diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h index efb19a34..d42a55a2 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas.h +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -11,18 +11,11 @@ #define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32 #define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32 -#ifdef _USE_GF16 #define gf16v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32 #define gf16v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32 #define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32 -#else - -#define gf256v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32 -#define gf256v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32 - -#endif #endif // _BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index ffa3b02f..d66ccb33 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -14,7 +14,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// @@ -133,130 +132,12 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { - return a[i]; -} - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { - uint8_t r = 0; - while ( _num_byte-- ) { - r |= a[0]; - a++; - } - return (0 == r); -} - -/// polynomial multplication -/// School boook -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { - gf256v_madd(c + i, a, b[i], _num); - } -} - -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { - gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { - gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { - unsigned r8 = 1; - - for (unsigned i = 0; i < h; i++) { - uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); - - for (unsigned j = i + 1; j < h; j++) { - uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); - } - r8 &= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(ai[i]); - uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); - for (unsigned j = 0; j < h; j++) { - if (i == j) { - continue; - } - uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); - } - } - - return r8; -} - -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; - for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); - mat[i * (n + 1) + n] = c_terms[i]; - } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); - for (unsigned i = 0; i < n; i++) { - sol[i] = mat[i * (n + 1) + n]; - } - return r8; -} - - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { - mat2[i * w2 + j] = mat[i * w + st + j]; - } - } -} - - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { - uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { - uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); - ai[H + i] = 1; - } - unsigned r8 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); - return r8; -} - -#endif // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#ifdef _USE_GF16 #define gf16mat_prod_impl gf16mat_prod_ref #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref @@ -277,21 +158,3 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, c } -#else -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); -} - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); -} - - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index 00fa8a01..aff00f04 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -15,7 +15,6 @@ /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// /// @param[in] a - the input vector a. @@ -72,84 +71,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - - -/// @brief check if a vector is 0. -/// -/// @param[in] a - the vector a. -/// @param[in] _num_byte - number of bytes for the vector a. -/// @return 1(true) if a is 0. 0(false) else. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - - -/// @brief polynomial multiplication: c = a*b -/// -/// @param[out] c - the output polynomial c -/// @param[in] a - the vector a. -/// @param[in] b - the vector b. -/// @param[in] _num - number of elements for the polynomials a and b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - - -/// @brief matrix-vector multiplication: c = matA * b , in GF(256) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(256) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - -/// @brief Gauss elimination for a matrix, in GF(256) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); - -/// @brief Solving linear equations, in GF(256) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); - -/// @brief Computing the inverse matrix, in GF(256) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.c b/crypto_sign/rainbowIa-classic/clean/blas_u32.c index d6068a6d..e14b0451 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.c @@ -37,7 +37,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_ } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; @@ -115,56 +114,3 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uin return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r); } -#else - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; - } -} - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - accu_c += (n_u32 << 2); - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; - } -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index 5955b3e6..b0819d33 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -10,18 +10,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); -#else - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); - -#endif #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index 265ed43a..e633f56e 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -8,7 +8,6 @@ static inline uint8_t gf256v_reduce_u32(uint32_t a) { return rr[0] ^ rr[1]; } -#ifdef _USE_GF16 //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -123,57 +122,3 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } -#else -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; - r >>= 8; - return r & 1; -} - -// gf256 := gf16[X]/X^2+X+xy -static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - uint8_t b0 = b & 15; - uint8_t b1 = (b >> 4); - uint8_t a0b0 = gf16_mul(a0, b0); - uint8_t a1b1 = gf16_mul(a1, b1); - uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x8 = gf16_mul_8(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); -} - -static inline uint8_t gf256_squ(uint8_t a) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - a1 = gf16_squ(a1); - uint8_t a1squ_x8 = gf16_mul_8(a1); - return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a) { - // 128+64+32+16+8+4+2 = 254 - uint8_t a2 = gf256_squ(a); - uint8_t a4 = gf256_squ(a2); - uint8_t a8 = gf256_squ(a4); - uint8_t a4_2 = gf256_mul(a4, a2); - uint8_t a8_4_2 = gf256_mul(a4_2, a8); - uint8_t a64_ = gf256_squ(a8_4_2); - a64_ = gf256_squ(a64_); - a64_ = gf256_squ(a64_); - uint8_t a64_2 = gf256_mul(a64_, a8_4_2); - uint8_t a128_ = gf256_squ(a64_2); - return gf256_mul(a2, a128_); -} - -uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { - uint32_t axb0 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a, b); - uint32_t axb1 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a, b >> 4); - uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; - uint32_t a1b1 = axb1 & 0xf0f0f0f0; - uint32_t a1b1_4 = a1b1 >> 4; - - return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); -} -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/gf.h b/crypto_sign/rainbowIa-classic/clean/gf.h index 2db5c312..b4ad9a1d 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.h +++ b/crypto_sign/rainbowIa-classic/clean/gf.h @@ -9,7 +9,6 @@ /// -#ifdef _USE_GF16 uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a); @@ -17,12 +16,5 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a); -#else - -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a); -uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); - -#endif #endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c index d8d48f5a..adb1e65d 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -51,7 +51,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const } } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -184,138 +183,3 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char * gf16v_madd( y, tmp, _x[i], size_batch ); } } -#else -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); - } - bC += size_batch * Bwidth; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); - for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); - trimat += size_batch; - } - gf256v_madd( y, tmp, _x[i], size_batch ); - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); - } - unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( y, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch ); - for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); - mat += size_batch; - } - gf256v_madd( z, tmp, _y[i], size_batch ); - } -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c index 9550f538..498cc532 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -18,7 +18,6 @@ #define _MAX_O ((_O1>_O2)?_O1:_O2) #define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; @@ -167,21 +166,5 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const } return (0 == cc) ? 0 : -1; } -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/////////////// cyclic version /////////////////////////// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { - unsigned char sk[sizeof(sk_t) + 32]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { - unsigned char pk[sizeof(pk_t) +32]; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); -} -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h index 83b3b5a3..0254e299 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -10,7 +10,6 @@ #include -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) /// /// @brief Signing function for classical secret key. /// @@ -29,29 +28,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Signing function for compressed secret key of the cyclic rainbow. -/// -/// @param[out] signature - the signature. -/// @param[in] sk - the compressed secret key. -/// @param[in] digest - the digest. -/// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -/// -/// @brief