saber: output pointers on left, and size_t for indexing

This commit is contained in:
John M. Schanck 2020-10-19 12:23:48 -04:00 committed by Kris Kwiatkowski
parent 7a3e05045c
commit 997f9d462b
21 changed files with 105 additions and 108 deletions

View File

@ -14,9 +14,9 @@ principal-submitters:
- Frederik Vercauteren - Frederik Vercauteren
implementations: implementations:
- name: clean - name: clean
version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber
- name: avx2 - name: avx2
version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber
supported_platforms: supported_platforms:
- architecture: x86_64 - architecture: x86_64
operating_systems: operating_systems:

View File

@ -66,7 +66,7 @@ static void GenSecret(uint16_t r[SABER_K][SABER_N], const uint8_t *seed) {
} }
//********************************matrix-vector mul routines***************************************************** //********************************matrix-vector mul routines*****************************************************
static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[NUM_POLY][AVX_N1], int isTranspose) { static void matrix_vector_mul(__m256i res_avx[NUM_POLY][AVX_N1], __m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], int isTranspose) {
int64_t i, j; int64_t i, j;
__m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time __m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time
@ -86,7 +86,7 @@ static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1
} }
static void vector_vector_mul(__m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[AVX_N1]) { static void vector_vector_mul(__m256i res_avx[AVX_N1], __m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4]) {
int64_t i; int64_t i;
@ -162,7 +162,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_keypair(uint8_t *pk, uint8_t *sk) {
for (j = 0; j < NUM_POLY; j++) { for (j = 0; j < NUM_POLY; j++) {
TC_eval(sk_avx[j], b_bucket[j]); TC_eval(sk_avx[j], b_bucket[j]);
} }
matrix_vector_mul(a_avx, b_bucket, res_avx, 1);// Matrix-vector multiplication; Matrix in transposed order matrix_vector_mul(res_avx, a_avx, b_bucket, 1);// Matrix-vector multiplication; Matrix in transposed order
// Now truncation // Now truncation
@ -259,7 +259,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DE
for (j = 0; j < NUM_POLY; j++) { for (j = 0; j < NUM_POLY; j++) {
TC_eval(sk_avx[j], b_bucket[j]); TC_eval(sk_avx[j], b_bucket[j]);
} }
matrix_vector_mul(a_avx, b_bucket, res_avx, 0);// Matrix-vector multiplication; Matrix in normal order matrix_vector_mul(res_avx, a_avx, b_bucket, 0);// Matrix-vector multiplication; Matrix in normal order
// Now truncation // Now truncation
@ -302,7 +302,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DE
// vector-vector scalar multiplication with mod p // vector-vector scalar multiplication with mod p
vector_vector_mul(pkcl_avx, b_bucket, vprime_avx); vector_vector_mul(vprime_avx, pkcl_avx, b_bucket);
// Computation of v'+h1 // Computation of v'+h1
for (i = 0; i < SABER_N / 16; i++) { //adding h1 for (i = 0; i < SABER_N / 16; i++) { //adding h1
@ -392,7 +392,7 @@ void PQCLEAN_FIRESABER_AVX2_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uint
TC_eval(sksv_avx[j], b_bucket[j]); TC_eval(sksv_avx[j], b_bucket[j]);
} }
vector_vector_mul(pksv_avx, b_bucket, v_avx); vector_vector_mul(v_avx, pksv_avx, b_bucket);
for (i = 0; i < SABER_N / 16; i++) { for (i = 0; i < SABER_N / 16; i++) {
_mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]); _mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]);

