||
uint16_t acc[SABER_N];
|
uint16_t acc[SABER_N];
|
||||||
int32_t i, j, k;
|
int32_t i, j, k;
|
||||||
|
|
||||||
@ -278,32 +244,30 @@ static void MatrixVectorMul(polyvec *a, uint16_t skpv[SABER_K][SABER_N], uint16_
|
|||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[i][k] = res[i][k] + acc[k];
|
res[i][k] = res[i][k] + acc[k];
|
||||||
res[i][k] = (res[i][k] & mod); //reduction mod p
|
//reduction mod p
|
||||||
acc[k] = 0; //clear the accumulator
|
res[i][k] = (res[i][k] & mod);
|
||||||
|
//clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
for (i = 0; i < SABER_K; i++) {
|
for (i = 0; i < SABER_K; i++) {
|
||||||
for (j = 0; j < SABER_K; j++) {
|
for (j = 0; j < SABER_K; j++) {
|
||||||
PQCLEAN_SABER_CLEAN_pol_mul((uint16_t *)&a[i].vec[j], skpv[j], acc, SABER_Q, SABER_N);
|
PQCLEAN_SABER_CLEAN_pol_mul((uint16_t *)&a[i].vec[j], skpv[j], acc, SABER_Q, SABER_N);
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[i][k] = res[i][k] + acc[k];
|
res[i][k] = res[i][k] + acc[k];
|
||||||
res[i][k] = res[i][k] & mod; //reduction
|
// reduction
|
||||||
acc[k] = 0; //clear the accumulator
|
res[i][k] = res[i][k] & mod;
|
||||||
}
|
// clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message_dec) {
|
static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message_dec) {
|
||||||
|
|
||||||
int32_t i, j;
|
int32_t i, j;
|
||||||
|
|
||||||
for (j = 0; j < SABER_KEYBYTES; j++) {
|
for (j = 0; j < SABER_KEYBYTES; j++) {
|
||||||
@ -312,13 +276,10 @@ static void POL2MSG(const uint16_t *message_dec_unpacked, unsigned char *message
|
|||||||
message_dec[j] = message_dec[j] | (uint8_t) (message_dec_unpacked[j * 8 + i] << i);
|
message_dec[j] = message_dec[j] | (uint8_t) (message_dec_unpacked[j * 8 + i] << i);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SABER_N], uint16_t mod, uint16_t res[SABER_N]) {
|
static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SABER_N], uint16_t mod, uint16_t res[SABER_N]) {
|
||||||
|
|
||||||
|
|
||||||
uint32_t j, k;
|
uint32_t j, k;
|
||||||
uint16_t acc[SABER_N];
|
uint16_t acc[SABER_N];
|
||||||
|
|
||||||
@ -328,8 +289,10 @@ static void InnerProd(uint16_t pkcl[SABER_K][SABER_N], uint16_t skpv[SABER_K][SA
|
|||||||
|
|
||||||
for (k = 0; k < SABER_N; k++) {
|
for (k = 0; k < SABER_N; k++) {
|
||||||
res[k] = res[k] + acc[k];
|
res[k] = res[k] + acc[k];
|
||||||
res[k] = res[k] & mod; //reduction
|
// reduction
|
||||||
acc[k] = 0; //clear the accumulator
|
res[k] = res[k] & mod;
|
||||||
|
// clear the accumulator
|
||||||
|
acc[k] = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,37 +10,48 @@
|
|||||||
int PQCLEAN_SABER_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
int PQCLEAN_SABER_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
|
// sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
|
||||||
|
PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(pk, sk);
|
||||||
|
|
||||||
|
// sk[SABER_INDCPA_SECRETKEYBYTES:SABER_INDCPA_SECRETKEYBYTES+SABER_INDCPA_SECRETKEYBYTES-1] <-- pk
|
||||||
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
|
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
|
||||||
sk[i + SABER_INDCPA_SECRETKEYBYTES] = pk[i]; // sk[SABER_INDCPA_SECRETKEYBYTES:SABER_INDCPA_SECRETKEYBYTES+SABER_INDCPA_SECRETKEYBYTES-1] <-- pk
|
sk[i + SABER_INDCPA_SECRETKEYBYTES] = pk[i];
|
||||||
}
|
}
|
||||||
|
|
||||||
sha3_256(sk + SABER_SECRETKEYBYTES - 64, pk, SABER_INDCPA_PUBLICKEYBYTES); // Then hash(pk) is appended.
