From cb0e8367c68a914b6cb0e4ca9d03fc14c6ce134f Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Mon, 3 Jun 2019 17:58:59 +0200 Subject: [PATCH 01/19] initial rainbow version. still with preprocessor conditionals --- crypto_sign/rainbowIa-classic/META.yml | 17 + crypto_sign/rainbowIa-classic/clean/LICENSE | 1 + crypto_sign/rainbowIa-classic/clean/Makefile | 20 + .../clean/Makefile.Microsoft_nmake | 19 + crypto_sign/rainbowIa-classic/clean/api.h | 62 +++ crypto_sign/rainbowIa-classic/clean/blas.h | 23 ++ .../rainbowIa-classic/clean/blas_comm.c | 276 +++++++++++++ .../rainbowIa-classic/clean/blas_comm.h | 210 ++++++++++ .../rainbowIa-classic/clean/blas_u32.h | 175 +++++++++ crypto_sign/rainbowIa-classic/clean/gf16.h | 262 +++++++++++++ .../rainbowIa-classic/clean/hash_len_config.h | 14 + .../clean/parallel_matrix_op.c | 349 +++++++++++++++++ .../clean/parallel_matrix_op.h | 316 +++++++++++++++ crypto_sign/rainbowIa-classic/clean/rainbow.c | 195 ++++++++++ crypto_sign/rainbowIa-classic/clean/rainbow.h | 64 +++ .../rainbowIa-classic/clean/rainbow_blas.h | 57 +++ .../rainbowIa-classic/clean/rainbow_config.h | 100 +++++ .../rainbowIa-classic/clean/rainbow_keypair.c | 267 +++++++++++++ .../rainbowIa-classic/clean/rainbow_keypair.h | 148 +++++++ .../clean/rainbow_keypair_computation.c | 367 ++++++++++++++++++ .../clean/rainbow_keypair_computation.h | 79 ++++ crypto_sign/rainbowIa-classic/clean/sign.c | 150 +++++++ .../rainbowIa-classic/clean/utils_hash.c | 65 ++++ .../rainbowIa-classic/clean/utils_hash.h | 16 + .../rainbowIa-classic/clean/utils_prng.c | 96 +++++ .../rainbowIa-classic/clean/utils_prng.h | 22 ++ 26 files changed, 3370 insertions(+) create mode 100644 crypto_sign/rainbowIa-classic/META.yml create mode 100644 crypto_sign/rainbowIa-classic/clean/LICENSE create mode 100644 crypto_sign/rainbowIa-classic/clean/Makefile create mode 100644 crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowIa-classic/clean/api.h create mode 100644 crypto_sign/rainbowIa-classic/clean/blas.h create mode 100644 crypto_sign/rainbowIa-classic/clean/blas_comm.c create mode 100644 crypto_sign/rainbowIa-classic/clean/blas_comm.h create mode 100644 crypto_sign/rainbowIa-classic/clean/blas_u32.h create mode 100644 crypto_sign/rainbowIa-classic/clean/gf16.h create mode 100644 crypto_sign/rainbowIa-classic/clean/hash_len_config.h create mode 100644 crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow.c create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow.h create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowIa-classic/clean/sign.c create mode 100644 crypto_sign/rainbowIa-classic/clean/utils_hash.c create mode 100644 crypto_sign/rainbowIa-classic/clean/utils_hash.h create mode 100644 crypto_sign/rainbowIa-classic/clean/utils_prng.c create mode 100644 crypto_sign/rainbowIa-classic/clean/utils_prng.h diff --git a/crypto_sign/rainbowIa-classic/META.yml b/crypto_sign/rainbowIa-classic/META.yml new file mode 100644 index 00000000..928b1c2c --- /dev/null +++ b/crypto_sign/rainbowIa-classic/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-Ia-classic +type: signature +claimed-nist-level: 1 +length-public-key: 148992 +length-secret-key: 92960 +length-signature: 64 +nistkat-sha256: b75c6fcda2100e2f6f56e9b97c4cbdda4b533116ab217f24f12e08788eb37fd0 +testvectors-sha256: edc48db3f93a66c0aa497fbbdba0bad173e3ab9cd0e3f651004b3e94d2187b75 +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-2/submissions/Rainbow-Round2.zip diff --git a/crypto_sign/rainbowIa-classic/clean/LICENSE b/crypto_sign/rainbowIa-classic/clean/LICENSE new file mode 100644 index 00000000..dd6d86a4 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/LICENSE @@ -0,0 +1 @@ +XXX diff --git a/crypto_sign/rainbowIa-classic/clean/Makefile b/crypto_sign/rainbowIa-classic/clean/Makefile new file mode 100644 index 00000000..28ff0036 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowIa-classic_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf16.h hash_len_config.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..2f44877e --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowIa-classic_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowIa-classic/clean/api.h b/crypto_sign/rainbowIa-classic/clean/api.h new file mode 100644 index 00000000..c47a5ff5 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/api.h @@ -0,0 +1,62 @@ +#ifndef PQCLEAN_RAINBOWIACLASSIC_CLEAN_API_H +#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_API_H + +#include +#include + +#define _RAINBOW_CLASSIC +//#define _RAINBOW_CYCLIC +//#define _RAINBOW_CYCLIC_COMPRESSED + +#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 92960 +#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 148992 +#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES 64 +#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(16,32,32,32) - classic" + +//TODO: remove this after creating the other parameter sets + +//#if defined _RAINBOW_CLASSIC +// +//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES sizeof(sk_t) +//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES sizeof(pk_t) +// +//#elif defined _RAINBOW_CYCLIC +// +//#define CRYPTO_SECRETKEYBYTES sizeof(sk_t) +//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t) +// +//#elif defined _RAINBOW_CYCLIC_COMPRESSED +// +//#define CRYPTO_SECRETKEYBYTES sizeof(csk_t) +//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t) +// +//#else +//error here +//#endif +// +// +//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES _SIGNATURE_BYTE +// +//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME _S_NAME _SUFFIX + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h new file mode 100644 index 00000000..c54a9269 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -0,0 +1,23 @@ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#ifndef _BLAS_H_ +#define _BLAS_H_ + +#include "blas_comm.h" +#include "blas_u32.h" + +#define gf16v_mul_scalar _gf16v_mul_scalar_u32 +#define gf16v_madd _gf16v_madd_u32 + +#define gf256v_add _gf256v_add_u32 +#define gf256v_mul_scalar _gf256v_mul_scalar_u32 +#define gf256v_madd _gf256v_madd_u32 + +#define gf256v_predicated_add _gf256v_predicated_add_u32 +#define gf16v_dot _gf16v_dot_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c new file mode 100644 index 00000000..8d45ba95 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -0,0 +1,276 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas_comm.h" +#include "blas.h" + +#include // FIXME(js): don't use assert() and don't deal with NDEBUG +#include +#include + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} + +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +///////////////// multiplications //////////////////////////////// + +/// polynomial multplication +/// School boook + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +/////////// matrix-vector + +static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + uint8_t bb = gf16v_get_ele(b, i); + gf16v_madd(c, matA, bb, n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + + +/////////// matrix-matrix + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = (len_vec + 1) / 2; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + uint8_t bb = gf16v_get_ele(bk, i); + gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); + } + c += n_vec_byte; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +///////////////// algorithms: gaussian elim ////////////////// + +static +unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { + /// assert( 0==(w&1) ); w must be even !!! + unsigned n_w_byte = (w + 1) / 2; + unsigned r8 = 1; + for (unsigned i = 0; i < h; i++) { + unsigned offset_byte = i >> 1; + uint8_t *ai = mat + n_w_byte * i; + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + n_w_byte * j; + gf256v_predicated_add(ai + offset_byte, !gf16_is_nonzero(gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + } + uint8_t pivot = gf16v_get_ele(ai, i); + r8 &= gf16_is_nonzero(pivot); + pivot = gf16_inv(pivot); + offset_byte = (i + 1) >> 1; + gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + n_w_byte * j; + gf16v_madd(aj + offset_byte, ai + offset_byte, gf16v_get_ele(aj, i), n_w_byte - offset_byte); + } + } + return r8; +} + +static +unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + assert(64 >= n); + uint8_t mat[64 * 33]; + unsigned n_byte = (n + 1) >> 1; + for (unsigned i = 0; i < n; i++) { + memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); + mat[i * (n_byte + 1) + n_byte] = gf16v_get_ele(c_terms, i); + } + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + for (unsigned i = 0; i < n; i++) { + gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); + } + return r8; +} + +static inline void gf16mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { + unsigned n_byte_w1 = (w + 1) / 2; + unsigned n_byte_w2 = (w2 + 1) / 2; + unsigned st_2 = st / 2; + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < n_byte_w2; j++) { + mat2[i * n_byte_w2 + j] = mat[i * n_byte_w1 + st_2 + j]; + } + } +} + +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { + unsigned n_w_byte = (H + 1) / 2; + + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * n_w_byte; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); + gf256v_add(ai, a + i * n_w_byte, n_w_byte); + gf16v_set_ele(ai + n_w_byte, i, 1); + } + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + gf16mat_submat(inv_a, H, H, aa, 2 * H, H); + return r8; +} + + +///////////////////////////////////////////////// + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; +// gf256v_predicated_add( ai + i , !gf256_is_nonzero(ai[i]) , aj + i , w-i ); + gf256v_predicated_add( ai + skip_len_align4, !gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = gf256_inv( pivot ); +// gf256v_mul_scalar( ai + (i+1) , pivot , w - (i+1) ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; +// gf256v_madd( aj + (i+1) , ai + (i+1) , aj[i] , w - (i+1) ); + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + assert( 63 >= n ); + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); /// XXX: this function is ``defined'' in blas.h + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + + + + + +//////////////////////////////////////////////////// + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE_ + +#define gf16mat_prod_impl gf16mat_prod_ref +#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref +#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref + + + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf16mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + + +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf16mat_gauss_elim_impl( mat, h, w); +} + +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf16mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h new file mode 100644 index 00000000..5b779430 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -0,0 +1,210 @@ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ + +#include + + +/// @brief get an element from GF(16) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +static inline uint8_t gf16v_get_ele(const uint8_t *a, unsigned i) { + uint8_t r = a[i >> 1]; + uint8_t r0 = r & 0xf; + uint8_t r1 = r >> 4; + uint8_t m = (uint8_t)(-(i & 1)); + return (uint8_t)((r1 & m) | ((~m)&r0)); +} + +/// @brief set an element for a GF(16) vector . +/// +/// @param[in,out] a - the vector a. +/// @param[in] i - the index in the vector a. +/// @param[in] v - the value for the i-th element in vector a. +/// @return the value of the element. +/// +static inline uint8_t gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { + uint8_t m = (uint8_t) (0xf ^ (-(i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase + a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set + return v; +} + + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +static inline uint8_t gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + + +/// @brief set an element for a GF(256) vector . +/// +/// @param[in,out] a - the vector a. +/// @param[in] i - the index in the vector a. +/// @param[in] v - the value for the i-th element in vector a. +/// @return the value of the element. +/// +static inline uint8_t gf256v_set_ele(uint8_t *a, unsigned i, uint8_t v) { + a[i] = v; + return v; +} + + +///////////////////////////////////// + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + + +///////////////// Section: multiplications //////////////////////////////// + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(16) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + + +/// @brief matrix-matrix multiplication: c = a * b , in GF(16) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + + + + +///////////////// algorithms: gaussian elim ////////////////// + + +/// @brief Gauss elimination for a matrix, in GF(16) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(16) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + + + +//////////////// Section: inversion for matrices ////////////////////////// + + +/// @brief Computing the inverse matrix, in GF(16) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h new file mode 100644 index 00000000..81ea3411 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -0,0 +1,175 @@ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ + +#include "gf16.h" + +#include + +static inline void _gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + +static inline void _gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + + +static inline void _gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = gf16v_mul_u32(a_u32[i], gf16_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + +static inline void _gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +static inline void _gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= gf16v_mul_u32(a_u32[i], gf16_b); + } + + // TODO: this will certainly not work on Big Endian + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + +static inline void _gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= gf256v_mul_u32(a_u32[i], gf256_b); + } + + // TODO: this will certainly not work on Big Endian + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + + +static inline uint8_t _gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + const uint32_t *a_u32 = (const uint32_t *) a; + const uint32_t *b_u32 = (const uint32_t *) b; + uint32_t r = 0; + for (unsigned i = 0; i < n_u32; i++) { + r ^= gf16v_mul_u32_u32(a_u32[i], b_u32[i]); + } + + unsigned rem = _num_byte & 3; + if (rem) { + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } ta, tb; + ta.u32 = 0; + tb.u32 = 0; + for (unsigned i = 0; i < rem; i++) { + ta.u8[i] = a[(n_u32 << 2) + i]; + } + for (unsigned i = 0; i < rem; i++) { + tb.u8[i] = b[(n_u32 << 2) + i]; + } + r ^= gf16v_mul_u32_u32(ta.u32, tb.u32); + } + return gf16v_reduce_u32(r); +} + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/gf16.h b/crypto_sign/rainbowIa-classic/clean/gf16.h new file mode 100644 index 00000000..ace634d8 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/gf16.h @@ -0,0 +1,262 @@ +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +#ifndef _GF16_H_ +#define _GF16_H_ + +#include + +// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) (a - 2) >> 1; + return (uint8_t)((msk & (a * 3)) | ((~msk) & (a - 1))); +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint8_t gf4_inv(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { + uint32_t c0 = a0 & b0; + uint32_t c2 = a1 & b1; + uint32_t c1_ = (a0 ^ a1) & (b0 ^ b1); + return ((c1_ ^ c0) << 1) ^ c0 ^ c2; +} + +static inline uint32_t gf4v_mul_u32_u32(uint32_t a, uint32_t b) { + uint32_t a0 = a & 0x55555555; + uint32_t a1 = (a >> 1) & 0x55555555; + uint32_t b0 = b & 0x55555555; + uint32_t b1 = (b >> 1) & 0x55555555; + + return _gf4v_mul_u32_u32(a0, a1, b0, b1); +} + +static inline uint32_t gf4v_squ_u32(uint32_t a) { + uint32_t bit1 = a & 0xaaaaaaaa; + return a ^ (bit1 >> 1); +} + +////////////////////////////////////////////////////////////////////////////////// + +static inline uint8_t gf16_is_nonzero(uint8_t a) { + unsigned a4 = a & 0xf; + unsigned r = ((unsigned) 0) - a4; + r >>= 4; + return r & 1; +} + +// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +static inline uint8_t gf16_inv(uint8_t a) { + uint8_t a2 = gf16_squ(a); + uint8_t a4 = gf16_squ(a2); + uint8_t a8 = gf16_squ(a4); + uint8_t a6 = gf16_mul(a4, a2); + return gf16_mul(a8, a6); +} + +static inline uint8_t gf16_mul_4(uint8_t a) { + return (uint8_t)((((a << 2) ^ a) & (8 + 4)) ^ gf4_mul_2(a >> 2)); +} + +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t)(gf4_mul_2(a0 ^ a1) << 2 | gf4_mul_3(a1)); +} + +//////////// + +// gf16 := gf4[y]/y^2+y+x + +static inline uint32_t gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint32_t _gf16v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3, uint32_t b0, uint32_t b1, uint32_t b2, uint32_t b3) { + uint32_t c0 = _gf4v_mul_u32_u32(a0, a1, b0, b1); + uint32_t c1_ = _gf4v_mul_u32_u32(a0 ^ a2, a1 ^ a3, b0 ^ b2, b1 ^ b3); + + uint32_t c2_0 = a2 & b2; + uint32_t c2_2 = a3 & b3; + uint32_t c2_1_ = (a2 ^ a3) & (b2 ^ b3); + uint32_t c2_r0 = c2_0 ^ c2_2; + uint32_t c2_r1 = c2_0 ^ c2_1_; + //uint32_t c2 = c2_r0^(c2_r1<<1); + // GF(4) x2: (bit0<<1)^bit1^(bit1>>1); + return ((c1_ ^ c0) << 2) ^ c0 ^ (c2_r0 << 1) ^ c2_r1 ^ (c2_r1 << 1); +} + +static inline uint32_t gf16v_mul_u32_u32(uint32_t a, uint32_t b) { + uint32_t a0 = a & 0x11111111; + uint32_t a1 = (a >> 1) & 0x11111111; + uint32_t a2 = (a >> 2) & 0x11111111; + uint32_t a3 = (a >> 3) & 0x11111111; + uint32_t b0 = b & 0x11111111; + uint32_t b1 = (b >> 1) & 0x11111111; + uint32_t b2 = (b >> 2) & 0x11111111; + uint32_t b3 = (b >> 3) & 0x11111111; + + return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +static inline uint8_t gf16v_reduce_u32(uint32_t a) { + uint8_t r256 = gf256v_reduce_u32(a); + return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); +} + +static inline uint32_t gf16v_squ_u32(uint32_t a) { + uint32_t a2 = gf4v_squ_u32(a); + + return a2 ^ gf4v_mul_2_u32((a2 >> 2) & 0x33333333); +} + +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} + +static inline uint8_t gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_mul_gf16(uint8_t a, uint8_t gf16_b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = gf16_b & 15; + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b0 = gf16_mul(a1, b0); + return (uint8_t) (a0b0 ^ (a1b0 << 4)); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +static inline uint8_t gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +static inline uint32_t gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf16v_mul_u32(a, b); + uint32_t axb1 = gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} + +static inline uint32_t gf256v_squ_u32(uint32_t a) { + uint32_t a2 = gf16v_squ_u32(a); + uint32_t ar = (a2 >> 4) & 0x0f0f0f0f; + + return a2 ^ gf16v_mul_8_u32(ar); +} + +static inline uint32_t gf256v_mul_gf16_u32(uint32_t a, uint8_t gf16_b) { + return gf16v_mul_u32(a, gf16_b); +} + +#endif // _GF16_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/hash_len_config.h b/crypto_sign/rainbowIa-classic/clean/hash_len_config.h new file mode 100644 index 00000000..eb9da010 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/hash_len_config.h @@ -0,0 +1,14 @@ +/// @file hash_len_config.h +/// @brief defining the lenght of outputs of the internel hash functions. +/// + +#ifndef _HASH_LEN_CONFIG_H_ +#define _HASH_LEN_CONFIG_H_ + + +/// defining the lenght of outputs of the internel hash functions. +#ifndef _HASH_LEN +#define _HASH_LEN (32) +#endif + +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c new file mode 100644 index 00000000..de26502f --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -0,0 +1,349 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas_comm.h" +#include "blas.h" + +#include "parallel_matrix_op.h" + + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + + + + +///////////////// Section: matrix multiplications /////////////////////////////// + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf16v_madd( bC, & btriA[ (k - i)*size_batch ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf16v_madd( bC, & btriA[ size_batch * (idx_of_trimat(k, i, Aheight)) ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_trimat(k, i, Aheight)) ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf16v_madd( bC, & bA[ k * size_batch ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +/// +/// assert( dim <= 128 ); +/// assert( size_batch <= 128 ); + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = gf16v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf16v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf16v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +/// +/// assert( dim <= 256 ); +/// assert( size_batch <= 256 ); + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + + + + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +/// +/// assert( dim_x <= 128 ); +/// assert( dim_y <= 128 ); +/// assert( size_batch <= 128 ); + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = gf16v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = gf16v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf16v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf16v_madd( z, tmp, _y[i], size_batch ); + } +} + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +/// +/// assert( dim_x <= 128 ); +/// assert( dim_y <= 128 ); +/// assert( size_batch <= 128 ); + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + + + diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h new file mode 100644 index 00000000..4881bc53 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h @@ -0,0 +1,316 @@ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ + + + + + +//////////////////////////////////////////////////////////////////////// +/// Librarys for batched matrix operations. +/// A batched matrix is a matrix which each element of the matrix +/// contains size_batch GF elements. +//////////////////////////////////////////////////////////////////////// + + + + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return idx_of_trimat(j_col, i_row, n_var); + } + return idx_of_trimat(i_row, j_col, n_var); +} + + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c new file mode 100644 index 00000000..9ce5ff8b --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -0,0 +1,195 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + + + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + + + + + + + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + + + +/////////////// cyclic version /////////////////////////// + + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { + unsigned char sk[sizeof(sk_t) + 32]; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); +} + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { + unsigned char pk[sizeof(pk_t) +32]; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +} + + diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h new file mode 100644 index 00000000..c1947f67 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -0,0 +1,64 @@ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + + +/// +/// @brief Signing function for compressed secret key of the cyclic rainbow. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the compressed secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function for cyclic public keys. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key of cyclic rainbow. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); + + + +#ifdef __cplusplus +} +#endif + + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h new file mode 100644 index 00000000..8f42efd3 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h @@ -0,0 +1,57 @@ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ + +#include "blas.h" + +#include "parallel_matrix_op.h" + +#include "rainbow_config.h" + +#ifdef _USE_GF16 + +#define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd + +#define gfmat_prod PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16 +#define batch_2trimat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16 +#define batch_matTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16 +#define batch_mat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16 + +#else + +#define gfv_get_ele gf256v_get_ele +#define gfv_mul_scalar gf256v_mul_scalar +#define gfv_madd gf256v_madd + +#define gfmat_prod gf256mat_prod +#define gfmat_inv gf256mat_inv + +#define batch_trimat_madd batch_trimat_madd_gf256 +#define batch_trimatTr_madd batch_trimatTr_madd_gf256 +#define batch_2trimat_madd batch_2trimat_madd_gf256 +#define batch_matTr_madd batch_matTr_madd_gf256 +#define batch_bmatTr_madd batch_bmatTr_madd_gf256 +#define batch_mat_madd batch_mat_madd_gf256 + +#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 + +#endif + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h new file mode 100644 index 00000000..da952ce4 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h @@ -0,0 +1,100 @@ +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// +/// Defining one of the 3 parameter _RAINBOW16_32_32_32 , _RAINBOW256_68_36_36 , or _RAINBOW256_92_48_48 +/// for (GF16,32,32,32) (GF256,68,36,36) (GF256,92,48,48) in this file. +/// +/// + +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + + +// TODO: refactor this + +/// the defined parameter +#if (!defined(_RAINBOW16_32_32_32))&&(!defined(_RAINBOW256_68_36_36))&&(!defined(_RAINBOW256_92_48_48)) +#define _RAINBOW16_32_32_32 +//#define _RAINBOW256_68_36_36 +//#define _RAINBOW256_92_48_48 +#endif + + +#if defined _RAINBOW16_32_32_32 +#define _USE_GF16 +#define _GFSIZE 16 +#define _V1 32 +#define _O1 32 +#define _O2 32 +#define _HASH_LEN 32 + +#elif defined _RAINBOW256_68_36_36 +#define _GFSIZE 256 +#define _V1 68 +#define _O1 36 +#define _O2 36 +#define _HASH_LEN 48 + +#elif defined _RAINBOW256_92_48_48 +#define _GFSIZE 256 +#define _V1 92 +#define _O1 48 +#define _O2 48 +#define _HASH_LEN 64 + +#else +error here. +#endif + + +#define _V2 ((_V1)+(_O1)) + +#define STR1(x) #x +#define THE_NAME(gf,v1,o1,o2) "RAINBOW(" STR1(gf) "," STR1(v1) "," STR1(o1) "," STR1(o2) ")" +#define _S_NAME THE_NAME(_GFSIZE,_V1,_O1,_O2) + + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +#ifdef _USE_GF16 +// GF16 +#define _V1_BYTE (_V1/2) +#define _V2_BYTE (_V2/2) +#define _O1_BYTE (_O1/2) +#define _O2_BYTE (_O2/2) +#define _PUB_N_BYTE (_PUB_N/2) +#define _PUB_M_BYTE (_PUB_M/2) + +#else +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + +#endif + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c new file mode 100644 index 00000000..009006f4 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -0,0 +1,267 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + + +////////////////////////////////////////////////////////// + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); +} + + + +///////////////////////////////////////////////////////// + + + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + + + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + + + +/////////////////// Classic ////////////////////////////////// + + +static +void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // set up prng + prng_t prng0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + + // generating secret key with prng. + generate_S_T( sk->s1, &prng0 ); + generate_B1_B2( sk->l1_F1, &prng0 ); + + // clean prng + memset( &prng0, 0, sizeof(prng_t) ); +} + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { + _generate_secretkey( sk, sk_seed ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); +} + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { + _generate_secretkey( sk, sk_seed ); + + // set up a temporary structure ext_cpk_t for calculating public key. + ext_cpk_t pk; + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + // so far, the pk contains the full pk but in ext_cpk_t format. + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. +} + + + +///////////////////// Cyclic ////////////////////////////////// + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, &prng0 ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t prng1; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, &prng1 ); + + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + + // calcuate the parts of sk according to pk. + PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + + // clean prng for sk + memset( &prng0, 0, sizeof(prng_t) ); +} + + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + + // prng for sk + prng_t prng; + prng_t *prng0 = &prng; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + + unsigned char t2[sizeof(sk->t4)]; + memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 + calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t *prng1 = &prng; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + + obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + + // clean + memset( &prng, 0, sizeof(prng_t) ); +} + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); + sk_t sk; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); +} + + + + diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h new file mode 100644 index 00000000..accee12c --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -0,0 +1,148 @@ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + +/// @brief public key for cyclic rainbow +/// +/// public key for cyclic rainbow +/// +typedef +struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 + + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 +} cpk_t; + + + +/// @brief compressed secret key for cyclic rainbow +/// +/// compressed secret key for cyclic rainbow +/// +typedef +struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +} csk_t; + + + +///////////////////////////////////// + + +/// +/// @brief Generate key pairs for classic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); + +/// +/// @brief Generate key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of public key. +/// @param[in] sk_seed - seed for generating secret key. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +/// +/// @brief Generate compressed key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the compressed secret key. +/// @param[in] pk_seed - seed for generating parts of the public key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +//////////////////////////////////// + +/// +/// @brief Generate secret key for classic rainbow. +/// +/// @param[out] sk - the secret key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed ); + +/// +/// @brief Generate secret key for cyclic rainbow. +/// +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of the pbulic key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +//////////////////////////////////// + +/// +/// @brief converting formats of public keys : from cyclic version to classic key +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the cyclic public key. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..70ebac1e --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -0,0 +1,367 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +//////////////////////////////////////////////////////////////// + + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + + + +///////////////////////////////////////////////////////// + + +static +void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + /* + Layer 1 + Computing : + Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] + + Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 + Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + */ + const unsigned char *t2 = Ts->t4; + + memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // l1_Q5 : _O1_BYTE * _O1 * _O1 + // l1_Q9 : _O1_BYTE * _O2 * _O2 + // l2_Q5 : _O2_BYTE * _V1 * _O1 + // l2_Q9 : _O2_BYTE * _V1 * _O2 + +#define SIZE_TEMPQ (_O1_BYTE * _O1 * _O1) + #if (_O1_BYTE*_O2*_O2)> SIZE_TEMPQ +#define SIZE_TEMPQ (_O1_BYTE*_O2*_O2) + #endif + #if (_O2_BYTE*_O1*_O1) > SIZE_TEMPQ +#define SIZE_TEMPQ (_O2_BYTE*_O1*_O1) + #endif + #if (_O2_BYTE*_O2*_O2) > SIZE_TEMPQ +#define SIZE_TEMPQ (_O2_BYTE*_O2*_O2) + #endif + + unsigned char tempQ[SIZE_TEMPQ + 32]; + + memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + + /* + layer 2 + Computing: + Q1 = F1 + Q2 = F1_F1T*T1 + F2 + Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) + */ + memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 + + memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 + + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + + Q3 = F1_F1T*T2 + F2*T3 + F3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 + */ + memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); + batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + + batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 + + batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 + batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 + batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 +} + + + + + +///////////////////////////////////////////////////// + +static +void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + // Layer 1 + // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] + memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] + memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + + /* + Layer 2 + computations: + + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + + */ + memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + + // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + + unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; + memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) + memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + + batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + + // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); + batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 + batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + + // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + // + Q_pk.l2_F2s[i].transpose() * t4 + // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); + batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); + +} + + +////////////////////////////////////////////////////////////////////////////////////////////////// + +static +void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +// Layer 1: Computing Q5, Q3, Q6, Q9 + +// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + const unsigned char *t2 = Ts->t4; + sk_t tempQ; + memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memset( tempQ.l2_F1, 0, _O1_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + /* + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + /* + Layer 2 + Computing Q9: + + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ + sk_t tempQ2; + memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. + batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + + batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 +} + + + +/////////////////////////////////////////////////////////////////////// + + +// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref + + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_impl( Qs, Fs, Ts ); +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + calculate_F_from_Q_impl( Fs, Qs, Ts ); +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +} + + diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..5aec5ae4 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -0,0 +1,79 @@ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); + + +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + +/// +/// @brief Computing parts of the sk from parts of pk and sk +/// +/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); + +/// +/// @brief Computing parts of the pk from the secret key +/// +/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 +/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c new file mode 100644 index 00000000..82d2122d --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -0,0 +1,150 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + + +int +PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + #if defined _RAINBOW_CLASSIC + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); + + #elif defined _RAINBOW_CYCLIC + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + + #elif defined _RAINBOW_CYCLIC_COMPRESSED + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + + #else + error here + #endif + return 0; +} + + + + + +int +PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + #if defined _RAINBOW_CLASSIC + + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + #elif defined _RAINBOW_CYCLIC + + return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + #elif defined _RAINBOW_CYCLIC_COMPRESSED + + return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + + #else + error here + #endif + + +} + + + + + + +int +PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +//TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + #if defined _RAINBOW_CLASSIC + + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); + + #elif defined _RAINBOW_CYCLIC + + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + #elif defined _RAINBOW_CYCLIC_COMPRESSED + + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + #else + error here + #endif + + +} + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + #if defined _RAINBOW_CLASSIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + #else + error here + #endif + +} + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + #if defined _RAINBOW_CLASSIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #else + error here + #endif + +} diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c new file mode 100644 index 00000000..1b072a3c --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -0,0 +1,65 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "hash_len_config.h" +#include "sha2.h" +#include "utils_hash.h" + +#ifndef _HASH_LEN +#define _HASH_LEN (32) +#endif + +static inline +int _hash( unsigned char *digest, const unsigned char *m, unsigned long long mlen ) { + #if 32 == _HASH_LEN + sha256(digest, m, mlen); + #elif 48 == _HASH_LEN + sha384(digest, m, mlen); + #elif 64 == _HASH_LEN + sha512(digest, m, mlen); + #else +#error "unsupported _HASH_LEN" + #endif + return 0; +} + +static inline +int expand_hash( unsigned char *digest, unsigned n_digest, const unsigned char *hash ) { + if ( _HASH_LEN >= n_digest ) { + for (unsigned i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while ( _HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (unsigned i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( unsigned char *digest, unsigned len_digest, const unsigned char *m, unsigned long long mlen ) { + unsigned char buf[_HASH_LEN]; + _hash( buf, m, mlen ); + + return expand_hash( digest, len_digest, buf ); +} + + diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.h b/crypto_sign/rainbowIa-classic/clean/utils_hash.h new file mode 100644 index 00000000..2aeffde4 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.h @@ -0,0 +1,16 @@ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// +/// +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ + +// for the definition of _HASH_LEN. +#include "hash_len_config.h" + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( unsigned char *digest, unsigned len_digest, const unsigned char *m, unsigned long long mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowIa-classic/clean/utils_prng.c b/crypto_sign/rainbowIa-classic/clean/utils_prng.c new file mode 100644 index 00000000..7a9ad369 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + unsigned long long xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowIa-classic/clean/utils_prng.h b/crypto_sign/rainbowIa-classic/clean/utils_prng.h new file mode 100644 index 00000000..6c1f93a9 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/utils_prng.h @@ -0,0 +1,22 @@ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + From b87bca514ebc25758be3f8706b179e4b636351a3 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Mon, 3 Jun 2019 21:51:05 +0200 Subject: [PATCH 02/19] remove preprocessor conditionals --- crypto_sign/rainbowIa-classic/clean/blas.h | 4 +- .../rainbowIa-classic/clean/blas_comm.h | 4 +- .../rainbowIa-classic/clean/blas_u32.h | 4 +- crypto_sign/rainbowIa-classic/clean/gf16.h | 4 +- .../rainbowIa-classic/clean/hash_len_config.h | 10 +-- .../clean/parallel_matrix_op.h | 9 +- crypto_sign/rainbowIa-classic/clean/rainbow.h | 14 +-- .../rainbowIa-classic/clean/rainbow_blas.h | 28 +----- .../rainbowIa-classic/clean/rainbow_config.h | 68 +++++++------- .../rainbowIa-classic/clean/rainbow_keypair.h | 4 +- .../clean/rainbow_keypair_computation.c | 14 +-- .../clean/rainbow_keypair_computation.h | 4 +- crypto_sign/rainbowIa-classic/clean/sign.c | 88 +++++++++---------- .../rainbowIa-classic/clean/utils_hash.c | 21 ++--- .../rainbowIa-classic/clean/utils_hash.h | 4 +- .../rainbowIa-classic/clean/utils_prng.h | 4 +- 16 files changed, 115 insertions(+), 169 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h index c54a9269..406a61cf 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas.h +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -1,9 +1,9 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ /// @file blas.h /// @brief Defining the implementations for linear algebra functions depending on the machine architecture. /// -#ifndef _BLAS_H_ -#define _BLAS_H_ #include "blas_comm.h" #include "blas_u32.h" diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index 5b779430..aab6d3ce 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -1,8 +1,8 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ /// @file blas_comm.h /// @brief Common functions for linear algebra. /// -#ifndef _BLAS_COMM_H_ -#define _BLAS_COMM_H_ #include diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index 81ea3411..ba3e2679 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -1,9 +1,9 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ /// @file blas_u32.h /// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. /// -#ifndef _BLAS_U32_H_ -#define _BLAS_U32_H_ #include "gf16.h" diff --git a/crypto_sign/rainbowIa-classic/clean/gf16.h b/crypto_sign/rainbowIa-classic/clean/gf16.h index ace634d8..349c22a6 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf16.h +++ b/crypto_sign/rainbowIa-classic/clean/gf16.h @@ -1,9 +1,9 @@ +#ifndef _GF16_H_ +#define _GF16_H_ /// @file gf16.h /// @brief Library for arithmetics in GF(16) and GF(256) /// -#ifndef _GF16_H_ -#define _GF16_H_ #include diff --git a/crypto_sign/rainbowIa-classic/clean/hash_len_config.h b/crypto_sign/rainbowIa-classic/clean/hash_len_config.h index eb9da010..253130c9 100644 --- a/crypto_sign/rainbowIa-classic/clean/hash_len_config.h +++ b/crypto_sign/rainbowIa-classic/clean/hash_len_config.h @@ -1,14 +1,12 @@ +#ifndef _HASH_LEN_CONFIG_H_ +#define _HASH_LEN_CONFIG_H_ /// @file hash_len_config.h /// @brief defining the lenght of outputs of the internel hash functions. /// -#ifndef _HASH_LEN_CONFIG_H_ -#define _HASH_LEN_CONFIG_H_ - +// TODO: remove this file /// defining the lenght of outputs of the internel hash functions. -#ifndef _HASH_LEN -#define _HASH_LEN (32) -#endif +//#define _HASH_LEN (32) #endif diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h index 4881bc53..712bef52 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h @@ -1,15 +1,10 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ /// @file parallel_matrix_op.h /// @brief Librarys for operations of batched matrixes. /// /// -#ifndef _P_MATRIX_OP_H_ -#define _P_MATRIX_OP_H_ - - - - - //////////////////////////////////////////////////////////////////////// /// Librarys for batched matrix operations. /// A batched matrix is a matrix which each element of the matrix diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h index c1947f67..9aa4a11c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -1,18 +1,15 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ /// @file rainbow.h /// @brief APIs for rainbow. /// -#ifndef _RAINBOW_H_ -#define _RAINBOW_H_ #include "rainbow_config.h" #include "rainbow_keypair.h" #include -#ifdef __cplusplus -extern "C" { -#endif /// @@ -54,11 +51,4 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, cons /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); - - -#ifdef __cplusplus -} -#endif - - #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h index 8f42efd3..dd463840 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h @@ -1,10 +1,10 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ /// @file rainbow_blas.h /// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h -#ifndef _RAINBOW_BLAS_H_ -#define _RAINBOW_BLAS_H_ #include "blas.h" @@ -12,8 +12,6 @@ #include "rainbow_config.h" -#ifdef _USE_GF16 - #define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele #define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar #define gfv_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd @@ -31,27 +29,5 @@ #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16 -#else - -#define gfv_get_ele gf256v_get_ele -#define gfv_mul_scalar gf256v_mul_scalar -#define gfv_madd gf256v_madd - -#define gfmat_prod gf256mat_prod -#define gfmat_inv gf256mat_inv - -#define batch_trimat_madd batch_trimat_madd_gf256 -#define batch_trimatTr_madd batch_trimatTr_madd_gf256 -#define batch_2trimat_madd batch_2trimat_madd_gf256 -#define batch_matTr_madd batch_matTr_madd_gf256 -#define batch_bmatTr_madd batch_bmatTr_madd_gf256 -#define batch_mat_madd batch_mat_madd_gf256 - -#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 -#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 - -#endif - - #endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h index da952ce4..b7750aa3 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h @@ -1,3 +1,5 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ /// @file rainbow_config.h /// @brief Defining the parameters of the Rainbow and the corresponding constants. /// @@ -6,45 +8,43 @@ /// /// -#ifndef _H_RAINBOW_CONFIG_H_ -#define _H_RAINBOW_CONFIG_H_ // TODO: refactor this /// the defined parameter -#if (!defined(_RAINBOW16_32_32_32))&&(!defined(_RAINBOW256_68_36_36))&&(!defined(_RAINBOW256_92_48_48)) +//#if (!defined(_RAINBOW16_32_32_32))&&(!defined(_RAINBOW256_68_36_36))&&(!defined(_RAINBOW256_92_48_48)) #define _RAINBOW16_32_32_32 //#define _RAINBOW256_68_36_36 //#define _RAINBOW256_92_48_48 -#endif +//#endif -#if defined _RAINBOW16_32_32_32 +//#if defined _RAINBOW16_32_32_32 #define _USE_GF16 #define _GFSIZE 16 #define _V1 32 #define _O1 32 #define _O2 32 #define _HASH_LEN 32 - -#elif defined _RAINBOW256_68_36_36 -#define _GFSIZE 256 -#define _V1 68 -#define _O1 36 -#define _O2 36 -#define _HASH_LEN 48 - -#elif defined _RAINBOW256_92_48_48 -#define _GFSIZE 256 -#define _V1 92 -#define _O1 48 -#define _O2 48 -#define _HASH_LEN 64 - -#else -error here. -#endif +// +//#elif defined _RAINBOW256_68_36_36 +//#define _GFSIZE 256 +//#define _V1 68 +//#define _O1 36 +//#define _O2 36 +//#define _HASH_LEN 48 +// +//#elif defined _RAINBOW256_92_48_48 +//#define _GFSIZE 256 +//#define _V1 92 +//#define _O1 48 +//#define _O2 48 +//#define _HASH_LEN 64 +// +//#else +//error here. +//#endif #define _V2 ((_V1)+(_O1)) @@ -64,7 +64,7 @@ error here. /// size of variables, in # bytes. -#ifdef _USE_GF16 +//#ifdef _USE_GF16 // GF16 #define _V1_BYTE (_V1/2) #define _V2_BYTE (_V2/2) @@ -73,16 +73,16 @@ error here. #define _PUB_N_BYTE (_PUB_N/2) #define _PUB_M_BYTE (_PUB_M/2) -#else -// GF256 -#define _V1_BYTE (_V1) -#define _V2_BYTE (_V2) -#define _O1_BYTE (_O1) -#define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - -#endif +//#else +//// GF256 +//#define _V1_BYTE (_V1) +//#define _V2_BYTE (_V2) +//#define _O1_BYTE (_O1) +//#define _O2_BYTE (_O2) +//#define _PUB_N_BYTE (_PUB_N) +//#define _PUB_M_BYTE (_PUB_M) +// +//#endif /// length of seed for public key, in # bytes diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h index accee12c..d5996138 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -1,10 +1,10 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ /// @file rainbow_keypair.h /// @brief Formats of key pairs and functions for generating key pairs. /// Formats of key pairs and functions for generating key pairs. /// -#ifndef _RAINBOW_KEYPAIR_H_ -#define _RAINBOW_KEYPAIR_H_ #include "rainbow_config.h" diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 70ebac1e..081eaaac 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -119,18 +119,8 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // l2_Q5 : _O2_BYTE * _V1 * _O1 // l2_Q9 : _O2_BYTE * _V1 * _O2 -#define SIZE_TEMPQ (_O1_BYTE * _O1 * _O1) - #if (_O1_BYTE*_O2*_O2)> SIZE_TEMPQ -#define SIZE_TEMPQ (_O1_BYTE*_O2*_O2) - #endif - #if (_O2_BYTE*_O1*_O1) > SIZE_TEMPQ -#define SIZE_TEMPQ (_O2_BYTE*_O1*_O1) - #endif - #if (_O2_BYTE*_O2*_O2) > SIZE_TEMPQ -#define SIZE_TEMPQ (_O2_BYTE*_O2*_O2) - #endif - - unsigned char tempQ[SIZE_TEMPQ + 32]; + + unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index 5aec5ae4..ec27f572 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -1,3 +1,5 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ /// @file rainbow_keypair_computation.h /// @brief Functions for calculating pk/sk while generating keys. /// @@ -5,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// -#ifndef _RAINBOW_KEYPAIR_COMP_H_ -#define _RAINBOW_KEYPAIR_COMP_H_ #include "rainbow_keypair.h" diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index 82d2122d..cfc9280d 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -20,25 +20,25 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned c unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - #if defined _RAINBOW_CLASSIC +// #if defined _RAINBOW_CLASSIC PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - #elif defined _RAINBOW_CYCLIC +// #elif defined _RAINBOW_CYCLIC - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); +// unsigned char pk_seed[LEN_PKSEED] = {0}; +// randombytes( pk_seed, LEN_PKSEED ); +// generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED +// #elif defined _RAINBOW_CYCLIC_COMPRESSED - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); +// unsigned char pk_seed[LEN_PKSEED] = {0}; +// randombytes( pk_seed, LEN_PKSEED ); +// generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - #else - error here - #endif +// #else +// error here +// #endif return 0; } @@ -55,21 +55,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC +// #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC +// #elif defined _RAINBOW_CYCLIC - return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); +// return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED +// #elif defined _RAINBOW_CYCLIC_COMPRESSED - return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); +// return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - #else - error here - #endif +// #else +// error here +// #endif } @@ -91,21 +91,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - #if defined _RAINBOW_CLASSIC +// #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC +// #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); +// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED +// #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); +// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - #else - error here - #endif +// #else +// error here +// #endif } @@ -117,15 +117,15 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); *siglen = _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC + // #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); - #else - error here - #endif + // #elif defined _RAINBOW_CYCLIC + // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + // #elif defined _RAINBOW_CYCLIC_COMPRESSED + // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + // #else + // error here + // #endif } @@ -137,14 +137,14 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( } unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - #if defined _RAINBOW_CLASSIC + // #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #else - error here - #endif + // #elif defined _RAINBOW_CYCLIC + // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + // #elif defined _RAINBOW_CYCLIC_COMPRESSED + // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + // #else + // error here + // #endif } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index 1b072a3c..8c9e3aab 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -4,24 +4,21 @@ /// #include "hash_len_config.h" +#include "rainbow_config.h" #include "sha2.h" #include "utils_hash.h" -#ifndef _HASH_LEN -#define _HASH_LEN (32) -#endif - static inline int _hash( unsigned char *digest, const unsigned char *m, unsigned long long mlen ) { - #if 32 == _HASH_LEN +// #if 32 == _HASH_LEN sha256(digest, m, mlen); - #elif 48 == _HASH_LEN - sha384(digest, m, mlen); - #elif 64 == _HASH_LEN - sha512(digest, m, mlen); - #else -#error "unsupported _HASH_LEN" - #endif +// #elif 48 == _HASH_LEN +// sha384(digest, m, mlen); +// #elif 64 == _HASH_LEN +// sha512(digest, m, mlen); +// #else +//#error "unsupported _HASH_LEN" +// #endif return 0; } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.h b/crypto_sign/rainbowIa-classic/clean/utils_hash.h index 2aeffde4..ba234866 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.h +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.h @@ -1,9 +1,9 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ /// @file utils_hash.h /// @brief the interface for adapting hash functions. /// /// -#ifndef _UTILS_HASH_H_ -#define _UTILS_HASH_H_ // for the definition of _HASH_LEN. #include "hash_len_config.h" diff --git a/crypto_sign/rainbowIa-classic/clean/utils_prng.h b/crypto_sign/rainbowIa-classic/clean/utils_prng.h index 6c1f93a9..86f9ea5b 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_prng.h +++ b/crypto_sign/rainbowIa-classic/clean/utils_prng.h @@ -1,10 +1,10 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ /// @file utils_prng.h /// @brief the interface for adapting PRNG functions. /// /// -#ifndef _UTILS_PRNG_H_ -#define _UTILS_PRNG_H_ #include "randombytes.h" From cf181decc7d7e7a5e58c3c978d409691de2c06dd Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Mon, 3 Jun 2019 22:12:37 +0200 Subject: [PATCH 03/19] refactor hash to use size_t --- .../rainbowIa-classic/clean/utils_hash.c | 22 ++++++++++--------- .../rainbowIa-classic/clean/utils_hash.h | 3 ++- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index 8c9e3aab..358a20f7 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -9,7 +9,7 @@ #include "utils_hash.h" static inline -int _hash( unsigned char *digest, const unsigned char *m, unsigned long long mlen ) { +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { // #if 32 == _HASH_LEN sha256(digest, m, mlen); // #elif 48 == _HASH_LEN @@ -23,20 +23,20 @@ int _hash( unsigned char *digest, const unsigned char *m, unsigned long long mle } static inline -int expand_hash( unsigned char *digest, unsigned n_digest, const unsigned char *hash ) { +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { if ( _HASH_LEN >= n_digest ) { - for (unsigned i = 0; i < n_digest; i++) { + for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } return 0; } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (size_t i = 0; i < _HASH_LEN; i++) { digest[i] = hash[i]; } n_digest -= _HASH_LEN; - while ( _HASH_LEN <= n_digest ) { + while (_HASH_LEN <= n_digest ) { _hash( digest + _HASH_LEN, digest, _HASH_LEN ); n_digest -= _HASH_LEN; @@ -45,18 +45,20 @@ int expand_hash( unsigned char *digest, unsigned n_digest, const unsigned char * unsigned char temp[_HASH_LEN]; if ( n_digest ) { _hash( temp, digest, _HASH_LEN ); - for (unsigned i = 0; i < n_digest; i++) { + for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } } return 0; } -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( unsigned char *digest, unsigned len_digest, const unsigned char *m, unsigned long long mlen ) { +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { unsigned char buf[_HASH_LEN]; - _hash( buf, m, mlen ); - - return expand_hash( digest, len_digest, buf ); + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.h b/crypto_sign/rainbowIa-classic/clean/utils_hash.h index ba234866..9c011a2e 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.h +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.h @@ -7,8 +7,9 @@ // for the definition of _HASH_LEN. #include "hash_len_config.h" +#include -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( unsigned char *digest, unsigned len_digest, const unsigned char *m, unsigned long long mlen ); +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); From a7253a353075e0ac84fe3131267a2f9cfba5de9a Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Fri, 14 Jun 2019 14:16:40 +0200 Subject: [PATCH 04/19] make Windows and 32-bit systems (slightly more?) happy --- crypto_sign/rainbowIa-classic/clean/blas_comm.h | 4 ++-- crypto_sign/rainbowIa-classic/clean/utils_prng.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index aab6d3ce..c435b970 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -17,7 +17,7 @@ static inline uint8_t gf16v_get_ele(const uint8_t *a, unsigned i) { uint8_t r = a[i >> 1]; uint8_t r0 = r & 0xf; uint8_t r1 = r >> 4; - uint8_t m = (uint8_t)(-(i & 1)); + uint8_t m = (uint8_t)(-((int8_t)i & 1)); return (uint8_t)((r1 & m) | ((~m)&r0)); } @@ -29,7 +29,7 @@ static inline uint8_t gf16v_get_ele(const uint8_t *a, unsigned i) { /// @return the value of the element. /// static inline uint8_t gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { - uint8_t m = (uint8_t) (0xf ^ (-(i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set return v; diff --git a/crypto_sign/rainbowIa-classic/clean/utils_prng.c b/crypto_sign/rainbowIa-classic/clean/utils_prng.c index 7a9ad369..1a8a36b4 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_prng.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_prng.c @@ -44,7 +44,7 @@ static void randombytes_init_with_state(prng_t *state, static int randombytes_with_state(prng_t *state, unsigned char *x, - unsigned long long xlen) { + size_t xlen) { unsigned char block[16]; int i = 0; From 24014ae2556f901b03593ead579866fd8dfc0bb5 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Fri, 14 Jun 2019 14:44:24 +0200 Subject: [PATCH 05/19] more Windows errors --- crypto_sign/rainbowIa-classic/clean/blas_u32.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index ba3e2679..56e13e3a 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -56,6 +56,7 @@ static inline void _gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _n uint8_t u8[4]; uint32_t u32; } t; + t.u32 = 0; a += (n_u32 << 2); unsigned rem = _num_byte & 3; for (unsigned i = 0; i < rem; i++) { @@ -78,6 +79,7 @@ static inline void _gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_b uint8_t u8[4]; uint32_t u32; } t; + t.u32 = 0; a += (n_u32 << 2); unsigned rem = _num_byte & 3; for (unsigned i = 0; i < rem; i++) { From 64413d2babf16550b1c8e61f4233e59360082fd0 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Fri, 14 Jun 2019 15:53:08 +0200 Subject: [PATCH 06/19] move code out of headers --- crypto_sign/rainbowIa-classic/clean/Makefile | 4 +- .../clean/Makefile.Microsoft_nmake | 2 +- crypto_sign/rainbowIa-classic/clean/blas.h | 15 +- .../rainbowIa-classic/clean/blas_comm.c | 80 +++++--- .../rainbowIa-classic/clean/blas_comm.h | 43 +---- .../rainbowIa-classic/clean/blas_u32.c | 165 +++++++++++++++++ .../rainbowIa-classic/clean/blas_u32.h | 174 +----------------- .../rainbowIa-classic/clean/{gf16.h => gf.c} | 88 ++------- crypto_sign/rainbowIa-classic/clean/gf.h | 19 ++ .../rainbowIa-classic/clean/hash_len_config.h | 12 -- .../clean/parallel_matrix_op.c | 81 ++++---- .../clean/parallel_matrix_op.h | 31 +--- .../clean/rainbow_keypair_computation.c | 12 +- .../rainbowIa-classic/clean/utils_hash.c | 1 - .../rainbowIa-classic/clean/utils_hash.h | 3 - 15 files changed, 331 insertions(+), 399 deletions(-) create mode 100644 crypto_sign/rainbowIa-classic/clean/blas_u32.c rename crypto_sign/rainbowIa-classic/clean/{gf16.h => gf.c} (71%) create mode 100644 crypto_sign/rainbowIa-classic/clean/gf.h delete mode 100644 crypto_sign/rainbowIa-classic/clean/hash_len_config.h diff --git a/crypto_sign/rainbowIa-classic/clean/Makefile b/crypto_sign/rainbowIa-classic/clean/Makefile index 28ff0036..0792549f 100644 --- a/crypto_sign/rainbowIa-classic/clean/Makefile +++ b/crypto_sign/rainbowIa-classic/clean/Makefile @@ -2,8 +2,8 @@ LIB=librainbowIa-classic_clean.a -HEADERS = api.h blas_comm.h blas.h blas_u32.h gf16.h hash_len_config.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h -OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) diff --git a/crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake index 2f44877e..9bdc010b 100644 --- a/crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake +++ b/crypto_sign/rainbowIa-classic/clean/Makefile.Microsoft_nmake @@ -2,7 +2,7 @@ # nmake /f Makefile.Microsoft_nmake LIBRARY=librainbowIa-classic_clean.lib -OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj CFLAGS=/nologo /I ..\..\..\common /W4 /WX diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h index 406a61cf..0055ab74 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas.h +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -8,15 +8,16 @@ #include "blas_comm.h" #include "blas_u32.h" -#define gf16v_mul_scalar _gf16v_mul_scalar_u32 -#define gf16v_madd _gf16v_madd_u32 +//TODO remove the gf16v/gf256v if they are not used in the parameter sets +#define gf16v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32 +#define gf16v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32 -#define gf256v_add _gf256v_add_u32 -#define gf256v_mul_scalar _gf256v_mul_scalar_u32 -#define gf256v_madd _gf256v_madd_u32 +#define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32 +#define gf256v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32 -#define gf256v_predicated_add _gf256v_predicated_add_u32 -#define gf16v_dot _gf16v_dot_u32 +#define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32 +#define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32 #endif // _BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index 8d45ba95..768fe58a 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -4,11 +4,51 @@ #include "blas_comm.h" #include "blas.h" +#include "gf.h" -#include // FIXME(js): don't use assert() and don't deal with NDEBUG #include #include +/// @brief get an element from GF(16) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i) { + uint8_t r = a[i >> 1]; + uint8_t r0 = r & 0xf; + uint8_t r1 = r >> 4; + uint8_t m = (uint8_t)(-((int8_t)i & 1)); + return (uint8_t)((r1 & m) | ((~m)&r0)); +} + +/// @brief set an element for a GF(16) vector . +/// +/// @param[in,out] a - the vector a. +/// @param[in] i - the index in the vector a. +/// @param[in] v - the value for the i-th element in vector a. +/// @return the value of the element. +/// +static uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { + uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase + a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set + return v; +} + + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + + void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -39,7 +79,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); for (unsigned i = 0; i < n_A_width; i++) { - uint8_t bb = gf16v_get_ele(b, i); + uint8_t bb = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(b, i); gf16v_madd(c, matA, bb, n_A_vec_byte); matA += n_A_vec_byte; } @@ -62,7 +102,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; for (unsigned i = 0; i < len_vec; i++) { - uint8_t bb = gf16v_get_ele(bk, i); + uint8_t bb = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(bk, i); gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); } c += n_vec_byte; @@ -85,7 +125,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, c static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - /// assert( 0==(w&1) ); w must be even !!! unsigned n_w_byte = (w + 1) / 2; unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -93,11 +132,11 @@ unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { uint8_t *ai = mat + n_w_byte * i; for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; - gf256v_predicated_add(ai + offset_byte, !gf16_is_nonzero(gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } - uint8_t pivot = gf16v_get_ele(ai, i); - r8 &= gf16_is_nonzero(pivot); - pivot = gf16_inv(pivot); + uint8_t pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i); + r8 &= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(pivot); + pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(pivot); offset_byte = (i + 1) >> 1; gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); for (unsigned j = 0; j < h; j++) { @@ -105,7 +144,7 @@ unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { continue; } uint8_t *aj = mat + n_w_byte * j; - gf16v_madd(aj + offset_byte, ai + offset_byte, gf16v_get_ele(aj, i), n_w_byte - offset_byte); + gf16v_madd(aj + offset_byte, ai + offset_byte, PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(aj, i), n_w_byte - offset_byte); } } return r8; @@ -113,16 +152,15 @@ unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { static unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { - assert(64 >= n); uint8_t mat[64 * 33]; unsigned n_byte = (n + 1) >> 1; for (unsigned i = 0; i < n; i++) { memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); - mat[i * (n_byte + 1) + n_byte] = gf16v_get_ele(c_terms, i); + mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(c_terms, i); } unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h for (unsigned i = 0; i < n; i++) { - gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } return r8; } @@ -146,7 +184,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ uint8_t *ai = aa + i * 2 * n_w_byte; PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); gf256v_add(ai, a + i * n_w_byte, n_w_byte); - gf16v_set_ele(ai + n_w_byte, i, 1); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? gf16mat_submat(inv_a, H, H, aa, 2 * H, H); @@ -166,20 +204,17 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; -// gf256v_predicated_add( ai + i , !gf256_is_nonzero(ai[i]) , aj + i , w-i ); - gf256v_predicated_add( ai + skip_len_align4, !gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); } - r8 &= gf256_is_nonzero(ai[i]); + r8 &= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; - pivot = gf256_inv( pivot ); -// gf256v_mul_scalar( ai + (i+1) , pivot , w - (i+1) ); + pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv( pivot ); gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); for (unsigned j = 0; j < h; j++) { if (i == j) { continue; } uint8_t *aj = mat + w * j; -// gf256v_madd( aj + (i+1) , ai + (i+1) , aj[i] , w - (i+1) ); gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); } } @@ -189,13 +224,12 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { static unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - assert( 63 >= n ); uint8_t mat[ 64 * 64 ]; for (unsigned i = 0; i < n; i++) { memcpy( mat + i * (n + 1), inp_mat + i * n, n ); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); /// XXX: this function is ``defined'' in blas.h + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); for (unsigned i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } @@ -246,8 +280,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { gf16mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); } @@ -274,3 +306,5 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsig unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); } + + diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index c435b970..777a4761 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -13,28 +13,7 @@ /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -static inline uint8_t gf16v_get_ele(const uint8_t *a, unsigned i) { - uint8_t r = a[i >> 1]; - uint8_t r0 = r & 0xf; - uint8_t r1 = r >> 4; - uint8_t m = (uint8_t)(-((int8_t)i & 1)); - return (uint8_t)((r1 & m) | ((~m)&r0)); -} - -/// @brief set an element for a GF(16) vector . -/// -/// @param[in,out] a - the vector a. -/// @param[in] i - the index in the vector a. -/// @param[in] v - the value for the i-th element in vector a. -/// @return the value of the element. -/// -static inline uint8_t gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { - uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f - uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase - a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set - return v; -} - +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); /// @brief get an element from GF(256) vector . /// @@ -42,25 +21,7 @@ static inline uint8_t gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -static inline uint8_t gf256v_get_ele(const uint8_t *a, unsigned i) { - return a[i]; -} - - -/// @brief set an element for a GF(256) vector . -/// -/// @param[in,out] a - the vector a. -/// @param[in] i - the index in the vector a. -/// @param[in] v - the value for the i-th element in vector a. -/// @return the value of the element. -/// -static inline uint8_t gf256v_set_ele(uint8_t *a, unsigned i, uint8_t v) { - a[i] = v; - return v; -} - - -///////////////////////////////////// +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); /// @brief set a vector to 0. diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.c b/crypto_sign/rainbowIa-classic/clean/blas_u32.c new file mode 100644 index 00000000..e52d5a39 --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.c @@ -0,0 +1,165 @@ +#include "blas_u32.h" +#include "gf.h" + +//TODO remove the gf16v/gf256v if they are not used in the parameter sets +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + + +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + const uint32_t *a_u32 = (const uint32_t *) a; + const uint32_t *b_u32 = (const uint32_t *) b; + uint32_t r = 0; + for (unsigned i = 0; i < n_u32; i++) { + r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); + } + + unsigned rem = _num_byte & 3; + if (rem) { + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } ta, tb; + ta.u32 = 0; + tb.u32 = 0; + for (unsigned i = 0; i < rem; i++) { + ta.u8[i] = a[(n_u32 << 2) + i]; + } + for (unsigned i = 0; i < rem; i++) { + tb.u8[i] = b[(n_u32 << 2) + i]; + } + r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); + } + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r); +} diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index 56e13e3a..199427e0 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -4,174 +4,16 @@ /// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. /// - -#include "gf16.h" - #include -static inline void _gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - b_u32[i] ^= a_u32[i]; - } - - a += (n_u32 << 2); - accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - accu_b[i] ^= a[i]; - } -} - -static inline void _gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); - uint8_t pr_u8 = pr_u32 & 0xff; - - unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - b_u32[i] ^= (a_u32[i] & pr_u32); - } - - a += (n_u32 << 2); - accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - accu_b[i] ^= (a[i] & pr_u8); - } -} - - -static inline void _gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = gf16v_mul_u32(a_u32[i], gf16_b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; - } -} - -static inline void _gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = gf256v_mul_u32(a_u32[i], b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; - } -} - - -static inline void _gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= gf16v_mul_u32(a_u32[i], gf16_b); - } - - // TODO: this will certainly not work on Big Endian - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - accu_c += (n_u32 << 2); - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; - } -} - -static inline void _gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= gf256v_mul_u32(a_u32[i], gf256_b); - } - - // TODO: this will certainly not work on Big Endian - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - accu_c += (n_u32 << 2); - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; - } -} - - -static inline uint8_t _gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - const uint32_t *a_u32 = (const uint32_t *) a; - const uint32_t *b_u32 = (const uint32_t *) b; - uint32_t r = 0; - for (unsigned i = 0; i < n_u32; i++) { - r ^= gf16v_mul_u32_u32(a_u32[i], b_u32[i]); - } - - unsigned rem = _num_byte & 3; - if (rem) { - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } ta, tb; - ta.u32 = 0; - tb.u32 = 0; - for (unsigned i = 0; i < rem; i++) { - ta.u8[i] = a[(n_u32 << 2) + i]; - } - for (unsigned i = 0; i < rem; i++) { - tb.u8[i] = b[(n_u32 << 2) + i]; - } - r ^= gf16v_mul_u32_u32(ta.u32, tb.u32); - } - return gf16v_reduce_u32(r); -} +//TODO remove the gf16v/gf256v if they are not used in the parameter sets +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/gf16.h b/crypto_sign/rainbowIa-classic/clean/gf.c similarity index 71% rename from crypto_sign/rainbowIa-classic/clean/gf16.h rename to crypto_sign/rainbowIa-classic/clean/gf.c index 349c22a6..2f5fc7c9 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf16.h +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -1,13 +1,9 @@ -#ifndef _GF16_H_ -#define _GF16_H_ -/// @file gf16.h -/// @brief Library for arithmetics in GF(16) and GF(256) -/// +#include "gf.h" +//TODO remove the gf16v/gf256v if they are not used in the parameter sets -#include -// gf4 := gf2[x]/x^2+x+1 +//// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); r ^= (uint8_t) ((a >> 1) * 7); @@ -28,10 +24,6 @@ static inline uint8_t gf4_squ(uint8_t a) { return a ^ (a >> 1); } -static inline uint8_t gf4_inv(uint8_t a) { - return a ^ (a >> 1); -} - static inline uint32_t gf4v_mul_2_u32(uint32_t a) { uint32_t bit0 = a & 0x55555555; uint32_t bit1 = a & 0xaaaaaaaa; @@ -57,30 +49,14 @@ static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, return ((c1_ ^ c0) << 1) ^ c0 ^ c2; } -static inline uint32_t gf4v_mul_u32_u32(uint32_t a, uint32_t b) { - uint32_t a0 = a & 0x55555555; - uint32_t a1 = (a >> 1) & 0x55555555; - uint32_t b0 = b & 0x55555555; - uint32_t b1 = (b >> 1) & 0x55555555; - - return _gf4v_mul_u32_u32(a0, a1, b0, b1); -} - -static inline uint32_t gf4v_squ_u32(uint32_t a) { - uint32_t bit1 = a & 0xaaaaaaaa; - return a ^ (bit1 >> 1); -} - -////////////////////////////////////////////////////////////////////////////////// - -static inline uint8_t gf16_is_nonzero(uint8_t a) { +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a) { unsigned a4 = a & 0xf; unsigned r = ((unsigned) 0) - a4; r >>= 4; return r & 1; } -// gf16 := gf4[y]/y^2+y+x +//// gf16 := gf4[y]/y^2+y+x static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a0 = a & 3; uint8_t a1 = (a >> 2); @@ -101,7 +77,7 @@ static inline uint8_t gf16_squ(uint8_t a) { return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); } -static inline uint8_t gf16_inv(uint8_t a) { +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a) { uint8_t a2 = gf16_squ(a); uint8_t a4 = gf16_squ(a2); uint8_t a8 = gf16_squ(a4); @@ -109,21 +85,15 @@ static inline uint8_t gf16_inv(uint8_t a) { return gf16_mul(a8, a6); } -static inline uint8_t gf16_mul_4(uint8_t a) { - return (uint8_t)((((a << 2) ^ a) & (8 + 4)) ^ gf4_mul_2(a >> 2)); -} - static inline uint8_t gf16_mul_8(uint8_t a) { uint8_t a0 = a & 3; uint8_t a1 = a >> 2; return (uint8_t)(gf4_mul_2(a0 ^ a1) << 2 | gf4_mul_3(a1)); } -//////////// - // gf16 := gf4[y]/y^2+y+x -static inline uint32_t gf16v_mul_u32(uint32_t a, uint8_t b) { +uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { uint32_t axb0 = gf4v_mul_u32(a, b); uint32_t axb1 = gf4v_mul_u32(a, b >> 2); uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; @@ -142,12 +112,11 @@ static inline uint32_t _gf16v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t a2, uint32_t c2_1_ = (a2 ^ a3) & (b2 ^ b3); uint32_t c2_r0 = c2_0 ^ c2_2; uint32_t c2_r1 = c2_0 ^ c2_1_; - //uint32_t c2 = c2_r0^(c2_r1<<1); // GF(4) x2: (bit0<<1)^bit1^(bit1>>1); return ((c1_ ^ c0) << 2) ^ c0 ^ (c2_r0 << 1) ^ c2_r1 ^ (c2_r1 << 1); } -static inline uint32_t gf16v_mul_u32_u32(uint32_t a, uint32_t b) { +uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b) { uint32_t a0 = a & 0x11111111; uint32_t a1 = (a >> 1) & 0x11111111; uint32_t a2 = (a >> 2) & 0x11111111; @@ -168,24 +137,18 @@ static inline uint8_t gf256v_reduce_u32(uint32_t a) { return rr[0] ^ rr[1]; } -static inline uint8_t gf16v_reduce_u32(uint32_t a) { +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { uint8_t r256 = gf256v_reduce_u32(a); return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } -static inline uint32_t gf16v_squ_u32(uint32_t a) { - uint32_t a2 = gf4v_squ_u32(a); - - return a2 ^ gf4v_mul_2_u32((a2 >> 2) & 0x33333333); -} - static inline uint32_t gf16v_mul_8_u32(uint32_t a) { uint32_t a1 = a & 0xcccccccc; uint32_t a0 = (a << 2) & 0xcccccccc; return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); } -static inline uint8_t gf256_is_nonzero(uint8_t a) { +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; unsigned r = ((unsigned) 0) - a8; r >>= 8; @@ -205,15 +168,6 @@ static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); } -static inline uint8_t gf256_mul_gf16(uint8_t a, uint8_t gf16_b) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - uint8_t b0 = gf16_b & 15; - uint8_t a0b0 = gf16_mul(a0, b0); - uint8_t a1b0 = gf16_mul(a1, b0); - return (uint8_t) (a0b0 ^ (a1b0 << 4)); -} - static inline uint8_t gf256_squ(uint8_t a) { uint8_t a0 = a & 15; uint8_t a1 = (a >> 4); @@ -222,7 +176,7 @@ static inline uint8_t gf256_squ(uint8_t a) { return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); } -static inline uint8_t gf256_inv(uint8_t a) { +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a) { // 128+64+32+16+8+4+2 = 254 uint8_t a2 = gf256_squ(a); uint8_t a4 = gf256_squ(a2); @@ -237,26 +191,12 @@ static inline uint8_t gf256_inv(uint8_t a) { return gf256_mul(a2, a128_); } -static inline uint32_t gf256v_mul_u32(uint32_t a, uint8_t b) { - uint32_t axb0 = gf16v_mul_u32(a, b); - uint32_t axb1 = gf16v_mul_u32(a, b >> 4); +uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a, b >> 4); uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; uint32_t a1b1 = axb1 & 0xf0f0f0f0; uint32_t a1b1_4 = a1b1 >> 4; return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); } - -static inline uint32_t gf256v_squ_u32(uint32_t a) { - uint32_t a2 = gf16v_squ_u32(a); - uint32_t ar = (a2 >> 4) & 0x0f0f0f0f; - - return a2 ^ gf16v_mul_8_u32(ar); -} - -static inline uint32_t gf256v_mul_gf16_u32(uint32_t a, uint8_t gf16_b) { - return gf16v_mul_u32(a, gf16_b); -} - -#endif // _GF16_H_ - diff --git a/crypto_sign/rainbowIa-classic/clean/gf.h b/crypto_sign/rainbowIa-classic/clean/gf.h new file mode 100644 index 00000000..8bde5bcd --- /dev/null +++ b/crypto_sign/rainbowIa-classic/clean/gf.h @@ -0,0 +1,19 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); +uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/hash_len_config.h b/crypto_sign/rainbowIa-classic/clean/hash_len_config.h deleted file mode 100644 index 253130c9..00000000 --- a/crypto_sign/rainbowIa-classic/clean/hash_len_config.