View File

@ -17,7 +17,7 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(uint8_t pk[SABER_INDCPA_PUBLICKE
uint8_t seed_A[SABER_SEEDBYTES]; uint8_t seed_A[SABER_SEEDBYTES];
uint8_t seed_s[SABER_NOISE_SEEDBYTES]; uint8_t seed_s[SABER_NOISE_SEEDBYTES];
int i, j; size_t i, j;
randombytes(seed_A, SABER_SEEDBYTES); randombytes(seed_A, SABER_SEEDBYTES);
shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state
@ -45,7 +45,7 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_D
uint16_t vp[SABER_N] = {0}; uint16_t vp[SABER_N] = {0};
uint16_t mp[SABER_N]; uint16_t mp[SABER_N];
uint16_t b[SABER_L][SABER_N]; uint16_t b[SABER_L][SABER_N];
int i, j; size_t i, j;
const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES; const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES;
PQCLEAN_FIRESABER_CLEAN_GenMatrix(A, seed_A); PQCLEAN_FIRESABER_CLEAN_GenMatrix(A, seed_A);
@ -77,7 +77,7 @@ void PQCLEAN_FIRESABER_CLEAN_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uin
uint16_t b[SABER_L][SABER_N]; uint16_t b[SABER_L][SABER_N];
uint16_t v[SABER_N] = {0}; uint16_t v[SABER_N] = {0};
uint16_t cm[SABER_N]; uint16_t cm[SABER_N];
int i; size_t i;
PQCLEAN_FIRESABER_CLEAN_BS2POLVECq(s, sk); PQCLEAN_FIRESABER_CLEAN_BS2POLVECq(s, sk);
PQCLEAN_FIRESABER_CLEAN_BS2POLVECp(b, ciphertext); PQCLEAN_FIRESABER_CLEAN_BS2POLVECp(b, ciphertext);

View File

@ -4,13 +4,12 @@
#include "fips202.h" #include "fips202.h"
#include "randombytes.h" #include "randombytes.h"
#include "verify.h" #include "verify.h"
#include <stddef.h>
#include <stdint.h> #include <stdint.h>
#include <stdio.h>
#include <string.h>
int PQCLEAN_FIRESABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) { int PQCLEAN_FIRESABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
int i; size_t i;
PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk PQCLEAN_FIRESABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) { for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
@ -48,7 +47,7 @@ int PQCLEAN_FIRESABER_CLEAN_crypto_kem_enc(uint8_t *c, uint8_t *k, const uint8_t
} }
int PQCLEAN_FIRESABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) { int PQCLEAN_FIRESABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) {
int i; size_t i;
uint8_t fail; uint8_t fail;
uint8_t cmp[SABER_BYTES_CCA_DEC]; uint8_t cmp[SABER_BYTES_CCA_DEC];
uint8_t buf[64]; uint8_t buf[64];

View File

@ -4,31 +4,31 @@
#include "pack_unpack.h" #include "pack_unpack.h"
#include "poly.h" #include "poly.h"
#include "poly_mul.h" #include "poly_mul.h"
#include <stdio.h> #include <stddef.h>
void PQCLEAN_FIRESABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) { void PQCLEAN_FIRESABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) {
int i, j; size_t i, j;
for (i = 0; i < SABER_L; i++) { for (i = 0; i < SABER_L; i++) {
for (j = 0; j < SABER_L; j++) { for (j = 0; j < SABER_L; j++) {
if (transpose == 1) { if (transpose == 1) {
PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(A[j][i], s[j], res[i]); PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(res[i], A[j][i], s[j]);
} else { } else {
PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(A[i][j], s[j], res[i]); PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(res[i], A[i][j], s[j]);
} }
} }
} }
} }
void PQCLEAN_FIRESABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) { void PQCLEAN_FIRESABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) {
int j; size_t j;
for (j = 0; j < SABER_L; j++) { for (j = 0; j < SABER_L; j++) {
PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(b[j], s[j], res); PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(res, b[j], s[j]);
} }
} }
void PQCLEAN_FIRESABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) { void PQCLEAN_FIRESABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) {
uint8_t buf[SABER_L * SABER_POLYVECBYTES]; uint8_t buf[SABER_L * SABER_POLYVECBYTES];
int i; size_t i;
shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES); shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES);