|
// Then hash(pk) is appended.
|
||||||
|
sha3_256(sk + SABER_SECRETKEYBYTES - 64, pk, SABER_INDCPA_PUBLICKEYBYTES);
|
||||||
|
|
||||||
randombytes(sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES ); // Remaining part of sk contains a pseudo-random number.
|
// Remaining part of sk contains a pseudo-random number.
|
||||||
// This is output when check in crypto_kem_dec() fails.
|
// This is output when check in crypto_kem_dec() fails.
|
||||||
|
randombytes(sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES );
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
int PQCLEAN_SABER_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
int PQCLEAN_SABER_CLEAN_crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk) {
|
||||||
|
// Will contain key, coins
|
||||||
unsigned char kr[64]; // Will contain key, coins
|
unsigned char kr[64];
|
||||||
unsigned char buf[64];
|
unsigned char buf[64];
|
||||||
|
|
||||||
randombytes(buf, 32);
|
randombytes(buf, 32);
|
||||||
|
|
||||||
sha3_256(buf, buf, 32); // BUF[0:31] <-- random message (will be used as the key for client) Note: hash doesnot release system RNG output
|
// BUF[0:31] <-- random message (will be used as the key for client) Note: hash doesnot release system RNG output
|
||||||
|
sha3_256(buf, buf, 32);
|
||||||
|
|
||||||
sha3_256(buf + 32, pk, SABER_INDCPA_PUBLICKEYBYTES); // BUF[32:63] <-- Hash(public key); Multitarget countermeasure for coins + contributory KEM
|
// BUF[32:63] <-- Hash(public key); Multitarget countermeasure for coins + contributory KEM
|
||||||
|
sha3_256(buf + 32, pk, SABER_INDCPA_PUBLICKEYBYTES);
|
||||||
|
|
||||||
|
// kr[0:63] <-- Hash(buf[0:63]);
|
||||||
|
sha3_512(kr, buf, 64);
|
||||||
|
|
||||||
sha3_512(kr, buf, 64); // kr[0:63] <-- Hash(buf[0:63]);
|
|
||||||
// K^ <-- kr[0:31]
|
// K^ <-- kr[0:31]
|
||||||
// noiseseed (r) <-- kr[32:63];
|
// noiseseed (r) <-- kr[32:63];
|
||||||
PQCLEAN_SABER_CLEAN_indcpa_kem_enc(buf, kr + 32, pk, ct); // buf[0:31] contains message; kr[32:63] contains randomness r;
|
// buf[0:31] contains message; kr[32:63] contains randomness r;
|
||||||
|
PQCLEAN_SABER_CLEAN_indcpa_kem_enc(buf, kr + 32, pk, ct);
|
||||||
|
|
||||||
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
sha3_256(ss, kr, 64); // hash concatenation of pre-k and h(c) to k
|
// hash concatenation of pre-k and h(c) to k
|
||||||
|
sha3_256(ss, kr, 64);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
@ -51,14 +62,18 @@ int PQCLEAN_SABER_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
|||||||
unsigned char fail;
|
unsigned char fail;
|
||||||
unsigned char cmp[SABER_BYTES_CCA_DEC];
|
unsigned char cmp[SABER_BYTES_CCA_DEC];
|
||||||
unsigned char buf[64];
|
unsigned char buf[64];
|
||||||
unsigned char kr[64]; // Will contain key, coins
|
|
||||||
|
// Will contain key, coins
|
||||||
|
unsigned char kr[64];
|
||||||
const unsigned char *pk = sk + SABER_INDCPA_SECRETKEYBYTES;
|
const unsigned char *pk = sk + SABER_INDCPA_SECRETKEYBYTES;
|
||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_indcpa_kem_dec(sk, ct, buf); // buf[0:31] <-- message
|
// buf[0:31] <-- message
|
||||||
|
