This commit is contained in:
Leon 2019-05-27 22:48:15 +02:00
джерело 7b9e254a8b
коміт ca6d935bbc
3 змінених файлів з 54 додано та 70 видалено

@ -12,12 +12,15 @@ static void gf2x_mod(DIGIT out[], const DIGIT in[]) {
memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memcpy(aux, in, 2 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
memset(out, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(out, 0x00, NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
/* not true for parameter set
if (2 * NUM_DIGITS_GF2X_ELEMENT < NUM_DIGITS_GF2X_MODULUS) { if (2 * NUM_DIGITS_GF2X_ELEMENT < NUM_DIGITS_GF2X_MODULUS) {
for (i = 0; i < 2 * NUM_DIGITS_GF2X_ELEMENT; i++) { for (i = 0; i < 2 * NUM_DIGITS_GF2X_ELEMENT; i++) {
out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = in[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i]; out[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = in[2 * NUM_DIGITS_GF2X_ELEMENT - 1 - i];
} }
return; return;
} }
*/
for (i = 0; i < (2 * NUM_DIGITS_GF2X_ELEMENT) - NUM_DIGITS_GF2X_MODULUS; i += 1) { for (i = 0; i < (2 * NUM_DIGITS_GF2X_ELEMENT) - NUM_DIGITS_GF2X_MODULUS; i += 1) {
for (j = DIGIT_SIZE_b - 1; j >= 0; j--) { for (j = DIGIT_SIZE_b - 1; j >= 0; j--) {
@ -95,6 +98,13 @@ static uint8_t byte_reverse_with_64bitDIGIT(uint8_t b) {
return b; return b;
} }
/* https://stackoverflow.com/questions/2182002/convert-big-endian-to-little-endian-in-c-without-using-provided-func */
static uint64_t swap_uint64( uint64_t val ) {
val = ((val << 8) & 0xFF00FF00FF00FF00ULL ) | ((val >> 8) & 0x00FF00FF00FF00FFULL );
val = ((val << 16) & 0xFFFF0000FFFF0000ULL ) | ((val >> 16) & 0x0000FFFF0000FFFFULL );
return (val << 32) | (val >> 32);
}
static DIGIT reverse_digit(const DIGIT b) { static DIGIT reverse_digit(const DIGIT b) {
int i; int i;
union toReverse_t { union toReverse_t {
@ -107,7 +117,7 @@ static DIGIT reverse_digit(const DIGIT b) {
toReverse.inByte[i] = byte_reverse_with_64bitDIGIT(toReverse.inByte[i]); toReverse.inByte[i] = byte_reverse_with_64bitDIGIT(toReverse.inByte[i]);
} }
return __builtin_bswap64(toReverse.digitValue); return swap_uint64(toReverse.digitValue);
} }
void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) { void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) {
@ -127,9 +137,11 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) {
A[i] = rev2; A[i] = rev2;
A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1;
} }
/*
if (NUM_DIGITS_GF2X_ELEMENT % 2 == 1) { if (NUM_DIGITS_GF2X_ELEMENT % 2 == 1) {
A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]);
} }*/
A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]);
if (slack_bits_amount) { if (slack_bits_amount) {
PQCLEAN_LEDAKEMLT12_CLEAN_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); PQCLEAN_LEDAKEMLT12_CLEAN_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount);
@ -140,24 +152,26 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) {
static void rotate_bit_left(DIGIT in[]) { /* equivalent to x * in(x) mod x^P+1 */ static void rotate_bit_left(DIGIT in[]) { /* equivalent to x * in(x) mod x^P+1 */
DIGIT mask, rotated_bit; DIGIT mask, rotated_bit;
/*
if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) { if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) {
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1; int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
mask = ((DIGIT)0x1) << msb_offset_in_digit; mask = ((DIGIT)0x1) << msb_offset_in_digit;
rotated_bit = !!(in[0] & mask); rotated_bit = !!(in[0] & mask);
in[0] &= ~mask; /* clear shifted bit */ in[0] &= ~mask;
left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in); left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
} else { } else {
/* NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT and
* MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0
*/
mask = ((DIGIT)0x1) << (DIGIT_SIZE_b - 1); mask = ((DIGIT)0x1) << (DIGIT_SIZE_b - 1);
rotated_bit = !!(in[0] & mask); rotated_bit = !!(in[0] & mask);
in[0] &= ~mask; /* clear shifted bit */ in[0] &= ~mask;
left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in); left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