Verifying function for cyclic public keys. -/// -/// @param[in] digest - the digest. -/// @param[in] signature - the signature. -/// @param[in] pk - the public key of cyclic rainbow. -/// @return 0 for successful verified. -1 for failed verification. -/// -int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); -#endif #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h index a8253e37..b8b54211 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h @@ -10,7 +10,6 @@ #include "parallel_matrix_op.h" #include "rainbow_config.h" -#ifdef _USE_GF16 #define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele #define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar @@ -29,26 +28,6 @@ #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16 -#else - -#define gfv_get_ele gf256v_get_ele -#define gfv_mul_scalar gf256v_mul_scalar -#define gfv_madd gf256v_madd - -#define gfmat_prod gf256mat_prod -#define gfmat_inv gf256mat_inv - -#define batch_trimat_madd batch_trimat_madd_gf256 -#define batch_trimatTr_madd batch_trimatTr_madd_gf256 -#define batch_2trimat_madd batch_2trimat_madd_gf256 -#define batch_matTr_madd batch_matTr_madd_gf256 -#define batch_bmatTr_madd batch_bmatTr_madd_gf256 -#define batch_mat_madd batch_mat_madd_gf256 - -#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 -#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 - -#endif #endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h index 8245677c..abdd312c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h @@ -5,20 +5,6 @@ /// @brief Defining the parameters of the Rainbow and the corresponding constants. /// - - -// TODO: refactor this -/// the defined parameter -#define _RAINBOW16_32_32_32 -//#define _RAINBOW256_68_36_36 -//#define _RAINBOW256_92_48_48 - -#define _RAINBOW_CLASSIC -//#define _RAINBOW_CYCLIC -//#define _RAINBOW_CYCLIC_COMPRESSED - - -#if defined _RAINBOW16_32_32_32 #define _USE_GF16 #define _GFSIZE 16 #define _V1 32 @@ -26,23 +12,6 @@ #define _O2 32 #define _HASH_LEN 32 -#elif defined _RAINBOW256_68_36_36 -#define _GFSIZE 256 -#define _V1 68 -#define _O1 36 -#define _O2 36 -#define _HASH_LEN 48 - -#elif defined _RAINBOW256_92_48_48 -#define _GFSIZE 256 -#define _V1 92 -#define _O1 48 -#define _O2 48 -#define _HASH_LEN 64 - -#else -error here. -#endif #define _V2 ((_V1)+(_O1)) @@ -57,7 +26,6 @@ error here. /// size of variables, in # bytes. -#ifdef _USE_GF16 // GF16 #define _V1_BYTE (_V1/2) #define _V2_BYTE (_V2/2) @@ -66,16 +34,6 @@ error here. #define _PUB_N_BYTE (_PUB_N/2) #define _PUB_M_BYTE (_PUB_M/2) -#else -// GF256 -#define _V1_BYTE (_V1) -#define _V2_BYTE (_V2) -#define _O1_BYTE (_O1) -#define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - -#endif /// length of seed for public key, in # bytes diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c index 1ef11ab2..74cc376c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -97,7 +97,6 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// -#if defined _RAINBOW_CLASSIC static void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); @@ -133,114 +132,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. } -#endif -#if defined _RAINBOW_CYCLIC -///////////////////// Cyclic ////////////////////////////////// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng; - prng_t *prng0 = &prng; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, prng0 ); // S,T: only a part of sk - - unsigned char t2[sizeof(sk->t4)]; - memcpy( t2, sk->t4, _V1_BYTE * _O2 ); // temporarily store t2 - calculate_t4( sk->t4, sk->t1, sk->t3 ); // t2 <- t4 - - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t *prng1 = &prng; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, prng1 ); // generating l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - // so far, the Qs contains l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6. - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); // calcuate the rest parts of secret key from Qs and S,T - unsigned char t4[sizeof(sk->t4)]; - memcpy( t4, sk->t4, _V1_BYTE * _O2 ); // temporarily store t4 - memcpy( sk->t4, t2, _V1_BYTE * _O2 ); // restore t2 - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( pk, sk, sk ); // calculate the rest parts of public key: l1_Q3, l1_Q5, l1_Q6, l1_Q9, l2_Q9 - memcpy( sk->t4, t4, _V1_BYTE * _O2 ); // restore t4 - obsfucate_l1_polys( pk->l1_Q3, Qs->l2_F3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q5, Qs->l2_F5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk->l1_Q6, Qs->l2_F6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk->l1_Q9, pk->l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); - - // clean - memset( &prng, 0, sizeof(prng_t) ); -} - -#endif - - -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); - sk_t sk; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); -} -#endif - -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); - - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t