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _HASH_LEN_CONFIG_H_ -#define _HASH_LEN_CONFIG_H_ -/// @file hash_len_config.h -/// @brief defining the lenght of outputs of the internel hash functions. -/// - - -// TODO: remove this file -/// defining the lenght of outputs of the internel hash functions. -//#define _HASH_LEN (32) - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c index de26502f..4ecc5f58 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -12,13 +12,42 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { - unsigned idx = idx_of_trimat(j, i, Aheight); + unsigned idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); } gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); @@ -43,7 +72,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c if (k < i) { continue; } - gf16v_madd( bC, & btriA[ (k - i)*size_batch ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -61,7 +90,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, if (k < i) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -82,7 +111,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, if (i < k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (idx_of_trimat(k, i, Aheight)) ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -98,7 +127,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_trimat(k, i, Aheight)) ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -117,7 +146,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, if (i == k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -133,7 +162,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, if (i == k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -149,7 +178,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, co unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); } bC += size_batch * Bwidth; } @@ -161,7 +190,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, c unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); } bC += size_batch * Bwidth; } @@ -177,7 +206,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, c for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -191,7 +220,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -208,7 +237,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, cons for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ k * size_batch ], gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -222,7 +251,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, con for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } @@ -239,14 +268,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, con void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { -/// -/// assert( dim <= 128 ); -/// assert( size_batch <= 128 ); unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); } PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); @@ -261,14 +287,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char * } void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { -/// -/// assert( dim <= 256 ); -/// assert( size_batch <= 256 ); unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); } PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); @@ -290,19 +313,15 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ) { -/// -/// assert( dim_x <= 128 ); -/// assert( dim_y <= 128 ); -/// assert( size_batch <= 128 ); unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = gf16v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( y, i ); } PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); @@ -319,19 +338,15 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char * void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ) { -/// -/// assert( dim_x <= 128 ); -/// assert( dim_y <= 128 ); -/// assert( size_batch <= 128 ); unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = gf256v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( y, i ); } PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h index 712bef52..eba51668 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h @@ -5,15 +5,6 @@ /// /// -//////////////////////////////////////////////////////////////////////// -/// Librarys for batched matrix operations. -/// A batched matrix is a matrix which each element of the matrix -/// contains size_batch GF elements. -//////////////////////////////////////////////////////////////////////// - - - - //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// @@ -25,27 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; -} - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. -/// -/// @param[in] i_row - the i-th row in a triangle matrix. -/// @param[in] j_col - the j-th column in a triangle matrix. -/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { - return idx_of_trimat(j_col, i_row, n_var); - } - return idx_of_trimat(i_row, j_col, n_var); -} - +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 081eaaac..2c229aa0 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -23,7 +23,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); idx_l1 += _O1_BYTE; @@ -34,7 +34,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk idx_l2 = cpk->l2_Q2; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); idx_l1 += _O1_BYTE; @@ -45,7 +45,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk idx_l2 = cpk->l2_Q3; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); idx_l1 += _O1_BYTE; @@ -56,7 +56,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk idx_l2 = cpk->l2_Q5; for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); idx_l1 += _O1_BYTE; @@ -67,7 +67,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk idx_l2 = cpk->l2_Q6; for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); idx_l1 += _O1_BYTE; @@ -78,7 +78,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk idx_l2 = cpk->l2_Q9; for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = idx_of_trimat(i, j, _PUB_N); + unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index 358a20f7..ffe7d68e 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -3,7 +3,6 @@ /// /// -#include "hash_len_config.h" #include "rainbow_config.h" #include "sha2.h" #include "utils_hash.h" diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.h b/crypto_sign/rainbowIa-classic/clean/utils_hash.h index 9c011a2e..807851f3 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.h +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.h @@ -3,10 +3,7 @@ /// @file utils_hash.h /// @brief the interface for adapting hash functions. /// -/// -// for the definition of _HASH_LEN. -#include "hash_len_config.h" #include int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); From d42e96368a06115e31723295ce09a6cf90322470 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Sun, 16 Jun 2019 12:28:32 +0200 Subject: [PATCH 07/19] cyclic and compressedcycles parameter sets --- crypto_sign/rainbowIa-classic/clean/api.h | 30 --- crypto_sign/rainbowIa-classic/clean/blas.h | 16 +- .../rainbowIa-classic/clean/blas_comm.c | 137 +++++----- .../rainbowIa-classic/clean/blas_comm.h | 134 +++++----- .../rainbowIa-classic/clean/blas_u32.c | 105 ++++---- .../rainbowIa-classic/clean/blas_u32.h | 16 +- crypto_sign/rainbowIa-classic/clean/gf.c | 20 +- crypto_sign/rainbowIa-classic/clean/gf.h | 9 + .../clean/parallel_matrix_op.c | 245 ++++++++---------- crypto_sign/rainbowIa-classic/clean/rainbow.c | 21 +- crypto_sign/rainbowIa-classic/clean/rainbow.h | 11 +- .../rainbowIa-classic/clean/rainbow_blas.h | 26 +- .../rainbowIa-classic/clean/rainbow_config.h | 75 +++--- .../rainbowIa-classic/clean/rainbow_keypair.c | 135 ++++------ .../rainbowIa-classic/clean/rainbow_keypair.h | 22 +- .../clean/rainbow_keypair_computation.c | 28 +- .../clean/rainbow_keypair_computation.h | 9 +- crypto_sign/rainbowIa-classic/clean/sign.c | 92 ++++--- .../rainbowIa-classic/clean/utils_hash.c | 16 +- 19 files changed, 523 insertions(+), 624 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/api.h b/crypto_sign/rainbowIa-classic/clean/api.h index c47a5ff5..f4447b75 100644 --- a/crypto_sign/rainbowIa-classic/clean/api.h +++ b/crypto_sign/rainbowIa-classic/clean/api.h @@ -4,41 +4,11 @@ #include #include -#define _RAINBOW_CLASSIC -//#define _RAINBOW_CYCLIC -//#define _RAINBOW_CYCLIC_COMPRESSED - #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 92960 #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 148992 #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES 64 #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(16,32,32,32) - classic" -//TODO: remove this after creating the other parameter sets - -//#if defined _RAINBOW_CLASSIC -// -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES sizeof(sk_t) -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES sizeof(pk_t) -// -//#elif defined _RAINBOW_CYCLIC -// -//#define CRYPTO_SECRETKEYBYTES sizeof(sk_t) -//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t) -// -//#elif defined _RAINBOW_CYCLIC_COMPRESSED -// -//#define CRYPTO_SECRETKEYBYTES sizeof(csk_t) -//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t) -// -//#else -//error here -//#endif -// -// -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES _SIGNATURE_BYTE -// -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME _S_NAME _SUFFIX - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h index 0055ab74..efb19a34 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas.h +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -4,21 +4,25 @@ /// @brief Defining the implementations for linear algebra functions depending on the machine architecture. /// - #include "blas_comm.h" #include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32 + +#ifdef _USE_GF16 -//TODO remove the gf16v/gf256v if they are not used in the parameter sets #define gf16v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32 #define gf16v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32 +#define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32 + +#else -#define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32 #define gf256v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32 #define gf256v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32 -#define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32 -#define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32 - +#endif #endif // _BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index 768fe58a..ffa3b02f 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -2,13 +2,20 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas_comm.h" #include "blas.h" +#include "blas_comm.h" #include "gf.h" +#include "rainbow_config.h" #include #include + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +#ifdef _USE_GF16 + /// @brief get an element from GF(16) vector . /// /// @param[in] a - the input vector a. @@ -37,45 +44,6 @@ static uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned return v; } - -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { - return a[i]; -} - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { - gf256v_add(b, b, _num_byte); -} - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { - uint8_t r = 0; - while ( _num_byte-- ) { - r |= a[0]; - a++; - } - return (0 == r); -} - -///////////////// multiplications //////////////////////////////// - -/// polynomial multplication -/// School boook - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { - gf256v_madd(c + i, a, b[i], _num); - } -} - -/////////// matrix-vector - static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); for (unsigned i = 0; i < n_A_width; i++) { @@ -85,17 +53,6 @@ static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_b } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { - gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - - -/////////// matrix-matrix - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { unsigned n_vec_byte = (len_vec + 1) / 2; for (unsigned k = 0; k < len_vec; k++) { @@ -109,20 +66,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { - gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -///////////////// algorithms: gaussian elim ////////////////// - static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned n_w_byte = (w + 1) / 2; @@ -190,9 +133,54 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } +#else +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} -///////////////////////////////////////////////// +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} static unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { @@ -261,22 +249,17 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint return r8; } +#endif -//////////////////////////////////////////////////// - - -// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE_ +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE +#ifdef _USE_GF16 #define gf16mat_prod_impl gf16mat_prod_ref #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref - @@ -294,6 +277,10 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, c } +#else +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); } @@ -307,4 +294,4 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); } - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index 777a4761..00fa8a01 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -4,9 +4,18 @@ /// @brief Common functions for linear algebra. /// +#include "rainbow_config.h" #include +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// /// @param[in] a - the input vector a. @@ -15,6 +24,55 @@ /// uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); +/// @brief matrix-matrix multiplication: c = a * b , in GF(16) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(16) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(16) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(16) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +/// @brief matrix-vector multiplication: c = matA * b , in GF(16) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +#else /// @brief get an element from GF(256) vector . /// /// @param[in] a - the input vector a. @@ -24,13 +82,6 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); -/// @brief set a vector to 0. -/// -/// @param[in,out] b - the vector b. -/// @param[in] _num_byte - number of bytes for the vector b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); - /// @brief check if a vector is 0. /// @@ -41,10 +92,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_by unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - -///////////////// Section: multiplications //////////////////////////////// - - /// @brief polynomial multiplication: c = a*b /// /// @param[out] c - the output polynomial c @@ -55,17 +102,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigne void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); -/// @brief matrix-vector multiplication: c = matA * b , in GF(16) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - - /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// /// @param[out] c - the output vector c @@ -76,17 +112,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(16) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - - /// @brief matrix-matrix multiplication: c = a * b , in GF(256) /// /// @param[out] c - the output matrix c @@ -96,32 +121,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - - - -///////////////// algorithms: gaussian elim ////////////////// - - -/// @brief Gauss elimination for a matrix, in GF(16) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); - -/// @brief Solving linear equations, in GF(16) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); - - /// @brief Gauss elimination for a matrix, in GF(256) /// /// @param[in,out] mat - the matrix. @@ -141,22 +140,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsign /// unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); - - -//////////////// Section: inversion for matrices ////////////////////////// - - -/// @brief Computing the inverse matrix, in GF(16) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); - - /// @brief Computing the inverse matrix, in GF(256) /// /// @param[out] inv_a - the output of matrix a. @@ -166,6 +149,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ /// @return 1(true) if success. 0(false) if the matrix is singular. /// unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +#endif #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.c b/crypto_sign/rainbowIa-classic/clean/blas_u32.c index e52d5a39..d6068a6d 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.c @@ -1,43 +1,44 @@ #include "blas_u32.h" #include "gf.h" -//TODO remove the gf16v/gf256v if they are not used in the parameter sets -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + unsigned n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *) accu_b; const uint32_t *a_u32 = (const uint32_t *) a; for (unsigned i = 0; i < n_u32; i++) { - b_u32[i] ^= a_u32[i]; + b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); unsigned rem = _num_byte & 3; for (unsigned i = 0; i < rem; i++) { - accu_b[i] ^= a[i]; + accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); - uint8_t pr_u8 = pr_u32 & 0xff; - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *) accu_b; const uint32_t *a_u32 = (const uint32_t *) a; for (unsigned i = 0; i < n_u32; i++) { - b_u32[i] ^= (a_u32[i] & pr_u32); + b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); unsigned rem = _num_byte & 3; for (unsigned i = 0; i < rem; i++) { - accu_b[i] ^= (a[i] & pr_u8); + accu_b[i] ^= a[i]; } } +#ifdef _USE_GF16 + void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *) a; @@ -61,11 +62,12 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf1 } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } union tmp_32 { @@ -73,24 +75,54 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, uint32_t u32; } t; t.u32 = 0; + accu_c += (n_u32 << 2); a += (n_u32 << 2); unsigned rem = _num_byte & 3; for (unsigned i = 0; i < rem; i++) { t.u8[i] = a[i]; } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; + accu_c[i] ^= t.u8[i]; } } - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; const uint32_t *a_u32 = (const uint32_t *) a; + const uint32_t *b_u32 = (const uint32_t *) b; + uint32_t r = 0; for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); + r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); + } + + unsigned rem = _num_byte & 3; + if (rem) { + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } ta, tb; + ta.u32 = 0; + tb.u32 = 0; + for (unsigned i = 0; i < rem; i++) { + ta.u8[i] = a[(n_u32 << 2) + i]; + } + for (unsigned i = 0; i < rem; i++) { + tb.u8[i] = b[(n_u32 << 2) + i]; + } + r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); + } + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r); +} + +#else + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } union tmp_32 { @@ -98,18 +130,18 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_ uint32_t u32; } t; t.u32 = 0; - accu_c += (n_u32 << 2); a += (n_u32 << 2); unsigned rem = _num_byte & 3; for (unsigned i = 0; i < rem; i++) { t.u8[i] = a[i]; } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; + a[i] = t.u8[i]; } } + void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *) accu_c; @@ -135,31 +167,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8 } } - -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - const uint32_t *a_u32 = (const uint32_t *) a; - const uint32_t *b_u32 = (const uint32_t *) b; - uint32_t r = 0; - for (unsigned i = 0; i < n_u32; i++) { - r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); - } - - unsigned rem = _num_byte & 3; - if (rem) { - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } ta, tb; - ta.u32 = 0; - tb.u32 = 0; - for (unsigned i = 0; i < rem; i++) { - ta.u8[i] = a[(n_u32 << 2) + i]; - } - for (unsigned i = 0; i < rem; i++) { - tb.u8[i] = b[(n_u32 << 2) + i]; - } - r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); - } - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r); -} +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index 199427e0..5955b3e6 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -4,16 +4,24 @@ /// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. /// +#include "rainbow_config.h" #include -//TODO remove the gf16v/gf256v if they are not used in the parameter sets -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + +#ifdef _USE_GF16 + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); + +#else + void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); + +#endif #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index 2f5fc7c9..970d4c2e 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -1,8 +1,14 @@ #include "gf.h" -//TODO remove the gf16v/gf256v if they are not used in the parameter sets - +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} +#ifdef _USE_GF16 //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -129,14 +135,6 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} - uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { uint8_t r256 = gf256v_reduce_u32(a); return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); @@ -148,6 +146,7 @@ static inline uint32_t gf16v_mul_8_u32(uint32_t a) { return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); } +#else uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; unsigned r = ((unsigned) 0) - a8; @@ -200,3 +199,4 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); } +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/gf.h b/crypto_sign/rainbowIa-classic/clean/gf.h index 8bde5bcd..2db5c312 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.h +++ b/crypto_sign/rainbowIa-classic/clean/gf.h @@ -1,19 +1,28 @@ #ifndef _GF16_H_ #define _GF16_H_ +#include "rainbow_config.h" #include /// @file gf16.h /// @brief Library for arithmetics in GF(16) and GF(256) /// + +#ifdef _USE_GF16 + uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a); + +#else + uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); +#endif + #endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c index 4ecc5f58..d8d48f5a 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -4,14 +4,10 @@ /// the standard implementations for functions in parallel_matrix_op.h /// -#include "blas_comm.h" #include "blas.h" - +#include "blas_comm.h" #include "parallel_matrix_op.h" - -//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -55,13 +51,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const } } - - - -///////////////// Section: matrix multiplications /////////////////////////////// - - - +#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -80,107 +70,168 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; + unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - if (k < i) { + if (i < k) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } - btriA += (Aheight - i) * size_batch; } } - - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - if (i < k) { + if (i == k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } + bA += (Awidth) * size_batch; } } +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( y, i ); + } + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf16v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf16v_madd( z, tmp, _y[i], size_batch ); + } +} -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf16v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf16v_madd( y, tmp, _x[i], size_batch ); + } +} +#else +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - if (i == k) { + if (k < i) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } + btriA += (Aheight - i) * size_batch; } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - if (i == k) { + if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); } bC += size_batch; } } } - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { - gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; } - bC += size_batch * Bwidth; } } @@ -196,23 +247,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, c } } - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { const unsigned char *bA = bA_to_tr; @@ -227,24 +261,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, } } - - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -259,33 +275,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, con } } - - - -//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); - for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = i; j < dim; j++) { - gf16v_madd( tmp, trimat, _x[j], size_batch ); - trimat += size_batch; - } - gf16v_madd( y, tmp, _x[i], size_batch ); - } -} - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { unsigned char tmp[256]; @@ -305,37 +294,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char } } - - - - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); - } - unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( y, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); - for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = 0; j < dim_x; j++) { - gf16v_madd( tmp, mat, _x[j], size_batch ); - mat += size_batch; - } - gf16v_madd( z, tmp, _y[i], size_batch ); - } -} - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ) { unsigned char tmp[128]; @@ -360,5 +318,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char } } - - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c index 9ce5ff8b..bbbd1456 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -18,8 +18,7 @@ #define _MAX_O ((_O1>_O2)?_O1:_O2) #define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - - +#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; @@ -149,13 +148,10 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); return 0; } +#endif - - - - - +#ifdef _RAINBOW_CLASSIC int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. @@ -174,22 +170,21 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const } return (0 == cc) ? 0 : -1; } +#endif - - +#ifdef _RAINBOW_CYCLIC_COMPRESSED /////////////// cyclic version /////////////////////////// - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { unsigned char sk[sizeof(sk_t) + 32]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); } +#endif +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { unsigned char pk[sizeof(pk_t) +32]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); } - - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h index 9aa4a11c..9e8c53f5 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -10,8 +10,7 @@ #include - - +#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) /// /// @brief Signing function for classical secret key. /// @@ -20,7 +19,9 @@ /// @param[in] digest - the digest. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +#endif +#ifdef _RAINBOW_CLASSIC /// /// @brief Verifying function. /// @@ -30,8 +31,9 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +#endif - +#ifdef _RAINBOW_CYCLIC_COMPRESSED /// /// @brief Signing function for compressed secret key of the cyclic rainbow. /// @@ -40,7 +42,9 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const /// @param[in] digest - the digest. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); +#endif +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// /// @brief Verifying function for cyclic public keys. /// @@ -50,5 +54,6 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, cons /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +#endif #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h index dd463840..a8253e37 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h @@ -7,11 +7,11 @@ #include "blas.h" - #include "parallel_matrix_op.h" - #include "rainbow_config.h" +#ifdef _USE_GF16 + #define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele #define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar #define gfv_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd @@ -29,5 +29,27 @@ #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16 +#else + +#define gfv_get_ele gf256v_get_ele +#define gfv_mul_scalar gf256v_mul_scalar +#define gfv_madd gf256v_madd + +#define gfmat_prod gf256mat_prod +#define gfmat_inv gf256mat_inv + +#define batch_trimat_madd batch_trimat_madd_gf256 +#define batch_trimatTr_madd batch_trimatTr_madd_gf256 +#define batch_2trimat_madd batch_2trimat_madd_gf256 +#define batch_matTr_madd batch_matTr_madd_gf256 +#define batch_bmatTr_madd batch_bmatTr_madd_gf256 +#define batch_mat_madd batch_mat_madd_gf256 + +#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 + +#endif + + #endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h index b7750aa3..8245677c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h @@ -1,58 +1,51 @@ #ifndef _H_RAINBOW_CONFIG_H_ #define _H_RAINBOW_CONFIG_H_ + /// @file rainbow_config.h /// @brief Defining the parameters of the Rainbow and the corresponding constants. /// -/// Defining one of the 3 parameter _RAINBOW16_32_32_32 , _RAINBOW256_68_36_36 , or _RAINBOW256_92_48_48 -/// for (GF16,32,32,32) (GF256,68,36,36) (GF256,92,48,48) in this file. -/// -/// // TODO: refactor this - /// the defined parameter -//#if (!defined(_RAINBOW16_32_32_32))&&(!defined(_RAINBOW256_68_36_36))&&(!defined(_RAINBOW256_92_48_48)) #define _RAINBOW16_32_32_32 //#define _RAINBOW256_68_36_36 //#define _RAINBOW256_92_48_48 -//#endif + +#define _RAINBOW_CLASSIC +//#define _RAINBOW_CYCLIC +//#define _RAINBOW_CYCLIC_COMPRESSED -//#if defined _RAINBOW16_32_32_32 +#if defined _RAINBOW16_32_32_32 #define _USE_GF16 #define _GFSIZE 16 #define _V1 32 #define _O1 32 #define _O2 32 #define _HASH_LEN 32 -// -//#elif defined _RAINBOW256_68_36_36 -//#define _GFSIZE 256 -//#define _V1 68 -//#define _O1 36 -//#define _O2 36 -//#define _HASH_LEN 48 -// -//#elif defined _RAINBOW256_92_48_48 -//#define _GFSIZE 256 -//#define _V1 92 -//#define _O1 48 -//#define _O2 48 -//#define _HASH_LEN 64 -// -//#else -//error here. -//#endif +#elif defined _RAINBOW256_68_36_36 +#define _GFSIZE 256 +#define _V1 68 +#define _O1 36 +#define _O2 36 +#define _HASH_LEN 48 -#define _V2 ((_V1)+(_O1)) +#elif defined _RAINBOW256_92_48_48 +#define _GFSIZE 256 +#define _V1 92 +#define _O1 48 +#define _O2 48 +#define _HASH_LEN 64 + +#else +error here. +#endif -#define STR1(x) #x -#define THE_NAME(gf,v1,o1,o2) "RAINBOW(" STR1(gf) "," STR1(v1) "," STR1(o1) "," STR1(o2) ")" -#define _S_NAME THE_NAME(_GFSIZE,_V1,_O1,_O2) +#define _V2 ((_V1)+(_O1)) /// size of N, in # of gf elements. #define _PUB_N (_V1+_O1+_O2) @@ -64,7 +57,7 @@ /// size of variables, in # bytes. -//#ifdef _USE_GF16 +#ifdef _USE_GF16 // GF16 #define _V1_BYTE (_V1/2) #define _V2_BYTE (_V2/2) @@ -73,16 +66,16 @@ #define _PUB_N_BYTE (_PUB_N/2) #define _PUB_M_BYTE (_PUB_M/2) -//#else -//// GF256 -//#define _V1_BYTE (_V1) -//#define _V2_BYTE (_V2) -//#define _O1_BYTE (_O1) -//#define _O2_BYTE (_O2) -//#define _PUB_N_BYTE (_PUB_N) -//#define _PUB_M_BYTE (_PUB_M) -// -//#endif +#else +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + +#endif /// length of seed for public key, in # bytes diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c index 009006f4..8c6ebebe 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -71,41 +71,6 @@ void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { generate_l2_F12356( sk, prng0 ); } - -////////////////////////////////////////////////////////// - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { - // procedure: cpk_t --> extcpk_t --> pk_t - - // convert from cpk_t to extcpk_t - ext_cpk_t pk; - - // setup prng - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); - - // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); - // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); - - // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); - // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - - // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); -} - - - -///////////////////////////////////////////////////////// - - - static void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 @@ -119,8 +84,6 @@ void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsig } } - - static void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { unsigned char temp[_O1_BYTE + 32]; @@ -132,11 +95,8 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, } } - - /////////////////// Classic ////////////////////////////////// - static void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); @@ -153,14 +113,7 @@ void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memset( &prng0, 0, sizeof(prng_t) ); } - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { - _generate_secretkey( sk, sk_seed ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); -} - - - +#if defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { _generate_secretkey( sk, sk_seed ); @@ -180,42 +133,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. } +#endif - +#if defined _RAINBOW_CYCLIC ///////////////////// Cyclic ////////////////////////////////// - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); - - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t prng1; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); - - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - - // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); - - // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); -} - - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); @@ -253,15 +175,66 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk memset( &prng, 0, sizeof(prng_t) ); } +#endif +#ifdef _RAINBOW_CYCLIC_COMPRESSED void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); sk_t sk; PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); } +#endif + +#ifdef _RAINBOW_CYCLIC_COMPRESSED +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, &prng0 ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t prng1; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, &prng1 ); + + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + + // calcuate the parts of sk according to pk. + PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + + // clean prng for sk + memset( &prng0, 0, sizeof(prng_t) ); +} +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); +} +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h index d5996138..f32f3694 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -54,6 +54,7 @@ struct rainbow_secretkey { +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow @@ -81,12 +82,10 @@ struct rainbow_secretkey_cyclic { unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; +#endif - -///////////////////////////////////// - - +#if defined _RAINBOW_CLASSIC /// /// @brief Generate key pairs for classic rainbow. /// @@ -96,6 +95,7 @@ struct rainbow_secretkey_cyclic { /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); +#elif defined _RAINBOW_CYCLIC /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -106,6 +106,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#elif defined _RAINBOW_CYCLIC_COMPRESSED /// /// @brief Generate compressed key pairs for cyclic rainbow. /// @@ -115,17 +116,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk /// @param[in] sk_seed - seed for generating the secret key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#endif -//////////////////////////////////// - -/// -/// @brief Generate secret key for classic rainbow. -/// -/// @param[out] sk - the secret key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed ); - +#ifdef _RAINBOW_CYCLIC_COMPRESSED /// /// @brief Generate secret key for cyclic rainbow. /// @@ -144,5 +137,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const u /// @param[in] cpk - the cyclic public key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +#endif #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 2c229aa0..444be99f 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -13,11 +13,7 @@ #include -//////////////////////////////////////////////////////////////// - - - - +#if defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -87,11 +83,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } - - -///////////////////////////////////////////////////////// - - static void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { /* @@ -197,12 +188,16 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } +// TODO: these defines are not really required for a clean implementation - just implement directly +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_impl( Qs, Fs, Ts ); +} +#endif - - -///////////////////////////////////////////////////// +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { @@ -336,16 +331,11 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_Q_from_F_impl calculate_Q_from_F_ref #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_impl( Qs, Fs, Ts ); -} - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -354,4 +344,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index ec27f572..761c52a2 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -11,6 +11,7 @@ #include "rainbow_keypair.h" +#if defined _RAINBOW_CLASSIC /// @brief The (internal use) public key for rainbow /// /// The (internal use) public key for rainbow. The public @@ -43,8 +44,6 @@ struct rainbow_extend_publickey { /// @param[in] cpk - the internel public key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); - - ///////////////////////////////////////////////// /// @@ -56,6 +55,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); +#endif + + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) + /// /// @brief Computing parts of the sk from parts of pk and sk @@ -74,6 +78,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs /// @param[in] Ts - parts of the sk: T1, T4, T3 /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); +#endif #endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index cfc9280d..8fdb2c19 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -14,31 +14,30 @@ - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); -// #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); -// #elif defined _RAINBOW_CYCLIC + #elif defined _RAINBOW_CYCLIC -// unsigned char pk_seed[LEN_PKSEED] = {0}; -// randombytes( pk_seed, LEN_PKSEED ); -// generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); -// #elif defined _RAINBOW_CYCLIC_COMPRESSED + #elif defined _RAINBOW_CYCLIC_COMPRESSED -// unsigned char pk_seed[LEN_PKSEED] = {0}; -// randombytes( pk_seed, LEN_PKSEED ); -// generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); -// #else -// error here -// #endif + #else + error here + #endif return 0; } @@ -55,21 +54,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; -// #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); -// #elif defined _RAINBOW_CYCLIC + #elif defined _RAINBOW_CYCLIC -// return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); -// #elif defined _RAINBOW_CYCLIC_COMPRESSED + #elif defined _RAINBOW_CYCLIC_COMPRESSED -// return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); -// #else -// error here -// #endif + #else + error here + #endif } @@ -81,7 +80,7 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { -//TODO: this should not copy out the message if verification fails + //TODO: this should not copy out the message if verification fails if ( _SIGNATURE_BYTE > smlen ) { return -1; } @@ -91,21 +90,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); -// #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); -// #elif defined _RAINBOW_CYCLIC + #elif defined _RAINBOW_CYCLIC -// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); -// #elif defined _RAINBOW_CYCLIC_COMPRESSED + #elif defined _RAINBOW_CYCLIC_COMPRESSED -// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); -// #else -// error here -// #endif + #else + error here + #endif } @@ -117,16 +116,15 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); *siglen = _SIGNATURE_BYTE; - // #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - // #elif defined _RAINBOW_CYCLIC - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - // #elif defined _RAINBOW_CYCLIC_COMPRESSED - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); - // #else - // error here - // #endif - + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + #else + error here + #endif } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( @@ -137,14 +135,14 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( } unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - // #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - // #elif defined _RAINBOW_CYCLIC - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - // #elif defined _RAINBOW_CYCLIC_COMPRESSED - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - // #else - // error here - // #endif + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #else + error here + #endif } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index ffe7d68e..6a4cac91 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -9,15 +9,15 @@ static inline int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { -// #if 32 == _HASH_LEN + #if 32 == _HASH_LEN sha256(digest, m, mlen); -// #elif 48 == _HASH_LEN -// sha384(digest, m, mlen); -// #elif 64 == _HASH_LEN -// sha512(digest, m, mlen); -// #else -//#error "unsupported _HASH_LEN" -// #endif + #elif 48 == _HASH_LEN + sha384(digest, m, mlen); + #elif 64 == _HASH_LEN + sha512(digest, m, mlen); + #else +#error "unsupported _HASH_LEN" + #endif return 0; } From bf9af978d9dbc907b045f3c9dedfdc915976904b Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Tue, 18 Jun 2019 11:28:41 +0200 Subject: [PATCH 08/19] add rainbowIa-cyclic --- crypto_sign/rainbowIa-classic/clean/rainbow.c | 3 - crypto_sign/rainbowIa-classic/clean/rainbow.h | 2 - .../rainbowIa-classic/clean/rainbow_keypair.c | 10 +- .../rainbowIa-classic/clean/rainbow_keypair.h | 8 +- .../clean/rainbow_keypair_computation.c | 4 +- .../clean/rainbow_keypair_computation.h | 2 +- crypto_sign/rainbowIa-classic/clean/sign.c | 8 +- crypto_sign/rainbowIa-cyclic/META.yml | 17 + crypto_sign/rainbowIa-cyclic/clean/LICENSE | 1 + crypto_sign/rainbowIa-cyclic/clean/Makefile | 20 + .../clean/Makefile.Microsoft_nmake | 19 + crypto_sign/rainbowIa-cyclic/clean/api.h | 32 ++ crypto_sign/rainbowIa-cyclic/clean/blas.h | 28 ++ .../rainbowIa-cyclic/clean/blas_comm.c | 297 +++++++++++++++ .../rainbowIa-cyclic/clean/blas_comm.h | 155 ++++++++ crypto_sign/rainbowIa-cyclic/clean/blas_u32.c | 170 +++++++++ crypto_sign/rainbowIa-cyclic/clean/blas_u32.h | 27 ++ crypto_sign/rainbowIa-cyclic/clean/gf.c | 202 ++++++++++ crypto_sign/rainbowIa-cyclic/clean/gf.h | 28 ++ .../clean/parallel_matrix_op.c | 321 ++++++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++ crypto_sign/rainbowIa-cyclic/clean/rainbow.c | 187 ++++++++++ crypto_sign/rainbowIa-cyclic/clean/rainbow.h | 57 +++ .../rainbowIa-cyclic/clean/rainbow_blas.h | 55 +++ .../rainbowIa-cyclic/clean/rainbow_config.h | 93 +++++ .../rainbowIa-cyclic/clean/rainbow_keypair.c | 246 ++++++++++++ .../rainbowIa-cyclic/clean/rainbow_keypair.h | 146 ++++++++ .../clean/rainbow_keypair_computation.c | 349 ++++++++++++++++++ .../clean/rainbow_keypair_computation.h | 84 +++++ crypto_sign/rainbowIa-cyclic/clean/sign.c | 148 ++++++++ .../rainbowIa-cyclic/clean/utils_hash.c | 63 ++++ .../rainbowIa-cyclic/clean/utils_hash.h | 14 + .../rainbowIa-cyclic/clean/utils_prng.c | 96 +++++ .../rainbowIa-cyclic/clean/utils_prng.h | 22 ++ 34 files changed, 3181 insertions(+), 15 deletions(-) create mode 100644 crypto_sign/rainbowIa-cyclic/META.yml create mode 100644 crypto_sign/rainbowIa-cyclic/clean/LICENSE create mode 100644 crypto_sign/rainbowIa-cyclic/clean/Makefile create mode 100644 crypto_sign/rainbowIa-cyclic/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowIa-cyclic/clean/api.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/blas.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/blas_comm.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/blas_comm.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/blas_u32.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/blas_u32.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/gf.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/gf.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/sign.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/utils_hash.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/utils_hash.h create mode 100644 crypto_sign/rainbowIa-cyclic/clean/utils_prng.c create mode 100644 crypto_sign/rainbowIa-cyclic/clean/utils_prng.h diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c index bbbd1456..9550f538 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -148,10 +148,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); return 0; } -#endif - -#ifdef _RAINBOW_CLASSIC int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h index 9e8c53f5..83b3b5a3 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -19,9 +19,7 @@ /// @param[in] digest - the digest. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); -#endif -#ifdef _RAINBOW_CLASSIC /// /// @brief Verifying function. /// diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c index 8c6ebebe..1ef11ab2 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -97,6 +97,7 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// +#if defined _RAINBOW_CLASSIC static void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); @@ -113,7 +114,6 @@ void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memset( &prng0, 0, sizeof(prng_t) ); } -#if defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { _generate_secretkey( sk, sk_seed ); @@ -140,6 +140,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const ///////////////////// Cyclic ////////////////////////////////// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); // prng for sk prng_t prng; @@ -163,8 +164,12 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + unsigned char t4[sizeof(sk->t4)]; + memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); @@ -213,7 +218,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const u // clean prng for sk memset( &prng0, 0, sizeof(prng_t) ); } - +#endif +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // procedure: cpk_t --> extcpk_t --> pk_t diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h index f32f3694..79c88297 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -94,8 +94,9 @@ struct rainbow_secretkey_cyclic { /// @param[in] sk_seed - seed for generating the secret key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); +#endif -#elif defined _RAINBOW_CYCLIC +#if defined _RAINBOW_CYCLIC /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -105,8 +106,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const /// @param[in] sk_seed - seed for generating secret key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#endif -#elif defined _RAINBOW_CYCLIC_COMPRESSED +#if defined _RAINBOW_CYCLIC_COMPRESSED /// /// @brief Generate compressed key pairs for cyclic rainbow. /// @@ -127,7 +129,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, /// @param[in] sk_seed - seed for generating the secret key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#endif +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) //////////////////////////////////// /// diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 444be99f..95e9d11a 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -13,7 +13,7 @@ #include -#if defined _RAINBOW_CLASSIC +#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,7 +82,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } } +#endif +#if defined _RAINBOW_CLASSIC static void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { /* diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index 761c52a2..d30cab5b 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -11,7 +11,7 @@ #include "rainbow_keypair.h" -#if defined _RAINBOW_CLASSIC +#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC /// @brief The (internal use) public key for rainbow /// /// The (internal use) public key for rainbow. The public diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index 8fdb2c19..c36d7d41 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -27,13 +27,13 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned c unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); - generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); #elif defined _RAINBOW_CYCLIC_COMPRESSED unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); - generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); #else error here @@ -60,11 +60,11 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con #elif defined _RAINBOW_CYCLIC - return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); #elif defined _RAINBOW_CYCLIC_COMPRESSED - return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); #else error here diff --git a/crypto_sign/rainbowIa-cyclic/META.yml b/crypto_sign/rainbowIa-cyclic/META.yml new file mode 100644 index 00000000..43ea4b23 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-Ia-cyclic +type: signature +claimed-nist-level: 1 +length-public-key: 58144 +length-secret-key: 92960 +length-signature: 64 +nistkat-sha256: 16f53bf0966b433451ae26e47f09f2dc8ea42db6a5c58fff1a2e7954f94dac0a +testvectors-sha256: b7341bd862a8f683339e03cf236b885804854d9e0479cb53955761864ecc18bf +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-2/submissions/Rainbow-Round2.zip diff --git a/crypto_sign/rainbowIa-cyclic/clean/LICENSE b/crypto_sign/rainbowIa-cyclic/clean/LICENSE new file mode 100644 index 00000000..dd6d86a4 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/LICENSE @@ -0,0 +1 @@ +XXX diff --git a/crypto_sign/rainbowIa-cyclic/clean/Makefile b/crypto_sign/rainbowIa-cyclic/clean/Makefile new file mode 100644 index 00000000..62ae0619 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowIa-cyclic_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowIa-cyclic/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowIa-cyclic/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..8eb7371b --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowIa-cyclic_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowIa-cyclic/clean/api.h b/crypto_sign/rainbowIa-cyclic/clean/api.h new file mode 100644 index 00000000..a37bb952 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWIACYCLIC_CLEAN_API_H +#define PQCLEAN_RAINBOWIACYCLIC_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWIACYCLIC_CLEAN_CRYPTO_SECRETKEYBYTES 92960 +#define PQCLEAN_RAINBOWIACYCLIC_CLEAN_CRYPTO_PUBLICKEYBYTES 58144 +#define PQCLEAN_RAINBOWIACYCLIC_CLEAN_CRYPTO_BYTES 64 +#define PQCLEAN_RAINBOWIACYCLIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(16,32,32,32) - cyclic" + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas.h b/crypto_sign/rainbowIa-cyclic/clean/blas.h new file mode 100644 index 00000000..e57335e0 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/blas.h @@ -0,0 +1,28 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32 + +#ifdef _USE_GF16 + +#define gf16v_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32 +#define gf16v_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32 +#define gf16v_dot PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32 + +#else + +#define gf256v_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32 + +#endif + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c new file mode 100644 index 00000000..565a8f91 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -0,0 +1,297 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +#ifdef _USE_GF16 + +/// @brief get an element from GF(16) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i) { + uint8_t r = a[i >> 1]; + uint8_t r0 = r & 0xf; + uint8_t r1 = r >> 4; + uint8_t m = (uint8_t)(-((int8_t)i & 1)); + return (uint8_t)((r1 & m) | ((~m)&r0)); +} + +/// @brief set an element for a GF(16) vector . +/// +/// @param[in,out] a - the vector a. +/// @param[in] i - the index in the vector a. +/// @param[in] v - the value for the i-th element in vector a. +/// @return the value of the element. +/// +static uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { + uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase + a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set + return v; +} + +static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + uint8_t bb = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(b, i); + gf16v_madd(c, matA, bb, n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = (len_vec + 1) / 2; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + uint8_t bb = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(bk, i); + gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { + unsigned n_w_byte = (w + 1) / 2; + unsigned r8 = 1; + for (unsigned i = 0; i < h; i++) { + unsigned offset_byte = i >> 1; + uint8_t *ai = mat + n_w_byte * i; + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + n_w_byte * j; + gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + } + uint8_t pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i); + r8 &= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(pivot); + pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(pivot); + offset_byte = (i + 1) >> 1; + gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + n_w_byte * j; + gf16v_madd(aj + offset_byte, ai + offset_byte, PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(aj, i), n_w_byte - offset_byte); + } + } + return r8; +} + +static +unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 33]; + unsigned n_byte = (n + 1) >> 1; + for (unsigned i = 0; i < n; i++) { + memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); + mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(c_terms, i); + } + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + for (unsigned i = 0; i < n; i++) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); + } + return r8; +} + +static inline void gf16mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { + unsigned n_byte_w1 = (w + 1) / 2; + unsigned n_byte_w2 = (w2 + 1) / 2; + unsigned st_2 = st / 2; + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < n_byte_w2; j++) { + mat2[i * n_byte_w2 + j] = mat[i * n_byte_w1 + st_2 + j]; + } + } +} + +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { + unsigned n_w_byte = (H + 1) / 2; + + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * n_w_byte; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); + gf256v_add(ai, a + i * n_w_byte, n_w_byte); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); + } + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + gf16mat_submat(inv_a, H, H, aa, 2 * H, H); + return r8; +} +#else +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv( pivot ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + +#endif + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#ifdef _USE_GF16 +#define gf16mat_prod_impl gf16mat_prod_ref +#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref +#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref + + + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf16mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + + +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf16mat_gauss_elim_impl( mat, h, w); +} + +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf16mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + + +#else +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h new file mode 100644 index 00000000..f884f637 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h @@ -0,0 +1,155 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +#ifdef _USE_GF16 +/// @brief get an element from GF(16) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(16) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(16) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(16) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(16) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +/// @brief matrix-vector multiplication: c = matA * b , in GF(16) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +#else +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +#endif + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c new file mode 100644 index 00000000..efa77423 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c @@ -0,0 +1,170 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + +#ifdef _USE_GF16 + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + const uint32_t *a_u32 = (const uint32_t *) a; + const uint32_t *b_u32 = (const uint32_t *) b; + uint32_t r = 0; + for (unsigned i = 0; i < n_u32; i++) { + r ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); + } + + unsigned rem = _num_byte & 3; + if (rem) { + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } ta, tb; + ta.u32 = 0; + tb.u32 = 0; + for (unsigned i = 0; i < rem; i++) { + ta.u8[i] = a[(n_u32 << 2) + i]; + } + for (unsigned i = 0; i < rem; i++) { + tb.u8[i] = b[(n_u32 << 2) + i]; + } + r ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); + } + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(r); +} + +#else + + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h new file mode 100644 index 00000000..91cac011 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h @@ -0,0 +1,27 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + +#ifdef _USE_GF16 + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); + +#else + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + +#endif + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c new file mode 100644 index 00000000..fcff8b75 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -0,0 +1,202 @@ +#include "gf.h" + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +#ifdef _USE_GF16 +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) (a - 2) >> 1; + return (uint8_t)((msk & (a * 3)) | ((~msk) & (a - 1))); +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { + uint32_t c0 = a0 & b0; + uint32_t c2 = a1 & b1; + uint32_t c1_ = (a0 ^ a1) & (b0 ^ b1); + return ((c1_ ^ c0) << 1) ^ c0 ^ c2; +} + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a) { + unsigned a4 = a & 0xf; + unsigned r = ((unsigned) 0) - a4; + r >>= 4; + return r & 1; +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a) { + uint8_t a2 = gf16_squ(a); + uint8_t a4 = gf16_squ(a2); + uint8_t a8 = gf16_squ(a4); + uint8_t a6 = gf16_mul(a4, a2); + return gf16_mul(a8, a6); +} + +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t)(gf4_mul_2(a0 ^ a1) << 2 | gf4_mul_3(a1)); +} + +// gf16 := gf4[y]/y^2+y+x + +uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint32_t _gf16v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3, uint32_t b0, uint32_t b1, uint32_t b2, uint32_t b3) { + uint32_t c0 = _gf4v_mul_u32_u32(a0, a1, b0, b1); + uint32_t c1_ = _gf4v_mul_u32_u32(a0 ^ a2, a1 ^ a3, b0 ^ b2, b1 ^ b3); + + uint32_t c2_0 = a2 & b2; + uint32_t c2_2 = a3 & b3; + uint32_t c2_1_ = (a2 ^ a3) & (b2 ^ b3); + uint32_t c2_r0 = c2_0 ^ c2_2; + uint32_t c2_r1 = c2_0 ^ c2_1_; + // GF(4) x2: (bit0<<1)^bit1^(bit1>>1); + return ((c1_ ^ c0) << 2) ^ c0 ^ (c2_r0 << 1) ^ c2_r1 ^ (c2_r1 << 1); +} + +uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b) { + uint32_t a0 = a & 0x11111111; + uint32_t a1 = (a >> 1) & 0x11111111; + uint32_t a2 = (a >> 2) & 0x11111111; + uint32_t a3 = (a >> 3) & 0x11111111; + uint32_t b0 = b & 0x11111111; + uint32_t b1 = (b >> 1) & 0x11111111; + uint32_t b2 = (b >> 2) & 0x11111111; + uint32_t b3 = (b >> 3) & 0x11111111; + + return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); +} + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a) { + uint8_t r256 = gf256v_reduce_u32(a); + return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); +} + +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} + +#else +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.h b/crypto_sign/rainbowIa-cyclic/clean/gf.h new file mode 100644 index 00000000..d0fe9d1f --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.h @@ -0,0 +1,28 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + + +#ifdef _USE_GF16 + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); +uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a); + +#else + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + +#endif + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c new file mode 100644 index 00000000..dcf79a7c --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c @@ -0,0 +1,321 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +#ifdef _USE_GF16 +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf16v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf16v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf16v_madd( z, tmp, _y[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf16v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf16v_madd( y, tmp, _x[i], size_batch ); + } +} +#else +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h new file mode 100644 index 00000000..21c214f9 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c new file mode 100644 index 00000000..f2b8f2a7 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c @@ -0,0 +1,187 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} +#endif + +#ifdef _RAINBOW_CYCLIC_COMPRESSED +/////////////// cyclic version /////////////////////////// +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { + unsigned char sk[sizeof(sk_t) + 32]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); +} +#endif + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { + unsigned char pk[sizeof(pk_t) +32]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +} +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h new file mode 100644 index 00000000..19c58d16 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h @@ -0,0 +1,57 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +#endif + +#ifdef _RAINBOW_CYCLIC_COMPRESSED +/// +/// @brief Signing function for compressed secret key of the cyclic rainbow. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the compressed secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); +#endif + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) +/// +/// @brief Verifying function for cyclic public keys. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key of cyclic rainbow. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +#endif + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h new file mode 100644 index 00000000..b94887bd --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h @@ -0,0 +1,55 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + +#ifdef _USE_GF16 + +#define gfv_get_ele PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd + +#define gfmat_prod PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16 +#define batch_2trimat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16 +#define batch_matTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16 +#define batch_mat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16 + +#else + +#define gfv_get_ele gf256v_get_ele +#define gfv_mul_scalar gf256v_mul_scalar +#define gfv_madd gf256v_madd + +#define gfmat_prod gf256mat_prod +#define gfmat_inv gf256mat_inv + +#define batch_trimat_madd batch_trimat_madd_gf256 +#define batch_trimatTr_madd batch_trimatTr_madd_gf256 +#define batch_2trimat_madd batch_2trimat_madd_gf256 +#define batch_matTr_madd batch_matTr_madd_gf256 +#define batch_bmatTr_madd batch_bmatTr_madd_gf256 +#define batch_mat_madd batch_mat_madd_gf256 + +#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 + +#endif + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h new file mode 100644 index 00000000..744ee9ed --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h @@ -0,0 +1,93 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + + + +// TODO: refactor this +/// the defined parameter +#define _RAINBOW16_32_32_32 +//#define _RAINBOW256_68_36_36 +//#define _RAINBOW256_92_48_48 + +//#define _RAINBOW_CLASSIC +#define _RAINBOW_CYCLIC +//#define _RAINBOW_CYCLIC_COMPRESSED + + +#if defined _RAINBOW16_32_32_32 +#define _USE_GF16 +#define _GFSIZE 16 +#define _V1 32 +#define _O1 32 +#define _O2 32 +#define _HASH_LEN 32 + +#elif defined _RAINBOW256_68_36_36 +#define _GFSIZE 256 +#define _V1 68 +#define _O1 36 +#define _O2 36 +#define _HASH_LEN 48 + +#elif defined _RAINBOW256_92_48_48 +#define _GFSIZE 256 +#define _V1 92 +#define _O1 48 +#define _O2 48 +#define _HASH_LEN 64 + +#else +error here. +#endif + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +#ifdef _USE_GF16 +// GF16 +#define _V1_BYTE (_V1/2) +#define _V2_BYTE (_V2/2) +#define _O1_BYTE (_O1/2) +#define _O2_BYTE (_O2/2) +#define _PUB_N_BYTE (_PUB_N/2) +#define _PUB_M_BYTE (_PUB_M/2) + +#else +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + +#endif + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c new file mode 100644 index 00000000..eb49bd40 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c @@ -0,0 +1,246 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + +#if defined _RAINBOW_CLASSIC +static +void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // set up prng + prng_t prng0; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + + // generating secret key with prng. + generate_S_T( sk->s1, &prng0 ); + generate_B1_B2( sk->l1_F1, &prng0 ); + + // clean prng + memset( &prng0, 0, sizeof(prng_t) ); +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { + _generate_secretkey( sk, sk_seed ); + + // set up a temporary structure ext_cpk_t for calculating public key. + ext_cpk_t pk; + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + // so far, the pk contains the full pk but in ext_cpk_t format. + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. +} +#endif + + +#if defined _RAINBOW_CYCLIC +///////////////////// Cyclic ////////////////////////////////// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng; + prng_t *prng0 = &prng; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + + unsigned char t2[sizeof(sk->t4)]; + memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 + calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t *prng1 = &prng; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + + unsigned char t4[sizeof(sk->t4)]; + memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 + memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + + obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + + // clean + memset( &prng, 0, sizeof(prng_t) ); +} + +#endif + + +#ifdef _RAINBOW_CYCLIC_COMPRESSED +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); + sk_t sk; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); +} +#endif + +#ifdef _RAINBOW_CYCLIC_COMPRESSED +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng0; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, &prng0 ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t prng1; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, &prng1 ); + + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + + // calcuate the parts of sk according to pk. + PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + + // clean prng for sk + memset( &prng0, 0, sizeof(prng_t) ); +} +#endif +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); +} +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h new file mode 100644 index 00000000..fea7985c --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h @@ -0,0 +1,146 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) +/// @brief public key for cyclic rainbow +/// +/// public key for cyclic rainbow +/// +typedef +struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 + + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 +} cpk_t; + + + +/// @brief compressed secret key for cyclic rainbow +/// +/// compressed secret key for cyclic rainbow +/// +typedef +struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +} csk_t; +#endif + + +#if defined _RAINBOW_CLASSIC +/// +/// @brief Generate key pairs for classic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); +#endif + +#if defined _RAINBOW_CYCLIC +/// +/// @brief Generate key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of public key. +/// @param[in] sk_seed - seed for generating secret key. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#endif + +#if defined _RAINBOW_CYCLIC_COMPRESSED +/// +/// @brief Generate compressed key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the compressed secret key. +/// @param[in] pk_seed - seed for generating parts of the public key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#endif + +#ifdef _RAINBOW_CYCLIC_COMPRESSED +/// +/// @brief Generate secret key for cyclic rainbow. +/// +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of the pbulic key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#endif + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) +//////////////////////////////////// + +/// +/// @brief converting formats of public keys : from cyclic version to classic key +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the cyclic public key. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +#endif + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..a675a42a --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c @@ -0,0 +1,349 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} +#endif + +#if defined _RAINBOW_CLASSIC +static +void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + /* + Layer 1 + Computing : + Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] + + Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 + Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + */ + const unsigned char *t2 = Ts->t4; + + memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // l1_Q5 : _O1_BYTE * _O1 * _O1 + // l1_Q9 : _O1_BYTE * _O2 * _O2 + // l2_Q5 : _O2_BYTE * _V1 * _O1 + // l2_Q9 : _O2_BYTE * _V1 * _O2 + + + unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; + + memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + + /* + layer 2 + Computing: + Q1 = F1 + Q2 = F1_F1T*T1 + F2 + Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) + */ + memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 + + memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 + + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + + Q3 = F1_F1T*T2 + F2*T3 + F3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 + */ + memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); + batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + + batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 + + batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 + batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 + batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 +} +// TODO: these defines are not really required for a clean implementation - just implement directly +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_impl( Qs, Fs, Ts ); +} + +#endif + + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) + +static +void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + // Layer 1 + // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] + memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] + memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + + /* + Layer 2 + computations: + + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + + */ + memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + + // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + + unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; + memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) + memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + + batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + + // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); + batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 + batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + + // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + // + Q_pk.l2_F2s[i].transpose() * t4 + // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); + batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); + +} + + +////////////////////////////////////////////////////////////////////////////////////////////////// + +static +void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +// Layer 1: Computing Q5, Q3, Q6, Q9 + +// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + const unsigned char *t2 = Ts->t4; + sk_t tempQ; + memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memset( tempQ.l2_F1, 0, _O1_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + /* + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + /* + Layer 2 + Computing Q9: + + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ + sk_t tempQ2; + memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. + batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + + batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 +} + + + +/////////////////////////////////////////////////////////////////////// + + +// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ +#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref + + + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + calculate_F_from_Q_impl( Fs, Qs, Ts ); +} + +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +} + +#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..664fd499 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h @@ -0,0 +1,84 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + +#endif + + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) + + +/// +/// @brief Computing parts of the sk from parts of pk and sk +/// +/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); + +/// +/// @brief Computing parts of the pk from the secret key +/// +/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 +/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); +#endif + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowIa-cyclic/clean/sign.c b/crypto_sign/rainbowIa-cyclic/clean/sign.c new file mode 100644 index 00000000..8cb208ab --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/sign.c @@ -0,0 +1,148 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + #if defined _RAINBOW_CLASSIC + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); + + #elif defined _RAINBOW_CYCLIC + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + + #elif defined _RAINBOW_CYCLIC_COMPRESSED + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + + #else + error here + #endif + return 0; +} + + + + + +int +PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + #if defined _RAINBOW_CLASSIC + + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + #elif defined _RAINBOW_CYCLIC + + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + #elif defined _RAINBOW_CYCLIC_COMPRESSED + + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + + #else + error here + #endif + + +} + + + + + + +int +PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + #if defined _RAINBOW_CLASSIC + + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); + + #elif defined _RAINBOW_CYCLIC + + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + #elif defined _RAINBOW_CYCLIC_COMPRESSED + + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + #else + error here + #endif + + +} + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + #if defined _RAINBOW_CLASSIC + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + #else + error here + #endif +} + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + #if defined _RAINBOW_CLASSIC + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #else + error here + #endif + +} diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c new file mode 100644 index 00000000..28b6b051 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c @@ -0,0 +1,63 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + #if 32 == _HASH_LEN + sha256(digest, m, mlen); + #elif 48 == _HASH_LEN + sha384(digest, m, mlen); + #elif 64 == _HASH_LEN + sha512(digest, m, mlen); + #else +#error "unsupported _HASH_LEN" + #endif + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.h b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.h new file mode 100644 index 00000000..4cf56255 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c new file mode 100644 index 00000000..79b40386 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.h b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.h new file mode 100644 index 00000000..248a35bd --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + From 9d8d7d9bee07b4dee3811f6455e48cf0441e3515 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Tue, 18 Jun 2019 12:15:14 +0200 Subject: [PATCH 09/19] remove some unused functions --- crypto_sign/rainbowIa-classic/clean/gf.c | 12 ------------ crypto_sign/rainbowIa-cyclic/clean/gf.c | 12 ------------ 2 files changed, 24 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index 970d4c2e..04e371f1 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -91,12 +91,6 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a) { return gf16_mul(a8, a6); } -static inline uint8_t gf16_mul_8(uint8_t a) { - uint8_t a0 = a & 3; - uint8_t a1 = a >> 2; - return (uint8_t)(gf4_mul_2(a0 ^ a1) << 2 | gf4_mul_3(a1)); -} - // gf16 := gf4[y]/y^2+y+x uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { @@ -140,12 +134,6 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } -static inline uint32_t gf16v_mul_8_u32(uint32_t a) { - uint32_t a1 = a & 0xcccccccc; - uint32_t a0 = (a << 2) & 0xcccccccc; - return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); -} - #else uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index fcff8b75..4671aaa8 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -91,12 +91,6 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a) { return gf16_mul(a8, a6); } -static inline uint8_t gf16_mul_8(uint8_t a) { - uint8_t a0 = a & 3; - uint8_t a1 = a >> 2; - return (uint8_t)(gf4_mul_2(a0 ^ a1) << 2 | gf4_mul_3(a1)); -} - // gf16 := gf4[y]/y^2+y+x uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { @@ -140,12 +134,6 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } -static inline uint32_t gf16v_mul_8_u32(uint32_t a) { - uint32_t a1 = a & 0xcccccccc; - uint32_t a0 = (a << 2) & 0xcccccccc; - return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); -} - #else uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; From a94d7dc76e8fd75508bf122c82375ec991c77452 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Tue, 18 Jun 2019 14:27:10 +0200 Subject: [PATCH 10/19] remove another unused function --- crypto_sign/rainbowIa-classic/clean/gf.c | 11 ----------- crypto_sign/rainbowIa-cyclic/clean/gf.c | 11 ----------- 2 files changed, 22 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index 04e371f1..265ed43a 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -16,11 +16,6 @@ static inline uint8_t gf4_mul_2(uint8_t a) { return r; } -static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) (a - 2) >> 1; - return (uint8_t)((msk & (a * 3)) | ((~msk) & (a - 1))); -} - static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { uint8_t r = (uint8_t) (a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); @@ -36,12 +31,6 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); } -static inline uint32_t gf4v_mul_3_u32(uint32_t a) { - uint32_t bit0 = a & 0x55555555; - uint32_t bit1 = a & 0xaaaaaaaa; - return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); -} - static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index 4671aaa8..2b21f76b 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -16,11 +16,6 @@ static inline uint8_t gf4_mul_2(uint8_t a) { return r; } -static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) (a - 2) >> 1; - return (uint8_t)((msk & (a * 3)) | ((~msk) & (a - 1))); -} - static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { uint8_t r = (uint8_t) (a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); @@ -36,12 +31,6 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); } -static inline uint32_t gf4v_mul_3_u32(uint32_t a) { - uint32_t bit0 = a & 0x55555555; - uint32_t bit1 = a & 0xaaaaaaaa; - return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); -} - static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); From fd4800fda234c45a8a54b4ebc425d84be518f674 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Fri, 21 Jun 2019 14:05:36 +0200 Subject: [PATCH 11/19] proper license --- crypto_sign/rainbowIa-classic/clean/LICENSE | 9 ++++++++- crypto_sign/rainbowIa-cyclic/clean/LICENSE | 9 ++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/LICENSE b/crypto_sign/rainbowIa-classic/clean/LICENSE index dd6d86a4..cb00a6e3 100644 --- a/crypto_sign/rainbowIa-classic/clean/LICENSE +++ b/crypto_sign/rainbowIa-classic/clean/LICENSE @@ -1 +1,8 @@ -XXX +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowIa-cyclic/clean/LICENSE b/crypto_sign/rainbowIa-cyclic/clean/LICENSE index dd6d86a4..cb00a6e3 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/LICENSE +++ b/crypto_sign/rainbowIa-cyclic/clean/LICENSE @@ -1 +1,8 @@ -XXX +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . From cb878e90a8b4048853f0141de4e84655f4a4ddce Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Fri, 21 Jun 2019 14:22:17 +0200 Subject: [PATCH 12/19] remove preprocessor conditionals --- crypto_sign/rainbowIa-classic/clean/blas.h | 7 - .../rainbowIa-classic/clean/blas_comm.c | 137 ---------------- .../rainbowIa-classic/clean/blas_comm.h | 79 --------- .../rainbowIa-classic/clean/blas_u32.c | 54 ------- .../rainbowIa-classic/clean/blas_u32.h | 7 - crypto_sign/rainbowIa-classic/clean/gf.c | 55 ------- crypto_sign/rainbowIa-classic/clean/gf.h | 8 - .../clean/parallel_matrix_op.c | 136 ---------------- crypto_sign/rainbowIa-classic/clean/rainbow.c | 19 +-- crypto_sign/rainbowIa-classic/clean/rainbow.h | 23 --- .../rainbowIa-classic/clean/rainbow_blas.h | 21 --- .../rainbowIa-classic/clean/rainbow_config.h | 42 ----- .../rainbowIa-classic/clean/rainbow_keypair.c | 107 ------------ .../rainbowIa-classic/clean/rainbow_keypair.h | 74 --------- .../clean/rainbow_keypair_computation.c | 152 ------------------ .../clean/rainbow_keypair_computation.h | 23 --- crypto_sign/rainbowIa-classic/clean/sign.c | 56 ------- .../rainbowIa-classic/clean/utils_hash.c | 8 - crypto_sign/rainbowIa-cyclic/clean/blas.h | 7 - .../rainbowIa-cyclic/clean/blas_comm.c | 137 ---------------- .../rainbowIa-cyclic/clean/blas_comm.h | 79 --------- crypto_sign/rainbowIa-cyclic/clean/blas_u32.c | 54 ------- crypto_sign/rainbowIa-cyclic/clean/blas_u32.h | 7 - crypto_sign/rainbowIa-cyclic/clean/gf.c | 55 ------- crypto_sign/rainbowIa-cyclic/clean/gf.h | 8 - .../clean/parallel_matrix_op.c | 136 ---------------- crypto_sign/rainbowIa-cyclic/clean/rainbow.c | 14 +- crypto_sign/rainbowIa-cyclic/clean/rainbow.h | 14 -- .../rainbowIa-cyclic/clean/rainbow_blas.h | 21 --- .../rainbowIa-cyclic/clean/rainbow_config.h | 42 ----- .../rainbowIa-cyclic/clean/rainbow_keypair.c | 76 --------- .../rainbowIa-cyclic/clean/rainbow_keypair.h | 37 ----- .../clean/rainbow_keypair_computation.c | 120 +------------- .../clean/rainbow_keypair_computation.h | 4 - crypto_sign/rainbowIa-cyclic/clean/sign.c | 54 ------- .../rainbowIa-cyclic/clean/utils_hash.c | 8 - 36 files changed, 4 insertions(+), 1877 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h index efb19a34..d42a55a2 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas.h +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -11,18 +11,11 @@ #define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32 #define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32 -#ifdef _USE_GF16 #define gf16v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32 #define gf16v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32 #define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32 -#else - -#define gf256v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32 -#define gf256v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32 - -#endif #endif // _BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index ffa3b02f..d66ccb33 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -14,7 +14,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// @@ -133,130 +132,12 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { - return a[i]; -} - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { - uint8_t r = 0; - while ( _num_byte-- ) { - r |= a[0]; - a++; - } - return (0 == r); -} - -/// polynomial multplication -/// School boook -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { - gf256v_madd(c + i, a, b[i], _num); - } -} - -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { - gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { - gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { - unsigned r8 = 1; - - for (unsigned i = 0; i < h; i++) { - uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); - - for (unsigned j = i + 1; j < h; j++) { - uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); - } - r8 &= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(ai[i]); - uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); - for (unsigned j = 0; j < h; j++) { - if (i == j) { - continue; - } - uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); - } - } - - return r8; -} - -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; - for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); - mat[i * (n + 1) + n] = c_terms[i]; - } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); - for (unsigned i = 0; i < n; i++) { - sol[i] = mat[i * (n + 1) + n]; - } - return r8; -} - - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { - mat2[i * w2 + j] = mat[i * w + st + j]; - } - } -} - - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { - uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { - uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); - ai[H + i] = 1; - } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); - return r8; -} - -#endif // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#ifdef _USE_GF16 #define gf16mat_prod_impl gf16mat_prod_ref #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref @@ -277,21 +158,3 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, c } -#else -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); -} - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); -} - - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index 00fa8a01..aff00f04 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -15,7 +15,6 @@ /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// /// @param[in] a - the input vector a. @@ -72,84 +71,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - - -/// @brief check if a vector is 0. -/// -/// @param[in] a - the vector a. -/// @param[in] _num_byte - number of bytes for the vector a. -/// @return 1(true) if a is 0. 