PQCLEAN_SABER_CLEAN_indcpa_kem_dec(sk, ct, buf);
|
||||||
|
|
||||||
|
|
||||||
// Multitarget countermeasure for coins + contributory KEM
|
// Multitarget countermeasure for coins + contributory KEM
|
||||||
for (i = 0; i < 32; i++) { // Save hash by storing h(pk) in sk
|
// Save hash by storing h(pk) in sk
|
||||||
|
for (i = 0; i < 32; i++) {
|
||||||
buf[32 + i] = sk[SABER_SECRETKEYBYTES - 64 + i];
|
buf[32 + i] = sk[SABER_SECRETKEYBYTES - 64 + i];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -69,11 +84,13 @@ int PQCLEAN_SABER_CLEAN_crypto_kem_dec(unsigned char *ss, const unsigned char *c
|
|||||||
|
|
||||||
fail = PQCLEAN_SABER_CLEAN_verify(ct, cmp, SABER_BYTES_CCA_DEC);
|
fail = PQCLEAN_SABER_CLEAN_verify(ct, cmp, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC); // overwrite coins in kr with h(c)
|
// overwrite coins in kr with h(c)
|
||||||
|
sha3_256(kr + 32, ct, SABER_BYTES_CCA_DEC);
|
||||||
|
|
||||||
PQCLEAN_SABER_CLEAN_cmov(kr, sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES, fail);
|
PQCLEAN_SABER_CLEAN_cmov(kr, sk + SABER_SECRETKEYBYTES - SABER_KEYBYTES, SABER_KEYBYTES, fail);
|
||||||
|
|
||||||
sha3_256(ss, kr, 64); // hash concatenation of pre-k and h(c) to k
|
// hash concatenation of pre-k and h(c) to k
|
||||||
|
sha3_256(ss, kr, 64);
|
||||||
|
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
@ -1,21 +1,26 @@
|
|||||||
#include "pack_unpack.h"
|
#include "pack_unpack.h"
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_pack_3bit(uint8_t *bytes, const uint16_t *data) {
|
void PQCLEAN_SABER_CLEAN_pack_3bit(uint8_t *bytes, const uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x7) | ( (data[offset_data + 1] & 0x7) << 3 ) | ((data[offset_data + 2] & 0x3) << 6);
|
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x7) |
|
||||||
bytes[offset_byte + 1] = ((data[offset_data + 2] >> 2 ) & 0x01) | ( (data[offset_data + 3] & 0x7) << 1 ) | ( (data[offset_data + 4] & 0x7) << 4 ) | (((data[offset_data + 5]) & 0x01) << 7);
|
((data[offset_data + 1] & 0x7) << 3) |
|
||||||
bytes[offset_byte + 2] = ((data[offset_data + 5] >> 1 ) & 0x03) | ( (data[offset_data + 6] & 0x7) << 2 ) | ( (data[offset_data + 7] & 0x7) << 5 );
|
((data[offset_data + 2] & 0x3) << 6);
|
||||||
|
bytes[offset_byte + 1] = ((data[offset_data + 2] >> 2 ) & 0x01) |
|
||||||
|
((data[offset_data + 3] & 0x7) << 1) |
|
||||||
|
((data[offset_data + 4] & 0x7) << 4) |
|
||||||
|
(((data[offset_data + 5]) & 0x01) << 7);
|
||||||
|
bytes[offset_byte + 2] = ((data[offset_data + 5] >> 1 ) & 0x03) |
|
||||||
|
((data[offset_data + 6] & 0x7) << 2) |
|
||||||
|
((data[offset_data + 7] & 0x7) << 5);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
void PQCLEAN_SABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
@ -24,29 +29,29 @@ void PQCLEAN_SABER_CLEAN_un_pack3bit(const uint8_t *bytes, uint16_t *data) {
|
|||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[offset_data + 0] = (bytes[offset_byte + 0]) & 0x07;
|
data[offset_data + 0] = (bytes[offset_byte + 0]) & 0x07;
|
||||||
data[offset_data + 1] = ((bytes[offset_byte + 0]) >> 3 ) & 0x07;
|
data[offset_data + 1] = ((bytes[offset_byte + 0]) >> 3 ) & 0x07;
