kris
/
pqc
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Avoid using log(a) to check if a==0

kyber
John M. Schanck 4 years ago
committed by Kris Kwiatkowski
parent
f74c1e6ad2
commit
b16ce91595
9 changed files with 27 additions and 162 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      crypto_kem/hqc-rmrs-128/avx2/gf.c
  2. +7
    -47
      crypto_kem/hqc-rmrs-128/clean/gf.c
  3. +0
    -5
      crypto_kem/hqc-rmrs-128/clean/gf.h
  4. +2
    -2
      crypto_kem/hqc-rmrs-192/avx2/gf.c
  5. +7
    -47
      crypto_kem/hqc-rmrs-192/clean/gf.c
  6. +0
    -5
      crypto_kem/hqc-rmrs-192/clean/gf.h
  7. +2
    -2
      crypto_kem/hqc-rmrs-256/avx2/gf.c
  8. +7
    -47
      crypto_kem/hqc-rmrs-256/clean/gf.c
  9. +0
    -5
      crypto_kem/hqc-rmrs-256/clean/gf.h

+ 2
- 2
crypto_kem/hqc-rmrs-128/avx2/gf.c View File

@@ -125,10 +125,10 @@ uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_inverse(uint16_t a) {
* @param[in] i The integer whose modulo is taken
*/
uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_mod(uint16_t i) {
uint16_t tmp = i - PARAM_GF_MUL_ORDER;
uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);

// mask = 0xffff if (i < GF_MUL_ORDER)
int16_t mask = -(tmp >> 15);
uint16_t mask = -(tmp >> 15);

return tmp + (mask & PARAM_GF_MUL_ORDER);
}

+ 7
- 47
crypto_kem/hqc-rmrs-128/clean/gf.c View File

@@ -8,47 +8,6 @@



/**
* Generates exp and log lookup tables of GF(2^m).
* The logarithm of 0 is defined as 2^PARAM_M by convention. <br>
* The last two elements of the exp table are needed by the PQCLEAN_HQCRMRS128_CLEAN_gf_mul function.
* (for example if both elements to multiply are zero).
* @param[out] exp Array of size 2^PARAM_M + 2 receiving the powers of the primitive element
* @param[out] log Array of size 2^PARAM_M receiving the logarithms of the elements of GF(2^m)
* @param[in] m Parameter of Galois field GF(2^m)
*/
void PQCLEAN_HQCRMRS128_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m) {
uint16_t elt = 1;
uint16_t alpha = 2; // primitive element of GF(2^PARAM_M)
uint16_t gf_poly = PARAM_GF_POLY;

for (size_t i = 0 ; i < (1U << m) - 1 ; ++i) {
exp[i] = elt;
log[elt] = i;

elt *= alpha;
if (elt >= 1 << m) {
elt ^= gf_poly;
}
}

exp[(1 << m) - 1] = 1;
exp[1 << m] = 2;
exp[(1 << m) + 1] = 4;
log[0] = 1 << m; // by convention
}



/**
* Returns the requested power of the primitive element of GF(2^PARAM_M).
* @returns a^i
*/
uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_exp(uint16_t i) {
return exp[i];
}



/**
* Returns the integer i such that elt = a^i
@@ -68,9 +27,9 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_log(uint16_t elt) {
* @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
*/
uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b) {
// mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
// mask = 0xffff si ni a ni b n'est nul. sinon mask = 0
int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
uint16_t mask;
mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
return mask & exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(log[a] + log[b])];
}

@@ -82,7 +41,7 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b) {
* @param[in] a Element of GF(2^PARAM_M)
*/
uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a) {
int16_t mask = (log[a] >> PARAM_M) - 1;
int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
return mask & exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(2 * log[a])];
}

@@ -94,7 +53,8 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a) {
* @param[in] a Element of GF(2^PARAM_M)
*/
uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_inverse(uint16_t a) {
return exp[PARAM_GF_MUL_ORDER - log[a]];
int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
}


@@ -110,7 +70,7 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mod(uint16_t i) {
uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);

// mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
uint16_t mask = ~(tmp >> 15) + 1;
uint16_t mask = -(tmp >> 15);

return tmp + (mask & PARAM_GF_MUL_ORDER);
}

+ 0
- 5
crypto_kem/hqc-rmrs-128/clean/gf.h View File

@@ -29,13 +29,8 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };


void PQCLEAN_HQCRMRS128_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m);


uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_log(uint16_t elt);

uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_exp(uint16_t i);

uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b);

uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a);


+ 2
- 2
crypto_kem/hqc-rmrs-192/avx2/gf.c View File

@@ -125,10 +125,10 @@ uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_inverse(uint16_t a) {
* @param[in] i The integer whose modulo is taken
*/
uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_mod(uint16_t i) {
uint16_t tmp = i - PARAM_GF_MUL_ORDER;
uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);

// mask = 0xffff if (i < GF_MUL_ORDER)
int16_t mask = -(tmp >> 15);
uint16_t mask = -(tmp >> 15);

return tmp + (mask & PARAM_GF_MUL_ORDER);
}

+ 7
- 47
crypto_kem/hqc-rmrs-192/clean/gf.c View File

@@ -8,47 +8,6 @@



/**
* Generates exp and log lookup tables of GF(2^m).
* The logarithm of 0 is defined as 2^PARAM_M by convention. <br>
* The last two elements of the exp table are needed by the PQCLEAN_HQCRMRS192_CLEAN_gf_mul function.
* (for example if both elements to multiply are zero).
* @param[out] exp Array of size 2^PARAM_M + 2 receiving the powers of the primitive element
* @param[out] log Array of size 2^PARAM_M receiving the logarithms of the elements of GF(2^m)
* @param[in] m Parameter of Galois field GF(2^m)
*/
void PQCLEAN_HQCRMRS192_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m) {
uint16_t elt = 1;
uint16_t alpha = 2; // primitive element of GF(2^PARAM_M)
uint16_t gf_poly = PARAM_GF_POLY;

for (size_t i = 0 ; i < (1U << m) - 1 ; ++i) {
exp[i] = elt;
log[elt] = i;

elt *= alpha;
if (elt >= 1 << m) {
elt ^= gf_poly;
}
}

exp[(1 << m) - 1] = 1;
exp[1 << m] = 2;
exp[(1 << m) + 1] = 4;
log[0] = 1 << m; // by convention
}