0(false) else. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - - -/// @brief polynomial multiplication: c = a*b -/// -/// @param[out] c - the output polynomial c -/// @param[in] a - the vector a. -/// @param[in] b - the vector b. -/// @param[in] _num - number of elements for the polynomials a and b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - - -/// @brief matrix-vector multiplication: c = matA * b , in GF(256) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(256) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - -/// @brief Gauss elimination for a matrix, in GF(256) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); - -/// @brief Solving linear equations, in GF(256) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); - -/// @brief Computing the inverse matrix, in GF(256) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.c b/crypto_sign/rainbowIa-classic/clean/blas_u32.c index d6068a6d..e14b0451 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.c @@ -37,7 +37,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_ } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; @@ -115,56 +114,3 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uin return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r); } -#else - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; - } -} - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - accu_c += (n_u32 << 2); - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; - } -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index 5955b3e6..b0819d33 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -10,18 +10,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); -#else - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); - -#endif #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index 265ed43a..e633f56e 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -8,7 +8,6 @@ static inline uint8_t gf256v_reduce_u32(uint32_t a) { return rr[0] ^ rr[1]; } -#ifdef _USE_GF16 //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -123,57 +122,3 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } -#else -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; - r >>= 8; - return r & 1; -} - -// gf256 := gf16[X]/X^2+X+xy -static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - uint8_t b0 = b & 15; - uint8_t b1 = (b >> 4); - uint8_t a0b0 = gf16_mul(a0, b0); - uint8_t a1b1 = gf16_mul(a1, b1); - uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x8 = gf16_mul_8(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); -} - -static inline uint8_t gf256_squ(uint8_t a) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - a1 = gf16_squ(a1); - uint8_t a1squ_x8 = gf16_mul_8(a1); - return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a) { - // 128+64+32+16+8+4+2 = 254 - uint8_t a2 = gf256_squ(a); - uint8_t a4 = gf256_squ(a2); - uint8_t a8 = gf256_squ(a4); - uint8_t a4_2 = gf256_mul(a4, a2); - uint8_t a8_4_2 = gf256_mul(a4_2, a8); - uint8_t a64_ = gf256_squ(a8_4_2); - a64_ = gf256_squ(a64_); - a64_ = gf256_squ(a64_); - uint8_t a64_2 = gf256_mul(a64_, a8_4_2); - uint8_t a128_ = gf256_squ(a64_2); - return gf256_mul(a2, a128_); -} - -uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { - uint32_t axb0 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a, b); - uint32_t axb1 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a, b >> 4); - uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; - uint32_t a1b1 = axb1 & 0xf0f0f0f0; - uint32_t a1b1_4 = a1b1 >> 4; - - return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); -} -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/gf.h b/crypto_sign/rainbowIa-classic/clean/gf.h index 2db5c312..b4ad9a1d 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.h +++ b/crypto_sign/rainbowIa-classic/clean/gf.h @@ -9,7 +9,6 @@ /// -#ifdef _USE_GF16 uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a); @@ -17,12 +16,5 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a); -#else - -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a); -uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); - -#endif #endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c index d8d48f5a..adb1e65d 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -51,7 +51,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const } } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -184,138 +183,3 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char * gf16v_madd( y, tmp, _x[i], size_batch ); } } -#else -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); - } - bC += size_batch * Bwidth; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); - for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); - trimat += size_batch; - } - gf256v_madd( y, tmp, _x[i], size_batch ); - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); - } - unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( y, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); - for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); - mat += size_batch; - } - gf256v_madd( z, tmp, _y[i], size_batch ); - } -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c index 9550f538..498cc532 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -18,7 +18,6 @@ #define _MAX_O ((_O1>_O2)?_O1:_O2) #define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; @@ -167,21 +166,5 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const } return (0 == cc) ? 0 : -1; } -#endif - -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/////////////// cyclic version /////////////////////////// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { - unsigned char sk[sizeof(sk_t) + 32]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); -} -#endif + diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h index 83b3b5a3..0254e299 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -10,7 +10,6 @@ #include -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) /// /// @brief Signing function for classical secret key. /// @@ -29,29 +28,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Signing function for compressed secret key of the cyclic rainbow. -/// -/// @param[out] signature - the signature. -/// @param[in] sk - the compressed secret key. -/// @param[in] digest - the digest. -/// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -/// -/// @brief Verifying function for cyclic public keys. -/// -/// @param[in] digest - the digest. -/// @param[in] signature - the signature. -/// @param[in] pk - the public key of cyclic rainbow. -/// @return 0 for successful verified. -1 for failed verification. -/// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); -#endif #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h index a8253e37..b8b54211 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h @@ -10,7 +10,6 @@ #include "parallel_matrix_op.h" #include "rainbow_config.h" -#ifdef _USE_GF16 #define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele #define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar @@ -29,26 +28,6 @@ #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16 -#else - -#define gfv_get_ele gf256v_get_ele -#define gfv_mul_scalar gf256v_mul_scalar -#define gfv_madd gf256v_madd - -#define gfmat_prod gf256mat_prod -#define gfmat_inv gf256mat_inv - -#define batch_trimat_madd batch_trimat_madd_gf256 -#define batch_trimatTr_madd batch_trimatTr_madd_gf256 -#define batch_2trimat_madd batch_2trimat_madd_gf256 -#define batch_matTr_madd batch_matTr_madd_gf256 -#define batch_bmatTr_madd batch_bmatTr_madd_gf256 -#define batch_mat_madd batch_mat_madd_gf256 - -#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 -#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 - -#endif #endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h index 8245677c..abdd312c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h @@ -5,20 +5,6 @@ /// @brief Defining the parameters of the Rainbow and the corresponding constants. /// - - -// TODO: refactor this -/// the defined parameter -#define _RAINBOW16_32_32_32 -//#define _RAINBOW256_68_36_36 -//#define _RAINBOW256_92_48_48 - -#define _RAINBOW_CLASSIC -//#define _RAINBOW_CYCLIC -//#define _RAINBOW_CYCLIC_COMPRESSED - - -#if defined _RAINBOW16_32_32_32 #define _USE_GF16 #define _GFSIZE 16 #define _V1 32 @@ -26,23 +12,6 @@ #define _O2 32 #define _HASH_LEN 32 -#elif defined _RAINBOW256_68_36_36 -#define _GFSIZE 256 -#define _V1 68 -#define _O1 36 -#define _O2 36 -#define _HASH_LEN 48 - -#elif defined _RAINBOW256_92_48_48 -#define _GFSIZE 256 -#define _V1 92 -#define _O1 48 -#define _O2 48 -#define _HASH_LEN 64 - -#else -error here. -#endif #define _V2 ((_V1)+(_O1)) @@ -57,7 +26,6 @@ error here. /// size of variables, in # bytes. -#ifdef _USE_GF16 // GF16 #define _V1_BYTE (_V1/2) #define _V2_BYTE (_V2/2) @@ -66,16 +34,6 @@ error here. #define _PUB_N_BYTE (_PUB_N/2) #define _PUB_M_BYTE (_PUB_M/2) -#else -// GF256 -#define _V1_BYTE (_V1) -#define _V2_BYTE (_V2) -#define _O1_BYTE (_O1) -#define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - -#endif /// length of seed for public key, in # bytes diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c index 1ef11ab2..74cc376c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -97,7 +97,6 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// -#if defined _RAINBOW_CLASSIC static void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); @@ -133,114 +132,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. } -#endif -#if defined _RAINBOW_CYCLIC -///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng; - prng_t *prng0 = &prng; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk - - unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 - - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t *prng1 = &prng; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - - - unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 - - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); - - // clean - memset( &prng, 0, sizeof(prng_t) ); -} - -#endif - - -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); - sk_t sk; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); -} -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t prng1; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - - // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); - - // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { - // procedure: cpk_t --> extcpk_t --> pk_t - - // convert from cpk_t to extcpk_t - ext_cpk_t pk; - - // setup prng - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); - - // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); - // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); - - // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); - // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - - // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); -} -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h index 79c88297..9dc31967 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -54,38 +54,8 @@ struct rainbow_secretkey { -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -/// @brief public key for cyclic rainbow -/// -/// public key for cyclic rainbow -/// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 -} cpk_t; - - -/// @brief compressed secret key for cyclic rainbow -/// -/// compressed secret key for cyclic rainbow -/// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. -} csk_t; -#endif - - -#if defined _RAINBOW_CLASSIC /// /// @brief Generate key pairs for classic rainbow. /// @@ -94,53 +64,9 @@ struct rainbow_secretkey_cyclic { /// @param[in] sk_seed - seed for generating the secret key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); -#endif - -#if defined _RAINBOW_CYCLIC -/// -/// @brief Generate key pairs for cyclic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the secret key. -/// @param[in] pk_seed - seed for generating parts of public key. -/// @param[in] sk_seed - seed for generating secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate compressed key pairs for cyclic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the compressed secret key. -/// @param[in] pk_seed - seed for generating parts of the public key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate secret key for cyclic rainbow. -/// -/// @param[out] sk - the secret key. -/// @param[in] pk_seed - seed for generating parts of the pbulic key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -//////////////////////////////////// -/// -/// @brief converting formats of public keys : from cyclic version to classic key -/// -/// @param[out] pk - the classic public key. -/// @param[in] cpk - the cyclic public key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); -#endif #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 95e9d11a..752a42ee 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -13,7 +13,6 @@ #include -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +81,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } } -#endif -#if defined _RAINBOW_CLASSIC static void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { /* @@ -196,154 +193,5 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_ calculate_Q_from_F_impl( Qs, Fs, Ts ); } -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) - -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - // Layer 1 - // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); - - // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); - - /* - Layer 2 - computations: - - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - - - // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 - - unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) - - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 - - // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 - - // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - // + Q_pk.l2_F2s[i].transpose() * t4 - // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - -} - - -////////////////////////////////////////////////////////////////////////////////////////////////// - -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 - -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - const unsigned char *t2 = Ts->t4; - sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, _O1_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 - - /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 - /* - Layer 2 - Computing Q9: - - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ - sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 - - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) - - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 - - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 -} - - - -/////////////////////////////////////////////////////////////////////// - - -// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref -#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index d30cab5b..60b790e3 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -11,7 +11,6 @@ #include "rainbow_keypair.h" -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC /// @brief The (internal use) public key for rainbow /// /// The (internal use) public key for rainbow. The public @@ -55,30 +54,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) - - -/// -/// @brief Computing parts of the sk from parts of pk and sk -/// -/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 -/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 -/// @param[in] Ts - parts of the sk: T1, T4, T3 -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); - -/// -/// @brief Computing parts of the pk from the secret key -/// -/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 -/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 -/// @param[in] Ts - parts of the sk: T1, T4, T3 -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif #endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index c36d7d41..413c1466 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -19,25 +19,9 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned c unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - #if defined _RAINBOW_CLASSIC PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - #elif defined _RAINBOW_CYCLIC - - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - - #else - error here - #endif return 0; } @@ -54,21 +38,9 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - #elif defined _RAINBOW_CYCLIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - #else - error here - #endif } @@ -90,21 +62,9 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - #else - error here - #endif } @@ -116,15 +76,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); *siglen = _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); - #else - error here - #endif } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( @@ -135,14 +87,6 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( } unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #else - error here - #endif } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index 6a4cac91..e8bb7c04 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -9,15 +9,7 @@ static inline int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { - #if 32 == _HASH_LEN sha256(digest, m, mlen); - #elif 48 == _HASH_LEN - sha384(digest, m, mlen); - #elif 64 == _HASH_LEN - sha512(digest, m, mlen); - #else -#error "unsupported _HASH_LEN" - #endif return 0; } diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas.h b/crypto_sign/rainbowIa-cyclic/clean/blas.h index e57335e0..6139dce8 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas.h @@ -11,18 +11,11 @@ #define gf256v_predicated_add PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32 #define gf256v_add PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32 -#ifdef _USE_GF16 #define gf16v_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32 #define gf16v_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32 #define gf16v_dot PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32 -#else - -#define gf256v_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32 -#define gf256v_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32 - -#endif #endif // _BLAS_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index 565a8f91..7d2d1156 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -14,7 +14,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// @@ -133,130 +132,12 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { - return a[i]; -} - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { - uint8_t r = 0; - while ( _num_byte-- ) { - r |= a[0]; - a++; - } - return (0 == r); -} - -/// polynomial multplication -/// School boook -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { - gf256v_madd(c + i, a, b[i], _num); - } -} - -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { - gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { - gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { - unsigned r8 = 1; - - for (unsigned i = 0; i < h; i++) { - uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); - - for (unsigned j = i + 1; j < h; j++) { - uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); - } - r8 &= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(ai[i]); - uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); - for (unsigned j = 0; j < h; j++) { - if (i == j) { - continue; - } - uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); - } - } - - return r8; -} - -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; - for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); - mat[i * (n + 1) + n] = c_terms[i]; - } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); - for (unsigned i = 0; i < n; i++) { - sol[i] = mat[i * (n + 1) + n]; - } - return r8; -} - - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { - mat2[i * w2 + j] = mat[i * w + st + j]; - } - } -} - - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { - uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { - uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); - ai[H + i] = 1; - } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); - return r8; -} - -#endif // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#ifdef _USE_GF16 #define gf16mat_prod_impl gf16mat_prod_ref #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref @@ -277,21 +158,3 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, co } -#else -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); -} - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); -} - - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); -} - -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h index f884f637..002b9f7c 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h @@ -15,7 +15,6 @@ /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// /// @param[in] a - the input vector a. @@ -72,84 +71,6 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - - -/// @brief check if a vector is 0. -/// -/// @param[in] a - the vector a. -/// @param[in] _num_byte - number of bytes for the vector a. -/// @return 1(true) if a is 0. 0(false) else. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - - -/// @brief polynomial multiplication: c = a*b -/// -/// @param[out] c - the output polynomial c -/// @param[in] a - the vector a. -/// @param[in] b - the vector b. -/// @param[in] _num - number of elements for the polynomials a and b. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - - -/// @brief matrix-vector multiplication: c = matA * b , in GF(256) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(256) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - -/// @brief Gauss elimination for a matrix, in GF(256) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); - -/// @brief Solving linear equations, in GF(256) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); - -/// @brief Computing the inverse matrix, in GF(256) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c index efa77423..c5d7a814 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c @@ -37,7 +37,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; @@ -115,56 +114,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint return PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(r); } -#else - - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; - } -} - - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - accu_c += (n_u32 << 2); - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; - } -} - -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h index 91cac011..44b00bcd 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h @@ -10,18 +10,11 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); -#else - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); - -#endif #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index 2b21f76b..ef479074 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -8,7 +8,6 @@ static inline uint8_t gf256v_reduce_u32(uint32_t a) { return rr[0] ^ rr[1]; } -#ifdef _USE_GF16 //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -123,57 +122,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } -#else -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; - r >>= 8; - return r & 1; -} - -// gf256 := gf16[X]/X^2+X+xy -static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - uint8_t b0 = b & 15; - uint8_t b1 = (b >> 4); - uint8_t a0b0 = gf16_mul(a0, b0); - uint8_t a1b1 = gf16_mul(a1, b1); - uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x8 = gf16_mul_8(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); -} - -static inline uint8_t gf256_squ(uint8_t a) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - a1 = gf16_squ(a1); - uint8_t a1squ_x8 = gf16_mul_8(a1); - return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv(uint8_t a) { - // 128+64+32+16+8+4+2 = 254 - uint8_t a2 = gf256_squ(a); - uint8_t a4 = gf256_squ(a2); - uint8_t a8 = gf256_squ(a4); - uint8_t a4_2 = gf256_mul(a4, a2); - uint8_t a8_4_2 = gf256_mul(a4_2, a8); - uint8_t a64_ = gf256_squ(a8_4_2); - a64_ = gf256_squ(a64_); - a64_ = gf256_squ(a64_); - uint8_t a64_2 = gf256_mul(a64_, a8_4_2); - uint8_t a128_ = gf256_squ(a64_2); - return gf256_mul(a2, a128_); -} - -uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { - uint32_t axb0 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a, b); - uint32_t axb1 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a, b >> 4); - uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; - uint32_t a1b1 = axb1 & 0xf0f0f0f0; - uint32_t a1b1_4 = a1b1 >> 4; - - return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); -} -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.h b/crypto_sign/rainbowIa-cyclic/clean/gf.h index d0fe9d1f..dd6a1ee0 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.h +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.h @@ -9,7 +9,6 @@ /// -#ifdef _USE_GF16 uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a); @@ -17,12 +16,5 @@ uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a); -#else - -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(uint8_t a); -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv(uint8_t a); -uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); - -#endif #endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c index dcf79a7c..443feafd 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c @@ -51,7 +51,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const } } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -184,138 +183,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y gf16v_madd( y, tmp, _x[i], size_batch ); } } -#else -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); - } - bC += size_batch * Bwidth; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( x, i ); - } - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); - for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); - trimat += size_batch; - } - gf256v_madd( y, tmp, _x[i], size_batch ); - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( x, i ); - } - unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( y, i ); - } - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); - for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); - mat += size_batch; - } - gf256v_madd( z, tmp, _y[i], size_batch ); - } -} - -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c index f2b8f2a7..a2ed62e8 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c @@ -18,7 +18,6 @@ #define _MAX_O ((_O1>_O2)?_O1:_O2) #define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; @@ -167,21 +166,10 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const u } return (0 == cc) ? 0 : -1; } -#endif - -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/////////////// cyclic version /////////////////////////// -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { - unsigned char sk[sizeof(sk_t) + 32]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) + int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { unsigned char pk[sizeof(pk_t) +32]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); } -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h index 19c58d16..eb839de8 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h @@ -10,7 +10,6 @@ #include -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) /// /// @brief Signing function for classical secret key. /// @@ -29,20 +28,8 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Signing function for compressed secret key of the cyclic rainbow. -/// -/// @param[out] signature - the signature. -/// @param[in] sk - the compressed secret key. -/// @param[in] digest - the digest. -/// -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// /// @brief Verifying function for cyclic public keys. /// @@ -52,6 +39,5 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); -#endif #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h index b94887bd..ecf0703d 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h @@ -10,7 +10,6 @@ #include "parallel_matrix_op.h" #include "rainbow_config.h" -#ifdef _USE_GF16 #define gfv_get_ele PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele #define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar @@ -29,26 +28,6 @@ #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16 -#else - -#define gfv_get_ele gf256v_get_ele -#define gfv_mul_scalar gf256v_mul_scalar -#define gfv_madd gf256v_madd - -#define gfmat_prod gf256mat_prod -#define gfmat_inv gf256mat_inv - -#define batch_trimat_madd batch_trimat_madd_gf256 -#define batch_trimatTr_madd batch_trimatTr_madd_gf256 -#define batch_2trimat_madd batch_2trimat_madd_gf256 -#define batch_matTr_madd batch_matTr_madd_gf256 -#define batch_bmatTr_madd batch_bmatTr_madd_gf256 -#define batch_mat_madd batch_mat_madd_gf256 - -#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 -#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 - -#endif #endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h index 744ee9ed..abdd312c 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h @@ -5,20 +5,6 @@ /// @brief Defining the parameters of the Rainbow and the corresponding constants. /// - - -// TODO: refactor this -/// the defined parameter -#define _RAINBOW16_32_32_32 -//#define _RAINBOW256_68_36_36 -//#define _RAINBOW256_92_48_48 - -//#define _RAINBOW_CLASSIC -#define _RAINBOW_CYCLIC -//#define _RAINBOW_CYCLIC_COMPRESSED - - -#if defined _RAINBOW16_32_32_32 #define _USE_GF16 #define _GFSIZE 16 #define _V1 32 @@ -26,23 +12,6 @@ #define _O2 32 #define _HASH_LEN 32 -#elif defined _RAINBOW256_68_36_36 -#define _GFSIZE 256 -#define _V1 68 -#define _O1 36 -#define _O2 36 -#define _HASH_LEN 48 - -#elif defined _RAINBOW256_92_48_48 -#define _GFSIZE 256 -#define _V1 92 -#define _O1 48 -#define _O2 48 -#define _HASH_LEN 64 - -#else -error here. -#endif #define _V2 ((_V1)+(_O1)) @@ -57,7 +26,6 @@ error here. /// size of variables, in # bytes. -#ifdef _USE_GF16 // GF16 #define _V1_BYTE (_V1/2) #define _V2_BYTE (_V2/2) @@ -66,16 +34,6 @@ error here. #define _PUB_N_BYTE (_PUB_N/2) #define _PUB_M_BYTE (_PUB_M/2) -#else -// GF256 -#define _V1_BYTE (_V1) -#define _V2_BYTE (_V2) -#define _O1_BYTE (_O1) -#define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - -#endif /// length of seed for public key, in # bytes diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c index eb49bd40..148ae4f3 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c @@ -97,46 +97,8 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// -#if defined _RAINBOW_CLASSIC -static -void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // set up prng - prng_t prng0; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - // generating secret key with prng. - generate_S_T( sk->s1, &prng0 ); - generate_B1_B2( sk->l1_F1, &prng0 ); - // clean prng - memset( &prng0, 0, sizeof(prng_t) ); -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { - _generate_secretkey( sk, sk_seed ); - - // set up a temporary structure ext_cpk_t for calculating public key. - ext_cpk_t pk; - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. - calculate_t4( sk->t4, sk->t1, sk->t3 ); - - obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); - // so far, the pk contains the full pk but in ext_cpk_t format. - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. -} -#endif - - -#if defined _RAINBOW_CYCLIC ///////////////////// Cyclic ////////////////////////////////// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); @@ -180,46 +142,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, memset( &prng, 0, sizeof(prng_t) ); } -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); - sk_t sk; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); -} -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng0; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); - - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t prng1; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); - - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - - // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); - - // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // procedure: cpk_t --> extcpk_t --> pk_t @@ -243,4 +168,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // convert from extcpk_t to pk_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); } -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h index fea7985c..b2a30111 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h @@ -54,7 +54,6 @@ struct rainbow_secretkey { -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow @@ -82,21 +81,9 @@ struct rainbow_secretkey_cyclic { unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; -#endif -#if defined _RAINBOW_CLASSIC -/// -/// @brief Generate key pairs for classic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the secret key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); -#endif -#if defined _RAINBOW_CYCLIC /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -106,32 +93,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const u /// @param[in] sk_seed - seed for generating secret key. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate compressed key pairs for cyclic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the compressed secret key. -/// @param[in] pk_seed - seed for generating parts of the public key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate secret key for cyclic rainbow. -/// -/// @param[out] sk - the secret key. -/// @param[in] pk_seed - seed for generating parts of the pbulic key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) //////////////////////////////////// /// @@ -141,6 +105,5 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const un /// @param[in] cpk - the cyclic public key. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); -#endif #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c index a675a42a..5869d9b7 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c @@ -13,7 +13,6 @@ #include -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,124 +81,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } } -#endif -#if defined _RAINBOW_CLASSIC -static -void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ - const unsigned char *t2 = Ts->t4; - - memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); - - memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - // l1_Q5 : _O1_BYTE * _O1 * _O1 - // l1_Q9 : _O1_BYTE * _O2 * _O2 - // l2_Q5 : _O2_BYTE * _V1 * _O1 - // l2_Q9 : _O2_BYTE * _V1 * _O2 - - - unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; - - memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 - - batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 - - /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); - - memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 - - memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 - - batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 - - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); - batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 - - memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) - - memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - - batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 - batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 -} -// TODO: these defines are not really required for a clean implementation - just implement directly -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_impl( Qs, Fs, Ts ); -} - -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { @@ -275,7 +159,8 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) sk_t tempQ; memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, _O1_BYTE * _V1 * _O2 ); + memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 @@ -346,4 +231,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const s calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h index 664fd499..1dc6e48f 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h @@ -11,7 +11,6 @@ #include "rainbow_keypair.h" -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC /// @brief The (internal use) public key for rainbow /// /// The (internal use) public key for rainbow. The public @@ -55,10 +54,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// @@ -78,7 +75,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, /// @param[in] Ts - parts of the sk: T1, T4, T3 /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif #endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/sign.c b/crypto_sign/rainbowIa-cyclic/clean/sign.c index 8cb208ab..065c9bad 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic/clean/sign.c @@ -19,25 +19,11 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned ch unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - #if defined _RAINBOW_CLASSIC - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - - #elif defined _RAINBOW_CYCLIC unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - - #else - error here - #endif return 0; } @@ -54,21 +40,9 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, cons memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - #elif defined _RAINBOW_CYCLIC return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - #else - error here - #endif } @@ -90,21 +64,9 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, c unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - #if defined _RAINBOW_CLASSIC - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - - #elif defined _RAINBOW_CYCLIC return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - #else - error here - #endif } @@ -116,15 +78,7 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_signature( PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); *siglen = _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); - #else - error here - #endif } int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( @@ -135,14 +89,6 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( } unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - #if defined _RAINBOW_CLASSIC - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #else - error here - #endif } diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c index 28b6b051..a48f6ad9 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c @@ -9,15 +9,7 @@ static inline int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { - #if 32 == _HASH_LEN sha256(digest, m, mlen); - #elif 48 == _HASH_LEN - sha384(digest, m, mlen); - #elif 64 == _HASH_LEN - sha512(digest, m, mlen); - #else -#error "unsupported _HASH_LEN" - #endif return 0; } From 127cc831624e9f777492f83e5c96af0f6bac3d8f Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Sat, 22 Jun 2019 18:17:07 +0200 Subject: [PATCH 13/19] add all the rainbows --- crypto_sign/rainbowIIIc-classic/META.yml | 17 ++ crypto_sign/rainbowIIIc-classic/clean/LICENSE | 8 + .../rainbowIIIc-classic/clean/Makefile | 20 ++ .../clean/Makefile.Microsoft_nmake | 19 ++ crypto_sign/rainbowIIIc-classic/clean/api.h | 32 ++ crypto_sign/rainbowIIIc-classic/clean/blas.h | 20 ++ .../rainbowIIIc-classic/clean/blas_comm.c | 153 ++++++++++ .../rainbowIIIc-classic/clean/blas_comm.h | 96 ++++++ .../rainbowIIIc-classic/clean/blas_u32.c | 90 ++++++ .../rainbowIIIc-classic/clean/blas_u32.h | 19 ++ crypto_sign/rainbowIIIc-classic/clean/gf.c | 142 +++++++++ crypto_sign/rainbowIIIc-classic/clean/gf.h | 19 ++ .../clean/parallel_matrix_op.c | 186 ++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++++++ .../rainbowIIIc-classic/clean/rainbow.c | 170 +++++++++++ .../rainbowIIIc-classic/clean/rainbow.h | 34 +++ .../rainbowIIIc-classic/clean/rainbow_blas.h | 34 +++ .../clean/rainbow_config.h | 50 ++++ .../clean/rainbow_keypair.c | 139 +++++++++ .../clean/rainbow_keypair.h | 72 +++++ .../clean/rainbow_keypair_computation.c | 197 ++++++++++++ .../clean/rainbow_keypair_computation.h | 60 ++++ crypto_sign/rainbowIIIc-classic/clean/sign.c | 92 ++++++ .../rainbowIIIc-classic/clean/utils_hash.c | 55 ++++ .../rainbowIIIc-classic/clean/utils_hash.h | 14 + .../rainbowIIIc-classic/clean/utils_prng.c | 96 ++++++ .../rainbowIIIc-classic/clean/utils_prng.h | 22 ++ .../rainbowIIIc-cyclic-compressed/META.yml | 17 ++ .../clean/LICENSE | 8 + .../clean/Makefile | 20 ++ .../clean/Makefile.Microsoft_nmake | 19 ++ .../rainbowIIIc-cyclic-compressed/clean/api.h | 32 ++ .../clean/blas.h | 20 ++ .../clean/blas_comm.c | 153 ++++++++++ .../clean/blas_comm.h | 96 ++++++ .../clean/blas_u32.c | 90 ++++++ .../clean/blas_u32.h | 19 ++ .../rainbowIIIc-cyclic-compressed/clean/gf.c | 142 +++++++++ .../rainbowIIIc-cyclic-compressed/clean/gf.h | 19 ++ .../clean/parallel_matrix_op.c | 186 ++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++++++ .../clean/rainbow.c | 181 +++++++++++ .../clean/rainbow.h | 51 ++++ .../clean/rainbow_blas.h | 34 +++ .../clean/rainbow_config.h | 50 ++++ .../clean/rainbow_keypair.c | 201 +++++++++++++ .../clean/rainbow_keypair.h | 126 ++++++++ .../clean/rainbow_keypair_computation.c | 233 +++++++++++++++ .../clean/rainbow_keypair_computation.h | 79 +++++ .../clean/sign.c | 94 ++++++ .../clean/utils_hash.c | 55 ++++ .../clean/utils_hash.h | 14 + .../clean/utils_prng.c | 96 ++++++ .../clean/utils_prng.h | 22 ++ crypto_sign/rainbowIIIc-cyclic/META.yml | 17 ++ crypto_sign/rainbowIIIc-cyclic/clean/LICENSE | 8 + crypto_sign/rainbowIIIc-cyclic/clean/Makefile | 20 ++ .../clean/Makefile.Microsoft_nmake | 19 ++ crypto_sign/rainbowIIIc-cyclic/clean/api.h | 32 ++ crypto_sign/rainbowIIIc-cyclic/clean/blas.h | 20 ++ .../rainbowIIIc-cyclic/clean/blas_comm.c | 153 ++++++++++ .../rainbowIIIc-cyclic/clean/blas_comm.h | 96 ++++++ .../rainbowIIIc-cyclic/clean/blas_u32.c | 90 ++++++ .../rainbowIIIc-cyclic/clean/blas_u32.h | 19 ++ crypto_sign/rainbowIIIc-cyclic/clean/gf.c | 142 +++++++++ crypto_sign/rainbowIIIc-cyclic/clean/gf.h | 19 ++ .../clean/parallel_matrix_op.c | 186 ++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++++++ .../rainbowIIIc-cyclic/clean/rainbow.c | 175 +++++++++++ .../rainbowIIIc-cyclic/clean/rainbow.h | 43 +++ .../rainbowIIIc-cyclic/clean/rainbow_blas.h | 34 +++ .../rainbowIIIc-cyclic/clean/rainbow_config.h | 50 ++++ .../clean/rainbow_keypair.c | 170 +++++++++++ .../clean/rainbow_keypair.h | 109 +++++++ .../clean/rainbow_keypair_computation.c | 233 +++++++++++++++ .../clean/rainbow_keypair_computation.h | 79 +++++ crypto_sign/rainbowIIIc-cyclic/clean/sign.c | 94 ++++++ .../rainbowIIIc-cyclic/clean/utils_hash.c | 55 ++++ .../rainbowIIIc-cyclic/clean/utils_hash.h | 14 + .../rainbowIIIc-cyclic/clean/utils_prng.c | 96 ++++++ .../rainbowIIIc-cyclic/clean/utils_prng.h | 22 ++ crypto_sign/rainbowIa-classic/META.yml | 2 +- crypto_sign/rainbowIa-classic/clean/gf.c | 63 ++-- crypto_sign/rainbowIa-classic/clean/gf.h | 2 +- .../clean/rainbow_keypair_computation.h | 1 - .../rainbowIa-cyclic-compressed/META.yml | 17 ++ .../rainbowIa-cyclic-compressed/clean/LICENSE | 8 + .../clean/Makefile | 20 ++ .../clean/Makefile.Microsoft_nmake | 19 ++ .../rainbowIa-cyclic-compressed/clean/api.h | 32 ++ .../rainbowIa-cyclic-compressed/clean/blas.h | 21 ++ .../clean/blas_comm.c | 160 ++++++++++ .../clean/blas_comm.h | 76 +++++ .../clean/blas_u32.c | 116 +++++++ .../clean/blas_u32.h | 20 ++ .../rainbowIa-cyclic-compressed/clean/gf.c | 125 ++++++++ .../rainbowIa-cyclic-compressed/clean/gf.h | 20 ++ .../clean/parallel_matrix_op.c | 185 ++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++++++ .../clean/rainbow.c | 181 +++++++++++ .../clean/rainbow.h | 51 ++++ .../clean/rainbow_blas.h | 34 +++ .../clean/rainbow_config.h | 51 ++++ .../clean/rainbow_keypair.c | 201 +++++++++++++ .../clean/rainbow_keypair.h | 126 ++++++++ .../clean/rainbow_keypair_computation.c | 233 +++++++++++++++ .../clean/rainbow_keypair_computation.h | 79 +++++ .../rainbowIa-cyclic-compressed/clean/sign.c | 94 ++++++ .../clean/utils_hash.c | 55 ++++ .../clean/utils_hash.h | 14 + .../clean/utils_prng.c | 96 ++++++ .../clean/utils_prng.h | 22 ++ crypto_sign/rainbowIa-cyclic/META.yml | 4 +- crypto_sign/rainbowIa-cyclic/clean/gf.c | 63 ++-- crypto_sign/rainbowIa-cyclic/clean/gf.h | 2 +- .../clean/rainbow_keypair_computation.h | 1 - crypto_sign/rainbowVc-classic/META.yml | 17 ++ crypto_sign/rainbowVc-classic/clean/LICENSE | 8 + crypto_sign/rainbowVc-classic/clean/Makefile | 20 ++ .../clean/Makefile.Microsoft_nmake | 19 ++ crypto_sign/rainbowVc-classic/clean/api.h | 32 ++ crypto_sign/rainbowVc-classic/clean/blas.h | 20 ++ .../rainbowVc-classic/clean/blas_comm.c | 153 ++++++++++ .../rainbowVc-classic/clean/blas_comm.h | 96 ++++++ .../rainbowVc-classic/clean/blas_u32.c | 90 ++++++ .../rainbowVc-classic/clean/blas_u32.h | 19 ++ crypto_sign/rainbowVc-classic/clean/gf.c | 142 +++++++++ crypto_sign/rainbowVc-classic/clean/gf.h | 19 ++ .../clean/parallel_matrix_op.c | 186 ++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++++++ crypto_sign/rainbowVc-classic/clean/rainbow.c | 170 +++++++++++ crypto_sign/rainbowVc-classic/clean/rainbow.h | 34 +++ .../rainbowVc-classic/clean/rainbow_blas.h | 34 +++ .../rainbowVc-classic/clean/rainbow_config.h | 50 ++++ .../rainbowVc-classic/clean/rainbow_keypair.c | 139 +++++++++ .../rainbowVc-classic/clean/rainbow_keypair.h | 72 +++++ .../clean/rainbow_keypair_computation.c | 197 ++++++++++++ .../clean/rainbow_keypair_computation.h | 60 ++++ crypto_sign/rainbowVc-classic/clean/sign.c | 92 ++++++ .../rainbowVc-classic/clean/utils_hash.c | 55 ++++ .../rainbowVc-classic/clean/utils_hash.h | 14 + .../rainbowVc-classic/clean/utils_prng.c | 96 ++++++ .../rainbowVc-classic/clean/utils_prng.h | 22 ++ .../rainbowVc-cyclic-compressed/META.yml | 17 ++ .../rainbowVc-cyclic-compressed/clean/LICENSE | 8 + .../clean/Makefile | 20 ++ .../clean/Makefile.Microsoft_nmake | 19 ++ .../rainbowVc-cyclic-compressed/clean/api.h | 32 ++ .../rainbowVc-cyclic-compressed/clean/blas.h | 20 ++ .../clean/blas_comm.c | 153 ++++++++++ .../clean/blas_comm.h | 96 ++++++ .../clean/blas_u32.c | 90 ++++++ .../clean/blas_u32.h | 19 ++ .../rainbowVc-cyclic-compressed/clean/gf.c | 142 +++++++++ .../rainbowVc-cyclic-compressed/clean/gf.h | 19 ++ .../clean/parallel_matrix_op.c | 186 ++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++++++ .../clean/rainbow.c | 181 +++++++++++ .../clean/rainbow.h | 51 ++++ .../clean/rainbow_blas.h | 34 +++ .../clean/rainbow_config.h | 50 ++++ .../clean/rainbow_keypair.c | 201 +++++++++++++ .../clean/rainbow_keypair.h | 126 ++++++++ .../clean/rainbow_keypair_computation.c | 233 +++++++++++++++ .../clean/rainbow_keypair_computation.h | 79 +++++ .../rainbowVc-cyclic-compressed/clean/sign.c | 94 ++++++ .../clean/utils_hash.c | 55 ++++ .../clean/utils_hash.h | 14 + .../clean/utils_prng.c | 96 ++++++ .../clean/utils_prng.h | 22 ++ crypto_sign/rainbowVc-cyclic/META.yml | 17 ++ crypto_sign/rainbowVc-cyclic/clean/LICENSE | 8 + crypto_sign/rainbowVc-cyclic/clean/Makefile | 20 ++ .../clean/Makefile.Microsoft_nmake | 19 ++ crypto_sign/rainbowVc-cyclic/clean/api.h | 32 ++ crypto_sign/rainbowVc-cyclic/clean/blas.h | 20 ++ .../rainbowVc-cyclic/clean/blas_comm.c | 153 ++++++++++ .../rainbowVc-cyclic/clean/blas_comm.h | 96 ++++++ crypto_sign/rainbowVc-cyclic/clean/blas_u32.c | 90 ++++++ crypto_sign/rainbowVc-cyclic/clean/blas_u32.h | 19 ++ crypto_sign/rainbowVc-cyclic/clean/gf.c | 142 +++++++++ crypto_sign/rainbowVc-cyclic/clean/gf.h | 19 ++ .../clean/parallel_matrix_op.c | 186 ++++++++++++ .../clean/parallel_matrix_op.h | 282 ++++++++++++++++++ crypto_sign/rainbowVc-cyclic/clean/rainbow.c | 175 +++++++++++ crypto_sign/rainbowVc-cyclic/clean/rainbow.h | 43 +++ .../rainbowVc-cyclic/clean/rainbow_blas.h | 34 +++ .../rainbowVc-cyclic/clean/rainbow_config.h | 50 ++++ .../rainbowVc-cyclic/clean/rainbow_keypair.c | 170 +++++++++++ .../rainbowVc-cyclic/clean/rainbow_keypair.h | 109 +++++++ .../clean/rainbow_keypair_computation.c | 233 +++++++++++++++ .../clean/rainbow_keypair_computation.h | 79 +++++ crypto_sign/rainbowVc-cyclic/clean/sign.c | 94 ++++++ .../rainbowVc-cyclic/clean/utils_hash.c | 55 ++++ .../rainbowVc-cyclic/clean/utils_hash.h | 14 + .../rainbowVc-cyclic/clean/utils_prng.c | 96 ++++++ .../rainbowVc-cyclic/clean/utils_prng.h | 22 ++ 197 files changed, 15915 insertions(+), 69 deletions(-) create mode 100644 crypto_sign/rainbowIIIc-classic/META.yml create mode 100644 crypto_sign/rainbowIIIc-classic/clean/LICENSE create mode 100644 crypto_sign/rainbowIIIc-classic/clean/Makefile create mode 100644 crypto_sign/rainbowIIIc-classic/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowIIIc-classic/clean/api.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/blas.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/blas_comm.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/blas_comm.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/blas_u32.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/blas_u32.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/gf.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/gf.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/sign.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/utils_hash.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/utils_hash.h create mode 100644 crypto_sign/rainbowIIIc-classic/clean/utils_prng.c create mode 100644 crypto_sign/rainbowIIIc-classic/clean/utils_prng.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/META.yml create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/LICENSE create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/api.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c create mode 100644 crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/META.yml create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/LICENSE create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/Makefile create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/api.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/blas.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/gf.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/gf.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/sign.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c create mode 100644 crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/META.yml create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/LICENSE create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/api.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/gf.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c create mode 100644 crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h create mode 100644 crypto_sign/rainbowVc-classic/META.yml create mode 100644 crypto_sign/rainbowVc-classic/clean/LICENSE create mode 100644 crypto_sign/rainbowVc-classic/clean/Makefile create mode 100644 crypto_sign/rainbowVc-classic/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowVc-classic/clean/api.h create mode 100644 crypto_sign/rainbowVc-classic/clean/blas.h create mode 100644 crypto_sign/rainbowVc-classic/clean/blas_comm.c create mode 100644 crypto_sign/rainbowVc-classic/clean/blas_comm.h create mode 100644 crypto_sign/rainbowVc-classic/clean/blas_u32.c create mode 100644 crypto_sign/rainbowVc-classic/clean/blas_u32.h create mode 100644 crypto_sign/rainbowVc-classic/clean/gf.c create mode 100644 crypto_sign/rainbowVc-classic/clean/gf.h create mode 100644 crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow.c create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow.h create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowVc-classic/clean/sign.c create mode 100644 crypto_sign/rainbowVc-classic/clean/utils_hash.c create mode 100644 crypto_sign/rainbowVc-classic/clean/utils_hash.h create mode 100644 crypto_sign/rainbowVc-classic/clean/utils_prng.c create mode 100644 crypto_sign/rainbowVc-classic/clean/utils_prng.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/META.yml create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/LICENSE create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/api.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/gf.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c create mode 100644 crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h create mode 100644 crypto_sign/rainbowVc-cyclic/META.yml create mode 100644 crypto_sign/rainbowVc-cyclic/clean/LICENSE create mode 100644 crypto_sign/rainbowVc-cyclic/clean/Makefile create mode 100644 crypto_sign/rainbowVc-cyclic/clean/Makefile.Microsoft_nmake create mode 100644 crypto_sign/rainbowVc-cyclic/clean/api.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/blas.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/blas_comm.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/blas_comm.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/blas_u32.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/blas_u32.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/gf.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/gf.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/sign.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/utils_hash.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/utils_hash.h create mode 100644 crypto_sign/rainbowVc-cyclic/clean/utils_prng.c create mode 100644 crypto_sign/rainbowVc-cyclic/clean/utils_prng.h diff --git a/crypto_sign/rainbowIIIc-classic/META.yml b/crypto_sign/rainbowIIIc-classic/META.yml new file mode 100644 index 00000000..969d65ca --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-IIIc-classic +type: signature +claimed-nist-level: 3 +length-public-key: 710640 +length-secret-key: 511448 +length-signature: 156 +nistkat-sha256: 199cf313d96a4fbb481c50e568ac0222ec955b3e20551d0fadbb6c5e97bd1ada +testvectors-sha256: e738081bcc34228184645dd79237daabc89b7ed22172637b6c10f51dd1e417d9 +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowIIIc-classic/clean/LICENSE b/crypto_sign/rainbowIIIc-classic/clean/LICENSE new file mode 100644 index 00000000..cb00a6e3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/LICENSE @@ -0,0 +1,8 @@ +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowIIIc-classic/clean/Makefile b/crypto_sign/rainbowIIIc-classic/clean/Makefile new file mode 100644 index 00000000..3da2aefd --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowIIIc-classic_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowIIIc-classic/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowIIIc-classic/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..0ad2236e --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowIIIc-classic_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowIIIc-classic/clean/api.h b/crypto_sign/rainbowIIIc-classic/clean/api.h new file mode 100644 index 00000000..9dc88a7d --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_API_H +#define PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 511448 +#define PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 710640 +#define PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_CRYPTO_BYTES 156 +#define PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,68,36,36) - classic" + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas.h b/crypto_sign/rainbowIIIc-classic/clean/blas.h new file mode 100644 index 00000000..e0cb28c2 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/blas.h @@ -0,0 +1,20 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32 + + +#define gf256v_mul_scalar PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c new file mode 100644 index 00000000..9f4ecb99 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c @@ -0,0 +1,153 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_inv( pivot ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h new file mode 100644 index 00000000..28ca3646 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h @@ -0,0 +1,96 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c new file mode 100644 index 00000000..5f197cfc --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c @@ -0,0 +1,90 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + + + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h new file mode 100644 index 00000000..18d95d09 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h @@ -0,0 +1,19 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowIIIc-classic/clean/gf.c b/crypto_sign/rainbowIIIc-classic/clean/gf.c new file mode 100644 index 00000000..3b034f5d --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/gf.c @@ -0,0 +1,142 @@ +#include "gf.h" + +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +// gf16 := gf4[y]/y^2+y+x +uint32_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) ((a - 2) >> 1); + return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); +} +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} +uint32_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} diff --git a/crypto_sign/rainbowIIIc-classic/clean/gf.h b/crypto_sign/rainbowIIIc-classic/clean/gf.h new file mode 100644 index 00000000..14530418 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/gf.h @@ -0,0 +1,19 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint32_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); + + +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c new file mode 100644 index 00000000..79310cb2 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c @@ -0,0 +1,186 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + diff --git a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h new file mode 100644 index 00000000..638ab9ed --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow.c new file mode 100644 index 00000000..392630ce --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow.c @@ -0,0 +1,170 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + + diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow.h new file mode 100644 index 00000000..0925514a --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + + + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h new file mode 100644 index 00000000..601ee5e7 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + + +#define gfv_get_ele PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd + +#define gfmat_prod PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256 + + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h new file mode 100644 index 00000000..44cba4f3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h @@ -0,0 +1,50 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + +#define _GFSIZE 256 +#define _V1 68 +#define _O1 36 +#define _O2 36 +#define _HASH_LEN 48 + + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c new file mode 100644 index 00000000..de8e9de3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c @@ -0,0 +1,139 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + +static +void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // set up prng + prng_t prng0; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + + // generating secret key with prng. + generate_S_T( sk->s1, &prng0 ); + generate_B1_B2( sk->l1_F1, &prng0 ); + + // clean prng + memset( &prng0, 0, sizeof(prng_t) ); +} + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { + _generate_secretkey( sk, sk_seed ); + + // set up a temporary structure ext_cpk_t for calculating public key. + ext_cpk_t pk; + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + // so far, the pk contains the full pk but in ext_cpk_t format. + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. +} + + + + + diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h new file mode 100644 index 00000000..9a6c6c81 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h @@ -0,0 +1,72 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + + + +/// +/// @brief Generate key pairs for classic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); + + + + + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..b837b994 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c @@ -0,0 +1,197 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + +static +void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + /* + Layer 1 + Computing : + Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] + + Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 + Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + */ + const unsigned char *t2 = Ts->t4; + + memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // l1_Q5 : _O1_BYTE * _O1 * _O1 + // l1_Q9 : _O1_BYTE * _O2 * _O2 + // l2_Q5 : _O2_BYTE * _V1 * _O1 + // l2_Q9 : _O2_BYTE * _V1 * _O2 + + + unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; + + memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + + /* + layer 2 + Computing: + Q1 = F1 + Q2 = F1_F1T*T1 + F2 + Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) + */ + memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 + + memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 + + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + + Q3 = F1_F1T*T2 + F2*T3 + F3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 + */ + memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); + batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + + batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 + + batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 + batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 + batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 +} +// TODO: these defines are not really required for a clean implementation - just implement directly +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_impl( Qs, Fs, Ts ); +} + + + diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..1a532c8a --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h @@ -0,0 +1,60 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowIIIc-classic/clean/sign.c b/crypto_sign/rainbowIIIc-classic/clean/sign.c new file mode 100644 index 00000000..72586750 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/sign.c @@ -0,0 +1,92 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); + + return 0; +} + + + + + +int +PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + + +} + + + + + + +int +PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); + + + +} + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); +} + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); + +} diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_hash.c b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.c new file mode 100644 index 00000000..6323e528 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.c @@ -0,0 +1,55 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + sha384(digest, m, mlen); + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_hash.h b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.h new file mode 100644 index 00000000..6eafcdaa --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c new file mode 100644 index 00000000..7346beb0 --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.h b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.h new file mode 100644 index 00000000..6d07e69a --- /dev/null +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/META.yml b/crypto_sign/rainbowIIIc-cyclic-compressed/META.yml new file mode 100644 index 00000000..17e9e934 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-IIIc-cyclic-compressed +type: signature +claimed-nist-level: 3 +length-public-key: 206744 +length-secret-key: 64 +length-signature: 156 +nistkat-sha256: 1ad6d22a9e98c3e05a6aceb5b892dd75908924733aadfe074b6556e1dbd881c0 +testvectors-sha256: 40df2d3b2eb52aada14469c95e6890c486eaf22dcfca9604bbf528a0b7b75070 +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/LICENSE b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/LICENSE new file mode 100644 index 00000000..cb00a6e3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/LICENSE @@ -0,0 +1,8 @@ +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile new file mode 100644 index 00000000..602a3d19 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowIIIc-cyclic-compressed_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..0b89148a --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowIIIc-cyclic-compressed_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/api.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/api.h new file mode 100644 index 00000000..a4a171a9 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_API_H +#define PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_CRYPTO_SECRETKEYBYTES 64 +#define PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_CRYPTO_PUBLICKEYBYTES 206744 +#define PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_CRYPTO_BYTES 156 +#define PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,68,36,36) - cyclic compressed" + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h new file mode 100644 index 00000000..159342dc --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h @@ -0,0 +1,20 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32 + + +#define gf256v_mul_scalar PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c new file mode 100644 index 00000000..0d7de845 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c @@ -0,0 +1,153 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_inv( pivot ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h new file mode 100644 index 00000000..49a8ba1b --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h @@ -0,0 +1,96 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c new file mode 100644 index 00000000..1c445727 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c @@ -0,0 +1,90 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h new file mode 100644 index 00000000..5edfe447 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h @@ -0,0 +1,19 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c new file mode 100644 index 00000000..91fb0a75 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c @@ -0,0 +1,142 @@ +#include "gf.h" + +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +// gf16 := gf4[y]/y^2+y+x +uint32_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) ((a - 2) >> 1); + return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); +} +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} +uint32_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.h new file mode 100644 index 00000000..55b49591 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.h @@ -0,0 +1,19 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint32_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); + + +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c new file mode 100644 index 00000000..92935540 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c @@ -0,0 +1,186 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h new file mode 100644 index 00000000..ced939e2 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c new file mode 100644 index 00000000..d5e39f31 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c @@ -0,0 +1,181 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + +/////////////// cyclic version /////////////////////////// +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { + unsigned char sk[sizeof(sk_t) + 32]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); +} + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { + unsigned char pk[sizeof(pk_t) +32]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +} diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h new file mode 100644 index 00000000..4cfbc3f7 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h @@ -0,0 +1,51 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + +/// +/// @brief Signing function for compressed secret key of the cyclic rainbow. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the compressed secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function for cyclic public keys. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key of cyclic rainbow. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h new file mode 100644 index 00000000..fd172eca --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + + +#define gfv_get_ele PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd + +#define gfmat_prod PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256 + + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h new file mode 100644 index 00000000..44cba4f3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h @@ -0,0 +1,50 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + +#define _GFSIZE 256 +#define _V1 68 +#define _O1 36 +#define _O2 36 +#define _HASH_LEN 48 + + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c new file mode 100644 index 00000000..f6ac5b29 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c @@ -0,0 +1,201 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + + + +///////////////////// Cyclic ////////////////////////////////// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng; + prng_t *prng0 = &prng; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + + unsigned char t2[sizeof(sk->t4)]; + memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 + calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t *prng1 = &prng; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + + unsigned char t4[sizeof(sk->t4)]; + memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 + memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + + obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + + // clean + memset( &prng, 0, sizeof(prng_t) ); +} + + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); + sk_t sk; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng0; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, &prng0 ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t prng1; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, &prng1 ); + + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + + // calcuate the parts of sk according to pk. + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + + // clean prng for sk + memset( &prng0, 0, sizeof(prng_t) ); +} +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( rpk, &pk ); +} diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h new file mode 100644 index 00000000..151bbf84 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h @@ -0,0 +1,126 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + +/// @brief public key for cyclic rainbow +/// +/// public key for cyclic rainbow +/// +typedef +struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 + + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 +} cpk_t; + + + +/// @brief compressed secret key for cyclic rainbow +/// +/// compressed secret key for cyclic rainbow +/// +typedef +struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +} csk_t; + + + +/// +/// @brief Generate key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of public key. +/// @param[in] sk_seed - seed for generating secret key. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +/// +/// @brief Generate compressed key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the compressed secret key. +/// @param[in] pk_seed - seed for generating parts of the public key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +/// +/// @brief Generate secret key for cyclic rainbow. +/// +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of the pbulic key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +//////////////////////////////////// + +/// +/// @brief converting formats of public keys : from cyclic version to classic key +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the cyclic public key. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..6aa3f0c5 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -0,0 +1,233 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + + + + +static +void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + // Layer 1 + // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] + memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] + memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + + /* + Layer 2 + computations: + + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + + */ + memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + + // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + + unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; + memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) + memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + + batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + + // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); + batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 + batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + + // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + // + Q_pk.l2_F2s[i].transpose() * t4 + // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); + batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); + +} + + +////////////////////////////////////////////////////////////////////////////////////////////////// + +static +void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +// Layer 1: Computing Q5, Q3, Q6, Q9 + +// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + const unsigned char *t2 = Ts->t4; + sk_t tempQ; + memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + /* + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + /* + Layer 2 + Computing Q9: + + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ + sk_t tempQ2; + memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. + batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + + batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 +} + + + +/////////////////////////////////////////////////////////////////////// + + +// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ +#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref + + + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + calculate_F_from_Q_impl( Fs, Qs, Ts ); +} + +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +} + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..6419fb12 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h @@ -0,0 +1,79 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + + + +/// +/// @brief Computing parts of the sk from parts of pk and sk +/// +/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); + +/// +/// @brief Computing parts of the pk from the secret key +/// +/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 +/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c new file mode 100644 index 00000000..f85515b8 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c @@ -0,0 +1,94 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + + return 0; +} + + + + + +int +PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + + + +} + + + + + + +int +PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + + +} + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); +} + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + +} diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c new file mode 100644 index 00000000..db5e7f3d --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c @@ -0,0 +1,55 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + sha384(digest, m, mlen); + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h new file mode 100644 index 00000000..de041aed --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c new file mode 100644 index 00000000..1effeee4 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h new file mode 100644 index 00000000..c07c8e07 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + diff --git a/crypto_sign/rainbowIIIc-cyclic/META.yml b/crypto_sign/rainbowIIIc-cyclic/META.yml new file mode 100644 index 00000000..da707392 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-IIIc-cyclic +type: signature +claimed-nist-level: 3 +length-public-key: 206744 +length-secret-key: 511448 +length-signature: 156 +nistkat-sha256: 607fa94312778210c443431974087ce99357494ab16c8ad5a8418784b811223d +testvectors-sha256: 51559c38aefe636abd36094741be3b5f65de9e09cf9a5d37866b2e8d0eb58d22 +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/LICENSE b/crypto_sign/rainbowIIIc-cyclic/clean/LICENSE new file mode 100644 index 00000000..cb00a6e3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/LICENSE @@ -0,0 +1,8 @@ +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/Makefile b/crypto_sign/rainbowIIIc-cyclic/clean/Makefile new file mode 100644 index 00000000..d6161c21 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowIIIc-cyclic_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowIIIc-cyclic/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..c2fc2f6f --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowIIIc-cyclic_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/api.h b/crypto_sign/rainbowIIIc-cyclic/clean/api.h new file mode 100644 index 00000000..cf8628c2 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_API_H +#define PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_CRYPTO_SECRETKEYBYTES 511448 +#define PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_CRYPTO_PUBLICKEYBYTES 206744 +#define PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_CRYPTO_BYTES 156 +#define PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,68,36,36) - cyclic" + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas.h new file mode 100644 index 00000000..72ba2813 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas.h @@ -0,0 +1,20 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32 + + +#define gf256v_mul_scalar PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c new file mode 100644 index 00000000..b62b6875 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c @@ -0,0 +1,153 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_inv( pivot ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h new file mode 100644 index 00000000..aa5c7db4 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h @@ -0,0 +1,96 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c new file mode 100644 index 00000000..62d21c88 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c @@ -0,0 +1,90 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h new file mode 100644 index 00000000..7493f85e --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h @@ -0,0 +1,19 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c new file mode 100644 index 00000000..c3c3a595 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c @@ -0,0 +1,142 @@ +#include "gf.h" + +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +// gf16 := gf4[y]/y^2+y+x +uint32_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) ((a - 2) >> 1); + return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); +} +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} +uint32_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/gf.h b/crypto_sign/rainbowIIIc-cyclic/clean/gf.h new file mode 100644 index 00000000..a57b6fa7 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/gf.h @@ -0,0 +1,19 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint32_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); + + +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c new file mode 100644 index 00000000..85671923 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c @@ -0,0 +1,186 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h new file mode 100644 index 00000000..c6ee1801 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c new file mode 100644 index 00000000..a5216e3c --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c @@ -0,0 +1,175 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { + unsigned char pk[sizeof(pk_t) +32]; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +} diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h new file mode 100644 index 00000000..73333416 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h @@ -0,0 +1,43 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + + +/// +/// @brief Verifying function for cyclic public keys. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key of cyclic rainbow. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h new file mode 100644 index 00000000..a1dd37dc --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + + +#define gfv_get_ele PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd + +#define gfmat_prod PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256 + + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h new file mode 100644 index 00000000..44cba4f3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h @@ -0,0 +1,50 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + +#define _GFSIZE 256 +#define _V1 68 +#define _O1 36 +#define _O2 36 +#define _HASH_LEN 48 + + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c new file mode 100644 index 00000000..c5bbe7c2 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c @@ -0,0 +1,170 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + + + +///////////////////// Cyclic ////////////////////////////////// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng; + prng_t *prng0 = &prng; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + + unsigned char t2[sizeof(sk->t4)]; + memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 + calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t *prng1 = &prng; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + + unsigned char t4[sizeof(sk->t4)]; + memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 + memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + + obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + + // clean + memset( &prng, 0, sizeof(prng_t) ); +} + + + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); +} diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h new file mode 100644 index 00000000..8fe991ab --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h @@ -0,0 +1,109 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + +/// @brief public key for cyclic rainbow +/// +/// public key for cyclic rainbow +/// +typedef +struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 + + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 +} cpk_t; + + + +/// @brief compressed secret key for cyclic rainbow +/// +/// compressed secret key for cyclic rainbow +/// +typedef +struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +} csk_t; + + + +/// +/// @brief Generate key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of public key. +/// @param[in] sk_seed - seed for generating secret key. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + + + +//////////////////////////////////// + +/// +/// @brief converting formats of public keys : from cyclic version to classic key +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the cyclic public key. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..bb32b60e --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c @@ -0,0 +1,233 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + + + + +static +void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + // Layer 1 + // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] + memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] + memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + + /* + Layer 2 + computations: + + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + + */ + memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + + // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + + unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; + memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) + memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + + batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + + // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); + batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 + batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + + // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + // + Q_pk.l2_F2s[i].transpose() * t4 + // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); + batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); + +} + + +////////////////////////////////////////////////////////////////////////////////////////////////// + +static +void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +// Layer 1: Computing Q5, Q3, Q6, Q9 + +// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + const unsigned char *t2 = Ts->t4; + sk_t tempQ; + memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + /* + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + /* + Layer 2 + Computing Q9: + + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ + sk_t tempQ2; + memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. + batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + + batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 +} + + + +/////////////////////////////////////////////////////////////////////// + + +// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ +#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref + + + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + calculate_F_from_Q_impl( Fs, Qs, Ts ); +} + +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +} + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..d151669e --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h @@ -0,0 +1,79 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + + + +/// +/// @brief Computing parts of the sk from parts of pk and sk +/// +/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); + +/// +/// @brief Computing parts of the pk from the secret key +/// +/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 +/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c new file mode 100644 index 00000000..8730d410 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c @@ -0,0 +1,94 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + + return 0; +} + + + + + +int +PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + + +} + + + + + + +int +PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + + +} + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); +} + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + +} diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c new file mode 100644 index 00000000..3a8ad8b3 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c @@ -0,0 +1,55 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + sha384(digest, m, mlen); + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h new file mode 100644 index 00000000..45f0d129 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c new file mode 100644 index 00000000..87ed2c31 --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h new file mode 100644 index 00000000..fcf1e7fc --- /dev/null +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + diff --git a/crypto_sign/rainbowIa-classic/META.yml b/crypto_sign/rainbowIa-classic/META.yml index 928b1c2c..f6f5c5b2 100644 --- a/crypto_sign/rainbowIa-classic/META.yml +++ b/crypto_sign/rainbowIa-classic/META.yml @@ -14,4 +14,4 @@ auxiliary-submitters: - Bo-Yin Yang implementations: - name: clean - version: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-2/submissions/Rainbow-Round2.zip + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index e633f56e..24c9cc7f 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -1,13 +1,5 @@ #include "gf.h" -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} - //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -36,20 +28,6 @@ static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } -static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { - uint32_t c0 = a0 & b0; - uint32_t c2 = a1 & b1; - uint32_t c1_ = (a0 ^ a1) & (b0 ^ b1); - return ((c1_ ^ c0) << 1) ^ c0 ^ c2; -} - -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a) { - unsigned a4 = a & 0xf; - unsigned r = ((unsigned) 0) - a4; - r >>= 4; - return r & 1; -} - //// gf16 := gf4[y]/y^2+y+x static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a0 = a & 3; @@ -71,16 +49,7 @@ static inline uint8_t gf16_squ(uint8_t a) { return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); } -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a) { - uint8_t a2 = gf16_squ(a); - uint8_t a4 = gf16_squ(a2); - uint8_t a8 = gf16_squ(a4); - uint8_t a6 = gf16_mul(a4, a2); - return gf16_mul(a8, a6); -} - // gf16 := gf4[y]/y^2+y+x - uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { uint32_t axb0 = gf4v_mul_u32(a, b); uint32_t axb1 = gf4v_mul_u32(a, b >> 2); @@ -91,6 +60,38 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + + + +static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { + uint32_t c0 = a0 & b0; + uint32_t c2 = a1 & b1; + uint32_t c1_ = (a0 ^ a1) & (b0 ^ b1); + return ((c1_ ^ c0) << 1) ^ c0 ^ c2; +} + +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a) { + unsigned a4 = a & 0xf; + unsigned r = ((unsigned) 0) - a4; + r >>= 4; + return r & 1; +} + +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a) { + uint8_t a2 = gf16_squ(a); + uint8_t a4 = gf16_squ(a2); + uint8_t a8 = gf16_squ(a4); + uint8_t a6 = gf16_mul(a4, a2); + return gf16_mul(a8, a6); +} + static inline uint32_t _gf16v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3, uint32_t b0, uint32_t b1, uint32_t b2, uint32_t b3) { uint32_t c0 = _gf4v_mul_u32_u32(a0, a1, b0, b1); uint32_t c1_ = _gf4v_mul_u32_u32(a0 ^ a2, a1 ^ a3, b0 ^ b2, b1 ^ b3); diff --git a/crypto_sign/rainbowIa-classic/clean/gf.h b/crypto_sign/rainbowIa-classic/clean/gf.h index b4ad9a1d..e84d086d 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.h +++ b/crypto_sign/rainbowIa-classic/clean/gf.h @@ -8,11 +8,11 @@ /// @brief Library for arithmetics in GF(16) and GF(256) /// +uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a); -uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a); diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index 60b790e3..1282cab4 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -56,6 +56,5 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_ - #endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/META.yml b/crypto_sign/rainbowIa-cyclic-compressed/META.yml new file mode 100644 index 00000000..895c2965 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-Ia-cyclic-compressed +type: signature +claimed-nist-level: 1 +length-public-key: 58144 +length-secret-key: 64 +length-signature: 64 +nistkat-sha256: 65bb9e9b68b3114105e86d1107ede320901e174770ff8474722b4f459c3f2a51 +testvectors-sha256: 79d0bfaee00d058aa39981397016279738925f65bfec1aebb42372030abc4056 +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/LICENSE b/crypto_sign/rainbowIa-cyclic-compressed/clean/LICENSE new file mode 100644 index 00000000..cb00a6e3 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/LICENSE @@ -0,0 +1,8 @@ +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile b/crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile new file mode 100644 index 00000000..a2ea04cf --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowIa-cyclic-compressed_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..cb4cedbd --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowIa-cyclic-compressed_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/api.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/api.h new file mode 100644 index 00000000..6d2f6c21 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_API_H +#define PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_CRYPTO_SECRETKEYBYTES 64 +#define PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_CRYPTO_PUBLICKEYBYTES 58144 +#define PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_CRYPTO_BYTES 64 +#define PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_CRYPTO_ALGNAME "RAINBOW(16,32,32,32) - cyclic compressed" + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h new file mode 100644 index 00000000..e432b780 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h @@ -0,0 +1,21 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32 + + +#define gf16v_mul_scalar PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32 +#define gf16v_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32 +#define gf16v_dot PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c new file mode 100644 index 00000000..9a4ae8a8 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -0,0 +1,160 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} + +/// @brief get an element from GF(16) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i) { + uint8_t r = a[i >> 1]; + uint8_t r0 = r & 0xf; + uint8_t r1 = r >> 4; + uint8_t m = (uint8_t)(-((int8_t)i & 1)); + return (uint8_t)((r1 & m) | ((~m)&r0)); +} + +/// @brief set an element for a GF(16) vector . +/// +/// @param[in,out] a - the vector a. +/// @param[in] i - the index in the vector a. +/// @param[in] v - the value for the i-th element in vector a. +/// @return the value of the element. +/// +static uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { + uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase + a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set + return v; +} + +static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + uint8_t bb = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(b, i); + gf16v_madd(c, matA, bb, n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = (len_vec + 1) / 2; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + uint8_t bb = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(bk, i); + gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { + unsigned n_w_byte = (w + 1) / 2; + unsigned r8 = 1; + for (unsigned i = 0; i < h; i++) { + unsigned offset_byte = i >> 1; + uint8_t *ai = mat + n_w_byte * i; + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + n_w_byte * j; + gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); + } + uint8_t pivot = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i); + r8 &= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(pivot); + pivot = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_inv(pivot); + offset_byte = (i + 1) >> 1; + gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + n_w_byte * j; + gf16v_madd(aj + offset_byte, ai + offset_byte, PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(aj, i), n_w_byte - offset_byte); + } + } + return r8; +} + +static +unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 33]; + unsigned n_byte = (n + 1) >> 1; + for (unsigned i = 0; i < n; i++) { + memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); + mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(c_terms, i); + } + unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + for (unsigned i = 0; i < n; i++) { + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); + } + return r8; +} + +static inline void gf16mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { + unsigned n_byte_w1 = (w + 1) / 2; + unsigned n_byte_w2 = (w2 + 1) / 2; + unsigned st_2 = st / 2; + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < n_byte_w2; j++) { + mat2[i * n_byte_w2 + j] = mat[i * n_byte_w1 + st_2 + j]; + } + } +} + +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { + unsigned n_w_byte = (H + 1) / 2; + + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * n_w_byte; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); + gf256v_add(ai, a + i * n_w_byte, n_w_byte); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); + } + unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + gf16mat_submat(inv_a, H, H, aa, 2 * H, H); + return r8; +} + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#define gf16mat_prod_impl gf16mat_prod_ref +#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref +#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref + + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf16mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + + +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf16mat_gauss_elim_impl( mat, h, w); +} + +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf16mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h new file mode 100644 index 00000000..91821ec6 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h @@ -0,0 +1,76 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +/// @brief get an element from GF(16) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(16) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(16) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(16) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(16) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +/// @brief matrix-vector multiplication: c = matA * b , in GF(16) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c new file mode 100644 index 00000000..84ca9099 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c @@ -0,0 +1,116 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(t.u32, gf16_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + const uint32_t *a_u32 = (const uint32_t *) a; + const uint32_t *b_u32 = (const uint32_t *) b; + uint32_t r = 0; + for (unsigned i = 0; i < n_u32; i++) { + r ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); + } + + unsigned rem = _num_byte & 3; + if (rem) { + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } ta, tb; + ta.u32 = 0; + tb.u32 = 0; + for (unsigned i = 0; i < rem; i++) { + ta.u8[i] = a[(n_u32 << 2) + i]; + } + for (unsigned i = 0; i < rem; i++) { + tb.u8[i] = b[(n_u32 << 2) + i]; + } + r ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); + } + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_reduce_u32(r); +} + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h new file mode 100644 index 00000000..6321703a --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h @@ -0,0 +1,20 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); + + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c new file mode 100644 index 00000000..b1f15e0c --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c @@ -0,0 +1,125 @@ +#include "gf.h" + +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +// gf16 := gf4[y]/y^2+y+x +uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + + + +static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { + uint32_t c0 = a0 & b0; + uint32_t c2 = a1 & b1; + uint32_t c1_ = (a0 ^ a1) & (b0 ^ b1); + return ((c1_ ^ c0) << 1) ^ c0 ^ c2; +} + +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(uint8_t a) { + unsigned a4 = a & 0xf; + unsigned r = ((unsigned) 0) - a4; + r >>= 4; + return r & 1; +} + +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_inv(uint8_t a) { + uint8_t a2 = gf16_squ(a); + uint8_t a4 = gf16_squ(a2); + uint8_t a8 = gf16_squ(a4); + uint8_t a6 = gf16_mul(a4, a2); + return gf16_mul(a8, a6); +} + +static inline uint32_t _gf16v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3, uint32_t b0, uint32_t b1, uint32_t b2, uint32_t b3) { + uint32_t c0 = _gf4v_mul_u32_u32(a0, a1, b0, b1); + uint32_t c1_ = _gf4v_mul_u32_u32(a0 ^ a2, a1 ^ a3, b0 ^ b2, b1 ^ b3); + + uint32_t c2_0 = a2 & b2; + uint32_t c2_2 = a3 & b3; + uint32_t c2_1_ = (a2 ^ a3) & (b2 ^ b3); + uint32_t c2_r0 = c2_0 ^ c2_2; + uint32_t c2_r1 = c2_0 ^ c2_1_; + // GF(4) x2: (bit0<<1)^bit1^(bit1>>1); + return ((c1_ ^ c0) << 2) ^ c0 ^ (c2_r0 << 1) ^ c2_r1 ^ (c2_r1 << 1); +} + +uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b) { + uint32_t a0 = a & 0x11111111; + uint32_t a1 = (a >> 1) & 0x11111111; + uint32_t a2 = (a >> 2) & 0x11111111; + uint32_t a3 = (a >> 3) & 0x11111111; + uint32_t b0 = b & 0x11111111; + uint32_t b1 = (b >> 1) & 0x11111111; + uint32_t b2 = (b >> 2) & 0x11111111; + uint32_t b3 = (b >> 3) & 0x11111111; + + return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); +} + +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_reduce_u32(uint32_t a) { + uint8_t r256 = gf256v_reduce_u32(a); + return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); +} + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.h new file mode 100644 index 00000000..946db489 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.h @@ -0,0 +1,20 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); + + +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_reduce_u32(uint32_t a); + + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c new file mode 100644 index 00000000..4b61c718 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c @@ -0,0 +1,185 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf16v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf16v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf16v_madd( z, tmp, _y[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf16v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf16v_madd( y, tmp, _x[i], size_batch ); + } +} diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h new file mode 100644 index 00000000..ba01df60 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c new file mode 100644 index 00000000..4e87ca00 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c @@ -0,0 +1,181 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + +/////////////// cyclic version /////////////////////////// +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { + unsigned char sk[sizeof(sk_t) + 32]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); +} + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { + unsigned char pk[sizeof(pk_t) +32]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +} diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h new file mode 100644 index 00000000..d67ee069 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h @@ -0,0 +1,51 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + +/// +/// @brief Signing function for compressed secret key of the cyclic rainbow. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the compressed secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function for cyclic public keys. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key of cyclic rainbow. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h new file mode 100644 index 00000000..abdd4831 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + + +#define gfv_get_ele PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd + +#define gfmat_prod PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16 +#define batch_2trimat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16 +#define batch_matTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16 +#define batch_mat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16 + + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h new file mode 100644 index 00000000..abdd312c --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h @@ -0,0 +1,51 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + +#define _USE_GF16 +#define _GFSIZE 16 +#define _V1 32 +#define _O1 32 +#define _O2 32 +#define _HASH_LEN 32 + + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +// GF16 +#define _V1_BYTE (_V1/2) +#define _V2_BYTE (_V2/2) +#define _O1_BYTE (_O1/2) +#define _O2_BYTE (_O2/2) +#define _PUB_N_BYTE (_PUB_N/2) +#define _PUB_M_BYTE (_PUB_M/2) + + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c new file mode 100644 index 00000000..f03d2473 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c @@ -0,0 +1,201 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + + + +///////////////////// Cyclic ////////////////////////////////// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng; + prng_t *prng0 = &prng; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + + unsigned char t2[sizeof(sk->t4)]; + memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 + calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t *prng1 = &prng; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + + unsigned char t4[sizeof(sk->t4)]; + memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 + memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + + obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + + // clean + memset( &prng, 0, sizeof(prng_t) ); +} + + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); + sk_t sk; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng0; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, &prng0 ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t prng1; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, &prng1 ); + + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + + // calcuate the parts of sk according to pk. + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + + // clean prng for sk + memset( &prng0, 0, sizeof(prng_t) ); +} +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( rpk, &pk ); +} diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h new file mode 100644 index 00000000..d046772d --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h @@ -0,0 +1,126 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + +/// @brief public key for cyclic rainbow +/// +/// public key for cyclic rainbow +/// +typedef +struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 + + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 +} cpk_t; + + + +/// @brief compressed secret key for cyclic rainbow +/// +/// compressed secret key for cyclic rainbow +/// +typedef +struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +} csk_t; + + + +/// +/// @brief Generate key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of public key. +/// @param[in] sk_seed - seed for generating secret key. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +/// +/// @brief Generate compressed key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the compressed secret key. +/// @param[in] pk_seed - seed for generating parts of the public key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +/// +/// @brief Generate secret key for cyclic rainbow. +/// +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of the pbulic key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +//////////////////////////////////// + +/// +/// @brief converting formats of public keys : from cyclic version to classic key +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the cyclic public key. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..1f71ea72 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -0,0 +1,233 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + + + + +static +void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + // Layer 1 + // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] + memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] + memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + + /* + Layer 2 + computations: + + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + + */ + memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + + // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + + unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; + memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) + memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + + batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + + // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); + batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 + batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + + // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + // + Q_pk.l2_F2s[i].transpose() * t4 + // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); + batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); + +} + + +////////////////////////////////////////////////////////////////////////////////////////////////// + +static +void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +// Layer 1: Computing Q5, Q3, Q6, Q9 + +// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + const unsigned char *t2 = Ts->t4; + sk_t tempQ; + memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + /* + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + /* + Layer 2 + Computing Q9: + + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ + sk_t tempQ2; + memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. + batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + + batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 +} + + + +/////////////////////////////////////////////////////////////////////// + + +// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ +#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref + + + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + calculate_F_from_Q_impl( Fs, Qs, Ts ); +} + +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +} + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..9036f6db --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h @@ -0,0 +1,79 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + + + +/// +/// @brief Computing parts of the sk from parts of pk and sk +/// +/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); + +/// +/// @brief Computing parts of the pk from the secret key +/// +/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 +/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c new file mode 100644 index 00000000..6ef18fff --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c @@ -0,0 +1,94 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + + return 0; +} + + + + + +int +PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + + + +} + + + + + + +int +PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + + +} + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); +} + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + +} diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c new file mode 100644 index 00000000..b0da07ab --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c @@ -0,0 +1,55 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + sha256(digest, m, mlen); + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h new file mode 100644 index 00000000..f1a7fd34 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c new file mode 100644 index 00000000..c0098576 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h new file mode 100644 index 00000000..f24cc0d5 --- /dev/null +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + diff --git a/crypto_sign/rainbowIa-cyclic/META.yml b/crypto_sign/rainbowIa-cyclic/META.yml index 43ea4b23..5955b846 100644 --- a/crypto_sign/rainbowIa-cyclic/META.yml +++ b/crypto_sign/rainbowIa-cyclic/META.yml @@ -5,7 +5,7 @@ length-public-key: 58144 length-secret-key: 92960 length-signature: 64 nistkat-sha256: 16f53bf0966b433451ae26e47f09f2dc8ea42db6a5c58fff1a2e7954f94dac0a -testvectors-sha256: b7341bd862a8f683339e03cf236b885804854d9e0479cb53955761864ecc18bf +testvectors-sha256: b7341bd862a8f683339e03cf236b885804854d9e0479cb53955761864ecc18bf principal-submitter: Jintai Ding auxiliary-submitters: - Ming-Shing Chen @@ -14,4 +14,4 @@ auxiliary-submitters: - Bo-Yin Yang implementations: - name: clean - version: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-2/submissions/Rainbow-Round2.zip + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index ef479074..9ce30191 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -1,13 +1,5 @@ #include "gf.h" -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} - //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -36,20 +28,6 @@ static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } -static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { - uint32_t c0 = a0 & b0; - uint32_t c2 = a1 & b1; - uint32_t c1_ = (a0 ^ a1) & (b0 ^ b1); - return ((c1_ ^ c0) << 1) ^ c0 ^ c2; -} - -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a) { - unsigned a4 = a & 0xf; - unsigned r = ((unsigned) 0) - a4; - r >>= 4; - return r & 1; -} - //// gf16 := gf4[y]/y^2+y+x static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a0 = a & 3; @@ -71,16 +49,7 @@ static inline uint8_t gf16_squ(uint8_t a) { return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); } -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a) { - uint8_t a2 = gf16_squ(a); - uint8_t a4 = gf16_squ(a2); - uint8_t a8 = gf16_squ(a4); - uint8_t a6 = gf16_mul(a4, a2); - return gf16_mul(a8, a6); -} - // gf16 := gf4[y]/y^2+y+x - uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { uint32_t axb0 = gf4v_mul_u32(a, b); uint32_t axb1 = gf4v_mul_u32(a, b >> 2); @@ -91,6 +60,38 @@ uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + + + +static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { + uint32_t c0 = a0 & b0; + uint32_t c2 = a1 & b1; + uint32_t c1_ = (a0 ^ a1) & (b0 ^ b1); + return ((c1_ ^ c0) << 1) ^ c0 ^ c2; +} + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a) { + unsigned a4 = a & 0xf; + unsigned r = ((unsigned) 0) - a4; + r >>= 4; + return r & 1; +} + +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a) { + uint8_t a2 = gf16_squ(a); + uint8_t a4 = gf16_squ(a2); + uint8_t a8 = gf16_squ(a4); + uint8_t a6 = gf16_mul(a4, a2); + return gf16_mul(a8, a6); +} + static inline uint32_t _gf16v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t a2, uint32_t a3, uint32_t b0, uint32_t b1, uint32_t b2, uint32_t b3) { uint32_t c0 = _gf4v_mul_u32_u32(a0, a1, b0, b1); uint32_t c1_ = _gf4v_mul_u32_u32(a0 ^ a2, a1 ^ a3, b0 ^ b2, b1 ^ b3); diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.h b/crypto_sign/rainbowIa-cyclic/clean/gf.h index dd6a1ee0..e45cf934 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.h +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.h @@ -8,11 +8,11 @@ /// @brief Library for arithmetics in GF(16) and GF(256) /// +uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a); -uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a); diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h index 1dc6e48f..d7b9eafe 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h @@ -57,7 +57,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t - /// /// @brief Computing parts of the sk from parts of pk and sk /// diff --git a/crypto_sign/rainbowVc-classic/META.yml b/crypto_sign/rainbowVc-classic/META.yml new file mode 100644 index 00000000..666b9b16 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-Vc-classic +type: signature +claimed-nist-level: 5 +length-public-key: 1705536 +length-secret-key: 1227104 +length-signature: 204 +nistkat-sha256: e9d065cbdd5736f4ad2bf5c910fcdf163c3e93828a2e59cd4d1dbebb8c1de202 +testvectors-sha256: 729d88ca4b5a64508c15c86f986ab81489275ee84d371b5ec0792f89b9ca5ac3 +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowVc-classic/clean/LICENSE b/crypto_sign/rainbowVc-classic/clean/LICENSE new file mode 100644 index 00000000..cb00a6e3 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/LICENSE @@ -0,0 +1,8 @@ +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowVc-classic/clean/Makefile b/crypto_sign/rainbowVc-classic/clean/Makefile new file mode 100644 index 00000000..5aa2d89b --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowVc-classic_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowVc-classic/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowVc-classic/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..1c09a88e --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowVc-classic_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowVc-classic/clean/api.h b/crypto_sign/rainbowVc-classic/clean/api.h new file mode 100644 index 00000000..11edfb14 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWVCCLASSIC_CLEAN_API_H +#define PQCLEAN_RAINBOWVCCLASSIC_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWVCCLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 1227104 +#define PQCLEAN_RAINBOWVCCLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 1705536 +#define PQCLEAN_RAINBOWVCCLASSIC_CLEAN_CRYPTO_BYTES 204 +#define PQCLEAN_RAINBOWVCCLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,92,48,48) - classic" + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowVc-classic/clean/blas.h b/crypto_sign/rainbowVc-classic/clean/blas.h new file mode 100644 index 00000000..6fd9cfea --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/blas.h @@ -0,0 +1,20 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32 + + +#define gf256v_mul_scalar PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.c b/crypto_sign/rainbowVc-classic/clean/blas_comm.c new file mode 100644 index 00000000..aa708e68 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.c @@ -0,0 +1,153 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_inv( pivot ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.h b/crypto_sign/rainbowVc-classic/clean/blas_comm.h new file mode 100644 index 00000000..cd54acac --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.h @@ -0,0 +1,96 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowVc-classic/clean/blas_u32.c b/crypto_sign/rainbowVc-classic/clean/blas_u32.c new file mode 100644 index 00000000..a20931ba --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/blas_u32.c @@ -0,0 +1,90 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + + + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + diff --git a/crypto_sign/rainbowVc-classic/clean/blas_u32.h b/crypto_sign/rainbowVc-classic/clean/blas_u32.h new file mode 100644 index 00000000..c72622dc --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/blas_u32.h @@ -0,0 +1,19 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowVc-classic/clean/gf.c b/crypto_sign/rainbowVc-classic/clean/gf.c new file mode 100644 index 00000000..2af61837 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/gf.c @@ -0,0 +1,142 @@ +#include "gf.h" + +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +// gf16 := gf4[y]/y^2+y+x +uint32_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) ((a - 2) >> 1); + return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); +} +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} +uint32_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} diff --git a/crypto_sign/rainbowVc-classic/clean/gf.h b/crypto_sign/rainbowVc-classic/clean/gf.h new file mode 100644 index 00000000..7137179e --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/gf.h @@ -0,0 +1,19 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint32_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); + + +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c new file mode 100644 index 00000000..c57cf059 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c @@ -0,0 +1,186 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + diff --git a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h new file mode 100644 index 00000000..b627ac4b --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow.c b/crypto_sign/rainbowVc-classic/clean/rainbow.c new file mode 100644 index 00000000..2b0c6e16 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow.c @@ -0,0 +1,170 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + + diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow.h b/crypto_sign/rainbowVc-classic/clean/rainbow.h new file mode 100644 index 00000000..7b82b2b6 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + + + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_blas.h b/crypto_sign/rainbowVc-classic/clean/rainbow_blas.h new file mode 100644 index 00000000..c84faa35 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_blas.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + + +#define gfv_get_ele PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd + +#define gfmat_prod PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256 + + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_config.h b/crypto_sign/rainbowVc-classic/clean/rainbow_config.h new file mode 100644 index 00000000..20f1068f --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_config.h @@ -0,0 +1,50 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + +#define _GFSIZE 256 +#define _V1 92 +#define _O1 48 +#define _O2 48 +#define _HASH_LEN 64 + + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c new file mode 100644 index 00000000..e870c437 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c @@ -0,0 +1,139 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + +static +void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // set up prng + prng_t prng0; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + + // generating secret key with prng. + generate_S_T( sk->s1, &prng0 ); + generate_B1_B2( sk->l1_F1, &prng0 ); + + // clean prng + memset( &prng0, 0, sizeof(prng_t) ); +} + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { + _generate_secretkey( sk, sk_seed ); + + // set up a temporary structure ext_cpk_t for calculating public key. + ext_cpk_t pk; + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + // so far, the pk contains the full pk but in ext_cpk_t format. + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. +} + + + + + diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h new file mode 100644 index 00000000..bc575d90 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h @@ -0,0 +1,72 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + + + +/// +/// @brief Generate key pairs for classic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); + + + + + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..78e632a5 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c @@ -0,0 +1,197 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + +static +void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + /* + Layer 1 + Computing : + Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] + + Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 + Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + */ + const unsigned char *t2 = Ts->t4; + + memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // l1_Q5 : _O1_BYTE * _O1 * _O1 + // l1_Q9 : _O1_BYTE * _O2 * _O2 + // l2_Q5 : _O2_BYTE * _V1 * _O1 + // l2_Q9 : _O2_BYTE * _V1 * _O2 + + + unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; + + memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + + /* + layer 2 + Computing: + Q1 = F1 + Q2 = F1_F1T*T1 + F2 + Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) + */ + memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); + + memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 + + memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); + memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 + + batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 + + /* + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + + Q3 = F1_F1T*T2 + F2*T3 + F3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 + */ + memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); + batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 + batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + + batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 + + batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 + batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 + batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 +} +// TODO: these defines are not really required for a clean implementation - just implement directly +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_impl( Qs, Fs, Ts ); +} + + + diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..decf2f1c --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h @@ -0,0 +1,60 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowVc-classic/clean/sign.c b/crypto_sign/rainbowVc-classic/clean/sign.c new file mode 100644 index 00000000..c0e87b4d --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/sign.c @@ -0,0 +1,92 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); + + return 0; +} + + + + + +int +PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + + +} + + + + + + +int +PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); + + + +} + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); +} + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); + +} diff --git a/crypto_sign/rainbowVc-classic/clean/utils_hash.c b/crypto_sign/rainbowVc-classic/clean/utils_hash.c new file mode 100644 index 00000000..2f80fff9 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/utils_hash.c @@ -0,0 +1,55 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + sha512(digest, m, mlen); + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowVc-classic/clean/utils_hash.h b/crypto_sign/rainbowVc-classic/clean/utils_hash.h new file mode 100644 index 00000000..f7ccd524 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowVc-classic/clean/utils_prng.c b/crypto_sign/rainbowVc-classic/clean/utils_prng.c new file mode 100644 index 00000000..4a136b27 --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowVc-classic/clean/utils_prng.h b/crypto_sign/rainbowVc-classic/clean/utils_prng.h new file mode 100644 index 00000000..b75b395a --- /dev/null +++ b/crypto_sign/rainbowVc-classic/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/META.yml b/crypto_sign/rainbowVc-cyclic-compressed/META.yml new file mode 100644 index 00000000..606d989d --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-Vc-cyclic-compressed +type: signature +claimed-nist-level: 5 +length-public-key: 491936 +length-secret-key: 64 +length-signature: 204 +nistkat-sha256: 7bc9f57b718843d525d893fc361d97417de0b06e954f2687f808bebaaf2c762c +testvectors-sha256: acd054aed76af99bf0b31438226bdcca8ac34efde180cf80732c30bc00a63a9c +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/LICENSE b/crypto_sign/rainbowVc-cyclic-compressed/clean/LICENSE new file mode 100644 index 00000000..cb00a6e3 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/LICENSE @@ -0,0 +1,8 @@ +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile b/crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile new file mode 100644 index 00000000..e4387a30 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowVc-cyclic-compressed_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..e2aa7250 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowVc-cyclic-compressed_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/api.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/api.h new file mode 100644 index 00000000..7f4a866c --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_API_H +#define PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_CRYPTO_SECRETKEYBYTES 64 +#define PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_CRYPTO_PUBLICKEYBYTES 491936 +#define PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_CRYPTO_BYTES 204 +#define PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,92,48,48) - cyclic compressed" + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h new file mode 100644 index 00000000..0bad5653 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h @@ -0,0 +1,20 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32 + + +#define gf256v_mul_scalar PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c new file mode 100644 index 00000000..e1725ac1 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c @@ -0,0 +1,153 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_inv( pivot ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h new file mode 100644 index 00000000..a0c1a5ff --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h @@ -0,0 +1,96 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c new file mode 100644 index 00000000..4e423280 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c @@ -0,0 +1,90 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h new file mode 100644 index 00000000..5e0ce1ae --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h @@ -0,0 +1,19 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c new file mode 100644 index 00000000..c61b7bd8 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c @@ -0,0 +1,142 @@ +#include "gf.h" + +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +// gf16 := gf4[y]/y^2+y+x +uint32_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) ((a - 2) >> 1); + return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); +} +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} +uint32_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.h new file mode 100644 index 00000000..57031de2 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.h @@ -0,0 +1,19 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint32_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); + + +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c new file mode 100644 index 00000000..0e93b149 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c @@ -0,0 +1,186 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h new file mode 100644 index 00000000..5436d930 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c new file mode 100644 index 00000000..2e390340 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c @@ -0,0 +1,181 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + +/////////////// cyclic version /////////////////////////// +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { + unsigned char sk[sizeof(sk_t) + 32]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); +} + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { + unsigned char pk[sizeof(pk_t) +32]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +} diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h new file mode 100644 index 00000000..8a491d2c --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h @@ -0,0 +1,51 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + +/// +/// @brief Signing function for compressed secret key of the cyclic rainbow. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the compressed secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function for cyclic public keys. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key of cyclic rainbow. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h new file mode 100644 index 00000000..a89e9f76 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + + +#define gfv_get_ele PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd + +#define gfmat_prod PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256 + + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h new file mode 100644 index 00000000..20f1068f --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h @@ -0,0 +1,50 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + +#define _GFSIZE 256 +#define _V1 92 +#define _O1 48 +#define _O2 48 +#define _HASH_LEN 64 + + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c new file mode 100644 index 00000000..4c05b519 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c @@ -0,0 +1,201 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + + + +///////////////////// Cyclic ////////////////////////////////// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng; + prng_t *prng0 = &prng; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + + unsigned char t2[sizeof(sk->t4)]; + memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 + calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t *prng1 = &prng; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + + unsigned char t4[sizeof(sk->t4)]; + memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 + memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + + obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + + // clean + memset( &prng, 0, sizeof(prng_t) ); +} + + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); + sk_t sk; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng0; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, &prng0 ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t prng1; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, &prng1 ); + + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + + // calcuate the parts of sk according to pk. + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + + // clean prng for sk + memset( &prng0, 0, sizeof(prng_t) ); +} +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( rpk, &pk ); +} diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h new file mode 100644 index 00000000..20fab7f9 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h @@ -0,0 +1,126 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + +/// @brief public key for cyclic rainbow +/// +/// public key for cyclic rainbow +/// +typedef +struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 + + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 +} cpk_t; + + + +/// @brief compressed secret key for cyclic rainbow +/// +/// compressed secret key for cyclic rainbow +/// +typedef +struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +} csk_t; + + + +/// +/// @brief Generate key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of public key. +/// @param[in] sk_seed - seed for generating secret key. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +/// +/// @brief Generate compressed key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the compressed secret key. +/// @param[in] pk_seed - seed for generating parts of the public key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +/// +/// @brief Generate secret key for cyclic rainbow. +/// +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of the pbulic key. +/// @param[in] sk_seed - seed for generating the secret key. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + +//////////////////////////////////// + +/// +/// @brief converting formats of public keys : from cyclic version to classic key +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the cyclic public key. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..7762e3f5 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -0,0 +1,233 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + + + + +static +void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + // Layer 1 + // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] + memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] + memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + + /* + Layer 2 + computations: + + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + + */ + memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + + // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + + unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; + memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) + memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + + batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + + // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); + batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 + batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + + // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + // + Q_pk.l2_F2s[i].transpose() * t4 + // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); + batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); + +} + + +////////////////////////////////////////////////////////////////////////////////////////////////// + +static +void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +// Layer 1: Computing Q5, Q3, Q6, Q9 + +// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + const unsigned char *t2 = Ts->t4; + sk_t tempQ; + memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + /* + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + /* + Layer 2 + Computing Q9: + + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ + sk_t tempQ2; + memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. + batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + + batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 +} + + + +/////////////////////////////////////////////////////////////////////// + + +// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ +#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref + + + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + calculate_F_from_Q_impl( Fs, Qs, Ts ); +} + +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +} + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..b4ddf049 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h @@ -0,0 +1,79 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + + + +/// +/// @brief Computing parts of the sk from parts of pk and sk +/// +/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); + +/// +/// @brief Computing parts of the pk from the secret key +/// +/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 +/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c new file mode 100644 index 00000000..41c9baeb --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c @@ -0,0 +1,94 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + + return 0; +} + + + + + +int +PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + + + +} + + + + + + +int +PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + + +} + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); +} + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + +} diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c new file mode 100644 index 00000000..e626ea18 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c @@ -0,0 +1,55 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + sha512(digest, m, mlen); + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h new file mode 100644 index 00000000..98bee65d --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c new file mode 100644 index 00000000..d417d9d8 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h new file mode 100644 index 00000000..ddb2f19a --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + diff --git a/crypto_sign/rainbowVc-cyclic/META.yml b/crypto_sign/rainbowVc-cyclic/META.yml new file mode 100644 index 00000000..6d8d7a44 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/META.yml @@ -0,0 +1,17 @@ +name: Rainbow-Vc-cyclic +type: signature +claimed-nist-level: 5 +length-public-key: 491936 +length-secret-key: 1227104 +length-signature: 204 +nistkat-sha256: f33608a7f2db6ea71394f38a9e1ee06b96330759ccd4fc1719ac2286dac43650 +testvectors-sha256: d760ae98b24bdc3f8d22e8324ba73e0dd759a99a58b9e8860a168182de02b669 +principal-submitter: Jintai Ding +auxiliary-submitters: + - Ming-Shing Chen + - Albrecht Petzoldt + - Dieter Schmidt + - Bo-Yin Yang +implementations: + - name: clean + version: https://github.com/fast-crypto-lab/rainbow-submission-round2/commit/af826fcb78f6af51a02d0352cff28a9690467bfd diff --git a/crypto_sign/rainbowVc-cyclic/clean/LICENSE b/crypto_sign/rainbowVc-cyclic/clean/LICENSE new file mode 100644 index 00000000..cb00a6e3 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/LICENSE @@ -0,0 +1,8 @@ +`Software implementation of Rainbow for NIST R2 submission' by Ming-Shing Chen + +To the extent possible under law, the person who associated CC0 with +`Software implementation of Rainbow for NIST R2 submission' has waived all copyright and related or neighboring rights +to `Software implementation of Rainbow for NIST R2 submission'. + +You should have received a copy of the CC0 legalcode along with this +work. If not, see . diff --git a/crypto_sign/rainbowVc-cyclic/clean/Makefile b/crypto_sign/rainbowVc-cyclic/clean/Makefile new file mode 100644 index 00000000..de6d19fd --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/Makefile @@ -0,0 +1,20 @@ +# This Makefile can be used with GNU Make or BSD Make + +LIB=librainbowVc-cyclic_clean.a + +HEADERS = api.h blas_comm.h blas.h blas_u32.h gf.h parallel_matrix_op.h rainbow_blas.h rainbow_config.h rainbow.h rainbow_keypair_computation.h rainbow_keypair.h utils_hash.h utils_prng.h +OBJECTS = blas_comm.o parallel_matrix_op.o rainbow.o rainbow_keypair.o rainbow_keypair_computation.o sign.o utils_hash.o utils_prng.o blas_u32.o gf.o + +CFLAGS=-O3 -Wall -Wconversion -Wextra -Wpedantic -Wvla -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS) + +all: $(LIB) + +%.o: %.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $@ $< + +$(LIB): $(OBJECTS) + $(AR) -r $@ $(OBJECTS) + +clean: + $(RM) $(OBJECTS) + $(RM) $(LIB) diff --git a/crypto_sign/rainbowVc-cyclic/clean/Makefile.Microsoft_nmake b/crypto_sign/rainbowVc-cyclic/clean/Makefile.Microsoft_nmake new file mode 100644 index 00000000..5b554a44 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/Makefile.Microsoft_nmake @@ -0,0 +1,19 @@ +# This Makefile can be used with Microsoft Visual Studio's nmake using the command: +# nmake /f Makefile.Microsoft_nmake + +LIBRARY=librainbowVc-cyclic_clean.lib +OBJECTS = blas_comm.obj parallel_matrix_op.obj rainbow.obj rainbow_keypair.obj rainbow_keypair_computation.obj sign.obj utils_hash.obj utils_prng.obj blas_u32.obj gf.obj + +CFLAGS=/nologo /I ..\..\..\common /W4 /WX + +all: $(LIBRARY) + +# Make sure objects are recompiled if headers change. +$(OBJECTS): *.h + +$(LIBRARY): $(OBJECTS) + LIB.EXE /NOLOGO /WX /OUT:$@ $** + +clean: + -DEL $(OBJECTS) + -DEL $(LIBRARY) diff --git a/crypto_sign/rainbowVc-cyclic/clean/api.h b/crypto_sign/rainbowVc-cyclic/clean/api.h new file mode 100644 index 00000000..e7106779 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/api.h @@ -0,0 +1,32 @@ +#ifndef PQCLEAN_RAINBOWVCCYCLIC_CLEAN_API_H +#define PQCLEAN_RAINBOWVCCYCLIC_CLEAN_API_H + +#include +#include + +#define PQCLEAN_RAINBOWVCCYCLIC_CLEAN_CRYPTO_SECRETKEYBYTES 1227104 +#define PQCLEAN_RAINBOWVCCYCLIC_CLEAN_CRYPTO_PUBLICKEYBYTES 491936 +#define PQCLEAN_RAINBOWVCCYCLIC_CLEAN_CRYPTO_BYTES 204 +#define PQCLEAN_RAINBOWVCCYCLIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,92,48,48) - cyclic" + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); + + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk); + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk); + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, + const uint8_t *m, size_t mlen, + const uint8_t *sk); + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, + const uint8_t *sm, size_t smlen, + const uint8_t *pk); + + +#endif diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas.h b/crypto_sign/rainbowVc-cyclic/clean/blas.h new file mode 100644 index 00000000..3124e404 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/blas.h @@ -0,0 +1,20 @@ +#ifndef _BLAS_H_ +#define _BLAS_H_ +/// @file blas.h +/// @brief Defining the implementations for linear algebra functions depending on the machine architecture. +/// + +#include "blas_comm.h" +#include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32 + + +#define gf256v_mul_scalar PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32 +#define gf256v_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32 + + +#endif // _BLAS_H_ + diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c new file mode 100644 index 00000000..2040f096 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c @@ -0,0 +1,153 @@ +/// @file blas_comm.c +/// @brief The standard implementations for blas_comm.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "gf.h" +#include "rainbow_config.h" + +#include +#include + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} + +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} + +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} + +static +unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { + unsigned r8 = 1; + + for (unsigned i = 0; i < h; i++) { + uint8_t *ai = mat + w * i; + unsigned skip_len_align4 = i & ((unsigned)~0x3); + + for (unsigned j = i + 1; j < h; j++) { + uint8_t *aj = mat + w * j; + gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + } + r8 &= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); + uint8_t pivot = ai[i]; + pivot = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_inv( pivot ); + gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + for (unsigned j = 0; j < h; j++) { + if (i == j) { + continue; + } + uint8_t *aj = mat + w * j; + gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + } + } + + return r8; +} + +static +unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + uint8_t mat[ 64 * 64 ]; + for (unsigned i = 0; i < n; i++) { + memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + mat[i * (n + 1) + n] = c_terms[i]; + } + unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + for (unsigned i = 0; i < n; i++) { + sol[i] = mat[i * (n + 1) + n]; + } + return r8; +} + + + +static inline +void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { + for (unsigned i = 0; i < h; i++) { + for (unsigned j = 0; j < w2; j++) { + mat2[i * w2 + j] = mat[i * w + st + j]; + } + } +} + + +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { + uint8_t *aa = buffer; + for (unsigned i = 0; i < H; i++) { + uint8_t *ai = aa + i * 2 * H; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( ai, 2 * H ); + gf256v_add( ai, a + i * H, H ); + ai[H + i] = 1; + } + unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); + gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + return r8; +} + + + + + +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE + +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); +} + +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { + return gf256mat_gauss_elim_impl( mat, h, w ); +} + + +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { + return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +} + diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h new file mode 100644 index 00000000..4718f2f4 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h @@ -0,0 +1,96 @@ +#ifndef _BLAS_COMM_H_ +#define _BLAS_COMM_H_ +/// @file blas_comm.h +/// @brief Common functions for linear algebra. +/// + +#include "rainbow_config.h" +#include + + +/// @brief set a vector to 0. +/// +/// @param[in,out] b - the vector b. +/// @param[in] _num_byte - number of bytes for the vector b. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); + +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); + +/// @brief Gauss elimination for a matrix, in GF(256) +/// +/// @param[in,out] mat - the matrix. +/// @param[in] h - the height of the matrix. +/// @param[in] w - the width of the matrix. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); + +/// @brief Solving linear equations, in GF(256) +/// +/// @param[out] sol - the solutions. +/// @param[in] inp_mat - the matrix parts of input equations. +/// @param[in] c_terms - the constant terms of the input equations. +/// @param[in] n - the number of equations. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); + +/// @brief Computing the inverse matrix, in GF(256) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +#endif // _BLAS_COMM_H_ + diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c new file mode 100644 index 00000000..a62a973c --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c @@ -0,0 +1,90 @@ +#include "blas_u32.h" +#include "gf.h" + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { + uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint8_t pr_u8 = pr_u32 & 0xff; + + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= (a_u32[i] & pr_u32); + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= (a[i] & pr_u8); + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h new file mode 100644 index 00000000..6140037f --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h @@ -0,0 +1,19 @@ +#ifndef _BLAS_U32_H_ +#define _BLAS_U32_H_ +/// @file blas_u32.h +/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. +/// + +#include "rainbow_config.h" +#include + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + + +#endif // _BLAS_U32_H_ + diff --git a/crypto_sign/rainbowVc-cyclic/clean/gf.c b/crypto_sign/rainbowVc-cyclic/clean/gf.c new file mode 100644 index 00000000..8fb20255 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/gf.c @@ -0,0 +1,142 @@ +#include "gf.h" + +//// gf4 := gf2[x]/x^2+x+1 +static inline uint8_t gf4_mul_2(uint8_t a) { + uint8_t r = (uint8_t) (a << 1); + r ^= (uint8_t) ((a >> 1) * 7); + return r; +} + +static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { + uint8_t r = (uint8_t) (a * (b & 1)); + return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); +} + +static inline uint8_t gf4_squ(uint8_t a) { + return a ^ (a >> 1); +} + +static inline uint32_t gf4v_mul_2_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit1 ^ (bit1 >> 1); +} + +static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { + uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); +} + +//// gf16 := gf4[y]/y^2+y+x +static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + uint8_t b0 = b & 3; + uint8_t b1 = (b >> 2); + uint8_t a0b0 = gf4_mul(a0, b0); + uint8_t a1b1 = gf4_mul(a1, b1); + uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x2 = gf4_mul_2(a1b1); + return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); +} + +static inline uint8_t gf16_squ(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = (a >> 2); + a1 = gf4_squ(a1); + uint8_t a1squ_x2 = gf4_mul_2(a1); + return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); +} + +// gf16 := gf4[y]/y^2+y+x +uint32_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = gf4v_mul_u32(a, b); + uint32_t axb1 = gf4v_mul_u32(a, b >> 2); + uint32_t a0b1 = (axb1 << 2) & 0xcccccccc; + uint32_t a1b1 = axb1 & 0xcccccccc; + uint32_t a1b1_2 = a1b1 >> 2; + + return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); +} + +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { + unsigned a8 = a; + unsigned r = ((unsigned) 0) - a8; + r >>= 8; + return r & 1; +} + +static inline uint8_t gf4_mul_3(uint8_t a) { + uint8_t msk = (uint8_t) ((a - 2) >> 1); + return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); +} +static inline uint8_t gf16_mul_8(uint8_t a) { + uint8_t a0 = a & 3; + uint8_t a1 = a >> 2; + return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); +} + +// gf256 := gf16[X]/X^2+X+xy +static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + uint8_t b0 = b & 15; + uint8_t b1 = (b >> 4); + uint8_t a0b0 = gf16_mul(a0, b0); + uint8_t a1b1 = gf16_mul(a1, b1); + uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; + uint8_t a1b1_x8 = gf16_mul_8(a1b1); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); +} + +static inline uint8_t gf256_squ(uint8_t a) { + uint8_t a0 = a & 15; + uint8_t a1 = (a >> 4); + a1 = gf16_squ(a1); + uint8_t a1squ_x8 = gf16_mul_8(a1); + return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); +} + +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_inv(uint8_t a) { + // 128+64+32+16+8+4+2 = 254 + uint8_t a2 = gf256_squ(a); + uint8_t a4 = gf256_squ(a2); + uint8_t a8 = gf256_squ(a4); + uint8_t a4_2 = gf256_mul(a4, a2); + uint8_t a8_4_2 = gf256_mul(a4_2, a8); + uint8_t a64_ = gf256_squ(a8_4_2); + a64_ = gf256_squ(a64_); + a64_ = gf256_squ(a64_); + uint8_t a64_2 = gf256_mul(a64_, a8_4_2); + uint8_t a128_ = gf256_squ(a64_2); + return gf256_mul(a2, a128_); +} + +static inline uint32_t gf4v_mul_3_u32(uint32_t a) { + uint32_t bit0 = a & 0x55555555; + uint32_t bit1 = a & 0xaaaaaaaa; + return (bit0 << 1) ^ bit0 ^ (bit1 >> 1); +} +static inline uint32_t gf16v_mul_8_u32(uint32_t a) { + uint32_t a1 = a & 0xcccccccc; + uint32_t a0 = (a << 2) & 0xcccccccc; + return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); +} +uint32_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { + uint32_t axb0 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf16v_mul_u32(a, b); + uint32_t axb1 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf16v_mul_u32(a, b >> 4); + uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; + uint32_t a1b1 = axb1 & 0xf0f0f0f0; + uint32_t a1b1_4 = a1b1 >> 4; + + return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); +} diff --git a/crypto_sign/rainbowVc-cyclic/clean/gf.h b/crypto_sign/rainbowVc-cyclic/clean/gf.h new file mode 100644 index 00000000..8d9cc260 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/gf.h @@ -0,0 +1,19 @@ +#ifndef _GF16_H_ +#define _GF16_H_ + +#include "rainbow_config.h" +#include + +/// @file gf16.h +/// @brief Library for arithmetics in GF(16) and GF(256) +/// + +uint32_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); + + +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a); +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_inv(uint8_t a); +uint32_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); + + +#endif // _GF16_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c new file mode 100644 index 00000000..fbd8c7d4 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c @@ -0,0 +1,186 @@ +/// @file parallel_matrix_op.c +/// @brief the standard implementations for functions in parallel_matrix_op.h +/// +/// the standard implementations for functions in parallel_matrix_op.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "parallel_matrix_op.h" + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { + return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +} + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. +/// +/// @param[in] i_row - the i-th row in a triangle matrix. +/// @param[in] j_col - the j-th column in a triangle matrix. +/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +static inline +unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { + if ( i_row > j_col ) { + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); + } + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); +} + + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { + unsigned char *runningC = btriC; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < i; j++) { + unsigned idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); + gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + } + gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + runningC += size_batch * (Aheight - i); + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch ) { + unsigned char tmp[128]; + + unsigned char _x[128]; + for (unsigned i = 0; i < dim_x; i++) { + _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( x, i ); + } + unsigned char _y[128]; + for (unsigned i = 0; i < dim_y; i++) { + _y[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( y, i ); + } + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); + for (unsigned i = 0; i < dim_y; i++) { + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = 0; j < dim_x; j++) { + gf256v_madd( tmp, mat, _x[j], size_batch ); + mat += size_batch; + } + gf256v_madd( z, tmp, _y[i], size_batch ); + } +} + diff --git a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h new file mode 100644 index 00000000..dedd7df0 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h @@ -0,0 +1,282 @@ +#ifndef _P_MATRIX_OP_H_ +#define _P_MATRIX_OP_H_ +/// @file parallel_matrix_op.h +/// @brief Librarys for operations of batched matrixes. +/// +/// + +//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// + + +/// +/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. +/// +/// @param[in] i_row - the i-th row in an upper-triangle matrix. +/// @param[in] j_col - the j-th column in an upper-triangle matrix. +/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. +/// @return the corresponding index in an array storage. +/// +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); + +/// +/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. +/// +/// @param[out] btriC - the batched upper-trianglized matrix C. +/// @param[in] bA - a batched retangle matrix A. +/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); + + + + +//////////////////// Section: matrix multiplications /////////////////////////////// + + + +/// +/// @brief bC += btriA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += btriA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += btriA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +/// +/// @brief bC += A^Tr * bB , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += A^Tr * bB , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. +/// @param[in] Aheight - the height of A. +/// @param[in] size_Acolvec - the size of a column vector in A. +/// @param[in] Awidth - the width of A. +/// @param[in] bB - a batched matrix B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, + const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + + +/// +/// @brief bC += bA^Tr * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA^Tr * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). +/// @param[in] Awidth_befor_tr - the width of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(16) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + +/// +/// @brief bC += bA * B , in GF(256) +/// +/// @param[out] bC - the batched matrix C. +/// @param[in] bA - a batched matrix A. +/// @param[in] Aheigh - the height of A. +/// @param[in] B - a column-major matrix B. +/// @param[in] Bheight - the height of B. +/// @param[in] size_Bcolvec - the size of the column vector in B. +/// @param[in] Bwidth - the width of B. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); + + + +//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// + + +/// +/// @brief y = x^Tr * trimat * x , in GF(16) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + +/// +/// @brief y = x^Tr * trimat * x , in GF(256) +/// +/// @param[out] y - the returned batched element y. +/// @param[in] trimat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim - the dimension of matrix trimat (and x). +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); + + +/// +/// @brief z = y^Tr * mat * x , in GF(16) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + +/// +/// @brief z = y^Tr * mat * x , in GF(256) +/// +/// @param[out] z - the returned batched element z. +/// @param[in] y - an input vector y. +/// @param[in] dim_y - the length of y. +/// @param[in] mat - a batched matrix. +/// @param[in] x - an input vector x. +/// @param[in] dim_x - the length of x. +/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); + + + + + + +#endif // _P_MATRIX_OP_H_ + diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow.c new file mode 100644 index 00000000..5020fe08 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow.c @@ -0,0 +1,175 @@ +/// @file rainbow.c +/// @brief The standard implementations for functions in rainbow.h +/// + +#include "blas.h" +#include "rainbow.h" +#include "rainbow_blas.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include +#include + + +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1>_O2)?