|
||||||
data[offset_data + 2] = ( ( (bytes[offset_byte + 0]) >> 6 ) & 0x03) | ( ( (bytes[offset_byte + 1]) & 0x01) << 2 );
|
data[offset_data + 2] = (((bytes[offset_byte + 0]) >> 6 ) & 0x03) |
|
||||||
|
(((bytes[offset_byte + 1]) & 0x01) << 2);
|
||||||
data[offset_data + 3] = ((bytes[offset_byte + 1]) >> 1 ) & 0x07;
|
data[offset_data + 3] = ((bytes[offset_byte + 1]) >> 1 ) & 0x07;
|
||||||
data[offset_data + 4] = ((bytes[offset_byte + 1]) >> 4 ) & 0x07;
|
data[offset_data + 4] = ((bytes[offset_byte + 1]) >> 4 ) & 0x07;
|
||||||
data[offset_data + 5] = ( ( (bytes[offset_byte + 1]) >> 7 ) & 0x01) | ( ( (bytes[offset_byte + 2]) & 0x03) << 1 );
|
data[offset_data + 5] = (((bytes[offset_byte + 1]) >> 7 ) & 0x01) |
|
||||||
|
(((bytes[offset_byte + 2]) & 0x03) << 1);
|
||||||
data[offset_data + 6] = ((bytes[offset_byte + 2] >> 2) & 0x07);
|
data[offset_data + 6] = ((bytes[offset_byte + 2] >> 2) & 0x07);
|
||||||
data[offset_data + 7] = ((bytes[offset_byte + 2] >> 5) & 0x07);
|
data[offset_data + 7] = ((bytes[offset_byte + 2] >> 5) & 0x07);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_pack_4bit(uint8_t *bytes, const uint16_t *data) {
|
void PQCLEAN_SABER_CLEAN_pack_4bit(uint8_t *bytes, const uint16_t *data) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data;
|
uint32_t offset_data;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 2; j++) {
|
for (j = 0; j < SABER_N / 2; j++) {
|
||||||
offset_data = 2 * j;
|
offset_data = 2 * j;
|
||||||
bytes[j] = (data[offset_data] & 0x0f) | ( (data[offset_data + 1] & 0x0f) << 4 );
|
bytes[j] = (data[offset_data] & 0x0f) |
|
||||||
|
((data[offset_data + 1] & 0x0f) << 4);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_un_pack4bit(const unsigned char *bytes, uint16_t *ar) {
|
void PQCLEAN_SABER_CLEAN_un_pack4bit(const unsigned char *bytes, uint16_t *ar) {
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data;
|
uint32_t offset_data;
|
||||||
|
|
||||||
@ -64,9 +69,12 @@ void PQCLEAN_SABER_CLEAN_pack_6bit(uint8_t *bytes, const uint16_t *data) {
|
|||||||
for (j = 0; j < SABER_N / 4; j++) {
|
for (j = 0; j < SABER_N / 4; j++) {
|
||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x3f) | ((data[offset_data + 1] & 0x03) << 6);
|
bytes[offset_byte + 0] = (data[offset_data + 0] & 0x3f) |
|
||||||
bytes[offset_byte + 1] = ((data[offset_data + 1] >> 2) & 0x0f) | ((data[offset_data + 2] & 0x0f) << 4);
|
((data[offset_data + 1] & 0x03) << 6);
|
||||||
bytes[offset_byte + 2] = ((data[offset_data + 2] >> 4) & 0x03) | ((data[offset_data + 3] & 0x3f) << 2);
|
bytes[offset_byte + 1] = ((data[offset_data + 1] >> 2) & 0x0f) |
|
||||||
|
((data[offset_data + 2] & 0x0f) << 4);
|
||||||
|
bytes[offset_byte + 2] = ((data[offset_data + 2] >> 4) & 0x03) |
|
||||||
|
((data[offset_data + 3] & 0x3f) << 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,11 +87,12 @@ void PQCLEAN_SABER_CLEAN_un_pack6bit(const unsigned char *bytes, uint16_t *data)
|
|||||||
offset_byte = 3 * j;
|
offset_byte = 3 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
data[offset_data + 0] = bytes[offset_byte + 0] & 0x3f;
|
data[offset_data + 0] = bytes[offset_byte + 0] & 0x3f;
|
||||||