prng1; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); - - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - - // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); - - // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { - // procedure: cpk_t --> extcpk_t --> pk_t - - // convert from cpk_t to extcpk_t - ext_cpk_t pk; - - // setup prng - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); - - // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); - // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); - - // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); - // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - - // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); -} -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h index 79c88297..9dc31967 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -54,38 +54,8 @@ struct rainbow_secretkey { -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -/// @brief public key for cyclic rainbow -/// -/// public key for cyclic rainbow -/// -typedef -struct rainbow_publickey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating l1_Q1,l1_Q2,l2_Q1,l2_Q2,l2_Q3,l2_Q5,l2_Q6 - - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; ///< Q3, layer1 - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< Q5, layer1 - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; ///< Q6, layer1 - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer1 - - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; ///< Q9, layer2 -} cpk_t; - -/// @brief compressed secret key for cyclic rainbow -/// -/// compressed secret key for cyclic rainbow -/// -typedef -struct rainbow_secretkey_cyclic { - unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. - unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. -} csk_t; -#endif - - -#if defined _RAINBOW_CLASSIC /// /// @brief Generate key pairs for classic rainbow. /// @@ -94,53 +64,9 @@ struct rainbow_secretkey_cyclic { /// @param[in] sk_seed - seed for generating the secret key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); -#endif -#if defined _RAINBOW_CYCLIC -/// -/// @brief Generate key pairs for cyclic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the secret key. -/// @param[in] pk_seed - seed for generating parts of public key. -/// @param[in] sk_seed - seed for generating secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate compressed key pairs for cyclic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the compressed secret key. -/// @param[in] pk_seed - seed for generating parts of the public key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate secret key for cyclic rainbow. -/// -/// @param[out] sk - the secret key. -/// @param[in] pk_seed - seed for generating parts of the pbulic key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) -//////////////////////////////////// - -/// -/// @brief converting formats of public keys : from cyclic version to classic key -/// -/// @param[out] pk - the classic public key. -/// @param[in] cpk - the cyclic public key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); -#endif #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 95e9d11a..752a42ee 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -13,7 +13,6 @@ #include -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,9 +81,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } } -#endif -#if defined _RAINBOW_CLASSIC static void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { /* @@ -196,154 +193,5 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_ calculate_Q_from_F_impl( Qs, Fs, Ts ); } -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) - -static -void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - // Layer 1 - // F_sk.l1_F1s[i] = Q_pk.l1_F1s[i] - memcpy( Fs->l1_F1, Qs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); - - // F_sk.l1_F2s[i] = ( Q_pk.l1_F1s[i] + Q_pk.l1_F1s[i].transpose() ) * T_sk.t1 + Q_pk.l1_F2s[i] - memcpy( Fs->l1_F2, Qs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_2trimat_madd( Fs->l1_F2, Qs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); - - /* - Layer 2 - computations: - - F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - - Q1_T1 = Q_pk.l2_F1s[i]*T_sk.t1 - F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - - Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - #Q1_Q1T_T4 = Q1_Q1T * t4 - Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - + Q_pk.l2_F2s[i].transpose() * t4 - + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - - */ - memcpy( Fs->l2_F1, Qs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); // F_sk.l2_F1s[i] = Q_pk.l2_F1s[i] - - - // F_sk.l2_F2s[i] = Q1_T1 + Q_pk.l2_F2s[i] + Q_pk.l2_F1s[i].transpose() * T_sk.t1 - // F_sk.l2_F5s[i] = UT( t1_tr* ( Q1_T1 + Q_pk.l2_F2s[i] ) ) + Q_pk.l2_F5s[i] - memcpy( Fs->l2_F2, Qs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q1_T1+ Q2 - - unsigned char tempQ[_O1 * _O1 * _O2_BYTE + 32]; - memset( tempQ, 0, _O1 * _O1 * _O2_BYTE ); - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F2, _O1, _O2_BYTE ); // t1_tr*(Q1_T1+Q2) - memcpy( Fs->l2_F5, Qs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); // F5 - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Fs->l2_F5, tempQ, _O1, _O2_BYTE ); // UT( ... ) - - batch_trimatTr_madd( Fs->l2_F2, Qs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F2 = Q1_T1 + Q2 + Q1^tr*t1 - - // Q1_Q1T_T4 = (Q_pk.l2_F1s[i] + Q_pk.l2_F1s[i].transpose()) * t4 - // Q2_T3 = Q_pk.l2_F2s[i]*T_sk.t3 - // F_sk.l2_F3s[i] = Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] - memcpy( Fs->l2_F3, Qs->l2_F3, _V1 * _O2 * _O2_BYTE ); - batch_2trimat_madd( Fs->l2_F3, Qs->l2_F1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); // Q1_Q1T_T4 - batch_mat_madd( Fs->l2_F3, Qs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // Q2_T3 - - // F_sk.l2_F6s[i] = t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - // + Q_pk.l2_F2s[i].transpose() * t4 - // + (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 + Q_pk.l2_F6s[i] - memcpy( Fs->l2_F6, Qs->l2_F6, _O1 * _O2 * _O2_BYTE ); - batch_matTr_madd( Fs->l2_F6, Ts->t1, _V1, _V1_BYTE, _O1, Fs->l2_F3, _O2, _O2_BYTE ); // t1_tr * ( Q1_Q1T_T4 + Q2_T3 + Q_pk.l2_F3s[i] ) - batch_2trimat_madd( Fs->l2_F6, Qs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // (Q_pk.l2_F5s[i] + Q_pk.l2_F5s[i].transpose())*T_sk.t3 - batch_bmatTr_madd( Fs->l2_F6, Qs->l2_F2, _O1, Ts->t4, _V1, _V1_BYTE, _O2, _O2_BYTE ); - -} - - -////////////////////////////////////////////////////////////////////////////////////////////////// - -static -void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { -// Layer 1: Computing Q5, Q3, Q6, Q9 - -// Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - const unsigned char *t2 = Ts->t4; - sk_t tempQ; - memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, _O1_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 - - /* - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ.l1_F2, 0, _O1_BYTE * _V1 * _O2 ); // should be F3. assuming: _O1 >= _O2 - batch_matTr_madd( tempQ.l1_F2, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ.l1_F2, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 - /* - Layer 2 - Computing Q9: - - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - */ - sk_t tempQ2; - memcpy( tempQ2.l2_F3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); /// F3 actually. - batch_trimat_madd( tempQ2.l2_F3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( tempQ2.l2_F3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 - - memset( tempQ.l2_F3, 0, _O2_BYTE * _V1 * _O2 ); - batch_matTr_madd( tempQ.l2_F3, t2, _V1, _V1_BYTE, _O2, tempQ2.l2_F3, _O2, _O2_BYTE ); // T2tr * ( ..... ) - - memcpy( tempQ.l2_F6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - batch_trimat_madd( tempQ.l2_F6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 - - batch_matTr_madd( tempQ.l2_F3, Ts->t3, _O1, _O1_BYTE, _O2, tempQ.l2_F6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ.l2_F3, _O2, _O2_BYTE ); // Q9 -} - - - -/////////////////////////////////////////////////////////////////////// - - -// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_F_from_Q_impl calculate_F_from_Q_ref -#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { - calculate_F_from_Q_impl( Fs, Qs, Ts ); -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); -} - -#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index d30cab5b..60b790e3 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -11,7 +11,6 @@ #include "rainbow_keypair.h" -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC /// @brief The (internal use) public key for rainbow /// /// The (internal use) public key for rainbow. The public @@ -55,30 +54,8 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) - - -/// -/// @brief Computing parts of the sk from parts of pk and sk -/// -/// @param[out] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 -/// @param[in] Qs - parts of the pk: l1_Q1, l1_Q2, l2_Q1, l2_Q2, l2_Q3, l2_Q5, l2_Q6 -/// @param[in] Ts - parts of the sk: T1, T4, T3 -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ); - -/// -/// @brief Computing parts of the pk from the secret key -/// -/// @param[out] Qs - parts of the pk: l1_Q3, l1_Q5, l2_Q6, l1_Q9, l2_Q9 -/// @param[in] Fs - parts of the sk: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 -/// @param[in] Ts - parts of the sk: T1, T4, T3 -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif #endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index c36d7d41..413c1466 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -19,25 +19,9 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned c unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - #if defined _RAINBOW_CLASSIC PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - #elif defined _RAINBOW_CYCLIC - - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - - #else - error here - #endif return 0; } @@ -54,21 +38,9 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - #else - error here - #endif } @@ -90,21 +62,9 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - #else - error here - #endif } @@ -116,15 +76,7 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); *siglen = _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); - #else - error here - #endif } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( @@ -135,14 +87,6 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( } unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #else - error here - #endif } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index 6a4cac91..e8bb7c04 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -9,15 +9,7 @@ static inline int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { - #if 32 == _HASH_LEN sha256(digest, m, mlen); - #elif 48 == _HASH_LEN - sha384(digest, m, mlen); - #elif 64 == _HASH_LEN - sha512(digest, m, mlen); - #else -#error "unsupported _HASH_LEN" - #endif return 0; } diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas.h b/crypto_sign/rainbowIa-cyclic/clean/blas.h index e57335e0..6139dce8 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas.h @@ -11,18 +11,11 @@ #define gf256v_predicated_add PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32 #define gf256v_add PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32 -#ifdef _USE_GF16 #define gf16v_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32 #define gf16v_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32 #define gf16v_dot PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32 -#else - -#define gf256v_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32 -#define gf256v_madd PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32 - -#endif #endif // _BLAS_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c index 565a8f91..7d2d1156 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.c @@ -14,7 +14,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { gf256v_add(b, b, _num_byte); } -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// @@ -133,130 +132,12 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { - return a[i]; -} - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { - uint8_t r = 0; - while ( _num_byte-- ) { - r |= a[0]; - a++; - } - return (0 == r); -} - -/// polynomial multplication -/// School boook -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { - gf256v_madd(c + i, a, b[i], _num); - } -} - -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { - gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { - gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -static -unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { - unsigned r8 = 1; - - for (unsigned i = 0; i < h; i++) { - uint8_t *ai = mat + w * i; - unsigned skip_len_align4 = i & ((unsigned)~0x3); - - for (unsigned j = i + 1; j < h; j++) { - uint8_t *aj = mat + w * j; - gf256v_predicated_add( ai + skip_len_align4, !PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4 ); - } - r8 &= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(ai[i]); - uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv( pivot ); - gf256v_mul_scalar( ai + skip_len_align4, pivot, w - skip_len_align4 ); - for (unsigned j = 0; j < h; j++) { - if (i == j) { - continue; - } - uint8_t *aj = mat + w * j; - gf256v_madd( aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4 ); - } - } - - return r8; -} - -static -unsigned gf256mat_solve_linear_eq_ref( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - uint8_t mat[ 64 * 64 ]; - for (unsigned i = 0; i < n; i++) { - memcpy( mat + i * (n + 1), inp_mat + i * n, n ); - mat[i * (n + 1) + n] = c_terms[i]; - } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( mat, n, n + 1 ); - for (unsigned i = 0; i < n; i++) { - sol[i] = mat[i * (n + 1) + n]; - } - return r8; -} - - - -static inline -void gf256mat_submat( uint8_t *mat2, unsigned w2, unsigned st, const uint8_t *mat, unsigned w, unsigned h ) { - for (unsigned i = 0; i < h; i++) { - for (unsigned j = 0; j < w2; j++) { - mat2[i * w2 + j] = mat[i * w + st + j]; - } - } -} - - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer ) { - uint8_t *aa = buffer; - for (unsigned i = 0; i < H; i++) { - uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( ai, 2 * H ); - gf256v_add( ai, a + i * H, H ); - ai[H + i] = 1; - } - unsigned r8 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( aa, H, 2 * H ); - gf256mat_submat( inv_a, H, H, aa, 2 * H, H ); - return r8; -} - -#endif // choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE -#ifdef _USE_GF16 #define gf16mat_prod_impl gf16mat_prod_ref #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref @@ -277,21 +158,3 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, co } -#else -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); -} - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim( uint8_t *mat, unsigned h, unsigned w ) { - return gf256mat_gauss_elim_impl( mat, h, w ); -} - - -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n ) { - return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); -} - -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h index f884f637..002b9f7c 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_comm.h @@ -15,7 +15,6 @@ /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); -#ifdef _USE_GF16 /// @brief get an element from GF(16) vector . /// /// @param[in] a - the input vector a. @@ -72,84 +71,6 @@ unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); -#else -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - - -/// @brief check if a vector is 0. -/// -/// @param[in] a - the vector a. -/// @param[in] _num_byte - number of bytes for the vector a. -/// @return 1(true) if a is 0. 