View File

@ -11,13 +11,13 @@
#define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y))) #define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y)))
#define KARATSUBA_N 64 #define KARATSUBA_N 64
static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t *result_final) { static void karatsuba_simple(uint16_t *result_final, const uint16_t *a_1, const uint16_t *b_1) {
uint16_t d01[KARATSUBA_N / 2 - 1]; uint16_t d01[KARATSUBA_N / 2 - 1];
uint16_t d0123[KARATSUBA_N / 2 - 1]; uint16_t d0123[KARATSUBA_N / 2 - 1];
uint16_t d23[KARATSUBA_N / 2 - 1]; uint16_t d23[KARATSUBA_N / 2 - 1];
uint16_t result_d01[KARATSUBA_N - 1]; uint16_t result_d01[KARATSUBA_N - 1];
int32_t i, j; size_t i, j;
memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t)); memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t));
memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t)); memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t));
@ -110,7 +110,7 @@ static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t
static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *result) { static void toom_cook_4way (uint16_t *result, const uint16_t *a1, const uint16_t *b1) {
uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167; uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167;
uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB]; uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB];
@ -181,13 +181,13 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re
// MULTIPLICATION // MULTIPLICATION
karatsuba_simple(aw1, bw1, w1); karatsuba_simple(w1, aw1, bw1);
karatsuba_simple(aw2, bw2, w2); karatsuba_simple(w2, aw2, bw2);
karatsuba_simple(aw3, bw3, w3); karatsuba_simple(w3, aw3, bw3);
karatsuba_simple(aw4, bw4, w4); karatsuba_simple(w4, aw4, bw4);
karatsuba_simple(aw5, bw5, w5); karatsuba_simple(w5, aw5, bw5);
karatsuba_simple(aw6, bw6, w6); karatsuba_simple(w6, aw6, bw6);
karatsuba_simple(aw7, bw7, w7); karatsuba_simple(w7, aw7, bw7);
// INTERPOLATION // INTERPOLATION
for (i = 0; i < N_SB_RES; ++i) { for (i = 0; i < N_SB_RES; ++i) {
@ -229,11 +229,11 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re
} }
/* res += a*b */ /* res += a*b */
void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]) { void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]) {
uint16_t c[2 * SABER_N] = {0}; uint16_t c[2 * SABER_N] = {0};
int i; size_t i;
toom_cook_4way(a, b, c); toom_cook_4way(c, a, b);
/* reduction */ /* reduction */
for (i = SABER_N; i < 2 * SABER_N; i++) { for (i = SABER_N; i < 2 * SABER_N; i++) {

View File

@ -3,7 +3,7 @@
#include "SABER_params.h" #include "SABER_params.h"
#include <stdint.h> #include <stdint.h>
void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]); void PQCLEAN_FIRESABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]);
#endif #endif

View File

@ -14,9 +14,9 @@ principal-submitters:
- Frederik Vercauteren - Frederik Vercauteren
implementations: implementations:
- name: clean - name: clean
version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber
- name: avx2 - name: avx2
version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber
supported_platforms: supported_platforms:
- architecture: x86_64 - architecture: x86_64
operating_systems: operating_systems:

View File

@ -66,7 +66,7 @@ static void GenSecret(uint16_t r[SABER_K][SABER_N], const uint8_t *seed) {
} }
//********************************matrix-vector mul routines***************************************************** //********************************matrix-vector mul routines*****************************************************
static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[NUM_POLY][AVX_N1], int isTranspose) { static void matrix_vector_mul(__m256i res_avx[NUM_POLY][AVX_N1], __m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], int isTranspose) {
int64_t i, j; int64_t i, j;
__m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time __m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time
@ -86,7 +86,7 @@ static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1
} }
static void vector_vector_mul(__m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[AVX_N1]) { static void vector_vector_mul(__m256i res_avx[AVX_N1], __m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4]) {
int64_t i; int64_t i;
@ -162,7 +162,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_keypair(uint8_t *pk, uint8_t *sk) {
for (j = 0; j < NUM_POLY; j++) { for (j = 0; j < NUM_POLY; j++) {
TC_eval(sk_avx[j], b_bucket[j]); TC_eval(sk_avx[j], b_bucket[j]);
} }
matrix_vector_mul(a_avx, b_bucket, res_avx, 1);// Matrix-vector multiplication; Matrix in transposed order matrix_vector_mul(res_avx, a_avx, b_bucket, 1);// Matrix-vector multiplication; Matrix in transposed order
// Now truncation // Now truncation
@ -259,7 +259,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_D
for (j = 0; j < NUM_POLY; j++) { for (j = 0; j < NUM_POLY; j++) {
TC_eval(sk_avx[j], b_bucket[j]); TC_eval(sk_avx[j], b_bucket[j]);
} }
matrix_vector_mul(a_avx, b_bucket, res_avx, 0);// Matrix-vector multiplication; Matrix in normal order matrix_vector_mul(res_avx, a_avx, b_bucket, 0);// Matrix-vector multiplication; Matrix in normal order
// Now truncation // Now truncation
@ -302,7 +302,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_D
// vector-vector scalar multiplication with mod p // vector-vector scalar multiplication with mod p
vector_vector_mul(pkcl_avx, b_bucket, vprime_avx); vector_vector_mul(vprime_avx, pkcl_avx, b_bucket);
// Computation of v'+h1 // Computation of v'+h1
for (i = 0; i < SABER_N / 16; i++) { //adding h1 for (i = 0; i < SABER_N / 16; i++) { //adding h1
@ -392,7 +392,7 @@ void PQCLEAN_LIGHTSABER_AVX2_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uin
TC_eval(sksv_avx[j], b_bucket[j]); TC_eval(sksv_avx[j], b_bucket[j]);
} }
vector_vector_mul(pksv_avx, b_bucket, v_avx); vector_vector_mul(v_avx, pksv_avx, b_bucket);
for (i = 0; i < SABER_N / 16; i++) { for (i = 0; i < SABER_N / 16; i++) {
_mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]); _mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]);