data[offset_data + 1] = ((bytes[offset_byte + 0] >> 6) & 0x03) | ((bytes[offset_byte + 1] & 0x0f) << 2) ;
|
data[offset_data + 1] = ((bytes[offset_byte + 0] >> 6) & 0x03) |
|
||||||
data[offset_data + 2] = ((bytes[offset_byte + 1] & 0xff) >> 4) | ((bytes[offset_byte + 2] & 0x03) << 4) ;
|
((bytes[offset_byte + 1] & 0x0f) << 2);
|
||||||
|
data[offset_data + 2] = ((bytes[offset_byte + 1] & 0xff) >> 4) |
|
||||||
|
((bytes[offset_byte + 2] & 0x03) << 4);
|
||||||
data[offset_data + 3] = ((bytes[offset_byte + 2] & 0xff) >> 2);
|
data[offset_data + 3] = ((bytes[offset_byte + 2] & 0xff) >> 2);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -97,22 +106,18 @@ static void POLVECp2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
|||||||
offset_byte = offset_byte1 + 5 * j;
|
offset_byte = offset_byte1 + 5 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
||||||
|
bytes[offset_byte + 1] = ((data[i][offset_data + 0] >> 8) & 0x03) |
|
||||||
bytes[offset_byte + 1] = ( (data[i][ offset_data + 0 ] >> 8) & 0x03 ) | ((data[i][ offset_data + 1 ] & 0x3f) << 2);
|
((data[i][offset_data + 1] & 0x3f) << 2);
|
||||||
|
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 6) & 0x0f) |
|
||||||
bytes[offset_byte + 2] = ( (data[i][ offset_data + 1 ] >> 6) & 0x0f ) | ( (data[i][ offset_data + 2 ] & 0x0f) << 4);
|
((data[i][offset_data + 2] & 0x0f) << 4);
|
||||||
|
bytes[offset_byte + 3] = ((data[i][offset_data + 2] >> 4) & 0x3f) |
|
||||||
bytes[offset_byte + 3] = ( (data[i][ offset_data + 2 ] >> 4) & 0x3f ) | ((data[i][ offset_data + 3 ] & 0x03) << 6);
|
((data[i][offset_data + 3] & 0x03) << 6);
|
||||||
|
|
||||||
bytes[offset_byte + 4] = ((data[i][offset_data + 3] >> 2) & 0xff);
|
bytes[offset_byte + 4] = ((data[i][offset_data + 3] >> 2) & 0xff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -121,21 +126,21 @@ static void BS2POLVECp(const unsigned char *bytes, uint16_t data[SABER_K][SABER_
|
|||||||
for (j = 0; j < SABER_N / 4; j++) {
|
for (j = 0; j < SABER_N / 4; j++) {
|
||||||
offset_byte = offset_byte1 + 5 * j;
|
offset_byte = offset_byte1 + 5 * j;
|
||||||
offset_data = 4 * j;
|
offset_data = 4 * j;
|
||||||
data[i][offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[ offset_byte + 1 ] & 0x03) << 8);
|
data[i][offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[i][offset_data + 1] = ( (bytes[ offset_byte + 1 ] >> 2) & (0x3f)) | ((bytes[ offset_byte + 2 ] & 0x0f) << 6);
|
((bytes[offset_byte + 1] & 0x03) << 8);
|
||||||
data[i][offset_data + 2] = ( (bytes[ offset_byte + 2 ] >> 4) & (0x0f)) | ((bytes[ offset_byte + 3 ] & 0x3f) << 4);
|
data[i][offset_data + 1] = ((bytes[offset_byte + 1] >> 2) & (0x3f)) |
|
||||||
data[i][offset_data + 3] = ( (bytes[ offset_byte + 3 ] >> 6) & (0x03)) | ((bytes[ offset_byte + 4 ] & 0xff) << 2);
|
((bytes[offset_byte + 2] & 0x0f) << 6);
|
||||||
|
data[i][offset_data + 2] = ((bytes[offset_byte + 2] >> 4) & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 3] & 0x3f) << 4);
|
||||||
|
data[i][offset_data + 3] = ((bytes[offset_byte + 3] >> 6) & (0x03)) |
|
||||||
|
((bytes[offset_byte + 4] & 0xff) << 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -145,39 +150,30 @@ static void POLVECq2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N]) {