_O1:_O2) +#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { + uint8_t mat_l1[_O1 * _O1_BYTE]; + uint8_t mat_l2[_O2 * _O2_BYTE]; + uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; + + // setup PRNG + prng_t prng_sign; + uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; + memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); + memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + uint8_t prng_seed[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + prng_preseed[i] ^= prng_preseed[i]; // clean + } + for (unsigned i = 0; i < _HASH_LEN; i++) { + prng_seed[i] ^= prng_seed[i]; // clean + } + + // roll vinegars. + uint8_t vinegar[_V1_BYTE]; + unsigned n_attempt = 0; + unsigned l1_succ = 0; + while ( !l1_succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars + gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 + l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable + n_attempt ++; + } + + // Given the vinegars, pre-compute variables needed for layer 2 + uint8_t r_l1_F1[_O1_BYTE] = {0}; + uint8_t r_l2_F1[_O2_BYTE] = {0}; + batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); + batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); + uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + uint8_t mat_l2_F2[_O1 * _O2_BYTE]; + gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); + gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + + // Some local variables. + uint8_t _z[_PUB_M_BYTE]; + uint8_t y[_PUB_M_BYTE]; + uint8_t *x_v1 = vinegar; + uint8_t x_o1[_O1_BYTE]; + uint8_t x_o2[_O1_BYTE]; + + uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, _digest, _HASH_LEN ); + uint8_t *salt = digest_salt + _HASH_LEN; + + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + unsigned succ = 0; + while ( !succ ) { + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + break; + } + // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + + // y = S^-1 * z + memcpy(y, _z, _PUB_M_BYTE); // identity part of S + gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); + gf256v_add(y, temp_o, _O1_BYTE); + + // Central Map: + // layer 1: calculate x_o1 + memcpy( temp_o, r_l1_F1, _O1_BYTE ); + gf256v_add( temp_o, y, _O1_BYTE ); + gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + + // layer 2: calculate x_o2 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); + gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 + batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 + gf256v_add( temp_o, mat_l2, _O2_BYTE ); + gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 + gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + + // generate the linear equations of the 2nd layer + gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 + gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); + gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + + n_attempt ++; + }; + // w = T^-1 * y + uint8_t w[_PUB_N_BYTE]; + // identity part of T. + memcpy( w, x_v1, _V1_BYTE ); + memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); + memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + // Computing the t1 part. + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t4 part. + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); + gf256v_add(w, y, _V1_BYTE ); + // Computing the t3 part. + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + + memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + // clean + memset( &prng_sign, 0, sizeof(prng_t) ); + memset( vinegar, 0, _V1_BYTE ); + memset( r_l1_F1, 0, _O1_BYTE ); + memset( r_l2_F1, 0, _O2_BYTE ); + memset( _z, 0, _PUB_M_BYTE ); + memset( y, 0, _PUB_M_BYTE ); + memset( x_o1, 0, _O1_BYTE ); + memset( x_o2, 0, _O2_BYTE ); + memset( temp_o, 0, sizeof(temp_o) ); + + // return: copy w and salt to the signature. + if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + return -1; + } + gf256v_add( signature, w, _PUB_N_BYTE ); + gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { + unsigned char digest_ck[_PUB_M_BYTE]; + // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. + batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + + unsigned char correct[_PUB_M_BYTE]; + unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; + memcpy( digest_salt, digest, _HASH_LEN ); + memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + + // check consistancy. + unsigned char cc = 0; + for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + cc |= (digest_ck[i] ^ correct[i]); + } + return (0 == cc) ? 0 : -1; +} + + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { + unsigned char pk[sizeof(pk_t) +32]; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +} diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow.h new file mode 100644 index 00000000..23346f45 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow.h @@ -0,0 +1,43 @@ +#ifndef _RAINBOW_H_ +#define _RAINBOW_H_ +/// @file rainbow.h +/// @brief APIs for rainbow. +/// + + +#include "rainbow_config.h" +#include "rainbow_keypair.h" + +#include + +/// +/// @brief Signing function for classical secret key. +/// +/// @param[out] signature - the signature. +/// @param[in] sk - the secret key. +/// @param[in] digest - the digest. +/// +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); + +/// +/// @brief Verifying function. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); + + +/// +/// @brief Verifying function for cyclic public keys. +/// +/// @param[in] digest - the digest. +/// @param[in] signature - the signature. +/// @param[in] pk - the public key of cyclic rainbow. +/// @return 0 for successful verified. -1 for failed verification. +/// +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); + +#endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h new file mode 100644 index 00000000..02c7bd8a --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h @@ -0,0 +1,34 @@ +#ifndef _RAINBOW_BLAS_H_ +#define _RAINBOW_BLAS_H_ +/// @file rainbow_blas.h +/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h +/// +/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h + + +#include "blas.h" +#include "parallel_matrix_op.h" +#include "rainbow_config.h" + + +#define gfv_get_ele PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd + +#define gfmat_prod PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv + +#define batch_trimat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256 + +#define batch_quad_trimat_eval PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256 + + + +#endif // _RAINBOW_BLAS_H_ + diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h new file mode 100644 index 00000000..20f1068f --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h @@ -0,0 +1,50 @@ +#ifndef _H_RAINBOW_CONFIG_H_ +#define _H_RAINBOW_CONFIG_H_ + +/// @file rainbow_config.h +/// @brief Defining the parameters of the Rainbow and the corresponding constants. +/// + +#define _GFSIZE 256 +#define _V1 92 +#define _O1 48 +#define _O2 48 +#define _HASH_LEN 64 + + + +#define _V2 ((_V1)+(_O1)) + +/// size of N, in # of gf elements. +#define _PUB_N (_V1+_O1+_O2) + +/// size of M, in # gf elements. +#define _PUB_M (_O1+_O2) + + +/// size of variables, in # bytes. + + +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + + + +/// length of seed for public key, in # bytes +#define LEN_PKSEED 32 + +/// length of seed for secret key, in # bytes +#define LEN_SKSEED 32 + +/// length of salt for a signature, in # bytes +#define _SALT_BYTE 16 + +/// length of a signature +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) + +#endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c new file mode 100644 index 00000000..ab63dfb8 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c @@ -0,0 +1,170 @@ +/// @file rainbow_keypair.c +/// @brief implementations of functions in rainbow_keypair.h +/// + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include "utils_prng.h" +#include +#include +#include + + +static +void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 + s_and_t += _O1_BYTE * _O2; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + s_and_t += _V1_BYTE * _O1; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + s_and_t += _V1_BYTE * _O2; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 +} + + +static +unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + n_byte_generated += _O1_BYTE * _V1 * _O1; + return n_byte_generated; +} + + +static +unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { + unsigned n_byte_generated = 0; + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + sk += _O2_BYTE * _V1 * _O1; + n_byte_generated += _O2_BYTE * _V1 * _O1; + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + n_byte_generated += _O2_BYTE * _O1 * _O2; + + return n_byte_generated; +} + + +static +void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { + sk += generate_l1_F12( sk, prng0 ); + generate_l2_F12356( sk, prng0 ); +} + +static +void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { + // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 + unsigned char temp[_V1_BYTE + 32]; + unsigned char *t4 = t2_to_t4; + for (unsigned i = 0; i < _O2; i++) { /// t3 width + gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); + gf256v_add( t4, temp, _V1_BYTE ); + t4 += _V1_BYTE; + t3 += _O1_BYTE; + } +} + +static +void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { + unsigned char temp[_O1_BYTE + 32]; + while ( n_terms-- ) { + gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); + gf256v_add( l1_polys, temp, _O1_BYTE ); + l1_polys += _O1_BYTE; + l2_polys += _O2_BYTE; + } +} + +/////////////////// Classic ////////////////////////////////// + + + +///////////////////// Cyclic ////////////////////////////////// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + + // prng for sk + prng_t prng; + prng_t *prng0 = &prng; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + + unsigned char t2[sizeof(sk->t4)]; + memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 + calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t *prng1 = &prng; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T + + + unsigned char t4[sizeof(sk->t4)]; + memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 + memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + + obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); + obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); + obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + + // clean + memset( &prng, 0, sizeof(prng_t) ); +} + + + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); +} diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h new file mode 100644 index 00000000..304c8bfe --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h @@ -0,0 +1,109 @@ +#ifndef _RAINBOW_KEYPAIR_H_ +#define _RAINBOW_KEYPAIR_H_ +/// @file rainbow_keypair.h +/// @brief Formats of key pairs and functions for generating key pairs. +/// Formats of key pairs and functions for generating key pairs. +/// + + + +#include "rainbow_config.h" + + +#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) + + +/// @brief public key for classic rainbow +/// +/// public key for classic rainbow +/// +typedef +struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +} pk_t; + + +/// @brief secret key for classic rainbow +/// +/// secret key for classic rainbow +/// +typedef +struct rainbow_secretkey { + /// + /// seed for generating secret key. + /// Generating S, T, and F for classic rainbow. + /// Generating S and T only for cyclic rainbow. + unsigned char sk_seed[LEN_SKSEED]; + + unsigned char s1[_O1_BYTE * _O2]; ///< part of S map + unsigned char t1[_V1_BYTE * _O1]; ///< part of T map + unsigned char t4[_V1_BYTE * _O2]; ///< part of T map + unsigned char t3[_O1_BYTE * _O2]; ///< part of T map + + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 +} sk_t; + + + + +/// @brief public key for cyclic rainbow +/// +/// public key for cyclic rainbow +/// +typedef +struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 + + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 +} cpk_t; + + + +/// @brief compressed secret key for cyclic rainbow +/// +/// compressed secret key for cyclic rainbow +/// +typedef +struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +} csk_t; + + + +/// +/// @brief Generate key pairs for cyclic rainbow. +/// +/// @param[out] pk - the public key. +/// @param[out] sk - the secret key. +/// @param[in] pk_seed - seed for generating parts of public key. +/// @param[in] sk_seed - seed for generating secret key. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); + + + +//////////////////////////////////// + +/// +/// @brief converting formats of public keys : from cyclic version to classic key +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the cyclic public key. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); + +#endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c new file mode 100644 index 00000000..86f5333f --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c @@ -0,0 +1,233 @@ +/// @file rainbow_keypair_computation.c +/// @brief Implementations for functions in rainbow_keypair_computation.h +/// + + +#include "blas.h" +#include "blas_comm.h" +#include "rainbow_blas.h" +#include "rainbow_keypair.h" +#include "rainbow_keypair_computation.h" +#include +#include +#include + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { + const unsigned char *idx_l1 = cpk->l1_Q1; + const unsigned char *idx_l2 = cpk->l2_Q1; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = i; j < _V1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q2; + idx_l2 = cpk->l2_Q2; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q3; + idx_l2 = cpk->l2_Q3; + for (unsigned i = 0; i < _V1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q5; + idx_l2 = cpk->l2_Q5; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = i; j < _V1 + _O1; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q6; + idx_l2 = cpk->l2_Q6; + for (unsigned i = _V1; i < _V1 + _O1; i++) { + for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } + idx_l1 = cpk->l1_Q9; + idx_l2 = cpk->l2_Q9; + for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned j = i; j < _PUB_N; j++) { + unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); + memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + idx_l1 += _O1_BYTE; + idx_l2 += _O2_BYTE; + } + } +} + + + + +static +void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + // Layer 1 + // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] + memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + + // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] + memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + + /* + Layer 2 + computations: + + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + + */ + memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + + + // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); + batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + + unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; + memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); + batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) + memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + + batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + + // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); + batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 + batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + + // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + // + Q_pk.l2_F2s[i].transpose() * t4 + // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); + batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); + +} + + +////////////////////////////////////////////////////////////////////////////////////////////////// + +static +void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +// Layer 1: Computing Q5, Q3, Q6, Q9 + +// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + const unsigned char *t2 = Ts->t4; + sk_t tempQ; + memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); + batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) + memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + + /* + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); + memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); + memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + + batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 + batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 + + memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 + + batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 + batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + /* + Layer 2 + Computing Q9: + + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ + sk_t tempQ2; + memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. + batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 + batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + + memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); + batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + + memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); + batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + + batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) + memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 +} + + + +/////////////////////////////////////////////////////////////////////// + + +// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ +#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref + + + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { + calculate_F_from_Q_impl( Fs, Qs, Ts ); +} + +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +} + diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h new file mode 100644 index 00000000..eccbc019 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h @@ -0,0 +1,79 @@ +#ifndef _RAINBOW_KEYPAIR_COMP_H_ +#define _RAINBOW_KEYPAIR_COMP_H_ +/// @file rainbow_keypair_computation.h +/// @brief Functions for calculating pk/sk while generating keys. +/// +/// Defining an internal structure of public key. +/// Functions for calculating pk/sk for key generation. +/// + + + +#include "rainbow_keypair.h" + +/// @brief The (internal use) public key for rainbow +/// +/// The (internal use) public key for rainbow. The public +/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, +/// l2_Q1, .... , l2_Q9. +/// +typedef +struct rainbow_extend_publickey { + unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; + + unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; + unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; + unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; + unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; + unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; +} ext_cpk_t; + + + +/// +/// @brief converting formats of public keys : from ext_cpk_t version to pk_t +/// +/// @param[out] pk - the classic public key. +/// @param[in] cpk - the internel public key. +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +///////////////////////////////////////////////// + +/// +/// @brief Computing public key from secret key +/// +/// @param[out] Qs - the public key +/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the secret key: T1, T4, T3 +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + + + + +/// +/// @brief Computing parts of the sk from parts of pk and sk +/// +/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); + +/// +/// @brief Computing parts of the pk from the secret key +/// +/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 +/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 +/// @param[in] Ts - parts of the sk: T1, T4, T3 +/// +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); + +#endif // _RAINBOW_KEYPAIR_COMP_H_ + diff --git a/crypto_sign/rainbowVc-cyclic/clean/sign.c b/crypto_sign/rainbowVc-cyclic/clean/sign.c new file mode 100644 index 00000000..a2c7bd3a --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/sign.c @@ -0,0 +1,94 @@ +/// @file sign.c +/// @brief the implementations for functions in api.h +/// +/// + +#include "api.h" +#include "rainbow.h" +#include "rainbow_config.h" +#include "rainbow_keypair.h" +#include "randombytes.h" +#include "utils_hash.h" +#include +#include + + + +int +PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { + unsigned char sk_seed[LEN_SKSEED] = {0}; + randombytes( sk_seed, LEN_SKSEED ); + + + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + + return 0; +} + + + + + +int +PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + + memcpy( sm, m, mlen ); + smlen[0] = mlen + _SIGNATURE_BYTE; + + + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + + + +} + + + + + + +int +PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { + //TODO: this should not copy out the message if verification fails + if ( _SIGNATURE_BYTE > smlen ) { + return -1; + } + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + mlen[0] = smlen - _SIGNATURE_BYTE; + + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); + + + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + + + +} + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_signature( + uint8_t *sig, size_t *siglen, + const uint8_t *m, size_t mlen, const uint8_t *sk) { + unsigned char digest[_HASH_LEN]; + + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + *siglen = _SIGNATURE_BYTE; + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); +} + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_verify( + const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, const uint8_t *pk) { + if (siglen != _SIGNATURE_BYTE) { + return -1; + } + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + +} diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_hash.c b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.c new file mode 100644 index 00000000..e99d82e6 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.c @@ -0,0 +1,55 @@ +/// @file utils_hash.c +/// @brief the adapter for SHA2 families. +/// +/// + +#include "rainbow_config.h" +#include "sha2.h" +#include "utils_hash.h" + +static inline +int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { + sha512(digest, m, mlen); + return 0; +} + +static inline +int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if ( _HASH_LEN >= n_digest ) { + for (size_t i = 0; i < n_digest; i++) { + digest[i] = hash[i]; + } + return 0; + } + for (size_t i = 0; i < _HASH_LEN; i++) { + digest[i] = hash[i]; + } + n_digest -= _HASH_LEN; + + + while (_HASH_LEN <= n_digest ) { + _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + + n_digest -= _HASH_LEN; + digest += _HASH_LEN; + } + unsigned char temp[_HASH_LEN]; + if ( n_digest ) { + _hash( temp, digest, _HASH_LEN ); + for (size_t i = 0; i < n_digest; i++) { + digest[_HASH_LEN + i] = temp[i]; + } + } + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(unsigned char *digest, + size_t len_digest, + const unsigned char *m, + size_t mlen) { + unsigned char buf[_HASH_LEN]; + _hash(buf, m, mlen); + return expand_hash(digest, len_digest, buf); +} + + diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_hash.h b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.h new file mode 100644 index 00000000..0653740a --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.h @@ -0,0 +1,14 @@ +#ifndef _UTILS_HASH_H_ +#define _UTILS_HASH_H_ +/// @file utils_hash.h +/// @brief the interface for adapting hash functions. +/// + +#include + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); + + + +#endif // _UTILS_HASH_H_ + diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c new file mode 100644 index 00000000..d53d6e05 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c @@ -0,0 +1,96 @@ +/// @file utils_prng.c +/// @brief The implementation of PRNG related functions. +/// + +#include "aes.h" +#include "randombytes.h" +#include "utils_hash.h" +#include "utils_prng.h" +#include +#include + +static void prng_update(const unsigned char *provided_data, + unsigned char *Key, + unsigned char *V) { + unsigned char temp[48]; + aes256ctx ctx; + aes256_keyexp(&ctx, Key); + for (int i = 0; i < 3; i++) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( V[j] == 0xff) { + V[j] = 0x00; + } else { + V[j]++; + break; + } + } + aes256_ecb(temp + 16 * i, V, 1, &ctx); + } + if ( provided_data != NULL ) { + for (int i = 0; i < 48; i++) { + temp[i] ^= provided_data[i]; + } + } + memcpy(Key, temp, 32); + memcpy(V, temp + 32, 16); +} +static void randombytes_init_with_state(prng_t *state, + unsigned char *entropy_input_48bytes ) { + memset(state->Key, 0x00, 32); + memset(state->V, 0x00, 16); + prng_update(entropy_input_48bytes, state->Key, state->V); +} + +static int randombytes_with_state(prng_t *state, + unsigned char *x, + size_t xlen) { + + unsigned char block[16]; + int i = 0; + + aes256ctx ctx; + aes256_keyexp(&ctx, state->Key); + + + while ( xlen > 0 ) { + //increment V + for (int j = 15; j >= 0; j--) { + if ( state->V[j] == 0xff ) { + state->V[j] = 0x00; + } else { + state->V[j]++; + break; + } + } + aes256_ecb(block, state->V, 1, &ctx); + if ( xlen > 15 ) { + memcpy(x + i, block, 16); + i += 16; + xlen -= 16; + } else { + memcpy(x + i, block, xlen); + xlen = 0; + } + } + prng_update(NULL, state->Key, state->V); + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { + unsigned char seed[48]; + if ( prng_seedlen >= 48 ) { + memcpy( seed, prng_seed, 48 ); + } else { + memcpy( seed, prng_seed, prng_seedlen ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + } + + randombytes_init_with_state( ctx, seed ); + + return 0; +} + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { + return randombytes_with_state( ctx, out, outlen); +} diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.h b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.h new file mode 100644 index 00000000..18987e11 --- /dev/null +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.h @@ -0,0 +1,22 @@ +#ifndef _UTILS_PRNG_H_ +#define _UTILS_PRNG_H_ +/// @file utils_prng.h +/// @brief the interface for adapting PRNG functions. +/// +/// + + +#include "randombytes.h" + +typedef struct { + unsigned char Key[32]; + unsigned char V[16]; +} prng_t; + +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); + + +#endif // _UTILS_PRNG_H_ + + From 143c34d930c658f0f2f59bf68bfb0e41ff62878f Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Mon, 24 Jun 2019 10:06:03 +0200 Subject: [PATCH 14/19] remove unused function --- crypto_sign/rainbowIIIc-classic/clean/gf.c | 7 ------- .../rainbowIIIc-cyclic-compressed/clean/gf.c | 7 ------- crypto_sign/rainbowIIIc-cyclic/clean/gf.c | 7 ------- crypto_sign/rainbowIa-classic/clean/gf.c | 16 +++++++++------- .../rainbowIa-cyclic-compressed/clean/gf.c | 16 +++++++++------- crypto_sign/rainbowIa-cyclic/clean/gf.c | 16 +++++++++------- crypto_sign/rainbowVc-classic/clean/gf.c | 7 ------- .../rainbowVc-cyclic-compressed/clean/gf.c | 7 ------- crypto_sign/rainbowVc-cyclic/clean/gf.c | 7 ------- 9 files changed, 27 insertions(+), 63 deletions(-) diff --git a/crypto_sign/rainbowIIIc-classic/clean/gf.c b/crypto_sign/rainbowIIIc-classic/clean/gf.c index 3b034f5d..47ceaa97 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/gf.c +++ b/crypto_sign/rainbowIIIc-classic/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c index 91fb0a75..f9ffae4b 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uin return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c index c3c3a595..7c686b9c 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index 24c9cc7f..cbd5950a 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} @@ -118,8 +111,17 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); } +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { uint8_t r256 = gf256v_reduce_u32(a); return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } + diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c index b1f15e0c..d6566523 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8 return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} @@ -118,8 +111,17 @@ uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(uint32_t a, u return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); } +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_reduce_u32(uint32_t a) { uint8_t r256 = gf256v_reduce_u32(a); return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } + diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index 9ce30191..0fa8ec8a 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} @@ -118,8 +111,17 @@ uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b) return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); } +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} + uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a) { uint8_t r256 = gf256v_reduce_u32(a); return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } + diff --git a/crypto_sign/rainbowVc-classic/clean/gf.c b/crypto_sign/rainbowVc-classic/clean/gf.c index 2af61837..77683b0a 100644 --- a/crypto_sign/rainbowVc-classic/clean/gf.c +++ b/crypto_sign/rainbowVc-classic/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c index c61b7bd8..a650eacf 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8 return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; diff --git a/crypto_sign/rainbowVc-cyclic/clean/gf.c b/crypto_sign/rainbowVc-cyclic/clean/gf.c index 8fb20255..2ad46a98 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/gf.c +++ b/crypto_sign/rainbowVc-cyclic/clean/gf.c @@ -60,13 +60,6 @@ uint32_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; From c90f95cf6600fc4402bfb280125f304d0885b9c1 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Mon, 24 Jun 2019 11:23:35 +0200 Subject: [PATCH 15/19] Turn 'principal-submitters' into a list in rainbow --- crypto_sign/rainbowIIIc-classic/META.yml | 3 ++- crypto_sign/rainbowIIIc-cyclic-compressed/META.yml | 3 ++- crypto_sign/rainbowIIIc-cyclic/META.yml | 3 ++- crypto_sign/rainbowIa-classic/META.yml | 3 ++- crypto_sign/rainbowIa-cyclic-compressed/META.yml | 3 ++- crypto_sign/rainbowIa-cyclic/META.yml | 3 ++- crypto_sign/rainbowVc-classic/META.yml | 3 ++- crypto_sign/rainbowVc-cyclic-compressed/META.yml | 3 ++- crypto_sign/rainbowVc-cyclic/META.yml | 3 ++- 9 files changed, 18 insertions(+), 9 deletions(-) diff --git a/crypto_sign/rainbowIIIc-classic/META.yml b/crypto_sign/rainbowIIIc-classic/META.yml index 969d65ca..28184eb1 100644 --- a/crypto_sign/rainbowIIIc-classic/META.yml +++ b/crypto_sign/rainbowIIIc-classic/META.yml @@ -6,7 +6,8 @@ length-secret-key: 511448 length-signature: 156 nistkat-sha256: 199cf313d96a4fbb481c50e568ac0222ec955b3e20551d0fadbb6c5e97bd1ada testvectors-sha256: e738081bcc34228184645dd79237daabc89b7ed22172637b6c10f51dd1e417d9 -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/META.yml b/crypto_sign/rainbowIIIc-cyclic-compressed/META.yml index 17e9e934..67b361df 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/META.yml +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/META.yml @@ -6,7 +6,8 @@ length-secret-key: 64 length-signature: 156 nistkat-sha256: 1ad6d22a9e98c3e05a6aceb5b892dd75908924733aadfe074b6556e1dbd881c0 testvectors-sha256: 40df2d3b2eb52aada14469c95e6890c486eaf22dcfca9604bbf528a0b7b75070 -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowIIIc-cyclic/META.yml b/crypto_sign/rainbowIIIc-cyclic/META.yml index da707392..5956088f 100644 --- a/crypto_sign/rainbowIIIc-cyclic/META.yml +++ b/crypto_sign/rainbowIIIc-cyclic/META.yml @@ -6,7 +6,8 @@ length-secret-key: 511448 length-signature: 156 nistkat-sha256: 607fa94312778210c443431974087ce99357494ab16c8ad5a8418784b811223d testvectors-sha256: 51559c38aefe636abd36094741be3b5f65de9e09cf9a5d37866b2e8d0eb58d22 -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowIa-classic/META.yml b/crypto_sign/rainbowIa-classic/META.yml index f6f5c5b2..5ddca83a 100644 --- a/crypto_sign/rainbowIa-classic/META.yml +++ b/crypto_sign/rainbowIa-classic/META.yml @@ -6,7 +6,8 @@ length-secret-key: 92960 length-signature: 64 nistkat-sha256: b75c6fcda2100e2f6f56e9b97c4cbdda4b533116ab217f24f12e08788eb37fd0 testvectors-sha256: edc48db3f93a66c0aa497fbbdba0bad173e3ab9cd0e3f651004b3e94d2187b75 -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowIa-cyclic-compressed/META.yml b/crypto_sign/rainbowIa-cyclic-compressed/META.yml index 895c2965..ddf7caea 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/META.yml +++ b/crypto_sign/rainbowIa-cyclic-compressed/META.yml @@ -6,7 +6,8 @@ length-secret-key: 64 length-signature: 64 nistkat-sha256: 65bb9e9b68b3114105e86d1107ede320901e174770ff8474722b4f459c3f2a51 testvectors-sha256: 79d0bfaee00d058aa39981397016279738925f65bfec1aebb42372030abc4056 -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowIa-cyclic/META.yml b/crypto_sign/rainbowIa-cyclic/META.yml index 5955b846..69270392 100644 --- a/crypto_sign/rainbowIa-cyclic/META.yml +++ b/crypto_sign/rainbowIa-cyclic/META.yml @@ -6,7 +6,8 @@ length-secret-key: 92960 length-signature: 64 nistkat-sha256: 16f53bf0966b433451ae26e47f09f2dc8ea42db6a5c58fff1a2e7954f94dac0a testvectors-sha256: b7341bd862a8f683339e03cf236b885804854d9e0479cb53955761864ecc18bf -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowVc-classic/META.yml b/crypto_sign/rainbowVc-classic/META.yml index 666b9b16..0d6c769f 100644 --- a/crypto_sign/rainbowVc-classic/META.yml +++ b/crypto_sign/rainbowVc-classic/META.yml @@ -6,7 +6,8 @@ length-secret-key: 1227104 length-signature: 204 nistkat-sha256: e9d065cbdd5736f4ad2bf5c910fcdf163c3e93828a2e59cd4d1dbebb8c1de202 testvectors-sha256: 729d88ca4b5a64508c15c86f986ab81489275ee84d371b5ec0792f89b9ca5ac3 -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowVc-cyclic-compressed/META.yml b/crypto_sign/rainbowVc-cyclic-compressed/META.yml index 606d989d..0d5f2908 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/META.yml +++ b/crypto_sign/rainbowVc-cyclic-compressed/META.yml @@ -6,7 +6,8 @@ length-secret-key: 64 length-signature: 204 nistkat-sha256: 7bc9f57b718843d525d893fc361d97417de0b06e954f2687f808bebaaf2c762c testvectors-sha256: acd054aed76af99bf0b31438226bdcca8ac34efde180cf80732c30bc00a63a9c -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt diff --git a/crypto_sign/rainbowVc-cyclic/META.yml b/crypto_sign/rainbowVc-cyclic/META.yml index 6d8d7a44..d91962b6 100644 --- a/crypto_sign/rainbowVc-cyclic/META.yml +++ b/crypto_sign/rainbowVc-cyclic/META.yml @@ -6,7 +6,8 @@ length-secret-key: 1227104 length-signature: 204 nistkat-sha256: f33608a7f2db6ea71394f38a9e1ee06b96330759ccd4fc1719ac2286dac43650 testvectors-sha256: d760ae98b24bdc3f8d22e8324ba73e0dd759a99a58b9e8860a168182de02b669 -principal-submitter: Jintai Ding +principal-submitters: + - Jintai Ding auxiliary-submitters: - Ming-Shing Chen - Albrecht Petzoldt From 5788e00a1cef5abee5c241644f34b6c555688775 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Tue, 25 Jun 2019 12:42:49 +0200 Subject: [PATCH 16/19] resolve remaining todos --- .../clean/rainbow_keypair_computation.c | 6 --- crypto_sign/rainbowIIIc-classic/clean/sign.c | 45 +++++++------------ .../clean/rainbow_keypair_computation.c | 16 ------- .../clean/sign.c | 45 +++++++------------ .../clean/rainbow_keypair_computation.c | 16 ------- crypto_sign/rainbowIIIc-cyclic/clean/sign.c | 45 +++++++------------ .../rainbowIa-classic/clean/blas_comm.c | 4 +- .../clean/rainbow_keypair_computation.c | 6 --- crypto_sign/rainbowIa-classic/clean/sign.c | 45 +++++++------------ .../clean/blas_comm.c | 4 +- .../clean/rainbow_keypair_computation.c | 16 ------- .../rainbowIa-cyclic-compressed/clean/sign.c | 45 +++++++------------ .../rainbowIa-cyclic/clean/blas_comm.c | 4 +- .../clean/rainbow_keypair_computation.c | 16 ------- crypto_sign/rainbowIa-cyclic/clean/sign.c | 45 +++++++------------ .../clean/rainbow_keypair_computation.c | 6 --- crypto_sign/rainbowVc-classic/clean/sign.c | 45 +++++++------------ .../clean/rainbow_keypair_computation.c | 16 ------- .../rainbowVc-cyclic-compressed/clean/sign.c | 45 +++++++------------ .../clean/rainbow_keypair_computation.c | 16 ------- crypto_sign/rainbowVc-cyclic/clean/sign.c | 45 +++++++------------ 21 files changed, 141 insertions(+), 390 deletions(-) diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c index b837b994..2e0ecaa6 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -187,11 +185,7 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } -// TODO: these defines are not really required for a clean implementation - just implement directly #define calculate_Q_from_F_impl calculate_Q_from_F_ref void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_impl( Qs, Fs, Ts ); } - - - diff --git a/crypto_sign/rainbowIIIc-classic/clean/sign.c b/crypto_sign/rainbowIIIc-classic/clean/sign.c index 72586750..05281ca5 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/sign.c +++ b/crypto_sign/rainbowIIIc-classic/clean/sign.c @@ -12,23 +12,15 @@ #include #include - - int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -38,35 +30,29 @@ PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, c memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_signature( @@ -88,5 +74,4 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c index 6aa3f0c5..dfc5f31d 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, con void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c index f85515b8..8aa74a38 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c index bb32b60e..50fa1be4 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Q void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c index 8730d410..b15c0fc9 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, co memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index d66ccb33..a0014a99 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -100,7 +100,7 @@ unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); for (unsigned i = 0; i < n; i++) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } @@ -128,7 +128,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 752a42ee..421b406c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -187,11 +185,7 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } -// TODO: these defines are not really required for a clean implementation - just implement directly #define calculate_Q_from_F_impl calculate_Q_from_F_ref void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_impl( Qs, Fs, Ts ); } - - - diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index 413c1466..193c9079 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -12,23 +12,15 @@ #include #include - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -38,35 +30,29 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( @@ -88,5 +74,4 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c index 9a4ae8a8..995df9c9 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -100,7 +100,7 @@ unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); for (unsigned i = 0; i < n; i++) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } @@ -128,7 +128,7 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, con gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c index 1f71ea72..cbc980a6 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c index 6ef18fff..4d30082d 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *s memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index 7d2d1156..c720582d 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -100,7 +100,7 @@ unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); /// XXX: this function is ``defined'' in blas.h + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); for (unsigned i = 0; i < n; i++) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } @@ -128,7 +128,7 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); /// XXX: would 2*H fail if H is odd ??? + unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c index 5869d9b7..44af1c99 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowIa-cyclic/clean/sign.c b/crypto_sign/rainbowIa-cyclic/clean/sign.c index 065c9bad..a4390e7d 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, cons memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c index 78e632a5..297ddc52 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -187,11 +185,7 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } -// TODO: these defines are not really required for a clean implementation - just implement directly #define calculate_Q_from_F_impl calculate_Q_from_F_ref void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_impl( Qs, Fs, Ts ); } - - - diff --git a/crypto_sign/rainbowVc-classic/clean/sign.c b/crypto_sign/rainbowVc-classic/clean/sign.c index c0e87b4d..bf2b089b 100644 --- a/crypto_sign/rainbowVc-classic/clean/sign.c +++ b/crypto_sign/rainbowVc-classic/clean/sign.c @@ -12,23 +12,15 @@ #include #include - - int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -38,35 +30,29 @@ PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_signature( @@ -88,5 +74,4 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c index 7762e3f5..e9d1f73c 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c index 41c9baeb..c9b5f650 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *s memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c index 86f5333f..b2136209 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c @@ -2,7 +2,6 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// - #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" @@ -12,7 +11,6 @@ #include #include - void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +80,6 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } - - - static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { // Layer 1 @@ -147,9 +142,6 @@ void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { } - -////////////////////////////////////////////////////////////////////////////////////////////////// - static void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { // Layer 1: Computing Q5, Q3, Q6, Q9 @@ -212,17 +204,10 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 } - - -/////////////////////////////////////////////////////////////////////// - - // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -230,4 +215,3 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - diff --git a/crypto_sign/rainbowVc-cyclic/clean/sign.c b/crypto_sign/rainbowVc-cyclic/clean/sign.c index a2c7bd3a..df155aa6 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/sign.c +++ b/crypto_sign/rainbowVc-cyclic/clean/sign.c @@ -12,25 +12,17 @@ #include #include - - int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - return 0; } - - - - int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; @@ -40,35 +32,29 @@ PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, cons memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - - } - - - - - int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - //TODO: this should not copy out the message if verification fails + int rc; if ( _SIGNATURE_BYTE > smlen ) { - return -1; - } - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); - mlen[0] = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - - - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - + rc = -1; + } else { + *mlen = smlen - _SIGNATURE_BYTE; + unsigned char digest[_HASH_LEN]; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); + rc = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); + } + if (!rc) { + memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + } else { // bad signature + *mlen = (size_t) -1; + memset(m, 0, smlen); + } + return rc; } int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_signature( @@ -90,5 +76,4 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_verify( unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - } From fcbf6d98f230fc624e2b461942d73605cf261025 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Tue, 25 Jun 2019 13:15:40 +0200 Subject: [PATCH 17/19] add duplicate consistency checks --- .../rainbowIIIc-classic_clean.yml | 73 +++++++++++++ .../rainbowIa-classic_clean.yml | 101 ++++++++++++++++++ .../rainbowIa-cyclic-compressed_clean.yml | 21 ++++ .../rainbowIa-cyclic_clean.yml | 21 ++++ .../rainbowVc-classic_clean.yml | 11 ++ 5 files changed, 227 insertions(+) create mode 100644 test/duplicate_consistency/rainbowIIIc-classic_clean.yml create mode 100644 test/duplicate_consistency/rainbowIa-classic_clean.yml create mode 100644 test/duplicate_consistency/rainbowIa-cyclic-compressed_clean.yml create mode 100644 test/duplicate_consistency/rainbowIa-cyclic_clean.yml create mode 100644 test/duplicate_consistency/rainbowVc-classic_clean.yml diff --git a/test/duplicate_consistency/rainbowIIIc-classic_clean.yml b/test/duplicate_consistency/rainbowIIIc-classic_clean.yml new file mode 100644 index 00000000..17761fcb --- /dev/null +++ b/test/duplicate_consistency/rainbowIIIc-classic_clean.yml @@ -0,0 +1,73 @@ +consistency_checks: +- source: + scheme: rainbowIIIc-cyclic + implementation: clean + files: + - blas_comm.c + - blas_comm.h + - blas.h + - blas_u32.c + - blas_u32.h + - gf.c + - gf.h + - parallel_matrix_op.c + - parallel_matrix_op.h + - rainbow_blas.h + - utils_hash.c +- source: + scheme: rainbowIIIc-cyclic-compressed + implementation: clean + files: + - blas_comm.c + - blas_comm.h + - blas.h + - blas_u32.c + - blas_u32.h + - gf.c + - gf.h + - parallel_matrix_op.c + - parallel_matrix_op.h + - rainbow_blas.h + - utils_hash.c +- source: + scheme: rainbowVc-classic + implementation: clean + files: + - blas_comm.c + - blas_comm.h + - blas.h + - blas_u32.c + - blas_u32.h + - gf.c + - gf.h + - parallel_matrix_op.c + - parallel_matrix_op.h + - rainbow_blas.h +- source: + scheme: rainbowVc-cyclic + implementation: clean + files: + - blas_comm.c + - blas_comm.h + - blas.h + - blas_u32.c + - blas_u32.h + - gf.c + - gf.h + - parallel_matrix_op.c + - parallel_matrix_op.h + - rainbow_blas.h +- source: + scheme: rainbowVc-cyclic-compressed + implementation: clean + files: + - blas_comm.c + - blas_comm.h + - blas.h + - blas_u32.c + - blas_u32.h + - gf.c + - gf.h + - parallel_matrix_op.c + - parallel_matrix_op.h + - rainbow_blas.h diff --git a/test/duplicate_consistency/rainbowIa-classic_clean.yml b/test/duplicate_consistency/rainbowIa-classic_clean.yml new file mode 100644 index 00000000..6ef12c29 --- /dev/null +++ b/test/duplicate_consistency/rainbowIa-classic_clean.yml @@ -0,0 +1,101 @@ +consistency_checks: +- source: + scheme: rainbowIa-cyclic + implementation: clean + files: + - blas_comm.c + - blas_comm.h + - blas.h + - blas_u32.c + - blas_u32.h + - gf.c + - gf.h + - parallel_matrix_op.c + - parallel_matrix_op.h + - rainbow_blas.h + - rainbow_config.h + - utils_hash.c + - utils_hash.h + - utils_prng.c + - utils_prng.h +- source: + scheme: rainbowIa-cyclic-compressed + implementation: clean + files: + - blas_comm.c + - blas_comm.h + - blas.h + - blas_u32.c + - blas_u32.h + - gf.c + - gf.h + - parallel_matrix_op.c + - parallel_matrix_op.h + - rainbow_blas.h + - rainbow_config.h + - utils_hash.c + - utils_hash.h + - utils_prng.c + - utils_prng.h +- source: + scheme: rainbowIIIc-classic + implementation: clean + files: + - parallel_matrix_op.h + - rainbow.c + - rainbow.h + - rainbow_keypair.c + - rainbow_keypair_computation.c + - rainbow_keypair_computation.h + - rainbow_keypair.h + - sign.c + - utils_hash.h + - utils_prng.c + - utils_prng.h +- source: + scheme: rainbowIIIc-cyclic + implementation: clean + files: + - parallel_matrix_op.h + - utils_hash.h + - utils_prng.c + - utils_prng.h +- source: + scheme: rainbowIIIc-cyclic-compressed + implementation: clean + files: + - parallel_matrix_op.h + - utils_hash.h + - utils_prng.c + - utils_prng.h +- source: + scheme: rainbowVc-classic + implementation: clean + files: + - parallel_matrix_op.h + - rainbow.c + - rainbow.h + - rainbow_keypair.c + - rainbow_keypair_computation.c + - rainbow_keypair_computation.h + - rainbow_keypair.h + - sign.c + - utils_hash.h + - utils_prng.c + - utils_prng.h +- source: + scheme: rainbowVc-cyclic + implementation: clean + files: + - parallel_matrix_op.h + - utils_hash.h + - utils_prng.c + - utils_prng.h +- source: + scheme: rainbowVc-cyclic-compressed + implementation: clean + files: + - parallel_matrix_op.h + - utils_hash.h + - utils_prng.c + - utils_prng.h diff --git a/test/duplicate_consistency/rainbowIa-cyclic-compressed_clean.yml b/test/duplicate_consistency/rainbowIa-cyclic-compressed_clean.yml new file mode 100644 index 00000000..b4a89d49 --- /dev/null +++ b/test/duplicate_consistency/rainbowIa-cyclic-compressed_clean.yml @@ -0,0 +1,21 @@ +consistency_checks: +- source: + scheme: rainbowIIIc-cyclic-compressed + implementation: clean + files: + - rainbow.c + - rainbow.h + - rainbow_keypair.c + - rainbow_keypair_computation.c + - rainbow_keypair_computation.h + - rainbow_keypair.h +- source: + scheme: rainbowVc-cyclic-compressed + implementation: clean + files: + - rainbow.c + - rainbow.h + - rainbow_keypair.c + - rainbow_keypair_computation.c + - rainbow_keypair_computation.h + - rainbow_keypair.h diff --git a/test/duplicate_consistency/rainbowIa-cyclic_clean.yml b/test/duplicate_consistency/rainbowIa-cyclic_clean.yml new file mode 100644 index 00000000..662b32dd --- /dev/null +++ b/test/duplicate_consistency/rainbowIa-cyclic_clean.yml @@ -0,0 +1,21 @@ +consistency_checks: +- source: + scheme: rainbowIIIc-cyclic + implementation: clean + files: + - rainbow.c + - rainbow.h + - rainbow_keypair.c + - rainbow_keypair_computation.c + - rainbow_keypair_computation.h + - rainbow_keypair.h +- source: + scheme: rainbowVc-cyclic + implementation: clean + files: + - rainbow.c + - rainbow.h + - rainbow_keypair.c + - rainbow_keypair_computation.c + - rainbow_keypair_computation.h + - rainbow_keypair.h diff --git a/test/duplicate_consistency/rainbowVc-classic_clean.yml b/test/duplicate_consistency/rainbowVc-classic_clean.yml new file mode 100644 index 00000000..bec4bc2a --- /dev/null +++ b/test/duplicate_consistency/rainbowVc-classic_clean.yml @@ -0,0 +1,11 @@ +consistency_checks: +- source: + scheme: rainbowVc-cyclic + implementation: clean + files: + - utils_hash.c +- source: + scheme: rainbowVc-cyclic-compressed + implementation: clean + files: + - utils_hash.c From 2bf9d8b3e93576f3e2435c01cc141a1ed098cdf7 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 24 Jul 2019 10:15:48 +0200 Subject: [PATCH 18/19] ran clang-format --- crypto_sign/rainbowIIIc-classic/clean/blas.h | 1 - .../rainbowIIIc-classic/clean/blas_comm.c | 59 +++-- .../rainbowIIIc-classic/clean/blas_comm.h | 8 +- .../rainbowIIIc-classic/clean/blas_u32.c | 19 +- .../rainbowIIIc-classic/clean/blas_u32.h | 1 - crypto_sign/rainbowIIIc-classic/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- .../rainbowIIIc-classic/clean/rainbow.c | 141 ++++++------ .../rainbowIIIc-classic/clean/rainbow.h | 5 +- .../rainbowIIIc-classic/clean/rainbow_blas.h | 27 ++- .../clean/rainbow_config.h | 16 +- .../clean/rainbow_keypair.c | 97 ++++----- .../clean/rainbow_keypair.h | 35 ++- .../clean/rainbow_keypair_computation.c | 194 +++++++++-------- .../clean/rainbow_keypair_computation.h | 15 +- crypto_sign/rainbowIIIc-classic/clean/sign.c | 31 ++- .../rainbowIIIc-classic/clean/utils_hash.c | 21 +- .../rainbowIIIc-classic/clean/utils_hash.h | 5 +- .../rainbowIIIc-classic/clean/utils_prng.c | 33 ++- .../rainbowIIIc-classic/clean/utils_prng.h | 8 +- .../clean/blas.h | 1 - .../clean/blas_comm.c | 59 +++-- .../clean/blas_comm.h | 8 +- .../clean/blas_u32.c | 19 +- .../clean/blas_u32.h | 1 - .../rainbowIIIc-cyclic-compressed/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- .../clean/rainbow.c | 155 +++++++------ .../clean/rainbow.h | 9 +- .../clean/rainbow_blas.h | 27 ++- .../clean/rainbow_config.h | 16 +- .../clean/rainbow_keypair.c | 149 ++++++------- .../clean/rainbow_keypair.h | 65 +++--- .../clean/rainbow_keypair_computation.c | 204 +++++++++--------- .../clean/rainbow_keypair_computation.h | 20 +- .../clean/sign.c | 33 ++- .../clean/utils_hash.c | 21 +- .../clean/utils_hash.h | 5 +- .../clean/utils_prng.c | 33 ++- .../clean/utils_prng.h | 8 +- crypto_sign/rainbowIIIc-cyclic/clean/blas.h | 1 - .../rainbowIIIc-cyclic/clean/blas_comm.c | 59 +++-- .../rainbowIIIc-cyclic/clean/blas_comm.h | 8 +- .../rainbowIIIc-cyclic/clean/blas_u32.c | 19 +- .../rainbowIIIc-cyclic/clean/blas_u32.h | 1 - crypto_sign/rainbowIIIc-cyclic/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- .../rainbowIIIc-cyclic/clean/rainbow.c | 149 +++++++------ .../rainbowIIIc-cyclic/clean/rainbow.h | 7 +- .../rainbowIIIc-cyclic/clean/rainbow_blas.h | 27 ++- .../rainbowIIIc-cyclic/clean/rainbow_config.h | 16 +- .../clean/rainbow_keypair.c | 119 +++++----- .../clean/rainbow_keypair.h | 61 ++---- .../clean/rainbow_keypair_computation.c | 204 +++++++++--------- .../clean/rainbow_keypair_computation.h | 20 +- crypto_sign/rainbowIIIc-cyclic/clean/sign.c | 33 ++- .../rainbowIIIc-cyclic/clean/utils_hash.c | 21 +- .../rainbowIIIc-cyclic/clean/utils_hash.h | 5 +- .../rainbowIIIc-cyclic/clean/utils_prng.c | 33 ++- .../rainbowIIIc-cyclic/clean/utils_prng.h | 8 +- crypto_sign/rainbowIa-classic/clean/blas.h | 1 - .../rainbowIa-classic/clean/blas_comm.c | 38 ++-- .../rainbowIa-classic/clean/blas_comm.h | 4 +- .../rainbowIa-classic/clean/blas_u32.c | 21 +- .../rainbowIa-classic/clean/blas_u32.h | 1 - crypto_sign/rainbowIa-classic/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- crypto_sign/rainbowIa-classic/clean/rainbow.c | 141 ++++++------ crypto_sign/rainbowIa-classic/clean/rainbow.h | 5 +- .../rainbowIa-classic/clean/rainbow_blas.h | 27 ++- .../rainbowIa-classic/clean/rainbow_config.h | 24 +-- .../rainbowIa-classic/clean/rainbow_keypair.c | 97 ++++----- .../rainbowIa-classic/clean/rainbow_keypair.h | 35 ++- .../clean/rainbow_keypair_computation.c | 194 +++++++++-------- .../clean/rainbow_keypair_computation.h | 15 +- crypto_sign/rainbowIa-classic/clean/sign.c | 31 ++- .../rainbowIa-classic/clean/utils_hash.c | 21 +- .../rainbowIa-classic/clean/utils_hash.h | 5 +- .../rainbowIa-classic/clean/utils_prng.c | 33 ++- .../rainbowIa-classic/clean/utils_prng.h | 8 +- .../rainbowIa-cyclic-compressed/clean/blas.h | 1 - .../clean/blas_comm.c | 38 ++-- .../clean/blas_comm.h | 4 +- .../clean/blas_u32.c | 21 +- .../clean/blas_u32.h | 1 - .../rainbowIa-cyclic-compressed/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- .../clean/rainbow.c | 155 +++++++------ .../clean/rainbow.h | 9 +- .../clean/rainbow_blas.h | 27 ++- .../clean/rainbow_config.h | 24 +-- .../clean/rainbow_keypair.c | 149 ++++++------- .../clean/rainbow_keypair.h | 65 +++--- .../clean/rainbow_keypair_computation.c | 204 +++++++++--------- .../clean/rainbow_keypair_computation.h | 20 +- .../rainbowIa-cyclic-compressed/clean/sign.c | 33 ++- .../clean/utils_hash.c | 21 +- .../clean/utils_hash.h | 5 +- .../clean/utils_prng.c | 33 ++- .../clean/utils_prng.h | 8 +- crypto_sign/rainbowIa-cyclic/clean/blas.h | 1 - .../rainbowIa-cyclic/clean/blas_comm.c | 38 ++-- .../rainbowIa-cyclic/clean/blas_comm.h | 4 +- crypto_sign/rainbowIa-cyclic/clean/blas_u32.c | 21 +- crypto_sign/rainbowIa-cyclic/clean/blas_u32.h | 1 - crypto_sign/rainbowIa-cyclic/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- crypto_sign/rainbowIa-cyclic/clean/rainbow.c | 149 +++++++------ crypto_sign/rainbowIa-cyclic/clean/rainbow.h | 7 +- .../rainbowIa-cyclic/clean/rainbow_blas.h | 27 ++- .../rainbowIa-cyclic/clean/rainbow_config.h | 24 +-- .../rainbowIa-cyclic/clean/rainbow_keypair.c | 119 +++++----- .../rainbowIa-cyclic/clean/rainbow_keypair.h | 61 ++---- .../clean/rainbow_keypair_computation.c | 204 +++++++++--------- .../clean/rainbow_keypair_computation.h | 20 +- crypto_sign/rainbowIa-cyclic/clean/sign.c | 33 ++- .../rainbowIa-cyclic/clean/utils_hash.c | 21 +- .../rainbowIa-cyclic/clean/utils_hash.h | 5 +- .../rainbowIa-cyclic/clean/utils_prng.c | 33 ++- .../rainbowIa-cyclic/clean/utils_prng.h | 8 +- crypto_sign/rainbowVc-classic/clean/blas.h | 1 - .../rainbowVc-classic/clean/blas_comm.c | 59 +++-- .../rainbowVc-classic/clean/blas_comm.h | 8 +- .../rainbowVc-classic/clean/blas_u32.c | 19 +- .../rainbowVc-classic/clean/blas_u32.h | 1 - crypto_sign/rainbowVc-classic/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- crypto_sign/rainbowVc-classic/clean/rainbow.c | 141 ++++++------ crypto_sign/rainbowVc-classic/clean/rainbow.h | 5 +- .../rainbowVc-classic/clean/rainbow_blas.h | 27 ++- .../rainbowVc-classic/clean/rainbow_config.h | 16 +- .../rainbowVc-classic/clean/rainbow_keypair.c | 97 ++++----- .../rainbowVc-classic/clean/rainbow_keypair.h | 35 ++- .../clean/rainbow_keypair_computation.c | 194 +++++++++-------- .../clean/rainbow_keypair_computation.h | 15 +- crypto_sign/rainbowVc-classic/clean/sign.c | 31 ++- .../rainbowVc-classic/clean/utils_hash.c | 21 +- .../rainbowVc-classic/clean/utils_hash.h | 5 +- .../rainbowVc-classic/clean/utils_prng.c | 33 ++- .../rainbowVc-classic/clean/utils_prng.h | 8 +- .../rainbowVc-cyclic-compressed/clean/blas.h | 1 - .../clean/blas_comm.c | 59 +++-- .../clean/blas_comm.h | 8 +- .../clean/blas_u32.c | 19 +- .../clean/blas_u32.h | 1 - .../rainbowVc-cyclic-compressed/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- .../clean/rainbow.c | 155 +++++++------ .../clean/rainbow.h | 9 +- .../clean/rainbow_blas.h | 27 ++- .../clean/rainbow_config.h | 16 +- .../clean/rainbow_keypair.c | 149 ++++++------- .../clean/rainbow_keypair.h | 65 +++--- .../clean/rainbow_keypair_computation.c | 204 +++++++++--------- .../clean/rainbow_keypair_computation.h | 20 +- .../rainbowVc-cyclic-compressed/clean/sign.c | 33 ++- .../clean/utils_hash.c | 21 +- .../clean/utils_hash.h | 5 +- .../clean/utils_prng.c | 33 ++- .../clean/utils_prng.h | 8 +- crypto_sign/rainbowVc-cyclic/clean/blas.h | 1 - .../rainbowVc-cyclic/clean/blas_comm.c | 59 +++-- .../rainbowVc-cyclic/clean/blas_comm.h | 8 +- crypto_sign/rainbowVc-cyclic/clean/blas_u32.c | 19 +- crypto_sign/rainbowVc-cyclic/clean/blas_u32.h | 1 - crypto_sign/rainbowVc-cyclic/clean/gf.c | 21 +- .../clean/parallel_matrix_op.c | 85 ++++---- .../clean/parallel_matrix_op.h | 86 +++----- crypto_sign/rainbowVc-cyclic/clean/rainbow.c | 149 +++++++------ crypto_sign/rainbowVc-cyclic/clean/rainbow.h | 7 +- .../rainbowVc-cyclic/clean/rainbow_blas.h | 27 ++- .../rainbowVc-cyclic/clean/rainbow_config.h | 16 +- .../rainbowVc-cyclic/clean/rainbow_keypair.c | 119 +++++----- .../rainbowVc-cyclic/clean/rainbow_keypair.h | 61 ++---- .../clean/rainbow_keypair_computation.c | 204 +++++++++--------- .../clean/rainbow_keypair_computation.h | 20 +- crypto_sign/rainbowVc-cyclic/clean/sign.c | 33 ++- .../rainbowVc-cyclic/clean/utils_hash.c | 21 +- .../rainbowVc-cyclic/clean/utils_hash.h | 5 +- .../rainbowVc-cyclic/clean/utils_prng.c | 33 ++- .../rainbowVc-cyclic/clean/utils_prng.h | 8 +- 189 files changed, 3861 insertions(+), 4842 deletions(-) diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas.h b/crypto_sign/rainbowIIIc-classic/clean/blas.h index e0cb28c2..ca7ce548 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas.h +++ b/crypto_sign/rainbowIIIc-classic/clean/blas.h @@ -17,4 +17,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c index 9f4ecb99..caff3bbf 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsign unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { uint8_t r = 0; - while ( _num_byte-- ) { + while (_num_byte--) { r |= a[0]; a++; } @@ -62,8 +61,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, } } -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { +static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -72,42 +70,38 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + pivot = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_inv(pivot); + gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); for (unsigned j = 0; j < h; j++) { if (i == j) { continue; } uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); } } return r8; } -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; +static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 64]; for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); for (unsigned i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { for (unsigned i = 0; i < h; i++) { for (unsigned j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; @@ -115,39 +109,34 @@ void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *ma } } - -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { uint8_t *aa = buffer; for (unsigned i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(ai, 2 * H); + gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf256mat_gauss_elim_impl(mat, h, w); } - -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h index 28ca3646..c88853b4 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -23,8 +22,6 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_ /// uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - /// @brief check if a vector is 0. /// /// @param[in] a - the vector a. @@ -33,7 +30,6 @@ uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsign /// unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - /// @brief polynomial multiplication: c = a*b /// /// @param[out] c - the output polynomial c @@ -43,7 +39,6 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsig /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// /// @param[out] c - the output vector c @@ -92,5 +87,4 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, /// unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c index 5f197cfc..52f83776 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,11 +37,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint } - - void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -62,11 +60,10 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t } } - void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h index 18d95d09..ba38066f 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h @@ -16,4 +16,3 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uin #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowIIIc-classic/clean/gf.c b/crypto_sign/rainbowIIIc-classic/clean/gf.c index 47ceaa97..02df8e1f 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/gf.c +++ b/crypto_sign/rainbowIIIc-classic/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -60,22 +60,21 @@ uint32_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } - uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; + unsigned r = ((unsigned)0) - a8; r >>= 8; return r & 1; } static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) ((a - 2) >> 1); - return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); + uint8_t msk = (uint8_t)((a - 2) >> 1); + return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); } static inline uint8_t gf16_mul_8(uint8_t a) { uint8_t a0 = a & 3; uint8_t a1 = a >> 2; - return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); + return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); } // gf256 := gf16[X]/X^2+X+xy diff --git a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c index 79310cb2..d13c97ea 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigne /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC if (k < i) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char * if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *b if (i == k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,46 +138,46 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, c } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(x, i); } - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); + gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf256v_madd( y, tmp, _x[i], size_batch ); + gf256v_madd(y, tmp, _x[i], size_batch); } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(y, i); } - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); + gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf256v_madd( z, tmp, _y[i], size_batch ); + gf256v_madd(z, tmp, _y[i], size_batch); } } diff --git a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h index 638ab9ed..260a6a23 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigne /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, con /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *b /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char * /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *b /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, c /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned cha /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow.c index 392630ce..54449133 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_ // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_ uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow.h index 0925514a..9d3aad32 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_ /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h index 601ee5e7..c4e0612f 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd +#define gfv_get_ele PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd -#define gfmat_prod PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv +#define gfmat_prod PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256 +#define batch_trimat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256 #define batch_quad_trimat_eval PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h index 44cba4f3..6d9aa270 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_config.h @@ -12,27 +12,23 @@ #define _HASH_LEN 48 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF256 #define _V1_BYTE (_V1) #define _V2_BYTE (_V2) #define _O1_BYTE (_O1) #define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) /// length of seed for public key, in # bytes @@ -45,6 +41,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c index de8e9de3..d90108bd 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -97,43 +87,40 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// -static -void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +static void _generate_secretkey(sk_t *sk, const unsigned char *sk_seed) { + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // set up prng prng_t prng0; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); // generating secret key with prng. - generate_S_T( sk->s1, &prng0 ); - generate_B1_B2( sk->l1_F1, &prng0 ); + generate_S_T(sk->s1, &prng0); + generate_B1_B2(sk->l1_F1, &prng0); // clean prng - memset( &prng0, 0, sizeof(prng_t) ); + memset(&prng0, 0, sizeof(prng_t)); } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { - _generate_secretkey( sk, sk_seed ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair(pk_t *rpk, sk_t *sk, const unsigned char *sk_seed) { + _generate_secretkey(sk, sk_seed); // set up a temporary structure ext_cpk_t for calculating public key. ext_cpk_t pk; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. - calculate_t4( sk->t4, sk->t1, sk->t3 ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F(&pk, sk, sk); // compute the public key in ext_cpk_t format. + calculate_t4(sk->t4, sk->t1, sk->t3); - obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1); + obsfucate_l1_polys(pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // so far, the pk contains the full pk but in ext_cpk_t format. - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(rpk, &pk); // convert the public key from ext_cpk_t to pk_t. } - - diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h index 9a6c6c81..3fd34570 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,22 +33,18 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - - /// /// @brief Generate key pairs for classic rainbow. /// @@ -63,7 +52,7 @@ struct rainbow_secretkey { /// @param[out] sk - the secret key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair(pk_t *pk, sk_t *sk, const unsigned char *sk_seed); diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c index 2e0ecaa6..ce0f1592 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *c for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *c for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *c for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *c for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,120 +72,118 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *c for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +static void calculate_Q_from_F_ref(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] + Layer 1 + Computing : + Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ + Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 + Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + */ const unsigned char *t2 = Ts->t4; - memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); - memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memcpy(Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); // l1_Q5 : _O1_BYTE * _O1 * _O1 // l1_Q9 : _O1_BYTE * _O2 * _O2 // l2_Q5 : _O2_BYTE * _V1 * _O1 // l2_Q9 : _O2_BYTE * _V1 * _O2 - unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; - memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memset(tempQ, 0, _O1_BYTE * _O1 * _O1); // l1_Q5 + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ, _O1, _O1_BYTE); // UT( ... ) // Q5 - batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 + batch_trimatTr_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // Q2 /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ, 0, _O1_BYTE * _O2 * _O2); // l1_Q9 + batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); + layer 2 + Computing: + Q1 = F1 + Q2 = F1_F1T*T1 + F2 + Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) + */ + memcpy(Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); - memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 + memcpy(Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F1*T1 + F2 - memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 + memcpy(Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); + memset(tempQ, 0, _O2_BYTE * _O1 * _O1); // l2_Q5 + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q5, tempQ, _O1, _O2_BYTE); // UT( ... ) // Q5 - batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 + batch_trimatTr_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q2 /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); - batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 - - memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) - - memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - - batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 - batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + + Q3 = F1_F1T*T2 + F2*T3 + F3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 + */ + memcpy(Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); + batch_trimat_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 + + memset(tempQ, 0, _O2_BYTE * _O2 * _O2); // l2_Q9 + batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE); // T2tr * ( ..... ) + + memcpy(Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + + batch_trimat_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + batch_matTr_madd(tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ, _O2, _O2_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1_F1T_T2 + F2_T3 + F3 // Q3 + + batch_bmatTr_madd(Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + F2tr*T2 + batch_trimatTr_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F2tr*T2 + F5_F5T*T3 + F6 + batch_matTr_madd(Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE); // Q6 } -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_impl( Qs, Fs, Ts ); +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h index 1a532c8a..d9aa3446 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *c /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); -#endif // _RAINBOW_KEYPAIR_COMP_H_ +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/sign.c b/crypto_sign/rainbowIIIc-classic/clean/sign.c index 05281ca5..e724420c 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/sign.c +++ b/crypto_sign/rainbowIIIc-classic/clean/sign.c @@ -12,31 +12,28 @@ #include #include -int -PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_generate_keypair((pk_t *)pk, (sk_t *)sk, sk_seed); return 0; } -int -PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); } -int -PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -47,7 +44,7 @@ PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen rc = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -60,9 +57,9 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); } int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_verify( @@ -72,6 +69,6 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify(digest, sig, (const pk_t *)pk); } diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_hash.c b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.c index 6323e528..58948cd9 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha384(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_hash.h b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.h index 6eafcdaa..7e7babfb 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/utils_hash.h +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c index 7346beb0..5f627f37 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.h b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.h index 6d07e69a..6b4999c7 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/utils_prng.h +++ b/crypto_sign/rainbowIIIc-classic/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h index 159342dc..c46edf8c 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas.h @@ -17,4 +17,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c index 0d7de845..475df36c 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t * unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { uint8_t r = 0; - while ( _num_byte-- ) { + while (_num_byte--) { r |= a[0]; a++; } @@ -62,8 +61,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const ui } } -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { +static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -72,42 +70,38 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + pivot = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_inv(pivot); + gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); for (unsigned j = 0; j < h; j++) { if (i == j) { continue; } uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); } } return r8; } -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; +static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 64]; for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); for (unsigned i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { for (unsigned i = 0; i < h; i++) { for (unsigned j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; @@ -115,39 +109,34 @@ void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *ma } } - -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { uint8_t *aa = buffer; for (unsigned i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(ai, 2 * H); + gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf256mat_gauss_elim_impl(mat, h, w); } - -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h index 49a8ba1b..4eb71dbf 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -23,8 +22,6 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsig /// uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - /// @brief check if a vector is 0. /// /// @param[in] a - the vector a. @@ -33,7 +30,6 @@ uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t * /// unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - /// @brief polynomial multiplication: c = a*b /// /// @param[out] c - the output polynomial c @@ -43,7 +39,6 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// /// @param[out] c - the output vector c @@ -92,5 +87,4 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint /// unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c index 1c445727..9d07f8ec 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,11 +37,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, c } - - void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -62,11 +60,10 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, } } - void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h index 5edfe447..a309a5a9 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h @@ -16,4 +16,3 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c index f9ffae4b..dd39e2ae 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -60,22 +60,21 @@ uint32_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uin return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } - uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; + unsigned r = ((unsigned)0) - a8; r >>= 8; return r & 1; } static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) ((a - 2) >> 1); - return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); + uint8_t msk = (uint8_t)((a - 2) >> 1); + return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); } static inline uint8_t gf16_mul_8(uint8_t a) { uint8_t a0 = a & 3; uint8_t a1 = a >> 2; - return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); + return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); } // gf256 := gf16[X]/X^2+X+xy diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c index 92935540..a750a014 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned if (k < i) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsign if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigne if (i == k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,46 +138,46 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned ch } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); + gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf256v_madd( y, tmp, _x[i], size_batch ); + gf256v_madd(y, tmp, _x[i], size_batch); } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(y, i); } - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); + gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf256v_madd( z, tmp, _y[i], size_batch ); + gf256v_madd(z, tmp, _y[i], size_batch); } } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h index ced939e2..65c30466 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *b /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigne /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsign /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigne /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned cha /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned ch /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsi /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( uns /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsi /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c index d5e39f31..fcd33739 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; @@ -168,14 +167,14 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *dig } /////////////// cyclic version /////////////////////////// -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(uint8_t *signature, const csk_t *csk, const uint8_t *digest) { unsigned char sk[sizeof(sk_t) + 32]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed); // generating classic secret key. + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign(signature, (sk_t *)sk, digest); } -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk) { + unsigned char pk[sizeof(pk_t) + 32]; + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk((pk_t *)pk, _pk); // generating classic public key. + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify(digest, signature, (pk_t *)pk); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h index 4cfbc3f7..7decea2a 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); /// /// @brief Signing function for compressed secret key of the cyclic rainbow. @@ -36,7 +35,7 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *dig /// @param[in] sk - the compressed secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(uint8_t *signature, const csk_t *sk, const uint8_t *digest); /// /// @brief Verifying function for cyclic public keys. @@ -46,6 +45,6 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *sign /// @param[in] pk - the public key of cyclic rainbow. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *pk); #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h index fd172eca..120973c6 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd +#define gfv_get_ele PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd -#define gfmat_prod PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv +#define gfmat_prod PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256 +#define batch_trimat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256 #define batch_quad_trimat_eval PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h index 44cba4f3..6d9aa270 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_config.h @@ -12,27 +12,23 @@ #define _HASH_LEN 48 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF256 #define _V1_BYTE (_V1) #define _V2_BYTE (_V2) #define _O1_BYTE (_O1) #define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) /// length of seed for public key, in # bytes @@ -45,6 +41,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c index f6ac5b29..c3ed6104 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -98,85 +88,82 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// - ///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(pk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng; prng_t *prng0 = &prng; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, prng0); // S,T: only a part of sk unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + memcpy(t2, sk->t4, _V1_BYTE * _O2); // temporarily store t2 + calculate_t4(sk->t4, sk->t1, sk->t3); // t2 <- t4 // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t *prng1 = &prng; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, prng1); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk, Qs, sk); // calcuate the rest parts of secret key from Qs and S,T unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + memcpy(t4, sk->t4, _V1_BYTE * _O2); // temporarily store t4 + memcpy(sk->t4, t2, _V1_BYTE * _O2); // restore t2 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(pk, sk, sk); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy(sk->t4, t4, _V1_BYTE * _O2); // restore t4 - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // clean - memset( &prng, 0, sizeof(prng_t) ); + memset(&prng, 0, sizeof(prng_t)); } - -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic(cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(rsk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(rsk->sk_seed, sk_seed, LEN_SKSEED); sk_t sk; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(pk, &sk, pk_seed, sk_seed); } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic(sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng0; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, &prng0); + calculate_t4(sk->t4, sk->t1, sk->t3); // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t prng1; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(&prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, &prng1); - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk, Qs, sk); // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); + memset(&prng0, 0, sizeof(prng_t)); } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk(pk_t *rpk, const cpk_t *cpk) { // procedure: cpk_t --> extcpk_t --> pk_t // convert from cpk_t to extcpk_t @@ -184,18 +171,18 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t // setup prng prng_t prng0; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(&prng0, cpk->pk_seed, LEN_SKSEED); // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); + generate_l1_F12(pk.l1_Q1, &prng0); // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + memcpy(pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * (_V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2))); // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); + generate_l2_F12356(pk.l2_Q1, &prng0); // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + memcpy(pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( rpk, &pk ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(rpk, &pk); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h index 151bbf84..4ca8876e 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,50 +33,42 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow /// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 +typedef struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 } cpk_t; - - /// @brief compressed secret key for cyclic rainbow /// /// compressed secret key for cyclic rainbow /// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +typedef struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; - /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -92,7 +77,7 @@ struct rainbow_secretkey_cyclic { /// @param[in] pk_seed - seed for generating parts of public key. /// @param[in] sk_seed - seed for generating secret key. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); /// /// @brief Generate compressed key pairs for cyclic rainbow. @@ -102,7 +87,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *p /// @param[in] pk_seed - seed for generating parts of the public key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic(cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); /// /// @brief Generate secret key for cyclic rainbow. @@ -111,7 +96,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( /// @param[in] pk_seed - seed for generating parts of the pbulic key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic(sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); //////////////////////////////////// @@ -121,6 +106,6 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t * /// @param[out] pk - the classic public key. /// @param[in] cpk - the cyclic public key. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_cpk_to_pk(pk_t *pk, const cpk_t *cpk); #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c index dfc5f31d..82630143 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,146 +72,142 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { +static void calculate_F_from_Q_ref(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { // Layer 1 // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + memcpy(Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_2trimat_madd(Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); /* - Layer 2 - computations: + Layer 2 + computations: - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + */ + memcpy(Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + memcpy(Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q1_T1+ Q2 unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + memset(tempQ, 0, _O1 * _O1 * _O2_BYTE); + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE); // t1_tr*(Q1_T1+Q2) + memcpy(Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // F5 + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Fs->l2_F5, tempQ, _O1, _O2_BYTE); // UT( ... ) - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + batch_trimatTr_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F2 = Q1_T1 + Q2 + Q1^tr*t1 // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + memcpy(Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE); + batch_2trimat_madd(Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); // Q1_Q1T_T4 + batch_mat_madd(Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // Q2_T3 // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) // + Q_pk.l2_F2s[i].transpose() * t4 // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - + memcpy(Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE); + batch_matTr_madd(Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd(Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd(Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); } -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 +static void calculate_Q_from_F_cyclic_ref(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + // Layer 1: Computing Q5, Q3, Q6, Q9 -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + // Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) const unsigned char *t2 = Ts->t4; sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); - memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memcpy(tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 + memset(tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset(tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd(tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE); // T1tr*(F1*T1 + F2) + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE); // UT( ... ) // Q5 /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); + + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd(tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - Layer 2 - Computing Q9: + Layer 2 + Computing Q9: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + memcpy(tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); /// F3 actually. + batch_trimat_madd(tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + memset(tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2); + batch_matTr_madd(tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE); // T2tr * ( ..... ) - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + memcpy(tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + batch_trimat_madd(tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 + batch_matTr_madd(tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE); // Q9 } // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { + calculate_F_from_Q_impl(Fs, Qs, Ts); } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_cyclic_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h index 6419fb12..22bb2c08 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); /// @@ -64,7 +57,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs /// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts); /// /// @brief Computing parts of the pk from the secret key @@ -73,7 +66,6 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, con /// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - -#endif // _RAINBOW_KEYPAIR_COMP_H_ +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c index 8aa74a38..1dcc20d2 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/sign.c @@ -12,33 +12,30 @@ #include #include -int -PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + randombytes(pk_seed, LEN_PKSEED); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic((cpk_t *)pk, (csk_t *)sk, pk_seed, sk_seed); return 0; } -int -PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(sm + mlen, (const csk_t *)sk, digest); } -int -PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -49,7 +46,7 @@ PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, siz rc = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -62,9 +59,9 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(sig, (const csk_t *)sk, digest); } int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( @@ -74,6 +71,6 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sig, (const cpk_t *)pk); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c index db5e7f3d..77cbed93 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha384(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h index de041aed..0f034bfc 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c index 1effeee4..40b489f0 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h index c07c8e07..9e47af8a 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas.h index 72ba2813..5b3d374e 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas.h @@ -17,4 +17,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c index b62b6875..936a4c98 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigne unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { uint8_t r = 0; - while ( _num_byte-- ) { + while (_num_byte--) { r |= a[0]; a++; } @@ -62,8 +61,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, } } -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { +static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -72,42 +70,38 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + pivot = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_inv(pivot); + gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); for (unsigned j = 0; j < h; j++) { if (i == j) { continue; } uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); } } return r8; } -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; +static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 64]; for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); for (unsigned i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { for (unsigned i = 0; i < h; i++) { for (unsigned j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; @@ -115,39 +109,34 @@ void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *ma } } - -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { uint8_t *aa = buffer; for (unsigned i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(ai, 2 * H); + gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf256mat_gauss_elim_impl(mat, h, w); } - -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h index aa5c7db4..2d2474dc 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -23,8 +22,6 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_b /// uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - /// @brief check if a vector is 0. /// /// @param[in] a - the vector a. @@ -33,7 +30,6 @@ uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigne /// unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - /// @brief polynomial multiplication: c = a*b /// /// @param[out] c - the output polynomial c @@ -43,7 +39,6 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsign /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// /// @param[out] c - the output vector c @@ -92,5 +87,4 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, /// unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c index 62d21c88..9e013ff2 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,11 +37,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8 } - - void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -62,11 +60,10 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b } } - void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h index 7493f85e..028c2cd6 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h @@ -16,4 +16,3 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c index 7c686b9c..f480af63 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -60,22 +60,21 @@ uint32_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } - uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; + unsigned r = ((unsigned)0) - a8; r >>= 8; return r & 1; } static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) ((a - 2) >> 1); - return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); + uint8_t msk = (uint8_t)((a - 2) >> 1); + return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); } static inline uint8_t gf16_mul_8(uint8_t a) { uint8_t a0 = a & 3; uint8_t a1 = a >> 2; - return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); + return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); } // gf256 := gf16[X]/X^2+X+xy diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c index 85671923..b4d06330 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, if (k < i) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *b if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC if (i == k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,46 +138,46 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, co } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(x, i); } - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); + gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf256v_madd( y, tmp, _x[i], size_batch ); + gf256v_madd(y, tmp, _x[i], size_batch); } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(y, i); } - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); + gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf256v_madd( z, tmp, _y[i], size_batch ); + gf256v_madd(z, tmp, _y[i], size_batch); } } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h index c6ee1801..59a00470 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, cons /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *b /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, con /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, co /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c index a5216e3c..ee19dd32 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; @@ -168,8 +167,8 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const } -int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk) { + unsigned char pk[sizeof(pk_t) + 32]; + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk((pk_t *)pk, _pk); // generating classic public key. + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify(digest, signature, (pk_t *)pk); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h index 73333416..08353041 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); /// @@ -38,6 +37,6 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const /// @param[in] pk - the public key of cyclic rainbow. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *pk); #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h index a1dd37dc..adcc2032 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd +#define gfv_get_ele PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd -#define gfmat_prod PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv +#define gfmat_prod PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256 +#define batch_trimat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256 #define batch_quad_trimat_eval PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h index 44cba4f3..6d9aa270 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_config.h @@ -12,27 +12,23 @@ #define _HASH_LEN 48 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF256 #define _V1_BYTE (_V1) #define _V2_BYTE (_V2) #define _O1_BYTE (_O1) #define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) /// length of seed for public key, in # bytes @@ -45,6 +41,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c index c5bbe7c2..1a368a37 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -98,54 +88,51 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// - ///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(pk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng; prng_t *prng0 = &prng; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, prng0); // S,T: only a part of sk unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + memcpy(t2, sk->t4, _V1_BYTE * _O2); // temporarily store t2 + calculate_t4(sk->t4, sk->t1, sk->t3); // t2 <- t4 // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t *prng1 = &prng; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, prng1); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q(sk, Qs, sk); // calcuate the rest parts of secret key from Qs and S,T unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + memcpy(t4, sk->t4, _V1_BYTE * _O2); // temporarily store t4 + memcpy(sk->t4, t2, _V1_BYTE * _O2); // restore t2 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic(pk, sk, sk); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy(sk->t4, t4, _V1_BYTE * _O2); // restore t4 - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // clean - memset( &prng, 0, sizeof(prng_t) ); + memset(&prng, 0, sizeof(prng_t)); } - -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk(pk_t *rpk, const cpk_t *cpk) { // procedure: cpk_t --> extcpk_t --> pk_t // convert from cpk_t to extcpk_t @@ -153,18 +140,18 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // setup prng prng_t prng0; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(&prng0, cpk->pk_seed, LEN_SKSEED); // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); + generate_l1_F12(pk.l1_Q1, &prng0); // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + memcpy(pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * (_V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2))); // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); + generate_l2_F12356(pk.l2_Q1, &prng0); // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + memcpy(pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(rpk, &pk); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h index 8fe991ab..33f55e32 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,50 +33,42 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow /// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 +typedef struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 } cpk_t; - - /// @brief compressed secret key for cyclic rainbow /// /// compressed secret key for cyclic rainbow /// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +typedef struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; - /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -92,7 +77,7 @@ struct rainbow_secretkey_cyclic { /// @param[in] pk_seed - seed for generating parts of public key. /// @param[in] sk_seed - seed for generating secret key. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); @@ -104,6 +89,6 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *s /// @param[out] pk - the classic public key. /// @param[in] cpk - the cyclic public key. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_cpk_to_pk(pk_t *pk, const cpk_t *cpk); #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c index 50fa1be4..d3f3ae13 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,146 +72,142 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { +static void calculate_F_from_Q_ref(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { // Layer 1 // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + memcpy(Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_2trimat_madd(Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); /* - Layer 2 - computations: + Layer 2 + computations: - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + */ + memcpy(Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + memcpy(Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q1_T1+ Q2 unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + memset(tempQ, 0, _O1 * _O1 * _O2_BYTE); + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE); // t1_tr*(Q1_T1+Q2) + memcpy(Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // F5 + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(Fs->l2_F5, tempQ, _O1, _O2_BYTE); // UT( ... ) - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + batch_trimatTr_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F2 = Q1_T1 + Q2 + Q1^tr*t1 // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + memcpy(Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE); + batch_2trimat_madd(Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); // Q1_Q1T_T4 + batch_mat_madd(Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // Q2_T3 // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) // + Q_pk.l2_F2s[i].transpose() * t4 // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - + memcpy(Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE); + batch_matTr_madd(Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd(Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd(Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); } -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 +static void calculate_Q_from_F_cyclic_ref(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + // Layer 1: Computing Q5, Q3, Q6, Q9 -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + // Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) const unsigned char *t2 = Ts->t4; sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); - memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memcpy(tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 + memset(tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset(tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd(tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE); // T1tr*(F1*T1 + F2) + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE); // UT( ... ) // Q5 /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); + + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd(tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - Layer 2 - Computing Q9: + Layer 2 + Computing Q9: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + memcpy(tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); /// F3 actually. + batch_trimat_madd(tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + memset(tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2); + batch_matTr_madd(tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE); // T2tr * ( ..... ) - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + memcpy(tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + batch_trimat_madd(tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 + batch_matTr_madd(tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE); // Q9 } // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { + calculate_F_from_Q_impl(Fs, Qs, Ts); } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_cyclic_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h index d151669e..6e6eeef9 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cp /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); /// @@ -64,7 +57,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk /// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts); /// /// @brief Computing parts of the pk from the secret key @@ -73,7 +66,6 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Q /// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - -#endif // _RAINBOW_KEYPAIR_COMP_H_ +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/sign.c b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c index b15c0fc9..0f558c48 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/sign.c @@ -12,33 +12,30 @@ #include #include -int -PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + randombytes(pk_seed, LEN_PKSEED); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_generate_keypair_cyclic((cpk_t *)pk, (sk_t *)sk, pk_seed, sk_seed); return 0; } -int -PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); } -int -PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -49,7 +46,7 @@ PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, rc = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -62,9 +59,9 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); } int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_verify( @@ -74,6 +71,6 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sig, (const cpk_t *)pk); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c index 3a8ad8b3..4219df75 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha384(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h index 45f0d129..24231e34 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c index 87ed2c31..142e653e 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h index fcf1e7fc..403a4230 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h index d42a55a2..22b7809e 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas.h +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -18,4 +18,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index a0014a99..938478c5 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned uint8_t r0 = r & 0xf; uint8_t r1 = r >> 4; uint8_t m = (uint8_t)(-((int8_t)i & 1)); - return (uint8_t)((r1 & m) | ((~m)&r0)); + return (uint8_t)((r1 & m) | ((~m) & r0)); } /// @brief set an element for a GF(16) vector . @@ -37,9 +36,9 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned /// @return the value of the element. /// static uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { - uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f - uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase - a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set + uint8_t m = (uint8_t)(0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t ai_remaining = (uint8_t)(a[i >> 1] & (~m)); /// erase + a[i >> 1] = (uint8_t)(ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set return v; } @@ -65,8 +64,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co } } -static -unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { +static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned n_w_byte = (w + 1) / 2; unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -92,8 +90,7 @@ unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static -unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { uint8_t mat[64 * 33]; unsigned n_byte = (n + 1) >> 1; for (unsigned i = 0; i < n; i++) { @@ -133,28 +130,21 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf16mat_prod_impl gf16mat_prod_ref -#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref -#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref - - +#define gf16mat_prod_impl gf16mat_prod_ref +#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref +#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf16mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf16mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } - unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { - return gf16mat_gauss_elim_impl( mat, h, w); + return gf16mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf16mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf16mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } - diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index aff00f04..5c8e3938 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -72,5 +71,4 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.c b/crypto_sign/rainbowIa-classic/clean/blas_u32.c index e14b0451..00d35968 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, u void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,10 +37,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_ } - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -63,8 +62,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf1 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -88,8 +87,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - const uint32_t *a_u32 = (const uint32_t *) a; - const uint32_t *b_u32 = (const uint32_t *) b; + const uint32_t *a_u32 = (const uint32_t *)a; + const uint32_t *b_u32 = (const uint32_t *)b; uint32_t r = 0; for (unsigned i = 0; i < n_u32; i++) { r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index b0819d33..0bbfd015 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -17,4 +17,3 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uin #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index cbd5950a..c9563dbe 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -61,8 +61,6 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { } - - static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { uint32_t c0 = a0 & b0; uint32_t c2 = a1 & b1; @@ -72,7 +70,7 @@ static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a) { unsigned a4 = a & 0xf; - unsigned r = ((unsigned) 0) - a4; + unsigned r = ((unsigned)0) - a4; r >>= 4; return r & 1; } @@ -113,9 +111,9 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b static inline uint8_t gf256v_reduce_u32(uint32_t a) { // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); + uint16_t *aa = (uint16_t *)(&a); uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); + uint8_t *rr = (uint8_t *)(&r); return rr[0] ^ rr[1]; } @@ -124,4 +122,3 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } - diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c index adb1e65d..c116f05a 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c if (k < i) { continue; } - gf16v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, if (i < k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, if (i == k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf16v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,45 +138,45 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, cons } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(y, i); } - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf16v_madd( tmp, mat, _x[j], size_batch ); + gf16v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf16v_madd( z, tmp, _y[i], size_batch ); + gf16v_madd(z, tmp, _y[i], size_batch); } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(x, i); } - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf16v_madd( tmp, trimat, _x[j], size_batch ); + gf16v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf16v_madd( y, tmp, _x[i], size_batch ); + gf16v_madd(y, tmp, _x[i], size_batch); } } diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h index eba51668..214507e8 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, cons /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, con /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char * /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char * /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c index 498cc532..18ba4e33 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h index 0254e299..7cf8e077 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h index b8b54211..773fa291 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd +#define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd -#define gfmat_prod PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod -#define gfmat_inv PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv +#define gfmat_prod PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16 -#define batch_trimatTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16 -#define batch_2trimat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16 -#define batch_matTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16 -#define batch_bmatTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16 -#define batch_mat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16 +#define batch_trimat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16 +#define batch_2trimat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16 +#define batch_matTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16 +#define batch_mat_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16 #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h index abdd312c..2222abe1 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h @@ -13,27 +13,23 @@ #define _HASH_LEN 32 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF16 -#define _V1_BYTE (_V1/2) -#define _V2_BYTE (_V2/2) -#define _O1_BYTE (_O1/2) -#define _O2_BYTE (_O2/2) -#define _PUB_N_BYTE (_PUB_N/2) -#define _PUB_M_BYTE (_PUB_M/2) - +#define _V1_BYTE (_V1 / 2) +#define _V2_BYTE (_V2 / 2) +#define _O1_BYTE (_O1 / 2) +#define _O2_BYTE (_O2 / 2) +#define _PUB_N_BYTE (_PUB_N / 2) +#define _PUB_M_BYTE (_PUB_M / 2) /// length of seed for public key, in # bytes @@ -46,6 +42,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c index 74cc376c..4da6ca44 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -97,43 +87,40 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// -static -void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +static void _generate_secretkey(sk_t *sk, const unsigned char *sk_seed) { + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // set up prng prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); // generating secret key with prng. - generate_S_T( sk->s1, &prng0 ); - generate_B1_B2( sk->l1_F1, &prng0 ); + generate_S_T(sk->s1, &prng0); + generate_B1_B2(sk->l1_F1, &prng0); // clean prng - memset( &prng0, 0, sizeof(prng_t) ); + memset(&prng0, 0, sizeof(prng_t)); } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { - _generate_secretkey( sk, sk_seed ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair(pk_t *rpk, sk_t *sk, const unsigned char *sk_seed) { + _generate_secretkey(sk, sk_seed); // set up a temporary structure ext_cpk_t for calculating public key. ext_cpk_t pk; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. - calculate_t4( sk->t4, sk->t1, sk->t3 ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F(&pk, sk, sk); // compute the public key in ext_cpk_t format. + calculate_t4(sk->t4, sk->t1, sk->t3); - obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1); + obsfucate_l1_polys(pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // so far, the pk contains the full pk but in ext_cpk_t format. - PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. + PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(rpk, &pk); // convert the public key from ext_cpk_t to pk_t. } - - diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h index 9dc31967..f614f064 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,22 +33,18 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - - /// /// @brief Generate key pairs for classic rainbow. /// @@ -63,7 +52,7 @@ struct rainbow_secretkey { /// @param[out] sk - the secret key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair(pk_t *pk, sk_t *sk, const unsigned char *sk_seed); diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 421b406c..9730a0e8 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,120 +72,118 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +static void calculate_Q_from_F_ref(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] + Layer 1 + Computing : + Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ + Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 + Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + */ const unsigned char *t2 = Ts->t4; - memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); - memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memcpy(Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); // l1_Q5 : _O1_BYTE * _O1 * _O1 // l1_Q9 : _O1_BYTE * _O2 * _O2 // l2_Q5 : _O2_BYTE * _V1 * _O1 // l2_Q9 : _O2_BYTE * _V1 * _O2 - unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; - memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memset(tempQ, 0, _O1_BYTE * _O1 * _O1); // l1_Q5 + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ, _O1, _O1_BYTE); // UT( ... ) // Q5 - batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 + batch_trimatTr_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // Q2 /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ, 0, _O1_BYTE * _O2 * _O2); // l1_Q9 + batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); + layer 2 + Computing: + Q1 = F1 + Q2 = F1_F1T*T1 + F2 + Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) + */ + memcpy(Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); - memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 + memcpy(Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F1*T1 + F2 - memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 + memcpy(Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); + memset(tempQ, 0, _O2_BYTE * _O1 * _O1); // l2_Q5 + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q5, tempQ, _O1, _O2_BYTE); // UT( ... ) // Q5 - batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 + batch_trimatTr_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q2 /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); - batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 - - memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) - - memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - - batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 - batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + + Q3 = F1_F1T*T2 + F2*T3 + F3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 + */ + memcpy(Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); + batch_trimat_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 + + memset(tempQ, 0, _O2_BYTE * _O2 * _O2); // l2_Q9 + batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE); // T2tr * ( ..... ) + + memcpy(Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + + batch_trimat_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + batch_matTr_madd(tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ, _O2, _O2_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1_F1T_T2 + F2_T3 + F3 // Q3 + + batch_bmatTr_madd(Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + F2tr*T2 + batch_trimatTr_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F2tr*T2 + F5_F5T*T3 + F6 + batch_matTr_madd(Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE); // Q6 } -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_impl( Qs, Fs, Ts ); +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index 1282cab4..7f8b96d2 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); -#endif // _RAINBOW_KEYPAIR_COMP_H_ +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index 193c9079..08405878 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -12,31 +12,28 @@ #include #include -int -PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair((pk_t *)pk, (sk_t *)sk, sk_seed); return 0; } -int -PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); } -int -PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -47,7 +44,7 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, rc = PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -60,9 +57,9 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( @@ -72,6 +69,6 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify(digest, sig, (const pk_t *)pk); } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index e8bb7c04..052f53c8 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha256(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.h b/crypto_sign/rainbowIa-classic/clean/utils_hash.h index 807851f3..da190bac 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.h +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowIa-classic/clean/utils_prng.c b/crypto_sign/rainbowIa-classic/clean/utils_prng.c index 1a8a36b4..36eae4b7 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_prng.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_prng.h b/crypto_sign/rainbowIa-classic/clean/utils_prng.h index 86f9ea5b..0c1a5323 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_prng.h +++ b/crypto_sign/rainbowIa-classic/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h index e432b780..ff8aee9e 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas.h @@ -18,4 +18,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c index 995df9c9..5022089d 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, uint8_t r0 = r & 0xf; uint8_t r1 = r >> 4; uint8_t m = (uint8_t)(-((int8_t)i & 1)); - return (uint8_t)((r1 & m) | ((~m)&r0)); + return (uint8_t)((r1 & m) | ((~m) & r0)); } /// @brief set an element for a GF(16) vector . @@ -37,9 +36,9 @@ uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, /// @return the value of the element. /// static uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { - uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f - uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase - a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set + uint8_t m = (uint8_t)(0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t ai_remaining = (uint8_t)(a[i >> 1] & (~m)); /// erase + a[i >> 1] = (uint8_t)(ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set return v; } @@ -65,8 +64,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8 } } -static -unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { +static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned n_w_byte = (w + 1) / 2; unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -92,8 +90,7 @@ unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static -unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { uint8_t mat[64 * 33]; unsigned n_byte = (n + 1) >> 1; for (unsigned i = 0; i < n; i++) { @@ -133,28 +130,21 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, con return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf16mat_prod_impl gf16mat_prod_ref -#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref -#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref - - +#define gf16mat_prod_impl gf16mat_prod_ref +#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref +#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf16mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf16mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } - unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { - return gf16mat_gauss_elim_impl( mat, h, w); + return gf16mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf16mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf16mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h index 91821ec6..4b8ec358 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -72,5 +71,4 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, con void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c index 84ca9099..9ccd0d72 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t * void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,10 +37,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, con } - void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -63,8 +62,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, ui void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -88,8 +87,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, con uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - const uint32_t *a_u32 = (const uint32_t *) a; - const uint32_t *b_u32 = (const uint32_t *) b; + const uint32_t *a_u32 = (const uint32_t *)a; + const uint32_t *b_u32 = (const uint32_t *)b; uint32_t r = 0; for (unsigned i = 0; i < n_u32; i++) { r ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h index 6321703a..def05094 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h @@ -17,4 +17,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c index d6566523..cbf59609 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -61,8 +61,6 @@ uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8 } - - static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { uint32_t c0 = a0 & b0; uint32_t c2 = a1 & b1; @@ -72,7 +70,7 @@ static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(uint8_t a) { unsigned a4 = a & 0xf; - unsigned r = ((unsigned) 0) - a4; + unsigned r = ((unsigned)0) - a4; r >>= 4; return r & 1; } @@ -113,9 +111,9 @@ uint32_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(uint32_t a, u static inline uint8_t gf256v_reduce_u32(uint32_t a) { // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); + uint16_t *aa = (uint16_t *)(&a); uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); + uint8_t *rr = (uint8_t *)(&r); return rr[0] ^ rr[1]; } @@ -124,4 +122,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c index 4b61c718..c764ff72 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned ch if (k < i) { continue; } - gf16v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned ch } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned if (i < k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned c if (i == k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf16v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,45 +138,45 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(y, i); } - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf16v_madd( tmp, mat, _x[j], size_batch ); + gf16v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf16v_madd( z, tmp, _y[i], size_batch ); + gf16v_madd(z, tmp, _y[i], size_batch); } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(x, i); } - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf16v_madd( tmp, trimat, _x[j], size_batch ); + gf16v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf16v_madd( y, tmp, _x[i], size_batch ); + gf16v_madd(y, tmp, _x[i], size_batch); } } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h index ba01df60..e85424c3 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btr /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned cha /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsign /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsig /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsign /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c index 4e87ca00..edc8a2e8 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, co // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, co uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; @@ -168,14 +167,14 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *diges } /////////////// cyclic version /////////////////////////// -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(uint8_t *signature, const csk_t *csk, const uint8_t *digest) { unsigned char sk[sizeof(sk_t) + 32]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed); // generating classic secret key. + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign(signature, (sk_t *)sk, digest); } -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk) { + unsigned char pk[sizeof(pk_t) + 32]; + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk((pk_t *)pk, _pk); // generating classic public key. + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify(digest, signature, (pk_t *)pk); } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h index d67ee069..69112530 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, co /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); /// /// @brief Signing function for compressed secret key of the cyclic rainbow. @@ -36,7 +35,7 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *diges /// @param[in] sk - the compressed secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(uint8_t *signature, const csk_t *sk, const uint8_t *digest); /// /// @brief Verifying function for cyclic public keys. @@ -46,6 +45,6 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signat /// @param[in] pk - the public key of cyclic rainbow. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *pk); #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h index abdd4831..e1392257 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd +#define gfv_get_ele PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd -#define gfmat_prod PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod -#define gfmat_inv PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv +#define gfmat_prod PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16 -#define batch_trimatTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16 -#define batch_2trimat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16 -#define batch_matTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16 -#define batch_bmatTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16 -#define batch_mat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16 +#define batch_trimat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16 +#define batch_2trimat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16 +#define batch_matTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16 +#define batch_mat_madd PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16 #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h index abdd312c..2222abe1 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_config.h @@ -13,27 +13,23 @@ #define _HASH_LEN 32 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF16 -#define _V1_BYTE (_V1/2) -#define _V2_BYTE (_V2/2) -#define _O1_BYTE (_O1/2) -#define _O2_BYTE (_O2/2) -#define _PUB_N_BYTE (_PUB_N/2) -#define _PUB_M_BYTE (_PUB_M/2) - +#define _V1_BYTE (_V1 / 2) +#define _V2_BYTE (_V2 / 2) +#define _O1_BYTE (_O1 / 2) +#define _O2_BYTE (_O2 / 2) +#define _PUB_N_BYTE (_PUB_N / 2) +#define _PUB_M_BYTE (_PUB_M / 2) /// length of seed for public key, in # bytes @@ -46,6 +42,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c index f03d2473..a91f523d 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -98,85 +88,82 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// - ///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(pk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng; prng_t *prng0 = &prng; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, prng0); // S,T: only a part of sk unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + memcpy(t2, sk->t4, _V1_BYTE * _O2); // temporarily store t2 + calculate_t4(sk->t4, sk->t1, sk->t3); // t2 <- t4 // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t *prng1 = &prng; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, prng1); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk, Qs, sk); // calcuate the rest parts of secret key from Qs and S,T unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + memcpy(t4, sk->t4, _V1_BYTE * _O2); // temporarily store t4 + memcpy(sk->t4, t2, _V1_BYTE * _O2); // restore t2 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(pk, sk, sk); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy(sk->t4, t4, _V1_BYTE * _O2); // restore t4 - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // clean - memset( &prng, 0, sizeof(prng_t) ); + memset(&prng, 0, sizeof(prng_t)); } - -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic(cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(rsk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(rsk->sk_seed, sk_seed, LEN_SKSEED); sk_t sk; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(pk, &sk, pk_seed, sk_seed); } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic(sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng0; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, &prng0); + calculate_t4(sk->t4, sk->t1, sk->t3); // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t prng1; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(&prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, &prng1); - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk, Qs, sk); // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); + memset(&prng0, 0, sizeof(prng_t)); } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk(pk_t *rpk, const cpk_t *cpk) { // procedure: cpk_t --> extcpk_t --> pk_t // convert from cpk_t to extcpk_t @@ -184,18 +171,18 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t * // setup prng prng_t prng0; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(&prng0, cpk->pk_seed, LEN_SKSEED); // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); + generate_l1_F12(pk.l1_Q1, &prng0); // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + memcpy(pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * (_V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2))); // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); + generate_l2_F12356(pk.l2_Q1, &prng0); // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + memcpy(pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( rpk, &pk ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(rpk, &pk); } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h index d046772d..718b959c 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,50 +33,42 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow /// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 +typedef struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 } cpk_t; - - /// @brief compressed secret key for cyclic rainbow /// /// compressed secret key for cyclic rainbow /// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +typedef struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; - /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -92,7 +77,7 @@ struct rainbow_secretkey_cyclic { /// @param[in] pk_seed - seed for generating parts of public key. /// @param[in] sk_seed - seed for generating secret key. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); /// /// @brief Generate compressed key pairs for cyclic rainbow. @@ -102,7 +87,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, /// @param[in] pk_seed - seed for generating parts of the public key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic(cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); /// /// @brief Generate secret key for cyclic rainbow. @@ -111,7 +96,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cp /// @param[in] pk_seed - seed for generating parts of the pbulic key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic(sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); //////////////////////////////////// @@ -121,6 +106,6 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk /// @param[out] pk - the classic public key. /// @param[in] cpk - the cyclic public key. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_cpk_to_pk(pk_t *pk, const cpk_t *cpk); #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c index cbc980a6..16698d31 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,146 +72,142 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { +static void calculate_F_from_Q_ref(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { // Layer 1 // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + memcpy(Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_2trimat_madd(Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); /* - Layer 2 - computations: + Layer 2 + computations: - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + */ + memcpy(Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + memcpy(Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q1_T1+ Q2 unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + memset(tempQ, 0, _O1 * _O1 * _O2_BYTE); + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE); // t1_tr*(Q1_T1+Q2) + memcpy(Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // F5 + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(Fs->l2_F5, tempQ, _O1, _O2_BYTE); // UT( ... ) - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + batch_trimatTr_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F2 = Q1_T1 + Q2 + Q1^tr*t1 // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + memcpy(Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE); + batch_2trimat_madd(Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); // Q1_Q1T_T4 + batch_mat_madd(Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // Q2_T3 // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) // + Q_pk.l2_F2s[i].transpose() * t4 // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - + memcpy(Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE); + batch_matTr_madd(Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd(Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd(Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); } -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 +static void calculate_Q_from_F_cyclic_ref(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + // Layer 1: Computing Q5, Q3, Q6, Q9 -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + // Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) const unsigned char *t2 = Ts->t4; sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); - memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memcpy(tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 + memset(tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset(tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd(tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE); // T1tr*(F1*T1 + F2) + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE); // UT( ... ) // Q5 /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); + + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd(tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - Layer 2 - Computing Q9: + Layer 2 + Computing Q9: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + memcpy(tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); /// F3 actually. + batch_trimat_madd(tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + memset(tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2); + batch_matTr_madd(tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE); // T2tr * ( ..... ) - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + memcpy(tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + batch_trimat_madd(tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 + batch_matTr_madd(tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE); // Q9 } // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { + calculate_F_from_Q_impl(Fs, Qs, Ts); } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_cyclic_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h index 9036f6db..3af7563a 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); /// @@ -64,7 +57,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, /// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts); /// /// @brief Computing parts of the pk from the secret key @@ -73,7 +66,6 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const /// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - -#endif // _RAINBOW_KEYPAIR_COMP_H_ +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c index 4d30082d..d0687aa3 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/sign.c @@ -12,33 +12,30 @@ #include #include -int -PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + randombytes(pk_seed, LEN_PKSEED); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic((cpk_t *)pk, (csk_t *)sk, pk_seed, sk_seed); return 0; } -int -PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(sm + mlen, (const csk_t *)sk, digest); } -int -PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -49,7 +46,7 @@ PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_ rc = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -62,9 +59,9 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(sig, (const csk_t *)sk, digest); } int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_verify( @@ -74,6 +71,6 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sig, (const cpk_t *)pk); } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c index b0da07ab..3cec9977 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha256(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h index f1a7fd34..2e7fde28 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c index c0098576..7937f31d 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h index f24cc0d5..ab9ea9ea 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas.h b/crypto_sign/rainbowIa-cyclic/clean/blas.h index 6139dce8..1e71e14b 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas.h @@ -18,4 +18,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index c720582d..d58a1cba 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i uint8_t r0 = r & 0xf; uint8_t r1 = r >> 4; uint8_t m = (uint8_t)(-((int8_t)i & 1)); - return (uint8_t)((r1 & m) | ((~m)&r0)); + return (uint8_t)((r1 & m) | ((~m) & r0)); } /// @brief set an element for a GF(16) vector . @@ -37,9 +36,9 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i /// @return the value of the element. /// static uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { - uint8_t m = (uint8_t) (0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f - uint8_t ai_remaining = (uint8_t) (a[i >> 1] & (~m)); /// erase - a[i >> 1] = (uint8_t) (ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set + uint8_t m = (uint8_t)(0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f + uint8_t ai_remaining = (uint8_t)(a[i >> 1] & (~m)); /// erase + a[i >> 1] = (uint8_t)(ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set return v; } @@ -65,8 +64,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, con } } -static -unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { +static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned n_w_byte = (w + 1) / 2; unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -92,8 +90,7 @@ unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static -unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { uint8_t mat[64 * 33]; unsigned n_byte = (n + 1) >> 1; for (unsigned i = 0; i < n; i++) { @@ -133,28 +130,21 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf16mat_prod_impl gf16mat_prod_ref -#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref -#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref - - +#define gf16mat_prod_impl gf16mat_prod_ref +#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref +#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf16mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf16mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } - unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { - return gf16mat_gauss_elim_impl( mat, h, w); + return gf16mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf16mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf16mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } - diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h index 002b9f7c..10fed039 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -72,5 +71,4 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c index c5d7a814..e8a3444a 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, ui void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,10 +37,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t } - void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -63,8 +62,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16 void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -88,8 +87,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - const uint32_t *a_u32 = (const uint32_t *) a; - const uint32_t *b_u32 = (const uint32_t *) b; + const uint32_t *a_u32 = (const uint32_t *)a; + const uint32_t *b_u32 = (const uint32_t *)b; uint32_t r = 0; for (unsigned i = 0; i < n_u32; i++) { r ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h index 44b00bcd..d149674a 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h @@ -17,4 +17,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index 0fa8ec8a..2bed34aa 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -61,8 +61,6 @@ uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { } - - static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint32_t b1) { uint32_t c0 = a0 & b0; uint32_t c2 = a1 & b1; @@ -72,7 +70,7 @@ static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a) { unsigned a4 = a & 0xf; - unsigned r = ((unsigned) 0) - a4; + unsigned r = ((unsigned)0) - a4; r >>= 4; return r & 1; } @@ -113,9 +111,9 @@ uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b) static inline uint8_t gf256v_reduce_u32(uint32_t a) { // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); + uint16_t *aa = (uint16_t *)(&a); uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); + uint8_t *rr = (uint8_t *)(&r); return rr[0] ^ rr[1]; } @@ -124,4 +122,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } - diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c index 443feafd..1b4eb254 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, co if (k < i) { continue; } - gf16v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, co } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, if (i < k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, c if (i == k) { continue; } - gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf16v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf16v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,45 +138,45 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(y, i); } - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf16v_madd( tmp, mat, _x[j], size_batch ); + gf16v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf16v_madd( z, tmp, _y[i], size_batch ); + gf16v_madd(z, tmp, _y[i], size_batch); } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(x, i); } - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf16v_madd( tmp, trimat, _x[j], size_batch ); + gf16v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf16v_madd( y, tmp, _x[i], size_batch ); + gf16v_madd(y, tmp, _x[i], size_batch); } } diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h index 21c214f9..f97f6406 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, cons /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char * /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c index a2ed62e8..4e9cdef4 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; @@ -168,8 +167,8 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const u } -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk) { + unsigned char pk[sizeof(pk_t) + 32]; + PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk((pk_t *)pk, _pk); // generating classic public key. + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify(digest, signature, (pk_t *)pk); } diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h index eb839de8..dca27b11 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); /// @@ -38,6 +37,6 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const u /// @param[in] pk - the public key of cyclic rainbow. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *pk); #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h index ecf0703d..b0bd58ae 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd +#define gfv_get_ele PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd -#define gfmat_prod PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod -#define gfmat_inv PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv +#define gfmat_prod PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod +#define gfmat_inv PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16 -#define batch_trimatTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16 -#define batch_2trimat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16 -#define batch_matTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16 -#define batch_bmatTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16 -#define batch_mat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16 +#define batch_trimat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16 +#define batch_trimatTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16 +#define batch_2trimat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16 +#define batch_matTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16 +#define batch_bmatTr_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16 +#define batch_mat_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16 #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h index abdd312c..2222abe1 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h @@ -13,27 +13,23 @@ #define _HASH_LEN 32 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF16 -#define _V1_BYTE (_V1/2) -#define _V2_BYTE (_V2/2) -#define _O1_BYTE (_O1/2) -#define _O2_BYTE (_O2/2) -#define _PUB_N_BYTE (_PUB_N/2) -#define _PUB_M_BYTE (_PUB_M/2) - +#define _V1_BYTE (_V1 / 2) +#define _V2_BYTE (_V2 / 2) +#define _O1_BYTE (_O1 / 2) +#define _O2_BYTE (_O2 / 2) +#define _PUB_N_BYTE (_PUB_N / 2) +#define _PUB_M_BYTE (_PUB_M / 2) /// length of seed for public key, in # bytes @@ -46,6 +42,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c index 148ae4f3..5152a5c7 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -98,54 +88,51 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// - ///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(pk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng; prng_t *prng0 = &prng; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, prng0); // S,T: only a part of sk unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + memcpy(t2, sk->t4, _V1_BYTE * _O2); // temporarily store t2 + calculate_t4(sk->t4, sk->t1, sk->t3); // t2 <- t4 // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t *prng1 = &prng; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, prng1); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - + PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q(sk, Qs, sk); // calcuate the rest parts of secret key from Qs and S,T unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + memcpy(t4, sk->t4, _V1_BYTE * _O2); // temporarily store t4 + memcpy(sk->t4, t2, _V1_BYTE * _O2); // restore t2 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic(pk, sk, sk); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy(sk->t4, t4, _V1_BYTE * _O2); // restore t4 - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // clean - memset( &prng, 0, sizeof(prng_t) ); + memset(&prng, 0, sizeof(prng_t)); } - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk(pk_t *rpk, const cpk_t *cpk) { // procedure: cpk_t --> extcpk_t --> pk_t // convert from cpk_t to extcpk_t @@ -153,18 +140,18 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // setup prng prng_t prng0; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(&prng0, cpk->pk_seed, LEN_SKSEED); // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); + generate_l1_F12(pk.l1_Q1, &prng0); // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + memcpy(pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * (_V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2))); // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); + generate_l2_F12356(pk.l2_Q1, &prng0); // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + memcpy(pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(rpk, &pk); } diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h index b2a30111..3490ea05 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,50 +33,42 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow /// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 +typedef struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 } cpk_t; - - /// @brief compressed secret key for cyclic rainbow /// /// compressed secret key for cyclic rainbow /// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +typedef struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; - /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -92,7 +77,7 @@ struct rainbow_secretkey_cyclic { /// @param[in] pk_seed - seed for generating parts of public key. /// @param[in] sk_seed - seed for generating secret key. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); @@ -104,6 +89,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, /// @param[out] pk - the classic public key. /// @param[in] cpk - the cyclic public key. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk(pk_t *pk, const cpk_t *cpk); #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c index 44af1c99..2cd3c2c2 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,146 +72,142 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { +static void calculate_F_from_Q_ref(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { // Layer 1 // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + memcpy(Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_2trimat_madd(Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); /* - Layer 2 - computations: + Layer 2 + computations: - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + */ + memcpy(Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + memcpy(Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q1_T1+ Q2 unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + memset(tempQ, 0, _O1 * _O1 * _O2_BYTE); + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE); // t1_tr*(Q1_T1+Q2) + memcpy(Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // F5 + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(Fs->l2_F5, tempQ, _O1, _O2_BYTE); // UT( ... ) - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + batch_trimatTr_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F2 = Q1_T1 + Q2 + Q1^tr*t1 // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + memcpy(Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE); + batch_2trimat_madd(Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); // Q1_Q1T_T4 + batch_mat_madd(Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // Q2_T3 // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) // + Q_pk.l2_F2s[i].transpose() * t4 // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - + memcpy(Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE); + batch_matTr_madd(Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd(Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd(Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); } -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 +static void calculate_Q_from_F_cyclic_ref(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + // Layer 1: Computing Q5, Q3, Q6, Q9 -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + // Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) const unsigned char *t2 = Ts->t4; sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); - memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memcpy(tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 + memset(tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset(tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd(tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE); // T1tr*(F1*T1 + F2) + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE); // UT( ... ) // Q5 /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); + + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd(tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - Layer 2 - Computing Q9: + Layer 2 + Computing Q9: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + memcpy(tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); /// F3 actually. + batch_trimat_madd(tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + memset(tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2); + batch_matTr_madd(tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE); // T2tr * ( ..... ) - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + memcpy(tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + batch_trimat_madd(tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 + batch_matTr_madd(tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE); // Q9 } // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { + calculate_F_from_Q_impl(Fs, Qs, Ts); } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_cyclic_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h index d7b9eafe..9416abb4 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); /// @@ -64,7 +57,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t /// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts); /// /// @brief Computing parts of the pk from the secret key @@ -73,7 +66,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, /// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - -#endif // _RAINBOW_KEYPAIR_COMP_H_ +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/sign.c b/crypto_sign/rainbowIa-cyclic/clean/sign.c index a4390e7d..cd5c2809 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic/clean/sign.c @@ -12,33 +12,30 @@ #include #include -int -PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + randombytes(pk_seed, LEN_PKSEED); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic((cpk_t *)pk, (sk_t *)sk, pk_seed, sk_seed); return 0; } -int -PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); } -int -PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -49,7 +46,7 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, c rc = PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -62,9 +59,9 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); } int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( @@ -74,6 +71,6 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic(digest, sig, (const cpk_t *)pk); } diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c index a48f6ad9..dba6a633 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha256(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.h b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.h index 4cf56255..da601579 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.h +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c index 79b40386..849994cb 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.h b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.h index 248a35bd..4465547e 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/utils_prng.h +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowVc-classic/clean/blas.h b/crypto_sign/rainbowVc-classic/clean/blas.h index 6fd9cfea..40c71d56 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas.h +++ b/crypto_sign/rainbowVc-classic/clean/blas.h @@ -17,4 +17,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.c b/crypto_sign/rainbowVc-classic/clean/blas_comm.c index aa708e68..4900b713 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { uint8_t r = 0; - while ( _num_byte-- ) { + while (_num_byte--) { r |= a[0]; a++; } @@ -62,8 +61,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, c } } -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { +static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -72,42 +70,38 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + pivot = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_inv(pivot); + gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); for (unsigned j = 0; j < h; j++) { if (i == j) { continue; } uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); } } return r8; } -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; +static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 64]; for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); for (unsigned i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { for (unsigned i = 0; i < h; i++) { for (unsigned j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; @@ -115,39 +109,34 @@ void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *ma } } - -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { uint8_t *aa = buffer; for (unsigned i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(ai, 2 * H); + gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf256mat_gauss_elim_impl(mat, h, w); } - -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.h b/crypto_sign/rainbowVc-classic/clean/blas_comm.h index cd54acac..0c290952 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -23,8 +22,6 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_by /// uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - /// @brief check if a vector is 0. /// /// @param[in] a - the vector a. @@ -33,7 +30,6 @@ uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned /// unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - /// @brief polynomial multiplication: c = a*b /// /// @param[out] c - the output polynomial c @@ -43,7 +39,6 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigne /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// /// @param[out] c - the output vector c @@ -92,5 +87,4 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, c /// unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/blas_u32.c b/crypto_sign/rainbowVc-classic/clean/blas_u32.c index a20931ba..f82efae7 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowVc-classic/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, u void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,11 +37,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_ } - - void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -62,11 +60,10 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, } } - void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } diff --git a/crypto_sign/rainbowVc-classic/clean/blas_u32.h b/crypto_sign/rainbowVc-classic/clean/blas_u32.h index c72622dc..8f063d89 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowVc-classic/clean/blas_u32.h @@ -16,4 +16,3 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8 #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowVc-classic/clean/gf.c b/crypto_sign/rainbowVc-classic/clean/gf.c index 77683b0a..7aa3dd5d 100644 --- a/crypto_sign/rainbowVc-classic/clean/gf.c +++ b/crypto_sign/rainbowVc-classic/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -60,22 +60,21 @@ uint32_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } - uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; + unsigned r = ((unsigned)0) - a8; r >>= 8; return r & 1; } static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) ((a - 2) >> 1); - return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); + uint8_t msk = (uint8_t)((a - 2) >> 1); + return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); } static inline uint8_t gf16_mul_8(uint8_t a) { uint8_t a0 = a & 3; uint8_t a1 = a >> 2; - return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); + return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); } // gf256 := gf16[X]/X^2+X+xy diff --git a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c index c57cf059..85d1e495 100644 --- a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, if (k < i) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, if (i == k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,46 +138,46 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, con } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(x, i); } - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); + gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf256v_madd( y, tmp, _x[i], size_batch ); + gf256v_madd(y, tmp, _x[i], size_batch); } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(y, i); } - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); + gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf256v_madd( z, tmp, _y[i], size_batch ); + gf256v_madd(z, tmp, _y[i], size_batch); } } diff --git a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h index b627ac4b..e9072bf1 100644 --- a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, cons /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, con /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char * /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char * /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow.c b/crypto_sign/rainbowVc-classic/clean/rainbow.c index 2b0c6e16..14f52346 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow.h b/crypto_sign/rainbowVc-classic/clean/rainbow.h index 7b82b2b6..e455fe47 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow.h +++ b/crypto_sign/rainbowVc-classic/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_blas.h b/crypto_sign/rainbowVc-classic/clean/rainbow_blas.h index c84faa35..a2500d98 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd +#define gfv_get_ele PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd -#define gfmat_prod PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv +#define gfmat_prod PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256 +#define batch_trimat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256 #define batch_quad_trimat_eval PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256 #define batch_quad_recmat_eval PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_config.h b/crypto_sign/rainbowVc-classic/clean/rainbow_config.h index 20f1068f..979aa244 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_config.h @@ -12,27 +12,23 @@ #define _HASH_LEN 64 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF256 #define _V1_BYTE (_V1) #define _V2_BYTE (_V2) #define _O1_BYTE (_O1) #define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) /// length of seed for public key, in # bytes @@ -45,6 +41,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c index e870c437..33549ebc 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -97,43 +87,40 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// -static -void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +static void _generate_secretkey(sk_t *sk, const unsigned char *sk_seed) { + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // set up prng prng_t prng0; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); // generating secret key with prng. - generate_S_T( sk->s1, &prng0 ); - generate_B1_B2( sk->l1_F1, &prng0 ); + generate_S_T(sk->s1, &prng0); + generate_B1_B2(sk->l1_F1, &prng0); // clean prng - memset( &prng0, 0, sizeof(prng_t) ); + memset(&prng0, 0, sizeof(prng_t)); } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { - _generate_secretkey( sk, sk_seed ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair(pk_t *rpk, sk_t *sk, const unsigned char *sk_seed) { + _generate_secretkey(sk, sk_seed); // set up a temporary structure ext_cpk_t for calculating public key. ext_cpk_t pk; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. - calculate_t4( sk->t4, sk->t1, sk->t3 ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F(&pk, sk, sk); // compute the public key in ext_cpk_t format. + calculate_t4(sk->t4, sk->t1, sk->t3); - obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1); + obsfucate_l1_polys(pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // so far, the pk contains the full pk but in ext_cpk_t format. - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(rpk, &pk); // convert the public key from ext_cpk_t to pk_t. } - - diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h index bc575d90..2092aa86 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,22 +33,18 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - - /// /// @brief Generate key pairs for classic rainbow. /// @@ -63,7 +52,7 @@ struct rainbow_secretkey { /// @param[out] sk - the secret key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair(pk_t *pk, sk_t *sk, const unsigned char *sk_seed); diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c index 297ddc52..f9a70478 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,120 +72,118 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { +static void calculate_Q_from_F_ref(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] + Layer 1 + Computing : + Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ + Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 + Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + */ const unsigned char *t2 = Ts->t4; - memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); - memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 + memcpy(Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); // l1_Q5 : _O1_BYTE * _O1 * _O1 // l1_Q9 : _O1_BYTE * _O2 * _O2 // l2_Q5 : _O2_BYTE * _V1 * _O1 // l2_Q9 : _O2_BYTE * _V1 * _O2 - unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; - memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memset(tempQ, 0, _O1_BYTE * _O1 * _O1); // l1_Q5 + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ, _O1, _O1_BYTE); // UT( ... ) // Q5 - batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 + batch_trimatTr_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // Q2 /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ, 0, _O1_BYTE * _O2 * _O2); // l1_Q9 + batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); + layer 2 + Computing: + Q1 = F1 + Q2 = F1_F1T*T1 + F2 + Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) + */ + memcpy(Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); - memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 + memcpy(Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F1*T1 + F2 - memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 + memcpy(Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); + memset(tempQ, 0, _O2_BYTE * _O1 * _O1); // l2_Q5 + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE); // t1_tr*(F1*T1 + F2) + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q5, tempQ, _O1, _O2_BYTE); // UT( ... ) // Q5 - batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 + batch_trimatTr_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q2 /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); - batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 - - memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) - - memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - - batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 - batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 + Computing: + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + + Q3 = F1_F1T*T2 + F2*T3 + F3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 + */ + memcpy(Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); + batch_trimat_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 + + memset(tempQ, 0, _O2_BYTE * _O2 * _O2); // l2_Q9 + batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE); // T2tr * ( ..... ) + + memcpy(Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + + batch_trimat_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + batch_matTr_madd(tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ, _O2, _O2_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1_F1T_T2 + F2_T3 + F3 // Q3 + + batch_bmatTr_madd(Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + F2tr*T2 + batch_trimatTr_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F2tr*T2 + F5_F5T*T3 + F6 + batch_matTr_madd(Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE); // Q6 } -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_impl( Qs, Fs, Ts ); +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h index decf2f1c..c9ea1499 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); -#endif // _RAINBOW_KEYPAIR_COMP_H_ +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/sign.c b/crypto_sign/rainbowVc-classic/clean/sign.c index bf2b089b..3422f1b9 100644 --- a/crypto_sign/rainbowVc-classic/clean/sign.c +++ b/crypto_sign/rainbowVc-classic/clean/sign.c @@ -12,31 +12,28 @@ #include #include -int -PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_generate_keypair((pk_t *)pk, (sk_t *)sk, sk_seed); return 0; } -int -PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); } -int -PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -47,7 +44,7 @@ PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, rc = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -60,9 +57,9 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); } int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_verify( @@ -72,6 +69,6 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify(digest, sig, (const pk_t *)pk); } diff --git a/crypto_sign/rainbowVc-classic/clean/utils_hash.c b/crypto_sign/rainbowVc-classic/clean/utils_hash.c index 2f80fff9..b7bb5f3b 100644 --- a/crypto_sign/rainbowVc-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowVc-classic/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha512(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowVc-classic/clean/utils_hash.h b/crypto_sign/rainbowVc-classic/clean/utils_hash.h index f7ccd524..bab03631 100644 --- a/crypto_sign/rainbowVc-classic/clean/utils_hash.h +++ b/crypto_sign/rainbowVc-classic/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowVc-classic/clean/utils_prng.c b/crypto_sign/rainbowVc-classic/clean/utils_prng.c index 4a136b27..dd081dfb 100644 --- a/crypto_sign/rainbowVc-classic/clean/utils_prng.c +++ b/crypto_sign/rainbowVc-classic/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowVc-classic/clean/utils_prng.h b/crypto_sign/rainbowVc-classic/clean/utils_prng.h index b75b395a..ea9457b4 100644 --- a/crypto_sign/rainbowVc-classic/clean/utils_prng.h +++ b/crypto_sign/rainbowVc-classic/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h index 0bad5653..5dd02866 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas.h @@ -17,4 +17,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c index e1725ac1..6587be95 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { uint8_t r = 0; - while ( _num_byte-- ) { + while (_num_byte--) { r |= a[0]; a++; } @@ -62,8 +61,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint } } -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { +static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -72,42 +70,38 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + pivot = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_inv(pivot); + gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); for (unsigned j = 0; j < h; j++) { if (i == j) { continue; } uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); } } return r8; } -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; +static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 64]; for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); for (unsigned i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { for (unsigned i = 0; i < h; i++) { for (unsigned j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; @@ -115,39 +109,34 @@ void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *ma } } - -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { uint8_t *aa = buffer; for (unsigned i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(ai, 2 * H); + gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf256mat_gauss_elim_impl(mat, h, w); } - -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h index a0c1a5ff..1ba8a5db 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -23,8 +22,6 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigne /// uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - /// @brief check if a vector is 0. /// /// @param[in] a - the vector a. @@ -33,7 +30,6 @@ uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, /// unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - /// @brief polynomial multiplication: c = a*b /// /// @param[out] c - the output polynomial c @@ -43,7 +39,6 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// /// @param[out] c - the output vector c @@ -92,5 +87,4 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_ /// unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c index 4e423280..959badb1 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t * void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,11 +37,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, con } - - void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -62,11 +60,10 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, u } } - void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h index 5e0ce1ae..99c69d7b 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h @@ -16,4 +16,3 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, co #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c index a650eacf..2863a138 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -60,22 +60,21 @@ uint32_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8 return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } - uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; + unsigned r = ((unsigned)0) - a8; r >>= 8; return r & 1; } static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) ((a - 2) >> 1); - return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); + uint8_t msk = (uint8_t)((a - 2) >> 1); + return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); } static inline uint8_t gf16_mul_8(uint8_t a) { uint8_t a0 = a & 3; uint8_t a1 = a >> 2; - return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); + return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); } // gf256 := gf16[X]/X^2+X+xy diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c index 0e93b149..dfad8351 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned c if (k < i) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned c } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned if (i == k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,46 +138,46 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); + gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf256v_madd( y, tmp, _x[i], size_batch ); + gf256v_madd(y, tmp, _x[i], size_batch); } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(y, i); } - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); + gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf256v_madd( z, tmp, _y[i], size_batch ); + gf256v_madd(z, tmp, _y[i], size_batch); } } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h index 5436d930..32edd826 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat( unsigned i_row, /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( unsigned char *btr /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16( unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256( unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16( unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256( unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16( unsigned cha /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256( unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16( unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256( unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16( unsigned char /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256( unsigned char /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16( unsign /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256( unsig /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16( unsign /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c index 2e390340..4cdf6e6c 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, co // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, co uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; @@ -168,14 +167,14 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *diges } /////////////// cyclic version /////////////////////////// -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(uint8_t *signature, const csk_t *csk, const uint8_t *digest) { unsigned char sk[sizeof(sk_t) + 32]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed); // generating classic secret key. + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign(signature, (sk_t *)sk, digest); } -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk) { + unsigned char pk[sizeof(pk_t) + 32]; + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk((pk_t *)pk, _pk); // generating classic public key. + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify(digest, signature, (pk_t *)pk); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h index 8a491d2c..116735d6 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign( uint8_t *signature, co /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); /// /// @brief Signing function for compressed secret key of the cyclic rainbow. @@ -36,7 +35,7 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify( const uint8_t *diges /// @param[in] sk - the compressed secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(uint8_t *signature, const csk_t *sk, const uint8_t *digest); /// /// @brief Verifying function for cyclic public keys. @@ -46,6 +45,6 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( uint8_t *signat /// @param[in] pk - the public key of cyclic rainbow. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *pk); #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h index a89e9f76..1b4db7e6 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd +#define gfv_get_ele PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd -#define gfmat_prod PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv +#define gfmat_prod PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256 +#define batch_trimat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256 #define batch_quad_trimat_eval PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256 #define batch_quad_recmat_eval PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h index 20f1068f..979aa244 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_config.h @@ -12,27 +12,23 @@ #define _HASH_LEN 64 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF256 #define _V1_BYTE (_V1) #define _V2_BYTE (_V2) #define _O1_BYTE (_O1) #define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) /// length of seed for public key, in # bytes @@ -45,6 +41,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c index 4c05b519..ed660ebf 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -98,85 +88,82 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// - ///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(pk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng; prng_t *prng0 = &prng; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, prng0); // S,T: only a part of sk unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + memcpy(t2, sk->t4, _V1_BYTE * _O2); // temporarily store t2 + calculate_t4(sk->t4, sk->t1, sk->t3); // t2 <- t4 // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t *prng1 = &prng; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, prng1); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk, Qs, sk); // calcuate the rest parts of secret key from Qs and S,T unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + memcpy(t4, sk->t4, _V1_BYTE * _O2); // temporarily store t4 + memcpy(sk->t4, t2, _V1_BYTE * _O2); // restore t2 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(pk, sk, sk); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy(sk->t4, t4, _V1_BYTE * _O2); // restore t4 - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // clean - memset( &prng, 0, sizeof(prng_t) ); + memset(&prng, 0, sizeof(prng_t)); } - -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic(cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(rsk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(rsk->sk_seed, sk_seed, LEN_SKSEED); sk_t sk; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(pk, &sk, pk_seed, sk_seed); } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic(sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng0; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, &prng0); + calculate_t4(sk->t4, sk->t1, sk->t3); // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t prng1; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(&prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, &prng1); - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk, Qs, sk); // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); + memset(&prng0, 0, sizeof(prng_t)); } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk(pk_t *rpk, const cpk_t *cpk) { // procedure: cpk_t --> extcpk_t --> pk_t // convert from cpk_t to extcpk_t @@ -184,18 +171,18 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t * // setup prng prng_t prng0; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(&prng0, cpk->pk_seed, LEN_SKSEED); // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); + generate_l1_F12(pk.l1_Q1, &prng0); // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + memcpy(pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * (_V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2))); // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); + generate_l2_F12356(pk.l2_Q1, &prng0); // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + memcpy(pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( rpk, &pk ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(rpk, &pk); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h index 20fab7f9..f0ccb746 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,50 +33,42 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow /// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 +typedef struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 } cpk_t; - - /// @brief compressed secret key for cyclic rainbow /// /// compressed secret key for cyclic rainbow /// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +typedef struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; - /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -92,7 +77,7 @@ struct rainbow_secretkey_cyclic { /// @param[in] pk_seed - seed for generating parts of public key. /// @param[in] sk_seed - seed for generating secret key. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); /// /// @brief Generate compressed key pairs for cyclic rainbow. @@ -102,7 +87,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_keypair_cyclic( cpk_t *pk, /// @param[in] pk_seed - seed for generating parts of the public key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic(cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); /// /// @brief Generate secret key for cyclic rainbow. @@ -111,7 +96,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( cp /// @param[in] pk_seed - seed for generating parts of the pbulic key. /// @param[in] sk_seed - seed for generating the secret key. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic(sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); //////////////////////////////////// @@ -121,6 +106,6 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_secretkey_cyclic( sk_t *sk /// @param[out] pk - the classic public key. /// @param[in] cpk - the cyclic public key. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_cpk_to_pk(pk_t *pk, const cpk_t *cpk); #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c index e9d1f73c..665d46ee 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,146 +72,142 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { +static void calculate_F_from_Q_ref(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { // Layer 1 // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + memcpy(Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_2trimat_madd(Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); /* - Layer 2 - computations: + Layer 2 + computations: - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + */ + memcpy(Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + memcpy(Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q1_T1+ Q2 unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + memset(tempQ, 0, _O1 * _O1 * _O2_BYTE); + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE); // t1_tr*(Q1_T1+Q2) + memcpy(Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // F5 + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Fs->l2_F5, tempQ, _O1, _O2_BYTE); // UT( ... ) - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + batch_trimatTr_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F2 = Q1_T1 + Q2 + Q1^tr*t1 // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + memcpy(Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE); + batch_2trimat_madd(Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); // Q1_Q1T_T4 + batch_mat_madd(Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // Q2_T3 // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) // + Q_pk.l2_F2s[i].transpose() * t4 // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - + memcpy(Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE); + batch_matTr_madd(Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd(Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd(Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); } -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 +static void calculate_Q_from_F_cyclic_ref(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + // Layer 1: Computing Q5, Q3, Q6, Q9 -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + // Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) const unsigned char *t2 = Ts->t4; sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); - memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memcpy(tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 + memset(tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset(tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd(tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE); // T1tr*(F1*T1 + F2) + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE); // UT( ... ) // Q5 /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); + + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd(tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - Layer 2 - Computing Q9: + Layer 2 + Computing Q9: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + memcpy(tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); /// F3 actually. + batch_trimat_madd(tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + memset(tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2); + batch_matTr_madd(tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE); // T2tr * ( ..... ) - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + memcpy(tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + batch_trimat_madd(tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 + batch_matTr_madd(tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE); // Q9 } // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { + calculate_F_from_Q_impl(Fs, Qs, Ts); } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_cyclic_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h index b4ddf049..ea3a279d 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk( pk_t *pk, const ext_c /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); /// @@ -64,7 +57,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, /// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts); /// /// @brief Computing parts of the pk from the secret key @@ -73,7 +66,6 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_F_from_Q( sk_t *Fs, const /// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - -#endif // _RAINBOW_KEYPAIR_COMP_H_ +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c index c9b5f650..99f483cb 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/sign.c @@ -12,33 +12,30 @@ #include #include -int -PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + randombytes(pk_seed, LEN_PKSEED); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_generate_compact_keypair_cyclic((cpk_t *)pk, (csk_t *)sk, pk_seed, sk_seed); return 0; } -int -PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(sm + mlen, (const csk_t *)sk, digest); } -int -PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -49,7 +46,7 @@ PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_open(unsigned char *m, size_ rc = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -62,9 +59,9 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign_cyclic(sig, (const csk_t *)sk, digest); } int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( @@ -74,6 +71,6 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify_cyclic(digest, sig, (const cpk_t *)pk); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c index e626ea18..f3bffff1 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha512(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h index 98bee65d..651fd686 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c index d417d9d8..53f4111c 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h index ddb2f19a..a4e331ee 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas.h b/crypto_sign/rainbowVc-cyclic/clean/blas.h index 3124e404..0469ec1f 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas.h +++ b/crypto_sign/rainbowVc-cyclic/clean/blas.h @@ -17,4 +17,3 @@ #endif // _BLAS_H_ - diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c index 2040f096..5d544b0d 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c @@ -2,15 +2,14 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas.h" #include "blas_comm.h" +#include "blas.h" #include "gf.h" #include "rainbow_config.h" #include #include - void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } @@ -26,7 +25,7 @@ uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { uint8_t r = 0; - while ( _num_byte-- ) { + while (_num_byte--) { r |= a[0]; a++; } @@ -62,8 +61,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, co } } -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { +static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned r8 = 1; for (unsigned i = 0; i < h; i++) { @@ -72,42 +70,38 @@ unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { for (unsigned j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); + gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } r8 &= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]); uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); + pivot = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_inv(pivot); + gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); for (unsigned j = 0; j < h; j++) { if (i == j) { continue; } uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); + gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); } } return r8; } -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; +static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + uint8_t mat[64 * 64]; for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); + memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); + unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); for (unsigned i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { for (unsigned i = 0; i < h; i++) { for (unsigned j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; @@ -115,39 +109,34 @@ void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *ma } } - -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { uint8_t *aa = buffer; for (unsigned i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(ai, 2 * H); + gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); + unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } - - - // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); + gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { + return gf256mat_gauss_elim_impl(mat, h, w); } - -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { + return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h index 4718f2f4..cecc310c 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h @@ -7,7 +7,6 @@ #include "rainbow_config.h" #include - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -23,8 +22,6 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byt /// uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - /// @brief check if a vector is 0. /// /// @param[in] a - the vector a. @@ -33,7 +30,6 @@ uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned /// unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - /// @brief polynomial multiplication: c = a*b /// /// @param[out] c - the output polynomial c @@ -43,7 +39,6 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// /// @param[out] c - the output vector c @@ -92,5 +87,4 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, co /// unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif // _BLAS_COMM_H_ - +#endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c index a62a973c..bbe63b2a 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c @@ -2,12 +2,12 @@ #include "gf.h" void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { - uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); + uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } @@ -22,8 +22,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, ui void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *b_u32 = (uint32_t *)accu_b; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } @@ -37,11 +37,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t } - - void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; + uint32_t *a_u32 = (uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -62,11 +60,10 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, } } - void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; + uint32_t *c_u32 = (uint32_t *)accu_c; + const uint32_t *a_u32 = (const uint32_t *)a; for (unsigned i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h index 6140037f..ea0679c0 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h @@ -16,4 +16,3 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_ #endif // _BLAS_U32_H_ - diff --git a/crypto_sign/rainbowVc-cyclic/clean/gf.c b/crypto_sign/rainbowVc-cyclic/clean/gf.c index 2ad46a98..1fb5237c 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/gf.c +++ b/crypto_sign/rainbowVc-cyclic/clean/gf.c @@ -2,13 +2,13 @@ //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t) (a << 1); - r ^= (uint8_t) ((a >> 1) * 7); + uint8_t r = (uint8_t)(a << 1); + r ^= (uint8_t)((a >> 1) * 7); return r; } static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t) (a * (b & 1)); + uint8_t r = (uint8_t)(a * (b & 1)); return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); } @@ -23,8 +23,8 @@ static inline uint32_t gf4v_mul_2_u32(uint32_t a) { } static inline uint32_t gf4v_mul_u32(uint32_t a, uint8_t b) { - uint32_t bit0_b = ((uint32_t) 0) - ((uint32_t)(b & 1)); - uint32_t bit1_b = ((uint32_t) 0) - ((uint32_t)((b >> 1) & 1)); + uint32_t bit0_b = ((uint32_t)0) - ((uint32_t)(b & 1)); + uint32_t bit1_b = ((uint32_t)0) - ((uint32_t)((b >> 1) & 1)); return (a & bit0_b) ^ (bit1_b & gf4v_mul_2_u32(a)); } @@ -38,7 +38,7 @@ static inline uint8_t gf16_mul(uint8_t a, uint8_t b) { uint8_t a1b1 = gf4_mul(a1, b1); uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t) ((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); + return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); } static inline uint8_t gf16_squ(uint8_t a) { @@ -60,22 +60,21 @@ uint32_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf4v_mul_2_u32(a1b1_2); } - uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; + unsigned r = ((unsigned)0) - a8; r >>= 8; return r & 1; } static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t) ((a - 2) >> 1); - return (uint8_t) ((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); + uint8_t msk = (uint8_t)((a - 2) >> 1); + return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); } static inline uint8_t gf16_mul_8(uint8_t a) { uint8_t a0 = a & 3; uint8_t a1 = a >> 2; - return (uint8_t) ((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); + return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); } // gf256 := gf16[X]/X^2+X+xy diff --git a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c index fbd8c7d4..2d64cbd6 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c @@ -4,9 +4,9 @@ /// the standard implementations for functions in parallel_matrix_op.h /// +#include "parallel_matrix_op.h" #include "blas.h" #include "blas_comm.h" -#include "parallel_matrix_op.h" /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. @@ -16,8 +16,8 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ) { - return (dim + dim - i_row + 1 ) * i_row / 2 + j_col - i_row; +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { + return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } /// @@ -28,31 +28,28 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline -unsigned idx_of_2trimat( unsigned i_row, unsigned j_col, unsigned n_var ) { - if ( i_row > j_col ) { +static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { + if (i_row > j_col) { return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } - - -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { unsigned char *runningC = btriC; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < i; j++) { unsigned idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); - gf256v_add( btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch ); + gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } - gf256v_add( runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i) ); + gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); runningC += size_batch * (Aheight - i); } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; unsigned Aheight = Awidth; for (unsigned i = 0; i < Aheight; i++) { @@ -61,7 +58,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, c if (k < i) { continue; } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -69,8 +66,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, c } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -78,15 +75,15 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, if (i < k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Aheight = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { @@ -94,46 +91,46 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, if (i == k) { continue; } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; + unsigned Atr_width = Aheight; for (unsigned i = 0; i < Atr_height; i++) { for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { const unsigned char *bA = bA_to_tr; unsigned Aheight = Awidth_before_tr; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { unsigned Awidth = Bheight; for (unsigned i = 0; i < Aheight; i++) { for (unsigned j = 0; j < Bwidth; j++) { for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; } @@ -141,46 +138,46 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, cons } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { unsigned char tmp[256]; unsigned char _x[256]; for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(x, i); } - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(y, size_batch); for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); + gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } - gf256v_madd( y, tmp, _x[i], size_batch ); + gf256v_madd(y, tmp, _x[i], size_batch); } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, + const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( x, i ); + _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele( y, i ); + _y[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(y, i); } - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(z, size_batch); for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); + gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } - gf256v_madd( z, tmp, _y[i], size_batch ); + gf256v_madd(z, tmp, _y[i], size_batch); } } diff --git a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h index dedd7df0..b6c3528a 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h @@ -7,7 +7,6 @@ //////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -16,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j_col, unsigned dim ); +unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -26,15 +25,10 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat( unsigned i_row, unsigned j /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch ); - - - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// - - /// /// @brief bC += btriA * B , in GF(16) /// @@ -46,8 +40,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -60,9 +54,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -75,8 +68,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -89,10 +82,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -105,8 +96,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -119,10 +110,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -136,9 +125,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -152,10 +141,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ); - + const unsigned char *bB, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -169,8 +157,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -184,8 +172,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -199,8 +187,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -214,14 +202,11 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ); - - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - /// /// @brief y = x^Tr * trimat * x , in GF(16) /// @@ -231,7 +216,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, cons /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -242,8 +227,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ); - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -256,8 +240,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char * /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -270,13 +254,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ); - - - - - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, + const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); #endif // _P_MATRIX_OP_H_ - diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow.c index 5020fe08..97409632 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow.c @@ -2,8 +2,8 @@ /// @brief The standard implementations for functions in rainbow.h /// -#include "blas.h" #include "rainbow.h" +#include "blas.h" #include "rainbow_blas.h" #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -13,12 +13,11 @@ #include #include +#define MAX_ATTEMPT_FRMAT 128 +#define _MAX_O ((_O1 > _O2) ? _O1 : _O2) +#define _MAX_O_BYTE ((_O1_BYTE > _O2_BYTE) ? _O1_BYTE : _O2_BYTE) -#define MAX_ATTEMPT_FRMAT 128 -#define _MAX_O ((_O1>_O2)?_O1:_O2) -#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - -int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; @@ -26,41 +25,41 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * // setup PRNG prng_t prng_sign; uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy( prng_preseed, sk->sk_seed, LEN_SKSEED ); - memcpy( prng_preseed + LEN_SKSEED, _digest, _HASH_LEN ); // prng_preseed = sk_seed || digest + memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); + memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED ); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( &prng_sign, prng_seed, _HASH_LEN ); // seed = H( sk_seed || digest ) + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean + prng_preseed[i] ^= prng_preseed[i]; // clean } for (unsigned i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean + prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; unsigned n_attempt = 0; unsigned l1_succ = 0; - while ( !l1_succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!l1_succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( &prng_sign, vinegar, _V1_BYTE ); // generating vinegars - gfmat_prod( mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar ); // generating the linear equations for layer 1 - l1_succ = gfmat_inv( mat_l1, mat_l1, _O1, mat_buffer ); // check if the linear equation solvable - n_attempt ++; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars + gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 + l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable + n_attempt++; } // Given the vinegars, pre-compute variables needed for layer 2 uint8_t r_l1_F1[_O1_BYTE] = {0}; uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval( r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE ); - batch_quad_trimat_eval( r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE ); - uint8_t mat_l2_F3[ _O2 * _O2_BYTE]; + batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); + batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); + uint8_t mat_l2_F3[_O2 * _O2_BYTE]; uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod( mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar ); - gfmat_prod( mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar ); + gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); + gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); // Some local variables. uint8_t _z[_PUB_M_BYTE]; @@ -70,94 +69,94 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * uint8_t x_o2[_O1_BYTE]; uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, _digest, _HASH_LEN ); + memcpy(digest_salt, _digest, _HASH_LEN); uint8_t *salt = digest_salt + _HASH_LEN; - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; + uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; unsigned succ = 0; - while ( !succ ) { - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + while (!succ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; } // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( &prng_sign, salt, _SALT_BYTE ); // roll the salt - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( _z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H(digest||salt) + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S + memcpy(y, _z, _PUB_M_BYTE); // identity part of S gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); gf256v_add(y, temp_o, _O1_BYTE); // Central Map: // layer 1: calculate x_o1 - memcpy( temp_o, r_l1_F1, _O1_BYTE ); - gf256v_add( temp_o, y, _O1_BYTE ); - gfmat_prod( x_o1, mat_l1, _O1_BYTE, _O1, temp_o ); + memcpy(temp_o, r_l1_F1, _O1_BYTE); + gf256v_add(temp_o, y, _O1_BYTE); + gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); // layer 2: calculate x_o2 - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero( temp_o, _O2_BYTE ); - gfmat_prod( temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1 ); // F2 - batch_quad_trimat_eval( mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE ); // F5 - gf256v_add( temp_o, mat_l2, _O2_BYTE ); - gf256v_add( temp_o, r_l2_F1, _O2_BYTE ); // F1 - gf256v_add( temp_o, y + _O1_BYTE, _O2_BYTE ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); + gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 + batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 + gf256v_add(temp_o, mat_l2, _O2_BYTE); + gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 + gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); // generate the linear equations of the 2nd layer - gfmat_prod( mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1 ); // F6 - gf256v_add( mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv( mat_l2, mat_l2, _O2, mat_buffer ); - gfmat_prod( x_o2, mat_l2, _O2_BYTE, _O2, temp_o ); // solve l2 eqs + gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 + gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 + succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); + gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - n_attempt ++; + n_attempt++; }; // w = T^-1 * y uint8_t w[_PUB_N_BYTE]; // identity part of T. - memcpy( w, x_v1, _V1_BYTE ); - memcpy( w + _V1_BYTE, x_o1, _O1_BYTE ); - memcpy( w + _V2_BYTE, x_o2, _O2_BYTE ); + memcpy(w, x_v1, _V1_BYTE); + memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); + memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); + gf256v_add(w, y, _V1_BYTE); // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2 ); - gf256v_add(w, y, _V1_BYTE ); + gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); + gf256v_add(w, y, _V1_BYTE); // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2 ); - gf256v_add(w + _V1_BYTE, y, _O1_BYTE ); + gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); + gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - memset( signature, 0, _SIGNATURE_BYTE ); // set the output 0 + memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 // clean - memset( &prng_sign, 0, sizeof(prng_t) ); - memset( vinegar, 0, _V1_BYTE ); - memset( r_l1_F1, 0, _O1_BYTE ); - memset( r_l2_F1, 0, _O2_BYTE ); - memset( _z, 0, _PUB_M_BYTE ); - memset( y, 0, _PUB_M_BYTE ); - memset( x_o1, 0, _O1_BYTE ); - memset( x_o2, 0, _O2_BYTE ); - memset( temp_o, 0, sizeof(temp_o) ); + memset(&prng_sign, 0, sizeof(prng_t)); + memset(vinegar, 0, _V1_BYTE); + memset(r_l1_F1, 0, _O1_BYTE); + memset(r_l2_F1, 0, _O2_BYTE); + memset(_z, 0, _PUB_M_BYTE); + memset(y, 0, _PUB_M_BYTE); + memset(x_o1, 0, _O1_BYTE); + memset(x_o2, 0, _O2_BYTE); + memset(temp_o, 0, sizeof(temp_o)); // return: copy w and salt to the signature. - if ( MAX_ATTEMPT_FRMAT <= n_attempt ) { + if (MAX_ATTEMPT_FRMAT <= n_attempt) { return -1; } - gf256v_add( signature, w, _PUB_N_BYTE ); - gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); + gf256v_add(signature, w, _PUB_N_BYTE); + gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); return 0; } -int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval( digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE ); + batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); unsigned char correct[_PUB_M_BYTE]; unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy( digest_salt, digest, _HASH_LEN ); - memcpy( digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE ); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE ); // H( digest || salt ) + memcpy(digest_salt, digest, _HASH_LEN); + memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) // check consistancy. unsigned char cc = 0; @@ -168,8 +167,8 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const u } -int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk) { + unsigned char pk[sizeof(pk_t) + 32]; + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk((pk_t *)pk, _pk); // generating classic public key. + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify(digest, signature, (pk_t *)pk); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow.h index 23346f45..25925507 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow.h +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow.h @@ -4,7 +4,6 @@ /// @brief APIs for rainbow. /// - #include "rainbow_config.h" #include "rainbow_keypair.h" @@ -17,7 +16,7 @@ /// @param[in] sk - the secret key. /// @param[in] digest - the digest. /// -int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); /// /// @brief Verifying function. @@ -27,7 +26,7 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * /// @param[in] pk - the public key. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); /// @@ -38,6 +37,6 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const u /// @param[in] pk - the public key of cyclic rainbow. /// @return 0 for successful verified. -1 for failed verification. /// -int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic(const uint8_t *digest, const uint8_t *signature, const cpk_t *pk); #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h index 02c7bd8a..a3c8c885 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_blas.h @@ -5,30 +5,27 @@ /// /// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - #include "blas.h" #include "parallel_matrix_op.h" #include "rainbow_config.h" -#define gfv_get_ele PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd +#define gfv_get_ele PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele +#define gfv_mul_scalar PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar +#define gfv_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd -#define gfmat_prod PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv +#define gfmat_prod PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod +#define gfmat_inv PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv -#define batch_trimat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256 +#define batch_trimat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256 +#define batch_trimatTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256 +#define batch_2trimat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256 +#define batch_matTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256 +#define batch_bmatTr_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256 +#define batch_mat_madd PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256 #define batch_quad_trimat_eval PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256 #define batch_quad_recmat_eval PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256 - -#endif // _RAINBOW_BLAS_H_ - +#endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h index 20f1068f..979aa244 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_config.h @@ -12,27 +12,23 @@ #define _HASH_LEN 64 - -#define _V2 ((_V1)+(_O1)) +#define _V2 ((_V1) + (_O1)) /// size of N, in # of gf elements. -#define _PUB_N (_V1+_O1+_O2) +#define _PUB_N (_V1 + _O1 + _O2) /// size of M, in # gf elements. -#define _PUB_M (_O1+_O2) - +#define _PUB_M (_O1 + _O2) /// size of variables, in # bytes. - // GF256 #define _V1_BYTE (_V1) #define _V2_BYTE (_V2) #define _O1_BYTE (_O1) #define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) /// length of seed for public key, in # bytes @@ -45,6 +41,6 @@ #define _SALT_BYTE 16 /// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE ) +#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) #endif // _H_RAINBOW_CONFIG_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c index ab63dfb8..9a5e137c 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c @@ -2,94 +2,84 @@ /// @brief implementations of functions in rainbow_keypair.h /// +#include "rainbow_keypair.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" -#include "rainbow_keypair.h" #include "rainbow_keypair_computation.h" #include "utils_prng.h" #include #include #include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // S1 +static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // S1 s_and_t += _O1_BYTE * _O2; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O1 ); // T1 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O1); // T1 s_and_t += _V1_BYTE * _O1; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _V1_BYTE * _O2 ); // T2 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _V1_BYTE * _O2); // T2 s_and_t += _V1_BYTE * _O2; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, s_and_t, _O1_BYTE * _O2 ); // T3 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); // l1_F1 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O1_BYTE * _V1 * _O1 ); // l1_F2 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * _V1 * _O1); // l1_F2 n_byte_generated += _O1_BYTE * _V1 * _O1; return n_byte_generated; } - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { +static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { unsigned n_byte_generated = 0; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // l2_F1 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_V1); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O1 ); // l2_F2 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O1); // l2_F2 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _V1 * _O2 ); // l2_F3 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _V1 * _O2); // l2_F3 sk += _O2_BYTE * _V1 * _O1; n_byte_generated += _O2_BYTE * _V1 * _O1; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // l2_F5 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // l2_F5 sk += _O2_BYTE * N_TRIANGLE_TERMS(_O1); n_byte_generated += _O2_BYTE * N_TRIANGLE_TERMS(_O1); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen( prng0, sk, _O2_BYTE * _O1 * _O2 ); // l2_F6 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * _O1 * _O2); // l2_F6 n_byte_generated += _O2_BYTE * _O1 * _O2; return n_byte_generated; } - -static -void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { - sk += generate_l1_F12( sk, prng0 ); - generate_l2_F12356( sk, prng0 ); +static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { + sk += generate_l1_F12(sk, prng0); + generate_l2_F12356(sk, prng0); } -static -void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { +static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; for (unsigned i = 0; i < _O2; i++) { /// t3 width - gfmat_prod( temp, t1, _V1_BYTE, _O1, t3 ); - gf256v_add( t4, temp, _V1_BYTE ); + gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); + gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; t3 += _O1_BYTE; } } -static -void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; - while ( n_terms-- ) { - gfmat_prod( temp, s1, _O1_BYTE, _O2, l2_polys ); - gf256v_add( l1_polys, temp, _O1_BYTE ); + while (n_terms--) { + gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); + gf256v_add(l1_polys, temp, _O1_BYTE); l1_polys += _O1_BYTE; l2_polys += _O2_BYTE; } @@ -98,54 +88,51 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// - ///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed) { + memcpy(pk->pk_seed, pk_seed, LEN_PKSEED); + memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); // prng for sk prng_t prng; prng_t *prng0 = &prng; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(prng0, sk_seed, LEN_SKSEED); + generate_S_T(sk->s1, prng0); // S,T: only a part of sk unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 + memcpy(t2, sk->t4, _V1_BYTE * _O2); // temporarily store t2 + calculate_t4(sk->t4, sk->t1, sk->t3); // t2 <- t4 // prng for pk sk_t inst_Qs; sk_t *Qs = &inst_Qs; prng_t *prng1 = &prng; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(prng1, pk_seed, LEN_PKSEED); + generate_B1_B2(Qs->l1_F1, prng1); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 + obsfucate_l1_polys(Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1); + obsfucate_l1_polys(Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1); // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q(sk, Qs, sk); // calcuate the rest parts of secret key from Qs and S,T unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 + memcpy(t4, sk->t4, _V1_BYTE * _O2); // temporarily store t4 + memcpy(sk->t4, t2, _V1_BYTE * _O2); // restore t2 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic(pk, sk, sk); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 + memcpy(sk->t4, t4, _V1_BYTE * _O2); // restore t4 - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); + obsfucate_l1_polys(pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1); + obsfucate_l1_polys(pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1); + obsfucate_l1_polys(pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); // clean - memset( &prng, 0, sizeof(prng_t) ); + memset(&prng, 0, sizeof(prng_t)); } - -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk(pk_t *rpk, const cpk_t *cpk) { // procedure: cpk_t --> extcpk_t --> pk_t // convert from cpk_t to extcpk_t @@ -153,18 +140,18 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // setup prng prng_t prng0; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(&prng0, cpk->pk_seed, LEN_SKSEED); // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); + generate_l1_F12(pk.l1_Q1, &prng0); // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + memcpy(pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * (_V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2))); // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); + generate_l2_F12356(pk.l2_Q1, &prng0); // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + memcpy(pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(rpk, &pk); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h index 304c8bfe..67ac998e 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.h @@ -5,30 +5,23 @@ /// Formats of key pairs and functions for generating key pairs. /// - - #include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var)*((n_var)+1)/2) - +#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) /// @brief public key for classic rainbow /// /// public key for classic rainbow /// -typedef -struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE) * N_TRIANGLE_TERMS(_PUB_N)]; +typedef struct rainbow_publickey { + unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; } pk_t; - /// @brief secret key for classic rainbow /// /// secret key for classic rainbow /// -typedef -struct rainbow_secretkey { +typedef struct rainbow_secretkey { /// /// seed for generating secret key. /// Generating S, T, and F for classic rainbow. @@ -40,50 +33,42 @@ struct rainbow_secretkey { unsigned char t4[_V1_BYTE * _O2]; ///< part of T map unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 + unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 + unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 + unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 + unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 + unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 + unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 + unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 } sk_t; - - - /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow /// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 +typedef struct rainbow_publickey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 + unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 + unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 + unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 + unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 + unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 } cpk_t; - - /// @brief compressed secret key for cyclic rainbow /// /// compressed secret key for cyclic rainbow /// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. +typedef struct rainbow_secretkey_cyclic { + unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. + unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; - /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -92,7 +77,7 @@ struct rainbow_secretkey_cyclic { /// @param[in] pk_seed - seed for generating parts of public key. /// @param[in] sk_seed - seed for generating secret key. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic(cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed); @@ -104,6 +89,6 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, /// @param[out] pk - the classic public key. /// @param[in] cpk - the cyclic public key. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_cpk_to_pk(pk_t *pk, const cpk_t *cpk); #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c index b2136209..8a662fcc 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c @@ -2,23 +2,23 @@ /// @brief Implementations for functions in rainbow_keypair_computation.h /// +#include "rainbow_keypair_computation.h" #include "blas.h" #include "blas_comm.h" #include "rainbow_blas.h" #include "rainbow_keypair.h" -#include "rainbow_keypair_computation.h" #include #include #include -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; for (unsigned i = 0; i < _V1; i++) { for (unsigned j = i; j < _V1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -28,8 +28,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -39,8 +39,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = 0; i < _V1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -50,8 +50,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = i; j < _V1 + _O1; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -61,8 +61,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1; i < _V1 + _O1; i++) { for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } @@ -72,146 +72,142 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { for (unsigned j = i; j < _PUB_N; j++) { unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy( & pk->pk[ _PUB_M_BYTE * pub_idx ], idx_l1, _O1_BYTE ); - memcpy( (&pk->pk[ _PUB_M_BYTE * pub_idx ]) + _O1_BYTE, idx_l2, _O2_BYTE ); + memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); + memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; idx_l2 += _O2_BYTE; } } } -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { +static void calculate_F_from_Q_ref(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { // Layer 1 // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); + memcpy(Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); + memcpy(Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_2trimat_madd(Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); /* - Layer 2 - computations: + Layer 2 + computations: - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] + Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 + F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 + F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] + Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 + #Q1_Q1T_T4 = Q1_Q1T * t4 + Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 + F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] + F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + + Q_pk.l2_F2s[i].transpose() * t4 + + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] + */ + memcpy(Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 + memcpy(Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1); + batch_trimat_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q1_T1+ Q2 unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) + memset(tempQ, 0, _O1 * _O1 * _O2_BYTE); + batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE); // t1_tr*(Q1_T1+Q2) + memcpy(Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); // F5 + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(Fs->l2_F5, tempQ, _O1, _O2_BYTE); // UT( ... ) - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 + batch_trimatTr_madd(Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F2 = Q1_T1 + Q2 + Q1^tr*t1 // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 + memcpy(Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE); + batch_2trimat_madd(Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); // Q1_Q1T_T4 + batch_mat_madd(Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // Q2_T3 // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) // + Q_pk.l2_F2s[i].transpose() * t4 // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - + memcpy(Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE); + batch_matTr_madd(Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) + batch_2trimat_madd(Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + batch_bmatTr_madd(Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE); } -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 +static void calculate_Q_from_F_cyclic_ref(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + // Layer 1: Computing Q5, Q3, Q6, Q9 -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) + // Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) const unsigned char *t2 = Ts->t4; sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); - memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 + memcpy(tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); + batch_trimat_madd(tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 + memset(tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset(tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); + batch_matTr_madd(tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE); // T1tr*(F1*T1 + F2) + memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE); // UT( ... ) // Q5 /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 + Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 + Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 + Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) + */ + memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); + memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); + memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); + + batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 + batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 + + memset(tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2); // should be F3. assuming: _O1 >= _O2 + batch_matTr_madd(tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE); // Q9 + + batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 + + batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 + batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 /* - Layer 2 - Computing Q9: + Layer 2 + Computing Q9: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ + F1_T2 = F1 * t2 + F2_T3 = F2 * t3 + Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) + */ sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 + memcpy(tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); /// F3 actually. + batch_trimat_madd(tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 + batch_mat_madd(tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) + memset(tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2); + batch_matTr_madd(tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE); // T2tr * ( ..... ) - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + memcpy(tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); + batch_trimat_madd(tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 + batch_matTr_madd(tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) + memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE); // Q9 } // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref +#define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts) { + calculate_F_from_Q_impl(Fs, Qs, Ts); } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { + calculate_Q_from_F_cyclic_impl(Qs, Fs, Ts); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h index eccbc019..053e4700 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.h @@ -7,8 +7,6 @@ /// Functions for calculating pk/sk for key generation. /// - - #include "rainbow_keypair.h" /// @brief The (internal use) public key for rainbow @@ -17,8 +15,7 @@ /// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, /// l2_Q1, .... , l2_Q9. /// -typedef -struct rainbow_extend_publickey { +typedef struct rainbow_extend_publickey { unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; @@ -34,15 +31,13 @@ struct rainbow_extend_publickey { unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; } ext_cpk_t; - - /// /// @brief converting formats of public keys : from ext_cpk_t version to pk_t /// /// @param[out] pk - the classic public key. /// @param[in] cpk - the internel public key. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); ///////////////////////////////////////////////// /// @@ -52,9 +47,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the secret key: T1, T4, T3 /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - - +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); /// @@ -64,7 +57,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t /// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q(sk_t *Fs, const sk_t *Qs, sk_t *Ts); /// /// @brief Computing parts of the pk from the secret key @@ -73,7 +66,6 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, /// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 /// @param[in] Ts - parts of the sk: T1, T4, T3 /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); - -#endif // _RAINBOW_KEYPAIR_COMP_H_ +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_calculate_Q_from_F_cyclic(cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); +#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/sign.c b/crypto_sign/rainbowVc-cyclic/clean/sign.c index df155aa6..9b9924d7 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/sign.c +++ b/crypto_sign/rainbowVc-cyclic/clean/sign.c @@ -12,33 +12,30 @@ #include #include -int -PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes( sk_seed, LEN_SKSEED ); + randombytes(sk_seed, LEN_SKSEED); unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + randombytes(pk_seed, LEN_PKSEED); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_generate_keypair_cyclic((cpk_t *)pk, (sk_t *)sk, pk_seed, sk_seed); return 0; } -int -PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - memcpy( sm, m, mlen ); + memcpy(sm, m, mlen); smlen[0] = mlen + _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); } -int -PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { int rc; - if ( _SIGNATURE_BYTE > smlen ) { + if (_SIGNATURE_BYTE > smlen) { rc = -1; } else { *mlen = smlen - _SIGNATURE_BYTE; @@ -49,7 +46,7 @@ PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, c rc = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sm + mlen[0], (const cpk_t *)pk); } if (!rc) { - memcpy( m, sm, smlen - _SIGNATURE_BYTE ); + memcpy(m, sm, smlen - _SIGNATURE_BYTE); } else { // bad signature *mlen = (size_t) -1; memset(m, 0, smlen); @@ -62,9 +59,9 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_signature( const uint8_t *m, size_t mlen, const uint8_t *sk) { unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); } int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_verify( @@ -74,6 +71,6 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_crypto_sign_verify( return -1; } unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); + return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify_cyclic(digest, sig, (const cpk_t *)pk); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_hash.c b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.c index e99d82e6..37ee1064 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/utils_hash.c +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.c @@ -3,19 +3,17 @@ /// /// +#include "utils_hash.h" #include "rainbow_config.h" #include "sha2.h" -#include "utils_hash.h" -static inline -int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { +static inline int _hash(unsigned char *digest, const unsigned char *m, size_t mlen) { sha512(digest, m, mlen); return 0; } -static inline -int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if ( _HASH_LEN >= n_digest ) { +static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { + if (_HASH_LEN >= n_digest) { for (size_t i = 0; i < n_digest; i++) { digest[i] = hash[i]; } @@ -26,16 +24,15 @@ int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *has } n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest ) { - _hash( digest + _HASH_LEN, digest, _HASH_LEN ); + while (_HASH_LEN <= n_digest) { + _hash(digest + _HASH_LEN, digest, _HASH_LEN); n_digest -= _HASH_LEN; digest += _HASH_LEN; } unsigned char temp[_HASH_LEN]; - if ( n_digest ) { - _hash( temp, digest, _HASH_LEN ); + if (n_digest) { + _hash(temp, digest, _HASH_LEN); for (size_t i = 0; i < n_digest; i++) { digest[_HASH_LEN + i] = temp[i]; } @@ -51,5 +48,3 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(unsigned char *digest, _hash(buf, m, mlen); return expand_hash(digest, len_digest, buf); } - - diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_hash.h b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.h index 0653740a..6c38bbd5 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/utils_hash.h +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_hash.h @@ -6,9 +6,6 @@ #include -int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen ); - - +int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); #endif // _UTILS_HASH_H_ - diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c index d53d6e05..81fa0412 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.c @@ -2,23 +2,23 @@ /// @brief The implementation of PRNG related functions. /// +#include "utils_prng.h" #include "aes.h" #include "randombytes.h" #include "utils_hash.h" -#include "utils_prng.h" #include #include static void prng_update(const unsigned char *provided_data, unsigned char *Key, unsigned char *V) { - unsigned char temp[48]; + unsigned char temp[48]; aes256ctx ctx; aes256_keyexp(&ctx, Key); for (int i = 0; i < 3; i++) { //increment V for (int j = 15; j >= 0; j--) { - if ( V[j] == 0xff) { + if (V[j] == 0xff) { V[j] = 0x00; } else { V[j]++; @@ -27,7 +27,7 @@ static void prng_update(const unsigned char *provided_data, } aes256_ecb(temp + 16 * i, V, 1, &ctx); } - if ( provided_data != NULL ) { + if (provided_data != NULL) { for (int i = 0; i < 48; i++) { temp[i] ^= provided_data[i]; } @@ -36,7 +36,7 @@ static void prng_update(const unsigned char *provided_data, memcpy(V, temp + 32, 16); } static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes ) { + unsigned char *entropy_input_48bytes) { memset(state->Key, 0x00, 32); memset(state->V, 0x00, 16); prng_update(entropy_input_48bytes, state->Key, state->V); @@ -46,17 +46,16 @@ static int randombytes_with_state(prng_t *state, unsigned char *x, size_t xlen) { - unsigned char block[16]; - int i = 0; + unsigned char block[16]; + int i = 0; aes256ctx ctx; aes256_keyexp(&ctx, state->Key); - - while ( xlen > 0 ) { + while (xlen > 0) { //increment V for (int j = 15; j >= 0; j--) { - if ( state->V[j] == 0xff ) { + if (state->V[j] == 0xff) { state->V[j] = 0x00; } else { state->V[j]++; @@ -64,7 +63,7 @@ static int randombytes_with_state(prng_t *state, } } aes256_ecb(block, state->V, 1, &ctx); - if ( xlen > 15 ) { + if (xlen > 15) { memcpy(x + i, block, 16); i += 16; xlen -= 16; @@ -79,18 +78,18 @@ static int randombytes_with_state(prng_t *state, int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { unsigned char seed[48]; - if ( prng_seedlen >= 48 ) { - memcpy( seed, prng_seed, 48 ); + if (prng_seedlen >= 48) { + memcpy(seed, prng_seed, 48); } else { - memcpy( seed, prng_seed, prng_seedlen ); - PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg( seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); + memcpy(seed, prng_seed, prng_seedlen); + PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); } - randombytes_init_with_state( ctx, seed ); + randombytes_init_with_state(ctx, seed); return 0; } int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state( ctx, out, outlen); + return randombytes_with_state(ctx, out, outlen); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.h b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.h index 18987e11..35c4f0a7 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/utils_prng.h +++ b/crypto_sign/rainbowVc-cyclic/clean/utils_prng.h @@ -5,18 +5,14 @@ /// /// - #include "randombytes.h" typedef struct { - unsigned char Key[32]; - unsigned char V[16]; + unsigned char Key[32]; + unsigned char V[16]; } prng_t; int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - #endif // _UTILS_PRNG_H_ - - From 1fca5ec0681634311c44489d69c42e4a212734ac Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Wed, 24 Jul 2019 10:41:42 +0200 Subject: [PATCH 19/19] unsigned -> unsigned int --- .../rainbowIIIc-classic/clean/blas_comm.c | 60 +++++------ .../rainbowIIIc-classic/clean/blas_comm.h | 18 ++-- .../rainbowIIIc-classic/clean/blas_u32.c | 44 ++++---- .../rainbowIIIc-classic/clean/blas_u32.h | 8 +- crypto_sign/rainbowIIIc-classic/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 100 ++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- .../rainbowIIIc-classic/clean/rainbow.c | 12 +-- .../clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../clean/blas_comm.c | 60 +++++------ .../clean/blas_comm.h | 18 ++-- .../clean/blas_u32.c | 44 ++++---- .../clean/blas_u32.h | 8 +- .../rainbowIIIc-cyclic-compressed/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 100 ++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- .../clean/rainbow.c | 12 +-- .../clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../rainbowIIIc-cyclic/clean/blas_comm.c | 60 +++++------ .../rainbowIIIc-cyclic/clean/blas_comm.h | 18 ++-- .../rainbowIIIc-cyclic/clean/blas_u32.c | 44 ++++---- .../rainbowIIIc-cyclic/clean/blas_u32.h | 8 +- crypto_sign/rainbowIIIc-cyclic/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 100 ++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- .../rainbowIIIc-cyclic/clean/rainbow.c | 12 +-- .../clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../rainbowIa-classic/clean/blas_comm.c | 68 ++++++------ .../rainbowIa-classic/clean/blas_comm.h | 14 +-- .../rainbowIa-classic/clean/blas_u32.c | 56 +++++----- .../rainbowIa-classic/clean/blas_u32.h | 10 +- crypto_sign/rainbowIa-classic/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 102 +++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- crypto_sign/rainbowIa-classic/clean/rainbow.c | 12 +-- .../rainbowIa-classic/clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../clean/blas_comm.c | 68 ++++++------ .../clean/blas_comm.h | 14 +-- .../clean/blas_u32.c | 56 +++++----- .../clean/blas_u32.h | 10 +- .../rainbowIa-cyclic-compressed/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 102 +++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- .../clean/rainbow.c | 12 +-- .../clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../rainbowIa-cyclic/clean/blas_comm.c | 68 ++++++------ .../rainbowIa-cyclic/clean/blas_comm.h | 14 +-- crypto_sign/rainbowIa-cyclic/clean/blas_u32.c | 56 +++++----- crypto_sign/rainbowIa-cyclic/clean/blas_u32.h | 10 +- crypto_sign/rainbowIa-cyclic/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 102 +++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- crypto_sign/rainbowIa-cyclic/clean/rainbow.c | 12 +-- .../rainbowIa-cyclic/clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../rainbowVc-classic/clean/blas_comm.c | 60 +++++------ .../rainbowVc-classic/clean/blas_comm.h | 18 ++-- .../rainbowVc-classic/clean/blas_u32.c | 44 ++++---- .../rainbowVc-classic/clean/blas_u32.h | 8 +- crypto_sign/rainbowVc-classic/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 100 ++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- crypto_sign/rainbowVc-classic/clean/rainbow.c | 12 +-- .../rainbowVc-classic/clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../clean/blas_comm.c | 60 +++++------ .../clean/blas_comm.h | 18 ++-- .../clean/blas_u32.c | 44 ++++---- .../clean/blas_u32.h | 8 +- .../rainbowVc-cyclic-compressed/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 100 ++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- .../clean/rainbow.c | 12 +-- .../clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- .../rainbowVc-cyclic/clean/blas_comm.c | 60 +++++------ .../rainbowVc-cyclic/clean/blas_comm.h | 18 ++-- crypto_sign/rainbowVc-cyclic/clean/blas_u32.c | 44 ++++---- crypto_sign/rainbowVc-cyclic/clean/blas_u32.h | 8 +- crypto_sign/rainbowVc-cyclic/clean/gf.c | 4 +- .../clean/parallel_matrix_op.c | 100 ++++++++--------- .../clean/parallel_matrix_op.h | 52 ++++----- crypto_sign/rainbowVc-cyclic/clean/rainbow.c | 12 +-- .../rainbowVc-cyclic/clean/rainbow_keypair.c | 12 +-- .../clean/rainbow_keypair_computation.c | 36 +++---- 90 files changed, 1587 insertions(+), 1587 deletions(-) diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c index caff3bbf..03db4d45 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } /// @brief get an element from GF(256) vector . @@ -19,11 +19,11 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_ /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { return a[i]; } -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { uint8_t r = 0; while (_num_byte--) { r |= a[0]; @@ -34,41 +34,41 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsig /// polynomial multplication /// School boook -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { + for (unsigned int i = 0; i < _num; i++) { gf256v_madd(c + i, a, b[i], _num); } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { gf256v_madd(c, matA, b[i], n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = len_vec; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); } c += n_vec_byte; } } -static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned r8 = 1; +static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int r8 = 1; - for (unsigned i = 0; i < h; i++) { + for (unsigned int i = 0; i < h; i++) { uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); + unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } @@ -76,7 +76,7 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { uint8_t pivot = ai[i]; pivot = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_inv(pivot); gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -88,36 +88,36 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 64]; - for (unsigned i = 0; i < n; i++) { + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); + for (unsigned int i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } -static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; } } } -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(ai, 2 * H); gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -128,15 +128,15 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uin #define gf256mat_prod_impl gf256mat_prod_ref #define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf256mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h index c88853b4..6357c0ab 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(256) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_ /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); /// @brief check if a vector is 0. /// @@ -28,7 +28,7 @@ uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsign /// @param[in] _num_byte - number of bytes for the vector a. /// @return 1(true) if a is 0. 