View File

@ -17,7 +17,7 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(uint8_t pk[SABER_INDCPA_PUBLICK
uint8_t seed_A[SABER_SEEDBYTES]; uint8_t seed_A[SABER_SEEDBYTES];
uint8_t seed_s[SABER_NOISE_SEEDBYTES]; uint8_t seed_s[SABER_NOISE_SEEDBYTES];
int i, j; size_t i, j;
randombytes(seed_A, SABER_SEEDBYTES); randombytes(seed_A, SABER_SEEDBYTES);
shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state
@ -45,7 +45,7 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_
uint16_t vp[SABER_N] = {0}; uint16_t vp[SABER_N] = {0};
uint16_t mp[SABER_N]; uint16_t mp[SABER_N];
uint16_t b[SABER_L][SABER_N]; uint16_t b[SABER_L][SABER_N];
int i, j; size_t i, j;
const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES; const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES;
PQCLEAN_LIGHTSABER_CLEAN_GenMatrix(A, seed_A); PQCLEAN_LIGHTSABER_CLEAN_GenMatrix(A, seed_A);
@ -77,7 +77,7 @@ void PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const ui
uint16_t b[SABER_L][SABER_N]; uint16_t b[SABER_L][SABER_N];
uint16_t v[SABER_N] = {0}; uint16_t v[SABER_N] = {0};
uint16_t cm[SABER_N]; uint16_t cm[SABER_N];
int i; size_t i;
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVECq(s, sk); PQCLEAN_LIGHTSABER_CLEAN_BS2POLVECq(s, sk);
PQCLEAN_LIGHTSABER_CLEAN_BS2POLVECp(b, ciphertext); PQCLEAN_LIGHTSABER_CLEAN_BS2POLVECp(b, ciphertext);

View File

@ -4,13 +4,12 @@
#include "fips202.h" #include "fips202.h"
#include "randombytes.h" #include "randombytes.h"
#include "verify.h" #include "verify.h"
#include <stddef.h>
#include <stdint.h> #include <stdint.h>
#include <stdio.h>
#include <string.h>
int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) { int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
int i; size_t i;
PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk PQCLEAN_LIGHTSABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) { for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
@ -48,7 +47,7 @@ int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_enc(uint8_t *c, uint8_t *k, const uint8_
} }
int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) { int PQCLEAN_LIGHTSABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) {
int i; size_t i;
uint8_t fail; uint8_t fail;
uint8_t cmp[SABER_BYTES_CCA_DEC]; uint8_t cmp[SABER_BYTES_CCA_DEC];
uint8_t buf[64]; uint8_t buf[64];