|
|||||||
offset_byte = offset_byte1 + 13 * j;
|
offset_byte = offset_byte1 + 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
bytes[offset_byte + 0] = (data[i][offset_data + 0] & (0xff));
|
||||||
|
bytes[offset_byte + 1] = ((data[i][offset_data + 0] >> 8) & 0x1f) |
|
||||||
bytes[offset_byte + 1] = ( (data[i][ offset_data + 0 ] >> 8) & 0x1f ) | ((data[i][ offset_data + 1 ] & 0x07) << 5);
|
((data[i][offset_data + 1] & 0x07) << 5);
|
||||||
|
|
||||||
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 3) & 0xff);
|
bytes[offset_byte + 2] = ((data[i][offset_data + 1] >> 3) & 0xff);
|
||||||
|
bytes[offset_byte + 3] = ((data[i][offset_data + 1] >> 11) & 0x03) |
|
||||||
bytes[offset_byte + 3] = ( (data[i][ offset_data + 1 ] >> 11) & 0x03 ) | ((data[i][ offset_data + 2 ] & 0x3f) << 2);
|
((data[i][offset_data + 2] & 0x3f) << 2);
|
||||||
|
bytes[offset_byte + 4] = ((data[i][offset_data + 2] >> 6) & 0x7f) |
|
||||||
bytes[offset_byte + 4] = ( (data[i][ offset_data + 2 ] >> 6) & 0x7f ) | ( (data[i][ offset_data + 3 ] & 0x01) << 7 );
|
((data[i][offset_data + 3] & 0x01) << 7);
|
||||||
|
|
||||||
bytes[offset_byte + 5] = ((data[i][offset_data + 3] >> 1) & 0xff);
|
bytes[offset_byte + 5] = ((data[i][offset_data + 3] >> 1) & 0xff);
|
||||||
|
bytes[offset_byte + 6] = ((data[i][offset_data + 3] >> 9) & 0x0f) |
|
||||||
bytes[offset_byte + 6] = ( (data[i][ offset_data + 3 ] >> 9) & 0x0f ) | ( (data[i][ offset_data + 4 ] & 0x0f) << 4 );
|
((data[i][offset_data + 4] & 0x0f) << 4);
|
||||||
|
|
||||||
bytes[offset_byte + 7] = ((data[i][offset_data + 4] >> 4) & 0xff);
|
bytes[offset_byte + 7] = ((data[i][offset_data + 4] >> 4) & 0xff);
|
||||||
|
bytes[offset_byte + 8] = ((data[i][offset_data + 4] >> 12) & 0x01) |
|
||||||
bytes[offset_byte + 8] = ( (data[i][ offset_data + 4 ] >> 12) & 0x01 ) | ( (data[i][ offset_data + 5 ] & 0x7f) << 1 );
|
((data[i][offset_data + 5] & 0x7f) << 1);
|
||||||
|
bytes[offset_byte + 9] = ((data[i][offset_data + 5] >> 7) & 0x3f) |
|
||||||
bytes[offset_byte + 9] = ( (data[i][ offset_data + 5 ] >> 7) & 0x3f ) | ( (data[i][ offset_data + 6 ] & 0x03) << 6 );
|
((data[i][offset_data + 6] & 0x03) << 6);
|
||||||
|
|
||||||
bytes[offset_byte + 10] = ((data[i][offset_data + 6] >> 2) & 0xff);
|
bytes[offset_byte + 10] = ((data[i][offset_data + 6] >> 2) & 0xff);
|
||||||
|
bytes[offset_byte + 11] = ((data[i][offset_data + 6] >> 10) & 0x07) |
|
||||||
bytes[offset_byte + 11] = ( (data[i][ offset_data + 6 ] >> 10) & 0x07 ) | ( (data[i][ offset_data + 7 ] & 0x1f) << 3 );
|
((data[i][offset_data + 7] & 0x1f) << 3);
|
||||||
|
|
||||||
bytes[offset_byte + 12] = ((data[i][offset_data + 7] >> 5) & 0xff);
|
bytes[offset_byte + 12] = ((data[i][offset_data + 7] >> 5) & 0xff);
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N]) {
|
||||||
|
|
||||||
uint32_t i, j;
|
uint32_t i, j;
|
||||||
uint32_t offset_data, offset_byte, offset_byte1;
|
uint32_t offset_data, offset_byte, offset_byte1;
|
||||||
|
|
||||||
@ -186,44 +182,62 @@ static void BS2POLVECq(const unsigned char *bytes, uint16_t data[SABER_K][SABER_
|