} } */
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
mask = ((DIGIT)0x1) << msb_offset_in_digit;
rotated_bit = !!(in[0] & mask);
in[0] &= ~mask;
left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
in[NUM_DIGITS_GF2X_ELEMENT - 1] |= rotated_bit; in[NUM_DIGITS_GF2X_ELEMENT - 1] |= rotated_bit;
} }
@ -166,15 +180,15 @@ static void rotate_bit_right(DIGIT in[]) { /* x^{-1} * in(x) mod x^P+1 */
DIGIT rotated_bit = in[NUM_DIGITS_GF2X_ELEMENT - 1] & ((DIGIT)0x1); DIGIT rotated_bit = in[NUM_DIGITS_GF2X_ELEMENT - 1] & ((DIGIT)0x1);
right_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in); right_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in);
/*
if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) { if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) {
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1; int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
rotated_bit = rotated_bit << msb_offset_in_digit; rotated_bit = rotated_bit << msb_offset_in_digit;
} else { } else {
/* NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT and
* MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0
*/
rotated_bit = rotated_bit << (DIGIT_SIZE_b - 1); rotated_bit = rotated_bit << (DIGIT_SIZE_b - 1);
} } */
int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1;
rotated_bit = rotated_bit << msb_offset_in_digit;
in[0] |= rotated_bit; in[0] |= rotated_bit;
} }
@ -221,11 +235,13 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) {
v[NUM_DIGITS_GF2X_ELEMENT - 1] = 0x0; v[NUM_DIGITS_GF2X_ELEMENT - 1] = 0x0;
s[NUM_DIGITS_GF2X_MODULUS - 1] = 0x1; s[NUM_DIGITS_GF2X_MODULUS - 1] = 0x1;
/*
if (MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0) { if (MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0) {
mask = 0x1; mask = 0x1;
} else { } else {
mask = (((DIGIT)0x1) << MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS); mask = (((DIGIT)0x1) << MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS);
} }*/
mask = (((DIGIT)0x1) << MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS);
s[0] |= mask; s[0] |= mask;
for (i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0 && in[i] == 0; i--) { }; for (i = NUM_DIGITS_GF2X_ELEMENT - 1; i >= 0 && in[i] == 0; i--) { };
@ -233,14 +249,18 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) {
return 0; return 0;
} }
/*
if (NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT) { if (NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT) {
for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 1 ; i--) { for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 1 ; i--) {
f[i] = in[i - 1]; f[i] = in[i - 1];
} }
} else { /* they are equal */ } else {
for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 0 ; i--) { for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 0 ; i--) {
f[i] = in[i]; f[i] = in[i];
} }
}*/
for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 0 ; i--) {
f[i] = in[i];
} }
for (i = 1; i <= 2 * P; i++) { for (i = 1; i <= 2 * P; i++) {
@ -467,7 +487,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones,
while (placedOnes < countOnes) { while (placedOnes < countOnes) {
p = rand_range(NUM_BITS_GF2X_ELEMENT, p = rand_range(NUM_BITS_GF2X_ELEMENT,
BITS_TO_REPRESENT(P), P_BITS,
seed_expander_ctx); seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < placedOnes; j++) { for (int j = 0; j < placedOnes; j++) {
@ -483,15 +503,16 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_sparse_block(POSITION_T *pos_ones,
} }
/* Returns random weight-t circulant block */ /* Returns random weight-t circulant block */
void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], void PQCLEAN_LEDAKEMLT12_CLEAN_rand_circulant_blocks_sequence(
AES_XOF_struct *seed_expander_ctx) { DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0; int rndPos[NUM_ERRORS_T], duplicated, counter = 0;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, BITS_TO_REPRESENT(P), int p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS,
seed_expander_ctx); seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) { for (int j = 0; j < counter; j++) {

@ -7,8 +7,8 @@