/**
* Returns the requested power of the primitive element of GF(2^PARAM_M).
* @returns a^i
*/
uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_exp(uint16_t i) {
return exp[i];
}



/**
* Returns the integer i such that elt = a^i
@@ -68,9 +27,9 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_log(uint16_t elt) {
* @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
*/
uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b) {
// mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
// mask = 0xffff si ni a ni b n'est nul. sinon mask = 0
int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
uint16_t mask;
mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
return mask & exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(log[a] + log[b])];
}

@@ -82,7 +41,7 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b) {
* @param[in] a Element of GF(2^PARAM_M)
*/
uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a) {
int16_t mask = (log[a] >> PARAM_M) - 1;
int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
return mask & exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(2 * log[a])];
}

@@ -94,7 +53,8 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a) {
* @param[in] a Element of GF(2^PARAM_M)
*/
uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_inverse(uint16_t a) {
return exp[PARAM_GF_MUL_ORDER - log[a]];
int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
}


@@ -110,7 +70,7 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mod(uint16_t i) {
uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);

// mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
uint16_t mask = ~(tmp >> 15) + 1;
uint16_t mask = -(tmp >> 15);

return tmp + (mask & PARAM_GF_MUL_ORDER);
}

+ 0
- 5
crypto_kem/hqc-rmrs-192/clean/gf.h View File

@@ -29,13 +29,8 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };


void PQCLEAN_HQCRMRS192_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m);


uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_log(uint16_t elt);

uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_exp(uint16_t i);

uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b);

uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a);


+ 2
- 2
crypto_kem/hqc-rmrs-256/avx2/gf.c View File

@@ -125,10 +125,10 @@ uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_inverse(uint16_t a) {
* @param[in] i The integer whose modulo is taken
*/
uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_mod(uint16_t i) {
uint16_t tmp = i - PARAM_GF_MUL_ORDER;
uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);

// mask = 0xffff if (i < GF_MUL_ORDER)
int16_t mask = -(tmp >> 15);
uint16_t mask = -(tmp >> 15);

return tmp + (mask & PARAM_GF_MUL_ORDER);
}

+ 7
- 47
crypto_kem/hqc-rmrs-256/clean/gf.c View File

@@ -8,47 +8,6 @@



/**
* Generates exp and log lookup tables of GF(2^m).
* The logarithm of 0 is defined as 2^PARAM_M by convention. <br>
* The last two elements of the exp table are needed by the PQCLEAN_HQCRMRS256_CLEAN_gf_mul function.
* (for example if both elements to multiply are zero).
* @param[out] exp Array of size 2^PARAM_M + 2 receiving the powers of the primitive element
* @param[out] log Array of size 2^PARAM_M receiving the logarithms of the elements of GF(2^m)
* @param[in] m Parameter of Galois field GF(2^m)
*/
void PQCLEAN_HQCRMRS256_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m) {
uint16_t elt = 1;
uint16_t alpha = 2; // primitive element of GF(2^PARAM_M)
uint16_t gf_poly = PARAM_GF_POLY;

for (size_t i = 0 ; i < (1U << m) - 1 ; ++i) {
exp[i] = elt;
log[elt] = i;

elt *= alpha;
if (elt >= 1 << m) {
elt ^= gf_poly;
}
}

exp[(1 << m) - 1] = 1;
exp[1 << m] = 2;
exp[(1 << m) + 1] = 4;
log[0] = 1 << m; // by convention
}



/**
* Returns the requested power of the primitive element of GF(2^PARAM_M).
* @returns a^i
*/
uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_exp(uint16_t i) {
return exp[i];
}



/**
* Returns the integer i such that elt = a^i
@@ -68,9 +27,9 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_log(uint16_t elt) {
* @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
*/
uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b) {
// mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
// mask = 0xffff si ni a ni b n'est nul. sinon mask = 0
int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
uint16_t mask;
mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
return mask & exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(log[a] + log[b])];
}

@@ -82,7 +41,7 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b) {
* @param[in] a Element of GF(2^PARAM_M)
*/
uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a) {
int16_t mask = (log[a] >> PARAM_M) - 1;
int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
return mask & exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(2 * log[a])];
}

@@ -94,7 +53,8 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a) {
* @param[in] a Element of GF(2^PARAM_M)
*/
uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_inverse(uint16_t a) {
return exp[PARAM_GF_MUL_ORDER - log[a]];
int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
}


@@ -110,7 +70,7 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mod(uint16_t i) {
uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);

// mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
uint16_t mask = ~(tmp >> 15) + 1;
uint16_t mask = -(tmp >> 15);

return tmp + (mask & PARAM_GF_MUL_ORDER);
}

+ 0
- 5
crypto_kem/hqc-rmrs-256/clean/gf.h View File

@@ -29,13 +29,8 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };


void PQCLEAN_HQCRMRS256_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m);


uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_log(uint16_t elt);

uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_exp(uint16_t i);

uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b);

uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a);


Write Preview
Loading…
Cancel
Save