|||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = offset_byte1 + 13 * j;
|
offset_byte = offset_byte1 + 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[i][offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[offset_byte + 1] & 0x1f) << 8);
|
data[i][offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[i][offset_data + 1] = ( bytes[ offset_byte + 1 ] >> 5 & (0x07)) | ((bytes[offset_byte + 2] & 0xff) << 3) | ((bytes[offset_byte + 3] & 0x03) << 11);
|
((bytes[offset_byte + 1] & 0x1f) << 8);
|
||||||
data[i][offset_data + 2] = ( bytes[ offset_byte + 3 ] >> 2 & (0x3f)) | ((bytes[offset_byte + 4] & 0x7f) << 6);
|
data[i][offset_data + 1] = (bytes[offset_byte + 1] >> 5 & (0x07)) |
|
||||||
data[i][offset_data + 3] = ( bytes[ offset_byte + 4 ] >> 7 & (0x01)) | ((bytes[offset_byte + 5] & 0xff) << 1) | ((bytes[offset_byte + 6] & 0x0f) << 9);
|
((bytes[offset_byte + 2] & 0xff) << 3) |
|
||||||
data[i][offset_data + 4] = ( bytes[ offset_byte + 6 ] >> 4 & (0x0f)) | ((bytes[offset_byte + 7] & 0xff) << 4) | ((bytes[offset_byte + 8] & 0x01) << 12);
|
((bytes[offset_byte + 3] & 0x03) << 11);
|
||||||
data[i][offset_data + 5] = ( bytes[ offset_byte + 8] >> 1 & (0x7f)) | ((bytes[offset_byte + 9] & 0x3f) << 7);
|
data[i][offset_data + 2] = (bytes[offset_byte + 3] >> 2 & (0x3f)) |
|
||||||
data[i][offset_data + 6] = ( bytes[ offset_byte + 9] >> 6 & (0x03)) | ((bytes[offset_byte + 10] & 0xff) << 2) | ((bytes[offset_byte + 11] & 0x07) << 10);
|
((bytes[offset_byte + 4] & 0x7f) << 6);
|
||||||
data[i][offset_data + 7] = ( bytes[ offset_byte + 11] >> 3 & (0x1f)) | ((bytes[offset_byte + 12] & 0xff) << 5);
|
data[i][offset_data + 3] = (bytes[offset_byte + 4] >> 7 & (0x01)) |
|
||||||
|
((bytes[offset_byte + 5] & 0xff) << 1) |
|
||||||
|
((bytes[offset_byte + 6] & 0x0f) << 9);
|
||||||
|
data[i][offset_data + 4] = (bytes[offset_byte + 6] >> 4 & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 7] & 0xff) << 4) |
|
||||||
|
((bytes[offset_byte + 8] & 0x01) << 12);
|
||||||
|
data[i][offset_data + 5] = (bytes[offset_byte + 8] >> 1 & (0x7f)) |
|
||||||
|
((bytes[offset_byte + 9] & 0x3f) << 7);
|
||||||
|
data[i][offset_data + 6] = (bytes[offset_byte + 9] >> 6 & (0x03)) |
|
||||||
|
((bytes[offset_byte + 10] & 0xff) << 2) |
|
||||||
|
((bytes[offset_byte + 11] & 0x07) << 10);
|
||||||
|
data[i][offset_data + 7] = (bytes[offset_byte + 11] >> 3 & (0x1f)) |
|
||||||
|
((bytes[offset_byte + 12] & 0xff) << 5);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//only BS2POLq no BS2POLp
|
||||||
}
|
void PQCLEAN_SABER_CLEAN_BS2POL(const unsigned char *bytes, uint16_t data[SABER_N]) {
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_BS2POL(const unsigned char *bytes, uint16_t data[SABER_N]) { //only BS2POLq no BS2POLp
|
|
||||||
|
|
||||||
uint32_t j;
|
uint32_t j;
|
||||||
uint32_t offset_data, offset_byte;
|
uint32_t offset_data, offset_byte;
|
||||||
|
|
||||||
for (j = 0; j < SABER_N / 8; j++) {
|
for (j = 0; j < SABER_N / 8; j++) {
|
||||||
offset_byte = 13 * j;
|
offset_byte = 13 * j;
|
||||||
offset_data = 8 * j;
|
offset_data = 8 * j;
|
||||||
data[offset_data + 0] = ( bytes[ offset_byte + 0 ] & (0xff)) | ((bytes[offset_byte + 1] & 0x1f) << 8);