View File

@ -4,31 +4,31 @@
#include "pack_unpack.h" #include "pack_unpack.h"
#include "poly.h" #include "poly.h"
#include "poly_mul.h" #include "poly_mul.h"
#include <stdio.h> #include <stddef.h>
void PQCLEAN_LIGHTSABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) { void PQCLEAN_LIGHTSABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) {
int i, j; size_t i, j;
for (i = 0; i < SABER_L; i++) { for (i = 0; i < SABER_L; i++) {
for (j = 0; j < SABER_L; j++) { for (j = 0; j < SABER_L; j++) {
if (transpose == 1) { if (transpose == 1) {
PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(A[j][i], s[j], res[i]); PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(res[i], A[j][i], s[j]);
} else { } else {
PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(A[i][j], s[j], res[i]); PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(res[i], A[i][j], s[j]);
} }
} }
} }
} }
void PQCLEAN_LIGHTSABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) { void PQCLEAN_LIGHTSABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) {
int j; size_t j;
for (j = 0; j < SABER_L; j++) { for (j = 0; j < SABER_L; j++) {
PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(b[j], s[j], res); PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(res, b[j], s[j]);
} }
} }
void PQCLEAN_LIGHTSABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) { void PQCLEAN_LIGHTSABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) {
uint8_t buf[SABER_L * SABER_POLYVECBYTES]; uint8_t buf[SABER_L * SABER_POLYVECBYTES];
int i; size_t i;
shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES); shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES);

View File

@ -11,13 +11,13 @@
#define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y))) #define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y)))
#define KARATSUBA_N 64 #define KARATSUBA_N 64
static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t *result_final) { static void karatsuba_simple(uint16_t *result_final, const uint16_t *a_1, const uint16_t *b_1) {
uint16_t d01[KARATSUBA_N / 2 - 1]; uint16_t d01[KARATSUBA_N / 2 - 1];
uint16_t d0123[KARATSUBA_N / 2 - 1]; uint16_t d0123[KARATSUBA_N / 2 - 1];
uint16_t d23[KARATSUBA_N / 2 - 1]; uint16_t d23[KARATSUBA_N / 2 - 1];
uint16_t result_d01[KARATSUBA_N - 1]; uint16_t result_d01[KARATSUBA_N - 1];
int32_t i, j; size_t i, j;
memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t)); memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t));
memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t)); memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t));
@ -110,7 +110,7 @@ static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t
static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *result) { static void toom_cook_4way (uint16_t *result, const uint16_t *a1, const uint16_t *b1) {
uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167; uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167;
uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB]; uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB];
@ -181,13 +181,13 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re
// MULTIPLICATION // MULTIPLICATION
karatsuba_simple(aw1, bw1, w1); karatsuba_simple(w1, aw1, bw1);
karatsuba_simple(aw2, bw2, w2); karatsuba_simple(w2, aw2, bw2);
karatsuba_simple(aw3, bw3, w3); karatsuba_simple(w3, aw3, bw3);
karatsuba_simple(aw4, bw4, w4); karatsuba_simple(w4, aw4, bw4);
karatsuba_simple(aw5, bw5, w5); karatsuba_simple(w5, aw5, bw5);
karatsuba_simple(aw6, bw6, w6); karatsuba_simple(w6, aw6, bw6);
karatsuba_simple(aw7, bw7, w7); karatsuba_simple(w7, aw7, bw7);
// INTERPOLATION // INTERPOLATION
for (i = 0; i < N_SB_RES; ++i) { for (i = 0; i < N_SB_RES; ++i) {
@ -229,11 +229,11 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re
} }
/* res += a*b */ /* res += a*b */
void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]) { void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]) {
uint16_t c[2 * SABER_N] = {0}; uint16_t c[2 * SABER_N] = {0};
int i; size_t i;
toom_cook_4way(a, b, c); toom_cook_4way(c, a, b);
/* reduction */ /* reduction */
for (i = SABER_N; i < 2 * SABER_N; i++) { for (i = SABER_N; i < 2 * SABER_N; i++) {

View File

@ -3,7 +3,7 @@
#include "SABER_params.h" #include "SABER_params.h"
#include <stdint.h> #include <stdint.h>
void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]); void PQCLEAN_LIGHTSABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]);
#endif #endif

View File

@ -14,9 +14,9 @@ principal-submitters:
- Frederik Vercauteren - Frederik Vercauteren
implementations: implementations:
- name: clean - name: clean
version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber
- name: avx2 - name: avx2
version: https://github.com/KULeuven-COSIC/SABER/commit/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 version: https://github.com/KULeuven-COSIC/SABER/tree/509cc5ec3a7e12a751ccdd2ef5bd6e54e00bd350 via https://github.com/jschanck/package-pqclean/tree/b53a47b5/saber
supported_platforms: supported_platforms:
- architecture: x86_64 - architecture: x86_64
operating_systems: operating_systems:

View File

@ -66,7 +66,7 @@ static void GenSecret(uint16_t r[SABER_K][SABER_N], const uint8_t *seed) {
} }
//********************************matrix-vector mul routines***************************************************** //********************************matrix-vector mul routines*****************************************************
static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[NUM_POLY][AVX_N1], int isTranspose) { static void matrix_vector_mul(__m256i res_avx[NUM_POLY][AVX_N1], __m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], int isTranspose) {
int64_t i, j; int64_t i, j;
__m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time __m256i c_bucket[2 * SCM_SIZE * 4]; //Holds results for 9 Karatsuba at a time
@ -86,7 +86,7 @@ static void matrix_vector_mul(__m256i a1_avx_combined[NUM_POLY][NUM_POLY][AVX_N1
} }
static void vector_vector_mul(__m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4], __m256i res_avx[AVX_N1]) { static void vector_vector_mul(__m256i res_avx[AVX_N1], __m256i a_avx[NUM_POLY][AVX_N1], __m256i b_bucket[NUM_POLY][SCHB_N * 4]) {
int64_t i; int64_t i;
@ -162,7 +162,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_keypair(uint8_t *pk, uint8_t *sk) {
for (j = 0; j < NUM_POLY; j++) { for (j = 0; j < NUM_POLY; j++) {
TC_eval(sk_avx[j], b_bucket[j]); TC_eval(sk_avx[j], b_bucket[j]);
} }
matrix_vector_mul(a_avx, b_bucket, res_avx, 1);// Matrix-vector multiplication; Matrix in transposed order matrix_vector_mul(res_avx, a_avx, b_bucket, 1);// Matrix-vector multiplication; Matrix in transposed order
// Now truncation // Now truncation
@ -259,7 +259,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DEC],
for (j = 0; j < NUM_POLY; j++) { for (j = 0; j < NUM_POLY; j++) {
TC_eval(sk_avx[j], b_bucket[j]); TC_eval(sk_avx[j], b_bucket[j]);
} }
matrix_vector_mul(a_avx, b_bucket, res_avx, 0);// Matrix-vector multiplication; Matrix in normal order matrix_vector_mul(res_avx, a_avx, b_bucket, 0);// Matrix-vector multiplication; Matrix in normal order
// Now truncation // Now truncation
@ -302,7 +302,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DEC],
// vector-vector scalar multiplication with mod p // vector-vector scalar multiplication with mod p
vector_vector_mul(pkcl_avx, b_bucket, vprime_avx); vector_vector_mul(vprime_avx, pkcl_avx, b_bucket);
// Computation of v'+h1 // Computation of v'+h1
for (i = 0; i < SABER_N / 16; i++) { //adding h1 for (i = 0; i < SABER_N / 16; i++) { //adding h1
@ -392,7 +392,7 @@ void PQCLEAN_SABER_AVX2_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uint8_t
TC_eval(sksv_avx[j], b_bucket[j]); TC_eval(sksv_avx[j], b_bucket[j]);
} }
vector_vector_mul(pksv_avx, b_bucket, v_avx); vector_vector_mul(v_avx, pksv_avx, b_bucket);
for (i = 0; i < SABER_N / 16; i++) { for (i = 0; i < SABER_N / 16; i++) {
_mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]); _mm256_maskstore_epi32 ((int *)(message_dec_unpacked + i * 16), _mm256_set1_epi32(-1), v_avx[i]);