#include "gf2x_arith.h" #include "gf2x_arith.h"
#include "rng.h" #include "rng.h"
#define NUM_BITS_GF2X_ELEMENT (P) #define NUM_BITS_GF2X_ELEMENT (P) // 52147
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b) #define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b) // 815
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ( (P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1 ) #define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ( (P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1 )
#define NUM_BITS_GF2X_MODULUS (P+1) #define NUM_BITS_GF2X_MODULUS (P+1)
@ -17,45 +17,7 @@
#define INVALID_POS_VALUE (P) #define INVALID_POS_VALUE (P)
#define IS_REPRESENTABLE_IN_D_BITS(D, N) \ #define P_BITS (16) // log_2(p) = 15.6703
(((unsigned long) (N) >= (1UL << ((D) - 1)) && (unsigned long) (N) < (1UL << (D))) ? (D) : -1)
#define BITS_TO_REPRESENT(N) \
((N) == 0 ? 1 : (31 \
+ IS_REPRESENTABLE_IN_D_BITS( 1, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 2, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 3, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 4, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 5, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 6, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 7, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 8, N) \
+ IS_REPRESENTABLE_IN_D_BITS( 9, N) \
+ IS_REPRESENTABLE_IN_D_BITS(10, N) \
+ IS_REPRESENTABLE_IN_D_BITS(11, N) \
+ IS_REPRESENTABLE_IN_D_BITS(12, N) \
+ IS_REPRESENTABLE_IN_D_BITS(13, N) \
+ IS_REPRESENTABLE_IN_D_BITS(14, N) \
+ IS_REPRESENTABLE_IN_D_BITS(15, N) \
+ IS_REPRESENTABLE_IN_D_BITS(16, N) \
+ IS_REPRESENTABLE_IN_D_BITS(17, N) \
+ IS_REPRESENTABLE_IN_D_BITS(18, N) \
+ IS_REPRESENTABLE_IN_D_BITS(19, N) \
+ IS_REPRESENTABLE_IN_D_BITS(20, N) \
+ IS_REPRESENTABLE_IN_D_BITS(21, N) \
+ IS_REPRESENTABLE_IN_D_BITS(22, N) \
+ IS_REPRESENTABLE_IN_D_BITS(23, N) \
+ IS_REPRESENTABLE_IN_D_BITS(24, N) \
+ IS_REPRESENTABLE_IN_D_BITS(25, N) \
+ IS_REPRESENTABLE_IN_D_BITS(26, N) \
+ IS_REPRESENTABLE_IN_D_BITS(27, N) \
+ IS_REPRESENTABLE_IN_D_BITS(28, N) \
+ IS_REPRESENTABLE_IN_D_BITS(29, N) \
+ IS_REPRESENTABLE_IN_D_BITS(30, N) \
+ IS_REPRESENTABLE_IN_D_BITS(31, N) \
+ IS_REPRESENTABLE_IN_D_BITS(32, N) \
) \
)
static inline void gf2x_copy(DIGIT dest[], const DIGIT in[]) { static inline void gf2x_copy(DIGIT dest[], const DIGIT in[]) {

@ -8,11 +8,11 @@
#include <string.h> #include <string.h>
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *const pk, void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *pk,
privateKeyNiederreiter_t *const sk, privateKeyNiederreiter_t *sk,
AES_XOF_struct *keys_expander) { AES_XOF_struct *keys_expander) {
// sequence of N0 circ block matrices (p x p): Hi
// sequence of N0 circ block matrices (p x p): Hi
POSITION_T HPosOnes[N0][DV]; POSITION_T HPosOnes[N0][DV];
POSITION_T HtrPosOnes[N0][DV]; POSITION_T HtrPosOnes[N0][DV];
/* Sparse representation of the transposed circulant matrix H, /* Sparse representation of the transposed circulant matrix H,
@ -89,9 +89,10 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_keygen(publicKeyNiederreiter_t *co
} }
void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT syndrome[], // 1 polynomial void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT *syndrome, // 1 polynomial
const publicKeyNiederreiter_t *const pk, const publicKeyNiederreiter_t *pk,
const DIGIT err[]) { // N0 polynomials const DIGIT *err) { // N0 polynomials
int i; int i;
DIGIT saux[NUM_DIGITS_GF2X_ELEMENT]; DIGIT saux[NUM_DIGITS_GF2X_ELEMENT];
@ -108,9 +109,9 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_encrypt(DIGIT syndrome[],
} }
int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT err[], // N0 circ poly int PQCLEAN_LEDAKEMLT12_CLEAN_niederreiter_decrypt(DIGIT *err, // N0 circ poly
const privateKeyNiederreiter_t *const sk, const privateKeyNiederreiter_t *sk,
const DIGIT syndrome[]) { const DIGIT *syndrome) {
AES_XOF_struct niederreiter_decrypt_expander; AES_XOF_struct niederreiter_decrypt_expander;
PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander, PQCLEAN_LEDAKEMLT12_CLEAN_seedexpander_from_trng(&niederreiter_decrypt_expander,