|
data[offset_data + 0] = (bytes[offset_byte + 0] & (0xff)) |
|
||||||
data[offset_data + 1] = ( bytes[ offset_byte + 1 ] >> 5 & (0x07)) | ((bytes[offset_byte + 2] & 0xff) << 3) | ((bytes[offset_byte + 3] & 0x03) << 11);
|
((bytes[offset_byte + 1] & 0x1f) << 8);
|
||||||
data[offset_data + 2] = ( bytes[ offset_byte + 3 ] >> 2 & (0x3f)) | ((bytes[offset_byte + 4] & 0x7f) << 6);
|
data[offset_data + 1] = (bytes[offset_byte + 1] >> 5 & (0x07)) |
|
||||||
data[offset_data + 3] = ( bytes[ offset_byte + 4 ] >> 7 & (0x01)) | ((bytes[offset_byte + 5] & 0xff) << 1) | ((bytes[offset_byte + 6] & 0x0f) << 9);
|
((bytes[offset_byte + 2] & 0xff) << 3) |
|
||||||
data[offset_data + 4] = ( bytes[ offset_byte + 6 ] >> 4 & (0x0f)) | ((bytes[offset_byte + 7] & 0xff) << 4) | ((bytes[offset_byte + 8] & 0x01) << 12);
|
((bytes[offset_byte + 3] & 0x03) << 11);
|
||||||
data[offset_data + 5] = ( bytes[ offset_byte + 8] >> 1 & (0x7f)) | ((bytes[offset_byte + 9] & 0x3f) << 7);
|
data[offset_data + 2] = (bytes[offset_byte + 3] >> 2 & (0x3f)) |
|
||||||
data[offset_data + 6] = ( bytes[ offset_byte + 9] >> 6 & (0x03)) | ((bytes[offset_byte + 10] & 0xff) << 2) | ((bytes[offset_byte + 11] & 0x07) << 10);
|
((bytes[offset_byte + 4] & 0x7f) << 6);
|
||||||
data[offset_data + 7] = ( bytes[ offset_byte + 11] >> 3 & (0x1f)) | ((bytes[offset_byte + 12] & 0xff) << 5);
|
data[offset_data + 3] = (bytes[offset_byte + 4] >> 7 & (0x01)) |
|
||||||
|
((bytes[offset_byte + 5] & 0xff) << 1) |
|
||||||
|
((bytes[offset_byte + 6] & 0x0f) << 9);
|
||||||
|
data[offset_data + 4] = (bytes[offset_byte + 6] >> 4 & (0x0f)) |
|
||||||
|
((bytes[offset_byte + 7] & 0xff) << 4) |
|
||||||
|
((bytes[offset_byte + 8] & 0x01) << 12);
|
||||||
|
data[offset_data + 5] = (bytes[offset_byte + 8] >> 1 & (0x7f)) |
|
||||||
|
((bytes[offset_byte + 9] & 0x3f) << 7);
|
||||||
|
data[offset_data + 6] = (bytes[offset_byte + 9] >> 6 & (0x03)) |
|
||||||
|
((bytes[offset_byte + 10] & 0xff) << 2) |
|
||||||
|
((bytes[offset_byte + 11] & 0x07) << 10);
|
||||||
|
data[offset_data + 7] = (bytes[offset_byte + 11] >> 3 & (0x1f)) |
|
||||||
|
((bytes[offset_byte + 12] & 0xff) << 5);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
void PQCLEAN_SABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
||||||
|
|
||||||
if (modulus == 1024) {
|
if (modulus == 1024) {
|
||||||
POLVECp2BS(bytes, data);
|
POLVECp2BS(bytes, data);
|
||||||
} else if (modulus == 8192) {
|
} else if (modulus == 8192) {
|
||||||
@ -232,11 +246,9 @@ void PQCLEAN_SABER_CLEAN_POLVEC2BS(uint8_t *bytes, uint16_t data[SABER_K][SABER_
|
|||||||
}
|
}
|
||||||
|
|
||||||
void PQCLEAN_SABER_CLEAN_BS2POLVEC(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
void PQCLEAN_SABER_CLEAN_BS2POLVEC(const unsigned char *bytes, uint16_t data[SABER_K][SABER_N], uint16_t modulus) {
|
||||||
|
|
||||||
if (modulus == 1024) {
|
if (modulus == 1024) {
|
||||||
BS2POLVECp(bytes, data);
|
BS2POLVECp(bytes, data);
|
||||||
} else if (modulus == 8192) {
|
} else if (modulus == 8192) {
|
||||||
BS2POLVECq(bytes, data);
|
BS2POLVECq(bytes, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user