0(false) else. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); /// @brief polynomial multiplication: c = a*b /// @@ -37,7 +37,7 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsig /// @param[in] b - the vector b. /// @param[in] _num - number of elements for the polynomials a and b. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// @@ -47,7 +47,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t * /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); /// @brief matrix-matrix multiplication: c = a * b , in GF(256) /// @@ -56,7 +56,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *m /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(256) /// @@ -65,7 +65,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(256) /// @@ -75,7 +75,7 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsi /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(256) /// @@ -85,6 +85,6 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c index 52f83776..7e1bcba6 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } @@ -75,12 +75,12 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uin t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } diff --git a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h index ba38066f..1675a602 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIIIc-classic/clean/blas_u32.h @@ -7,12 +7,12 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/gf.c b/crypto_sign/rainbowIIIc-classic/clean/gf.c index 02df8e1f..e70613d2 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/gf.c +++ b/crypto_sign/rainbowIIIc-classic/clean/gf.c @@ -61,8 +61,8 @@ uint32_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { } uint8_t PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned)0) - a8; + unsigned int a8 = a; + unsigned int r = ((unsigned int)0) - a8; r >>= 8; return r & 1; } diff --git a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c index d13c97ea..74285568 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, cons } void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, } void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *b } void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,18 +138,18 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, co } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(x, i); } PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } @@ -157,23 +157,23 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char } } -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_get_ele(y, i); } PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } diff --git a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h index 260a6a23..78c1e83f 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIIIc-classic/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, cons /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *b /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, con /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, co /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow.c index 54449133..dc68af43 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c index d90108bd..b0cc6617 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c index ce0f1592..796b7de2 100644 --- a/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-classic/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cp } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cp } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cp } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cp } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cp } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c index 475df36c..e0e550a5 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } /// @brief get an element from GF(256) vector . @@ -19,11 +19,11 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsig /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { return a[i]; } -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { uint8_t r = 0; while (_num_byte--) { r |= a[0]; @@ -34,41 +34,41 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t /// polynomial multplication /// School boook -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { + for (unsigned int i = 0; i < _num; i++) { gf256v_madd(c + i, a, b[i], _num); } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { gf256v_madd(c, matA, b[i], n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = len_vec; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); } c += n_vec_byte; } } -static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned r8 = 1; +static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int r8 = 1; - for (unsigned i = 0; i < h; i++) { + for (unsigned int i = 0; i < h; i++) { uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); + unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } @@ -76,7 +76,7 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { uint8_t pivot = ai[i]; pivot = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_inv(pivot); gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -88,36 +88,36 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 64]; - for (unsigned i = 0; i < n; i++) { + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); + for (unsigned int i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } -static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; } } } -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(ai, 2 * H); gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -128,15 +128,15 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, #define gf256mat_prod_impl gf256mat_prod_ref #define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf256mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h index 4eb71dbf..e86298fe 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(256) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsig /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); /// @brief check if a vector is 0. /// @@ -28,7 +28,7 @@ uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t * /// @param[in] _num_byte - number of bytes for the vector a. /// @return 1(true) if a is 0. 0(false) else. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); /// @brief polynomial multiplication: c = a*b /// @@ -37,7 +37,7 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t /// @param[in] b - the vector b. /// @param[in] _num - number of elements for the polynomials a and b. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// @@ -47,7 +47,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); /// @brief matrix-matrix multiplication: c = a * b , in GF(256) /// @@ -56,7 +56,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const u /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(256) /// @@ -65,7 +65,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const ui /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(256) /// @@ -75,7 +75,7 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t * /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(256) /// @@ -85,6 +85,6 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c index 9d07f8ec..81f1afca 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } @@ -75,12 +75,12 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h index a309a5a9..d94c03ed 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/blas_u32.h @@ -7,12 +7,12 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c index dd39e2ae..98cf167c 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/gf.c @@ -61,8 +61,8 @@ uint32_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uin } uint8_t PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned)0) - a8; + unsigned int a8 = a; + unsigned int r = ((unsigned int)0) - a8; r >>= 8; return r & 1; } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c index a750a014..18962545 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *bt } void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned } void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigne } void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,18 +138,18 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned cha } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } @@ -157,23 +157,23 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsi } } -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(y, i); } PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h index 65c30466..63d82311 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *bt /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigne /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned ch /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned cha /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsig /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsi /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsig /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c index fcd33739..9da0c4e3 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, c uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, c uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *dige // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c index c3ed6104..648dc106 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c index 82630143..2e577e03 100644 --- a/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_ } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_ } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_ } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_ } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_ } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c index 936a4c98..d5363105 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } /// @brief get an element from GF(256) vector . @@ -19,11 +19,11 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_b /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { return a[i]; } -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { uint8_t r = 0; while (_num_byte--) { r |= a[0]; @@ -34,41 +34,41 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsign /// polynomial multplication /// School boook -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { + for (unsigned int i = 0; i < _num; i++) { gf256v_madd(c + i, a, b[i], _num); } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { gf256v_madd(c, matA, b[i], n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = len_vec; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); } c += n_vec_byte; } } -static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned r8 = 1; +static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int r8 = 1; - for (unsigned i = 0; i < h; i++) { + for (unsigned int i = 0; i < h; i++) { uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); + unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } @@ -76,7 +76,7 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { uint8_t pivot = ai[i]; pivot = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_inv(pivot); gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -88,36 +88,36 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 64]; - for (unsigned i = 0; i < n; i++) { + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); + for (unsigned int i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } -static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; } } } -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(ai, 2 * H); gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -128,15 +128,15 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint #define gf256mat_prod_impl gf256mat_prod_ref #define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf256mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h index 2d2474dc..96ac02d7 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(256) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_b /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); /// @brief check if a vector is 0. /// @@ -28,7 +28,7 @@ uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigne /// @param[in] _num_byte - number of bytes for the vector a. /// @return 1(true) if a is 0. 0(false) else. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); /// @brief polynomial multiplication: c = a*b /// @@ -37,7 +37,7 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsign /// @param[in] b - the vector b. /// @param[in] _num - number of elements for the polynomials a and b. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// @@ -47,7 +47,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); /// @brief matrix-matrix multiplication: c = a * b , in GF(256) /// @@ -56,7 +56,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *ma /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(256) /// @@ -65,7 +65,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(256) /// @@ -75,7 +75,7 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsig /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(256) /// @@ -85,6 +85,6 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c index 9e013ff2..b8965553 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } @@ -75,12 +75,12 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h index 028c2cd6..9779dd9c 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/blas_u32.h @@ -7,12 +7,12 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/gf.c b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c index f480af63..c5cece1d 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/gf.c @@ -61,8 +61,8 @@ uint32_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { } uint8_t PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned)0) - a8; + unsigned int a8 = a; + unsigned int r = ((unsigned int)0) - a8; r >>= 8; return r & 1; } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c index b4d06330..7cb5244e 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const } void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, } void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC } void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,18 +138,18 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, con } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(x, i); } PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } @@ -157,23 +157,23 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char } } -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_get_ele(y, i); } PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h index 59a00470..62dd1404 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIIIc-cyclic/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, cons /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, con /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char * /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char * /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c index ee19dd32..3379c7fe 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c index 1a368a37..e7ee2b3c 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c index d3f3ae13..ab38bca7 100644 --- a/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIIIc-cyclic/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIIICCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index 938478c5..3c67c694 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_by /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i) { uint8_t r = a[i >> 1]; uint8_t r0 = r & 0xf; uint8_t r1 = r >> 4; @@ -35,28 +35,28 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned /// @param[in] v - the value for the i-th element in vector a. /// @return the value of the element. /// -static uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { +static uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned int i, uint8_t v) { uint8_t m = (uint8_t)(0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f uint8_t ai_remaining = (uint8_t)(a[i >> 1] & (~m)); /// erase a[i >> 1] = (uint8_t)(ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set return v; } -static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { uint8_t bb = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(b, i); gf16v_madd(c, matA, bb, n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = (len_vec + 1) / 2; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = (len_vec + 1) / 2; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { uint8_t bb = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(bk, i); gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); } @@ -64,13 +64,13 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co } } -static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned n_w_byte = (w + 1) / 2; - unsigned r8 = 1; - for (unsigned i = 0; i < h; i++) { - unsigned offset_byte = i >> 1; +static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int n_w_byte = (w + 1) / 2; + unsigned int r8 = 1; + for (unsigned int i = 0; i < h; i++) { + unsigned int offset_byte = i >> 1; uint8_t *ai = mat + n_w_byte * i; - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } @@ -79,7 +79,7 @@ static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(pivot); offset_byte = (i + 1) >> 1; gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -90,42 +90,42 @@ static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 33]; - unsigned n_byte = (n + 1) >> 1; - for (unsigned i = 0; i < n; i++) { + unsigned int n_byte = (n + 1) >> 1; + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); + for (unsigned int i = 0; i < n; i++) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } return r8; } -static inline void gf16mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - unsigned n_byte_w1 = (w + 1) / 2; - unsigned n_byte_w2 = (w2 + 1) / 2; - unsigned st_2 = st / 2; - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < n_byte_w2; j++) { +static inline void gf16mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + unsigned int n_byte_w1 = (w + 1) / 2; + unsigned int n_byte_w2 = (w2 + 1) / 2; + unsigned int st_2 = st / 2; + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < n_byte_w2; j++) { mat2[i * n_byte_w2 + j] = mat[i * n_byte_w1 + st_2 + j]; } } } -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { - unsigned n_w_byte = (H + 1) / 2; +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { + unsigned int n_w_byte = (H + 1) / 2; uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * n_w_byte; PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -136,15 +136,15 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf16mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf16mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf16mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index 5c8e3938..9cbe8ff1 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(16) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_by /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i); /// @brief matrix-matrix multiplication: c = a * b , in GF(16) /// @@ -29,7 +29,7 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(16) /// @@ -38,7 +38,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(16) /// @@ -48,7 +48,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigne /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(16) /// @@ -58,7 +58,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, co /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); /// @brief matrix-vector multiplication: c = matA * b , in GF(16) /// @@ -68,7 +68,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.c b/crypto_sign/rainbowIa-classic/clean/blas_u32.c index 00d35968..312eef5f 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf1 } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -75,26 +75,26 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_ t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; const uint32_t *a_u32 = (const uint32_t *)a; const uint32_t *b_u32 = (const uint32_t *)b; uint32_t r = 0; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); } - unsigned rem = _num_byte & 3; + unsigned int rem = _num_byte & 3; if (rem) { union tmp_32 { uint8_t u8[4]; @@ -102,10 +102,10 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uin } ta, tb; ta.u32 = 0; tb.u32 = 0; - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { ta.u8[i] = a[(n_u32 << 2) + i]; } - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { tb.u8[i] = b[(n_u32 << 2) + i]; } r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index 0bbfd015..25005e14 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -7,13 +7,13 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned int _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned int _num_byte); +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index c9563dbe..cdad4492 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -69,8 +69,8 @@ static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, } uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a) { - unsigned a4 = a & 0xf; - unsigned r = ((unsigned)0) - a4; + unsigned int a4 = a & 0xf; + unsigned int r = ((unsigned int)0) - a4; r >>= 4; return r & 1; } diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c index c116f05a..8d1f0a95 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const } void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, co } void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, } void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, c } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf16v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf16v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, co } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf16v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,23 +138,23 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, + const unsigned char *x, unsigned int dim_x, unsigned int size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(y, i); } PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf16v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } @@ -162,18 +162,18 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(x, i); } PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf16v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h index 214507e8..b9f8b8c5 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, co /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, cons /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char * /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c index 18ba4e33..e51d867c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t * uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t * uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const u // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c index 4da6ca44..5abe1159 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 9730a0e8..88ad49bd 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c index 5022089d..3ab27446 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigne /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i) { uint8_t r = a[i >> 1]; uint8_t r0 = r & 0xf; uint8_t r1 = r >> 4; @@ -35,28 +35,28 @@ uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, /// @param[in] v - the value for the i-th element in vector a. /// @return the value of the element. /// -static uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { +static uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(uint8_t *a, unsigned int i, uint8_t v) { uint8_t m = (uint8_t)(0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f uint8_t ai_remaining = (uint8_t)(a[i >> 1] & (~m)); /// erase a[i >> 1] = (uint8_t)(ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set return v; } -static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { uint8_t bb = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(b, i); gf16v_madd(c, matA, bb, n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = (len_vec + 1) / 2; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = (len_vec + 1) / 2; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { uint8_t bb = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(bk, i); gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); } @@ -64,13 +64,13 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8 } } -static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned n_w_byte = (w + 1) / 2; - unsigned r8 = 1; - for (unsigned i = 0; i < h; i++) { - unsigned offset_byte = i >> 1; +static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int n_w_byte = (w + 1) / 2; + unsigned int r8 = 1; + for (unsigned int i = 0; i < h; i++) { + unsigned int offset_byte = i >> 1; uint8_t *ai = mat + n_w_byte * i; - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } @@ -79,7 +79,7 @@ static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { pivot = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_inv(pivot); offset_byte = (i + 1) >> 1; gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -90,42 +90,42 @@ static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 33]; - unsigned n_byte = (n + 1) >> 1; - for (unsigned i = 0; i < n; i++) { + unsigned int n_byte = (n + 1) >> 1; + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); + for (unsigned int i = 0; i < n; i++) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } return r8; } -static inline void gf16mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - unsigned n_byte_w1 = (w + 1) / 2; - unsigned n_byte_w2 = (w2 + 1) / 2; - unsigned st_2 = st / 2; - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < n_byte_w2; j++) { +static inline void gf16mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + unsigned int n_byte_w1 = (w + 1) / 2; + unsigned int n_byte_w2 = (w2 + 1) / 2; + unsigned int st_2 = st / 2; + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < n_byte_w2; j++) { mat2[i * n_byte_w2 + j] = mat[i * n_byte_w1 + st_2 + j]; } } } -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { - unsigned n_w_byte = (H + 1) / 2; +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { + unsigned int n_w_byte = (H + 1) / 2; uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * n_w_byte; PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -136,15 +136,15 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, con #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf16mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf16mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf16mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h index 4b8ec358..bf0131b7 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(16) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigne /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i); /// @brief matrix-matrix multiplication: c = a * b , in GF(16) /// @@ -29,7 +29,7 @@ uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(const uint8_t *a, /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(16) /// @@ -38,7 +38,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_mul(uint8_t *c, const uint8 /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(16) /// @@ -48,7 +48,7 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_gauss_elim(uint8_t *mat /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(16) /// @@ -58,7 +58,7 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_solve_linear_eq(uint8_t /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); /// @brief matrix-vector multiplication: c = matA * b , in GF(16) /// @@ -68,7 +68,7 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_inv(uint8_t *inv_a, con /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c index 9ccd0d72..76044e16 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, ui } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -75,26 +75,26 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, con t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } -uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; const uint32_t *a_u32 = (const uint32_t *)a; const uint32_t *b_u32 = (const uint32_t *)b; uint32_t r = 0; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { r ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); } - unsigned rem = _num_byte & 3; + unsigned int rem = _num_byte & 3; if (rem) { union tmp_32 { uint8_t u8[4]; @@ -102,10 +102,10 @@ uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, } ta, tb; ta.u32 = 0; tb.u32 = 0; - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { ta.u8[i] = a[(n_u32 << 2) + i]; } - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { tb.u8[i] = b[(n_u32 << 2) + i]; } r ^= PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h index def05094..992d447f 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/blas_u32.h @@ -7,13 +7,13 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned int _num_byte); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned int _num_byte); +uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c index cbf59609..55d9fd6a 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/gf.c @@ -69,8 +69,8 @@ static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, } uint8_t PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16_is_nonzero(uint8_t a) { - unsigned a4 = a & 0xf; - unsigned r = ((unsigned)0) - a4; + unsigned int a4 = a & 0xf; + unsigned int r = ((unsigned int)0) - a4; r >>= 4; return r & 1; } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c index c764ff72..97e3265c 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, u /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btri } void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned cha } void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned c } void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned ch } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf16v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf16v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned cha } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf16v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,23 +138,23 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char * } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, + const unsigned char *x, unsigned int dim_x, unsigned int size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(y, i); } PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf16v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } @@ -162,18 +162,18 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigne } } -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf16v_get_ele(x, i); } PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf16v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h index e85424c3..00c40ed7 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, u /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btri /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned cha /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned ch /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned ch /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned cha /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned cha /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char * /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigne /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsign /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigne /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c index edc8a2e8..949b04bd 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, con uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, con uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c index a91f523d..d57039c6 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c index 16698d31..ab7756b3 100644 --- a/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index d58a1cba..45f062cf 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byt /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i) { uint8_t r = a[i >> 1]; uint8_t r0 = r & 0xf; uint8_t r1 = r >> 4; @@ -35,28 +35,28 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i /// @param[in] v - the value for the i-th element in vector a. /// @return the value of the element. /// -static uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned i, uint8_t v) { +static uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned int i, uint8_t v) { uint8_t m = (uint8_t)(0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f uint8_t ai_remaining = (uint8_t)(a[i >> 1] & (~m)); /// erase a[i >> 1] = (uint8_t)(ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set return v; } -static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { uint8_t bb = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(b, i); gf16v_madd(c, matA, bb, n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = (len_vec + 1) / 2; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = (len_vec + 1) / 2; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { uint8_t bb = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(bk, i); gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); } @@ -64,13 +64,13 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, con } } -static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned n_w_byte = (w + 1) / 2; - unsigned r8 = 1; - for (unsigned i = 0; i < h; i++) { - unsigned offset_byte = i >> 1; +static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int n_w_byte = (w + 1) / 2; + unsigned int r8 = 1; + for (unsigned int i = 0; i < h; i++) { + unsigned int offset_byte = i >> 1; uint8_t *ai = mat + n_w_byte * i; - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + n_w_byte * j; gf256v_predicated_add(ai + offset_byte, !PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); } @@ -79,7 +79,7 @@ static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(pivot); offset_byte = (i + 1) >> 1; gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -90,42 +90,42 @@ static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 33]; - unsigned n_byte = (n + 1) >> 1; - for (unsigned i = 0; i < n; i++) { + unsigned int n_byte = (n + 1) >> 1; + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(c_terms, i); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); + for (unsigned int i = 0; i < n; i++) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); } return r8; } -static inline void gf16mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - unsigned n_byte_w1 = (w + 1) / 2; - unsigned n_byte_w2 = (w2 + 1) / 2; - unsigned st_2 = st / 2; - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < n_byte_w2; j++) { +static inline void gf16mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + unsigned int n_byte_w1 = (w + 1) / 2; + unsigned int n_byte_w2 = (w2 + 1) / 2; + unsigned int st_2 = st / 2; + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < n_byte_w2; j++) { mat2[i * n_byte_w2 + j] = mat[i * n_byte_w1 + st_2 + j]; } } } -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { - unsigned n_w_byte = (H + 1) / 2; +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { + unsigned int n_w_byte = (H + 1) / 2; uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * n_w_byte; PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); gf256v_add(ai, a + i * n_w_byte, n_w_byte); PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -136,15 +136,15 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf16mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf16mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf16mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h index 10fed039..570e5ede 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(16) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byt /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i); /// @brief matrix-matrix multiplication: c = a * b , in GF(16) /// @@ -29,7 +29,7 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(16) /// @@ -38,7 +38,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, con /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(16) /// @@ -48,7 +48,7 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(16) /// @@ -58,7 +58,7 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, con /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); /// @brief matrix-vector multiplication: c = matA * b , in GF(16) /// @@ -68,7 +68,7 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c index e8a3444a..518f6489 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16 } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b); } @@ -75,26 +75,26 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; const uint32_t *a_u32 = (const uint32_t *)a; const uint32_t *b_u32 = (const uint32_t *)b; uint32_t r = 0; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { r ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]); } - unsigned rem = _num_byte & 3; + unsigned int rem = _num_byte & 3; if (rem) { union tmp_32 { uint8_t u8[4]; @@ -102,10 +102,10 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint } ta, tb; ta.u32 = 0; tb.u32 = 0; - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { ta.u8[i] = a[(n_u32 << 2) + i]; } - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { tb.u8[i] = b[(n_u32 << 2) + i]; } r ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32); diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h index d149674a..cd3ea9e4 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h @@ -7,13 +7,13 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned int _num_byte); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned int _num_byte); +uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index 2bed34aa..29c75c68 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -69,8 +69,8 @@ static inline uint32_t _gf4v_mul_u32_u32(uint32_t a0, uint32_t a1, uint32_t b0, } uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a) { - unsigned a4 = a & 0xf; - unsigned r = ((unsigned)0) - a4; + unsigned int a4 = a & 0xf; + unsigned int r = ((unsigned int)0) - a4; r >>= 4; return r & 1; } diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c index 1b4eb254..6fa60381 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_ /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const u } void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, con } void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, c } void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, co } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf16v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf16v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, con } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf16v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,23 +138,23 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, + const unsigned char *x, unsigned int dim_x, unsigned int size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(y, i); } PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf16v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } @@ -162,18 +162,18 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, } } -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele(x, i); } PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf16v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h index f97f6406..223fbeea 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_ /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const u /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, con /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, co /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, co /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, con /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c index 4e9cdef4..7fc7e5b7 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *s uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *s uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const ui // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c index 5152a5c7..92d08634 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c index 2cd3c2c2..982d13b1 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.c b/crypto_sign/rainbowVc-classic/clean/blas_comm.c index 4900b713..594f5f30 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } /// @brief get an element from GF(256) vector . @@ -19,11 +19,11 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_by /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { return a[i]; } -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { uint8_t r = 0; while (_num_byte--) { r |= a[0]; @@ -34,41 +34,41 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigne /// polynomial multplication /// School boook -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { + for (unsigned int i = 0; i < _num; i++) { gf256v_madd(c + i, a, b[i], _num); } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { gf256v_madd(c, matA, b[i], n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = len_vec; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); } c += n_vec_byte; } } -static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned r8 = 1; +static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int r8 = 1; - for (unsigned i = 0; i < h; i++) { + for (unsigned int i = 0; i < h; i++) { uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); + unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } @@ -76,7 +76,7 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { uint8_t pivot = ai[i]; pivot = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_inv(pivot); gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -88,36 +88,36 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 64]; - for (unsigned i = 0; i < n; i++) { + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); + for (unsigned int i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } -static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; } } } -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(ai, 2 * H); gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -128,15 +128,15 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8 #define gf256mat_prod_impl gf256mat_prod_ref #define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf256mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowVc-classic/clean/blas_comm.h b/crypto_sign/rainbowVc-classic/clean/blas_comm.h index 0c290952..55be9b5e 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowVc-classic/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(256) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_by /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); /// @brief check if a vector is 0. /// @@ -28,7 +28,7 @@ uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned /// @param[in] _num_byte - number of bytes for the vector a. /// @return 1(true) if a is 0. 0(false) else. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); /// @brief polynomial multiplication: c = a*b /// @@ -37,7 +37,7 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigne /// @param[in] b - the vector b. /// @param[in] _num - number of elements for the polynomials a and b. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// @@ -47,7 +47,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); /// @brief matrix-matrix multiplication: c = a * b , in GF(256) /// @@ -56,7 +56,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *mat /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(256) /// @@ -65,7 +65,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, c /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(256) /// @@ -75,7 +75,7 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsign /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(256) /// @@ -85,6 +85,6 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, c /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/blas_u32.c b/crypto_sign/rainbowVc-classic/clean/blas_u32.c index f82efae7..65be162d 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowVc-classic/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } @@ -75,12 +75,12 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8 t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } diff --git a/crypto_sign/rainbowVc-classic/clean/blas_u32.h b/crypto_sign/rainbowVc-classic/clean/blas_u32.h index 8f063d89..eba39b9c 100644 --- a/crypto_sign/rainbowVc-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowVc-classic/clean/blas_u32.h @@ -7,12 +7,12 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/gf.c b/crypto_sign/rainbowVc-classic/clean/gf.c index 7aa3dd5d..81437d26 100644 --- a/crypto_sign/rainbowVc-classic/clean/gf.c +++ b/crypto_sign/rainbowVc-classic/clean/gf.c @@ -61,8 +61,8 @@ uint32_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { } uint8_t PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned)0) - a8; + unsigned int a8 = a; + unsigned int r = ((unsigned int)0) - a8; r >>= 8; return r & 1; } diff --git a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c index 85d1e495..764b3a48 100644 --- a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const } void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, c } void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, } void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, c } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,18 +138,18 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, cons } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(x, i); } PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } @@ -157,23 +157,23 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char * } } -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_get_ele(y, i); } PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWVCCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } diff --git a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h index e9072bf1..2af16a7e 100644 --- a/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowVc-classic/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, co /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, c /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, cons /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char * /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow.c b/crypto_sign/rainbowVc-classic/clean/rainbow.c index 14f52346..e1527f60 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t * uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWVCCLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t * uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWVCCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const u // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c index 33549ebc..14632136 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWVCCLASSIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c index f9a70478..da7851f4 100644 --- a/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-classic/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWVCCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c index 6587be95..1a59ae7c 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } /// @brief get an element from GF(256) vector . @@ -19,11 +19,11 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigne /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { return a[i]; } -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { uint8_t r = 0; while (_num_byte--) { r |= a[0]; @@ -34,41 +34,41 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a /// polynomial multplication /// School boook -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { + for (unsigned int i = 0; i < _num; i++) { gf256v_madd(c + i, a, b[i], _num); } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { gf256v_madd(c, matA, b[i], n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = len_vec; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); } c += n_vec_byte; } } -static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned r8 = 1; +static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int r8 = 1; - for (unsigned i = 0; i < h; i++) { + for (unsigned int i = 0; i < h; i++) { uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); + unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } @@ -76,7 +76,7 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { uint8_t pivot = ai[i]; pivot = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_inv(pivot); gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -88,36 +88,36 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 64]; - for (unsigned i = 0; i < n; i++) { + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); + for (unsigned int i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } -static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; } } } -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(ai, 2 * H); gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -128,15 +128,15 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, co #define gf256mat_prod_impl gf256mat_prod_ref #define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf256mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h index 1ba8a5db..af5715c6 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(256) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(uint8_t *b, unsigne /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); /// @brief check if a vector is 0. /// @@ -28,7 +28,7 @@ uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(const uint8_t *a, /// @param[in] _num_byte - number of bytes for the vector a. /// @return 1(true) if a is 0. 0(false) else. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); /// @brief polynomial multiplication: c = a*b /// @@ -37,7 +37,7 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_is_zero(const uint8_t *a /// @param[in] b - the vector b. /// @param[in] _num - number of elements for the polynomials a and b. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// @@ -47,7 +47,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_polymul(uint8_t *c, const ui /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); /// @brief matrix-matrix multiplication: c = a * b , in GF(256) /// @@ -56,7 +56,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_prod(uint8_t *c, const uin /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(256) /// @@ -65,7 +65,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_mul(uint8_t *c, const uint /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(256) /// @@ -75,7 +75,7 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_gauss_elim(uint8_t *ma /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(256) /// @@ -85,6 +85,6 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_solve_linear_eq(uint8_ /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c index 959badb1..c37d4687 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, u } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } @@ -75,12 +75,12 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, co t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h index 99c69d7b..6777dafc 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/blas_u32.h @@ -7,12 +7,12 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c index 2863a138..b5a4d604 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/gf.c @@ -61,8 +61,8 @@ uint32_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf16v_mul_u32(uint32_t a, uint8 } uint8_t PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned)0) - a8; + unsigned int a8 = a; + unsigned int r = ((unsigned int)0) - a8; r >>= 8; return r & 1; } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c index dfad8351..8e04fabe 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, u /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btri } void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned ch } void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned } void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned c } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned ch } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,18 +138,18 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } @@ -157,23 +157,23 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsign } } -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_get_ele(y, i); } PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h index 32edd826..6ce3d8c6 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(unsigned i_row, u /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_UpperTrianglize(unsigned char *btri /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf16(unsigned cha /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimat_madd_gf256(unsigned ch /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf16(unsigned c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_trimatTr_madd_gf256(unsigned /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf16(unsigned ch /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_2trimat_madd_gf256(unsigned c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf16(unsigned char /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_matTr_madd_gf256(unsigned cha /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf16(unsigned cha /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_bmatTr_madd_gf256(unsigned ch /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf16(unsigned char * /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_mat_madd_gf256(unsigned char /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf16(unsigne /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_trimat_eval_gf256(unsign /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf16(unsigne /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c index 4cdf6e6c..e78bc524 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, con uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_sign(uint8_t *signature, con uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_rainbow_verify(const uint8_t *digest // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c index ed660ebf..d90a2ecb 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c index 665d46ee..3661f6c8 100644 --- a/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic-compressed/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cp } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLICCOMPRESSED_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c index 5d544b0d..0ff48c2a 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.c @@ -10,7 +10,7 @@ #include #include -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { gf256v_add(b, b, _num_byte); } /// @brief get an element from GF(256) vector . @@ -19,11 +19,11 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byt /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { return a[i]; } -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { uint8_t r = 0; while (_num_byte--) { r |= a[0]; @@ -34,41 +34,41 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned /// polynomial multplication /// School boook -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { + for (unsigned int i = 0; i < _num; i++) { gf256v_madd(c + i, a, b[i], _num); } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { + for (unsigned int i = 0; i < n_A_width; i++) { gf256v_madd(c, matA, b[i], n_A_vec_byte); matA += n_A_vec_byte; } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { + unsigned int n_vec_byte = len_vec; + for (unsigned int k = 0; k < len_vec; k++) { PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { + for (unsigned int i = 0; i < len_vec; i++) { gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); } c += n_vec_byte; } } -static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { - unsigned r8 = 1; +static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { + unsigned int r8 = 1; - for (unsigned i = 0; i < h; i++) { + for (unsigned int i = 0; i < h; i++) { uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); + unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - for (unsigned j = i + 1; j < h; j++) { + for (unsigned int j = i + 1; j < h; j++) { uint8_t *aj = mat + w * j; gf256v_predicated_add(ai + skip_len_align4, !PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); } @@ -76,7 +76,7 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { uint8_t pivot = ai[i]; pivot = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_inv(pivot); gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned j = 0; j < h; j++) { + for (unsigned int j = 0; j < h; j++) { if (i == j) { continue; } @@ -88,36 +88,36 @@ static unsigned gf256mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { return r8; } -static unsigned gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { uint8_t mat[64 * 64]; - for (unsigned i = 0; i < n; i++) { + for (unsigned int i = 0; i < n; i++) { memcpy(mat + i * (n + 1), inp_mat + i * n, n); mat[i * (n + 1) + n] = c_terms[i]; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned i = 0; i < n; i++) { + unsigned int r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); + for (unsigned int i = 0; i < n; i++) { sol[i] = mat[i * (n + 1) + n]; } return r8; } -static inline void gf256mat_submat(uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { +static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { + for (unsigned int i = 0; i < h; i++) { + for (unsigned int j = 0; j < w2; j++) { mat2[i * w2 + j] = mat[i * w + st + j]; } } } -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer) { +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { + for (unsigned int i = 0; i < H; i++) { uint8_t *ai = aa + i * 2 * H; PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(ai, 2 * H); gf256v_add(ai, a + i * H, H); ai[H + i] = 1; } - unsigned r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); + unsigned int r8 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); gf256mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } @@ -128,15 +128,15 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_ #define gf256mat_prod_impl gf256mat_prod_ref #define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref #define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); } -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w) { +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { return gf256mat_gauss_elim_impl(mat, h, w); } -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n) { +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); } diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h index cecc310c..08ae23c0 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_comm.h @@ -12,7 +12,7 @@ /// @param[in,out] b - the vector b. /// @param[in] _num_byte - number of bytes for the vector b. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); /// @brief get an element from GF(256) vector . /// @@ -20,7 +20,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byt /// @param[in] i - the index in the vector a. /// @return the value of the element. /// -uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); +uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); /// @brief check if a vector is 0. /// @@ -28,7 +28,7 @@ uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned /// @param[in] _num_byte - number of bytes for the vector a. /// @return 1(true) if a is 0. 0(false) else. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); /// @brief polynomial multiplication: c = a*b /// @@ -37,7 +37,7 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned /// @param[in] b - the vector b. /// @param[in] _num - number of elements for the polynomials a and b. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); /// @brief matrix-vector multiplication: c = matA * b , in GF(256) /// @@ -47,7 +47,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, /// @param[in] n_A_width - the width of matrix A. /// @param[in] b - the vector b. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); /// @brief matrix-matrix multiplication: c = a * b , in GF(256) /// @@ -56,7 +56,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA /// @param[in] b - a matrix b. /// @param[in] len_vec - the length of column vectors. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); /// @brief Gauss elimination for a matrix, in GF(256) /// @@ -65,7 +65,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, co /// @param[in] w - the width of the matrix. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); /// @brief Solving linear equations, in GF(256) /// @@ -75,7 +75,7 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigne /// @param[in] n - the number of equations. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); /// @brief Computing the inverse matrix, in GF(256) /// @@ -85,6 +85,6 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, co /// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. /// @return 1(true) if success. 0(false) if the matrix is singular. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c index bbe63b2a..d8d5b65d 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.c @@ -1,46 +1,46 @@ #include "blas_u32.h" #include "gf.h" -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte) { uint32_t pr_u32 = ((uint32_t)0) - ((uint32_t)predicate); uint8_t pr_u8 = pr_u32 & 0xff; - unsigned n_u32 = _num_byte >> 2; + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= (a_u32[i] & pr_u32); } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= (a[i] & pr_u8); } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *b_u32 = (uint32_t *)accu_b; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { b_u32[i] ^= a_u32[i]; } a += (n_u32 << 2); accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { accu_b[i] ^= a[i]; } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *a_u32 = (uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { a_u32[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); } @@ -50,21 +50,21 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, } t; t.u32 = 0; a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { a[i] = t.u8[i]; } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte) { + unsigned int n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *)accu_c; const uint32_t *a_u32 = (const uint32_t *)a; - for (unsigned i = 0; i < n_u32; i++) { + for (unsigned int i = 0; i < n_u32; i++) { c_u32[i] ^= PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); } @@ -75,12 +75,12 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_ t.u32 = 0; accu_c += (n_u32 << 2); a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { + unsigned int rem = _num_byte & 3; + for (unsigned int i = 0; i < rem; i++) { t.u8[i] = a[i]; } t.u32 = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { + for (unsigned int i = 0; i < rem; i++) { accu_c[i] ^= t.u8[i]; } } diff --git a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h index ea0679c0..4ca03d6b 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowVc-cyclic/clean/blas_u32.h @@ -7,12 +7,12 @@ #include "rainbow_config.h" #include -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned int _num_byte); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned int _num_byte); -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned int _num_byte); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned int _num_byte); #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/gf.c b/crypto_sign/rainbowVc-cyclic/clean/gf.c index 1fb5237c..17074555 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/gf.c +++ b/crypto_sign/rainbowVc-cyclic/clean/gf.c @@ -61,8 +61,8 @@ uint32_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b) { } uint8_t PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned)0) - a8; + unsigned int a8 = a; + unsigned int r = ((unsigned int)0) - a8; r >>= 8; return r & 1; } diff --git a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c index 2d64cbd6..22a68c6c 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.c @@ -16,7 +16,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim) { +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; } @@ -28,19 +28,19 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_ /// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -static inline unsigned idx_of_2trimat(unsigned i_row, unsigned j_col, unsigned n_var) { +static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { if (i_row > j_col) { return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); } return PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { unsigned char *runningC = btriC; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < i; j++) { - unsigned idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < i; j++) { + unsigned int idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(j, i, Aheight); gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); } gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); @@ -49,12 +49,12 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const u } void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + unsigned int Aheight = Awidth; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (k < i) { continue; } @@ -67,11 +67,11 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, co } void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i < k) { continue; } @@ -83,11 +83,11 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, } void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Aheight = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { if (i == k) { continue; } @@ -98,25 +98,25 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, c } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Atr_height = Awidth; + unsigned int Atr_width = Aheight; + for (unsigned int i = 0; i < Atr_height; i++) { + for (unsigned int j = 0; j < Atr_width; j++) { gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); } bC += size_batch * Bwidth; } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { + unsigned int Aheight = Awidth_before_tr; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -124,12 +124,12 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, co } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { + unsigned int Awidth = Bheight; + for (unsigned int i = 0; i < Aheight; i++) { + for (unsigned int j = 0; j < Bwidth; j++) { + for (unsigned int k = 0; k < Bheight; k++) { gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); } bC += size_batch; @@ -138,18 +138,18 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch) { +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { unsigned char tmp[256]; unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(x, i); } PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned i = 0; i < dim; i++) { + for (unsigned int i = 0; i < dim; i++) { PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = i; j < dim; j++) { + for (unsigned int j = i; j < dim; j++) { gf256v_madd(tmp, trimat, _x[j], size_batch); trimat += size_batch; } @@ -157,23 +157,23 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y } } -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch) { unsigned char tmp[128]; unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { + for (unsigned int i = 0; i < dim_x; i++) { _x[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(x, i); } unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { _y[i] = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_get_ele(y, i); } PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned i = 0; i < dim_y; i++) { + for (unsigned int i = 0; i < dim_y; i++) { PQCLEAN_RAINBOWVCCYCLIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned j = 0; j < dim_x; j++) { + for (unsigned int j = 0; j < dim_x; j++) { gf256v_madd(tmp, mat, _x[j], size_batch); mat += size_batch; } diff --git a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h index b6c3528a..2a3308de 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h +++ b/crypto_sign/rainbowVc-cyclic/clean/parallel_matrix_op.h @@ -15,7 +15,7 @@ /// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. /// @return the corresponding index in an array storage. /// -unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_col, unsigned dim); +unsigned int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); /// /// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. @@ -25,7 +25,7 @@ unsigned PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(unsigned i_row, unsigned j_ /// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned Awidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); //////////////////// Section: matrix multiplications /////////////////////////////// @@ -41,7 +41,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_UpperTrianglize(unsigned char *btriC, const u /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA * B , in GF(256) @@ -55,7 +55,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, con /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(16) @@ -69,7 +69,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, co /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += btriA^Tr * B , in GF(256) @@ -83,7 +83,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(16) @@ -97,7 +97,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += (btriA + btriA^Tr) *B , in GF(256) @@ -111,7 +111,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, co /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(16) @@ -126,8 +126,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, c /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += A^Tr * bB , in GF(256) @@ -142,8 +142,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch); + const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, + const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(16) @@ -157,8 +157,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA^Tr * B , in GF(256) @@ -172,8 +172,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, con /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(16) @@ -187,8 +187,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, co /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); /// /// @brief bC += bA * B , in GF(256) @@ -202,8 +202,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const /// @param[in] Bwidth - the width of B. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, + const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); //////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// @@ -216,7 +216,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief y = x^Tr * trimat * x , in GF(256) @@ -227,7 +227,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, /// @param[in] dim - the dimension of matrix trimat (and x). /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(16) @@ -240,8 +240,8 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); /// /// @brief z = y^Tr * mat * x , in GF(256) @@ -254,7 +254,7 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, /// @param[in] dim_x - the length of x. /// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. /// -void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned dim_y, - const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch); +void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, + const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); #endif // _P_MATRIX_OP_H_ diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow.c index 97409632..ee75d39a 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow.c @@ -30,17 +30,17 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *s uint8_t prng_seed[_HASH_LEN]; PQCLEAN_RAINBOWVCCYCLIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { + for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { prng_preseed[i] ^= prng_preseed[i]; // clean } - for (unsigned i = 0; i < _HASH_LEN; i++) { + for (unsigned int i = 0; i < _HASH_LEN; i++) { prng_seed[i] ^= prng_seed[i]; // clean } // roll vinegars. uint8_t vinegar[_V1_BYTE]; - unsigned n_attempt = 0; - unsigned l1_succ = 0; + unsigned int n_attempt = 0; + unsigned int l1_succ = 0; while (!l1_succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -73,7 +73,7 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *s uint8_t *salt = digest_salt + _HASH_LEN; uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned succ = 0; + unsigned int succ = 0; while (!succ) { if (MAX_ATTEMPT_FRMAT <= n_attempt) { break; @@ -160,7 +160,7 @@ int PQCLEAN_RAINBOWVCCYCLIC_CLEAN_rainbow_verify(const uint8_t *digest, const ui // check consistancy. unsigned char cc = 0; - for (unsigned i = 0; i < _PUB_M_BYTE; i++) { + for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { cc |= (digest_ck[i] ^ correct[i]); } return (0 == cc) ? 0 : -1; diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c index 9a5e137c..3480d2f0 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair.c @@ -22,8 +22,8 @@ static void generate_S_T(unsigned char *s_and_t, prng_t *prng0) { PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, s_and_t, _O1_BYTE * _O2); // T3 } -static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l1_F12(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); // l1_F1 sk += _O1_BYTE * N_TRIANGLE_TERMS(_V1); n_byte_generated += _O1_BYTE * N_TRIANGLE_TERMS(_V1); @@ -33,8 +33,8 @@ static unsigned generate_l1_F12(unsigned char *sk, prng_t *prng0) { return n_byte_generated; } -static unsigned generate_l2_F12356(unsigned char *sk, prng_t *prng0) { - unsigned n_byte_generated = 0; +static unsigned int generate_l2_F12356(unsigned char *sk, prng_t *prng0) { + unsigned int n_byte_generated = 0; PQCLEAN_RAINBOWVCCYCLIC_CLEAN_prng_gen(prng0, sk, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); // l2_F1 sk += _O2_BYTE * N_TRIANGLE_TERMS(_V1); @@ -67,7 +67,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 unsigned char temp[_V1_BYTE + 32]; unsigned char *t4 = t2_to_t4; - for (unsigned i = 0; i < _O2; i++) { /// t3 width + for (unsigned int i = 0; i < _O2; i++) { /// t3 width gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); gf256v_add(t4, temp, _V1_BYTE); t4 += _V1_BYTE; @@ -75,7 +75,7 @@ static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const } } -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1) { +static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { unsigned char temp[_O1_BYTE + 32]; while (n_terms--) { gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); diff --git a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c index 8a662fcc..db23a907 100644 --- a/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowVc-cyclic/clean/rainbow_keypair_computation.c @@ -14,9 +14,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = i; j < _V1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = i; j < _V1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -25,9 +25,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q2; idx_l2 = cpk->l2_Q2; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -36,9 +36,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q3; idx_l2 = cpk->l2_Q3; - for (unsigned i = 0; i < _V1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = 0; i < _V1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -47,9 +47,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q5; idx_l2 = cpk->l2_Q5; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = i; j < _V1 + _O1; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = i; j < _V1 + _O1; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -58,9 +58,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q6; idx_l2 = cpk->l2_Q6; - for (unsigned i = _V1; i < _V1 + _O1; i++) { - for (unsigned j = _V1 + _O1; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1; i < _V1 + _O1; i++) { + for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE; @@ -69,9 +69,9 @@ void PQCLEAN_RAINBOWVCCYCLIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) } idx_l1 = cpk->l1_Q9; idx_l2 = cpk->l2_Q9; - for (unsigned i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned j = i; j < _PUB_N; j++) { - unsigned pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); + for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { + for (unsigned int j = i; j < _PUB_N; j++) { + unsigned int pub_idx = PQCLEAN_RAINBOWVCCYCLIC_CLEAN_idx_of_trimat(i, j, _PUB_N); memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); idx_l1 += _O1_BYTE;