View File

@ -17,7 +17,7 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(uint8_t pk[SABER_INDCPA_PUBLICKEYBYT
uint8_t seed_A[SABER_SEEDBYTES]; uint8_t seed_A[SABER_SEEDBYTES];
uint8_t seed_s[SABER_NOISE_SEEDBYTES]; uint8_t seed_s[SABER_NOISE_SEEDBYTES];
int i, j; size_t i, j;
randombytes(seed_A, SABER_SEEDBYTES); randombytes(seed_A, SABER_SEEDBYTES);
shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state shake128(seed_A, SABER_SEEDBYTES, seed_A, SABER_SEEDBYTES); // for not revealing system RNG state
@ -45,7 +45,7 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_enc(uint8_t ciphertext[SABER_BYTES_CCA_DEC],
uint16_t vp[SABER_N] = {0}; uint16_t vp[SABER_N] = {0};
uint16_t mp[SABER_N]; uint16_t mp[SABER_N];
uint16_t b[SABER_L][SABER_N]; uint16_t b[SABER_L][SABER_N];
int i, j; size_t i, j;
const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES; const uint8_t *seed_A = pk + SABER_POLYVECCOMPRESSEDBYTES;
PQCLEAN_SABER_CLEAN_GenMatrix(A, seed_A); PQCLEAN_SABER_CLEAN_GenMatrix(A, seed_A);
@ -77,7 +77,7 @@ void PQCLEAN_SABER_CLEAN_indcpa_kem_dec(uint8_t m[SABER_KEYBYTES], const uint8_t
uint16_t b[SABER_L][SABER_N]; uint16_t b[SABER_L][SABER_N];
uint16_t v[SABER_N] = {0}; uint16_t v[SABER_N] = {0};
uint16_t cm[SABER_N]; uint16_t cm[SABER_N];
int i; size_t i;
PQCLEAN_SABER_CLEAN_BS2POLVECq(s, sk); PQCLEAN_SABER_CLEAN_BS2POLVECq(s, sk);
PQCLEAN_SABER_CLEAN_BS2POLVECp(b, ciphertext); PQCLEAN_SABER_CLEAN_BS2POLVECp(b, ciphertext);

View File

@ -4,13 +4,12 @@
#include "fips202.h" #include "fips202.h"
#include "randombytes.h" #include "randombytes.h"
#include "verify.h" #include "verify.h"
#include <stddef.h>
#include <stdint.h> #include <stdint.h>
#include <stdio.h>
#include <string.h>
int PQCLEAN_SABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) { int PQCLEAN_SABER_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk) {
int i; size_t i;
PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk PQCLEAN_SABER_CLEAN_indcpa_kem_keypair(pk, sk); // sk[0:SABER_INDCPA_SECRETKEYBYTES-1] <-- sk
for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) { for (i = 0; i < SABER_INDCPA_PUBLICKEYBYTES; i++) {
@ -48,7 +47,7 @@ int PQCLEAN_SABER_CLEAN_crypto_kem_enc(uint8_t *c, uint8_t *k, const uint8_t *pk
} }
int PQCLEAN_SABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) { int PQCLEAN_SABER_CLEAN_crypto_kem_dec(uint8_t *k, const uint8_t *c, const uint8_t *sk) {
int i; size_t i;
uint8_t fail; uint8_t fail;
uint8_t cmp[SABER_BYTES_CCA_DEC]; uint8_t cmp[SABER_BYTES_CCA_DEC];
uint8_t buf[64]; uint8_t buf[64];

View File

@ -4,31 +4,31 @@
#include "pack_unpack.h" #include "pack_unpack.h"
#include "poly.h" #include "poly.h"
#include "poly_mul.h" #include "poly_mul.h"
#include <stdio.h> #include <stddef.h>
void PQCLEAN_SABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) { void PQCLEAN_SABER_CLEAN_MatrixVectorMul(uint16_t res[SABER_L][SABER_N], const uint16_t A[SABER_L][SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N], int16_t transpose) {
int i, j; size_t i, j;
for (i = 0; i < SABER_L; i++) { for (i = 0; i < SABER_L; i++) {
for (j = 0; j < SABER_L; j++) { for (j = 0; j < SABER_L; j++) {
if (transpose == 1) { if (transpose == 1) {
PQCLEAN_SABER_CLEAN_poly_mul_acc(A[j][i], s[j], res[i]); PQCLEAN_SABER_CLEAN_poly_mul_acc(res[i], A[j][i], s[j]);
} else { } else {
PQCLEAN_SABER_CLEAN_poly_mul_acc(A[i][j], s[j], res[i]); PQCLEAN_SABER_CLEAN_poly_mul_acc(res[i], A[i][j], s[j]);
} }
} }
} }
} }
void PQCLEAN_SABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) { void PQCLEAN_SABER_CLEAN_InnerProd(uint16_t res[SABER_N], const uint16_t b[SABER_L][SABER_N], const uint16_t s[SABER_L][SABER_N]) {
int j; size_t j;
for (j = 0; j < SABER_L; j++) { for (j = 0; j < SABER_L; j++) {
PQCLEAN_SABER_CLEAN_poly_mul_acc(b[j], s[j], res); PQCLEAN_SABER_CLEAN_poly_mul_acc(res, b[j], s[j]);
} }
} }
void PQCLEAN_SABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) { void PQCLEAN_SABER_CLEAN_GenMatrix(uint16_t A[SABER_L][SABER_L][SABER_N], const uint8_t seed[SABER_SEEDBYTES]) {
uint8_t buf[SABER_L * SABER_POLYVECBYTES]; uint8_t buf[SABER_L * SABER_POLYVECBYTES];
int i; size_t i;
shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES); shake128(buf, sizeof(buf), seed, SABER_SEEDBYTES);

View File

@ -11,13 +11,13 @@
#define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y))) #define OVERFLOWING_MUL(X, Y) ((uint16_t)((uint32_t)(X) * (uint32_t)(Y)))
#define KARATSUBA_N 64 #define KARATSUBA_N 64
static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t *result_final) { static void karatsuba_simple(uint16_t *result_final, const uint16_t *a_1, const uint16_t *b_1) {
uint16_t d01[KARATSUBA_N / 2 - 1]; uint16_t d01[KARATSUBA_N / 2 - 1];
uint16_t d0123[KARATSUBA_N / 2 - 1]; uint16_t d0123[KARATSUBA_N / 2 - 1];
uint16_t d23[KARATSUBA_N / 2 - 1]; uint16_t d23[KARATSUBA_N / 2 - 1];
uint16_t result_d01[KARATSUBA_N - 1]; uint16_t result_d01[KARATSUBA_N - 1];
int32_t i, j; size_t i, j;
memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t)); memset(result_d01, 0, (KARATSUBA_N - 1)*sizeof(uint16_t));
memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t)); memset(d01, 0, (KARATSUBA_N / 2 - 1)*sizeof(uint16_t));
@ -110,7 +110,7 @@ static void karatsuba_simple(const uint16_t *a_1, const uint16_t *b_1, uint16_t
static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *result) { static void toom_cook_4way (uint16_t *result, const uint16_t *a1, const uint16_t *b1) {
uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167; uint16_t inv3 = 43691, inv9 = 36409, inv15 = 61167;
uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB]; uint16_t aw1[N_SB], aw2[N_SB], aw3[N_SB], aw4[N_SB], aw5[N_SB], aw6[N_SB], aw7[N_SB];
@ -181,13 +181,13 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re
// MULTIPLICATION // MULTIPLICATION
karatsuba_simple(aw1, bw1, w1); karatsuba_simple(w1, aw1, bw1);
karatsuba_simple(aw2, bw2, w2); karatsuba_simple(w2, aw2, bw2);
karatsuba_simple(aw3, bw3, w3); karatsuba_simple(w3, aw3, bw3);
karatsuba_simple(aw4, bw4, w4); karatsuba_simple(w4, aw4, bw4);
karatsuba_simple(aw5, bw5, w5); karatsuba_simple(w5, aw5, bw5);
karatsuba_simple(aw6, bw6, w6); karatsuba_simple(w6, aw6, bw6);
karatsuba_simple(aw7, bw7, w7); karatsuba_simple(w7, aw7, bw7);
// INTERPOLATION // INTERPOLATION
for (i = 0; i < N_SB_RES; ++i) { for (i = 0; i < N_SB_RES; ++i) {
@ -229,11 +229,11 @@ static void toom_cook_4way (const uint16_t *a1, const uint16_t *b1, uint16_t *re
} }
/* res += a*b */ /* res += a*b */
void PQCLEAN_SABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]) { void PQCLEAN_SABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]) {
uint16_t c[2 * SABER_N] = {0}; uint16_t c[2 * SABER_N] = {0};
int i; size_t i;
toom_cook_4way(a, b, c); toom_cook_4way(c, a, b);
/* reduction */ /* reduction */
for (i = SABER_N; i < 2 * SABER_N; i++) { for (i = SABER_N; i < 2 * SABER_N; i++) {

View File

@ -3,7 +3,7 @@
#include "SABER_params.h" #include "SABER_params.h"
#include <stdint.h> #include <stdint.h>
void PQCLEAN_SABER_CLEAN_poly_mul_acc(const uint16_t a[SABER_N], const uint16_t b[SABER_N], uint16_t res[SABER_N]); void PQCLEAN_SABER_CLEAN_poly_mul_acc(uint16_t res[SABER_N], const uint16_t a[SABER_N], const uint16_t b[SABER_N]);
#endif #endif