0(false) else. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - - -/// @brief polynomial multiplication: c = a*b -/// -/// @param[out] c - the output polynomial c -/// @param[in] a - the vector a. -/// @param[in] b - the vector b. -/// @param[in] _num - number of elements for the polynomials a and b. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - - -/// @brief matrix-vector multiplication: c = matA * b , in GF(256) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(256) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - -/// @brief Gauss elimination for a matrix, in GF(256) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w); - -/// @brief Solving linear equations, in GF(256) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); - -/// @brief Computing the inverse matrix, in GF(256) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); -#endif #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c index efa77423..c5d7a814 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.c @@ -37,7 +37,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; @@ -115,56 +114,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint return PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(r); } -#else - - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; - } -} - - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - accu_c += (n_u32 << 2); - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; - } -} - -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h index 91cac011..44b00bcd 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-cyclic/clean/blas_u32.h @@ -10,18 +10,11 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); -#else - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); - -#endif #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.c b/crypto_sign/rainbowIa-cyclic/clean/gf.c index 2b21f76b..ef479074 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.c +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.c @@ -8,7 +8,6 @@ static inline uint8_t gf256v_reduce_u32(uint32_t a) { return rr[0] ^ rr[1]; } -#ifdef _USE_GF16 //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -123,57 +122,3 @@ uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a) { return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); } -#else -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned a8 = a; - unsigned r = ((unsigned) 0) - a8; - r >>= 8; - return r & 1; -} - -// gf256 := gf16[X]/X^2+X+xy -static inline uint8_t gf256_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - uint8_t b0 = b & 15; - uint8_t b1 = (b >> 4); - uint8_t a0b0 = gf16_mul(a0, b0); - uint8_t a1b1 = gf16_mul(a1, b1); - uint8_t a0b1_a1b0 = gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x8 = gf16_mul_8(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); -} - -static inline uint8_t gf256_squ(uint8_t a) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - a1 = gf16_squ(a1); - uint8_t a1squ_x8 = gf16_mul_8(a1); - return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv(uint8_t a) { - // 128+64+32+16+8+4+2 = 254 - uint8_t a2 = gf256_squ(a); - uint8_t a4 = gf256_squ(a2); - uint8_t a8 = gf256_squ(a4); - uint8_t a4_2 = gf256_mul(a4, a2); - uint8_t a8_4_2 = gf256_mul(a4_2, a8); - uint8_t a64_ = gf256_squ(a8_4_2); - a64_ = gf256_squ(a64_); - a64_ = gf256_squ(a64_); - uint8_t a64_2 = gf256_mul(a64_, a8_4_2); - uint8_t a128_ = gf256_squ(a64_2); - return gf256_mul(a2, a128_); -} - -uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { - uint32_t axb0 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a, b); - uint32_t axb1 = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(a, b >> 4); - uint32_t a0b1 = (axb1 << 4) & 0xf0f0f0f0; - uint32_t a1b1 = axb1 & 0xf0f0f0f0; - uint32_t a1b1_4 = a1b1 >> 4; - - return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); -} -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/gf.h b/crypto_sign/rainbowIa-cyclic/clean/gf.h index d0fe9d1f..dd6a1ee0 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/gf.h +++ b/crypto_sign/rainbowIa-cyclic/clean/gf.h @@ -9,7 +9,6 @@ /// -#ifdef _USE_GF16 uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16_inv(uint8_t a); @@ -17,12 +16,5 @@ uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_reduce_u32(uint32_t a); -#else - -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_is_nonzero(uint8_t a); -uint8_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256_inv(uint8_t a); -uint32_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); - -#endif #endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c index dcf79a7c..443feafd 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-cyclic/clean/parallel_matrix_op.c @@ -51,7 +51,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( unsigned char *btriC, const } } -#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -184,138 +183,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y gf16v_madd( y, tmp, _x[i], size_batch ); } } -#else -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACYCLIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); - } - bC += size_batch * Bwidth; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( x, i ); - } - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( y, size_batch ); - for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); - trimat += size_batch; - } - gf256v_madd( y, tmp, _x[i], size_batch ); - } -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch ) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( x, i ); - } - unsigned char _y[128]; - for (unsigned i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_get_ele( y, i ); - } - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( z, size_batch ); - for (unsigned i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = 0; j < dim_x; j++) { - gf256v_madd( tmp, mat, _x[j], size_batch ); - mat += size_batch; - } - gf256v_madd( z, tmp, _y[i], size_batch ); - } -} - -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c index f2b8f2a7..a2ed62e8 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.c @@ -18,7 +18,6 @@ #define _MAX_O ((_O1>_O2)?_O1:_O2) #define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; @@ -167,21 +166,10 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const u } return (0 == cc) ? 0 : -1; } -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/////////////// cyclic version /////////////////////////// -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { - unsigned char sk[sizeof(sk_t) + 32]; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { unsigned char pk[sizeof(pk_t) +32]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); } -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h index 19c58d16..eb839de8 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow.h @@ -10,7 +10,6 @@ #include -#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) /// /// @brief Signing function for classical secret key. /// @@ -29,20 +28,8 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t * /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Signing function for compressed secret key of the cyclic rainbow. -/// -/// @param[out] signature - the signature. -/// @param[in] sk - the compressed secret key. -/// @param[in] digest - the digest. -/// -int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// /// @brief Verifying function for cyclic public keys. /// @@ -52,6 +39,5 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); -#endif #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h index b94887bd..ecf0703d 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_blas.h @@ -10,7 +10,6 @@ #include "parallel_matrix_op.h" #include "rainbow_config.h" -#ifdef _USE_GF16 #define gfv_get_ele PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_get_ele #define gfv_mul_scalar PQCLEAN_RAINBOWIACYCLIC_CLEAN_gf16v_mul_scalar @@ -29,26 +28,6 @@ #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACYCLIC_CLEAN_batch_quad_recmat_eval_gf16 -#else - -#define gfv_get_ele gf256v_get_ele -#define gfv_mul_scalar gf256v_mul_scalar -#define gfv_madd gf256v_madd - -#define gfmat_prod gf256mat_prod -#define gfmat_inv gf256mat_inv - -#define batch_trimat_madd batch_trimat_madd_gf256 -#define batch_trimatTr_madd batch_trimatTr_madd_gf256 -#define batch_2trimat_madd batch_2trimat_madd_gf256 -#define batch_matTr_madd batch_matTr_madd_gf256 -#define batch_bmatTr_madd batch_bmatTr_madd_gf256 -#define batch_mat_madd batch_mat_madd_gf256 - -#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 -#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 - -#endif #endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h index 744ee9ed..abdd312c 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_config.h @@ -5,20 +5,6 @@ /// @brief Defining the parameters of the Rainbow and the corresponding constants. /// - - -// TODO: refactor this -/// the defined parameter -#define _RAINBOW16_32_32_32 -//#define _RAINBOW256_68_36_36 -//#define _RAINBOW256_92_48_48 - -//#define _RAINBOW_CLASSIC -#define _RAINBOW_CYCLIC -//#define _RAINBOW_CYCLIC_COMPRESSED - - -#if defined _RAINBOW16_32_32_32 #define _USE_GF16 #define _GFSIZE 16 #define _V1 32 @@ -26,23 +12,6 @@ #define _O2 32 #define _HASH_LEN 32 -#elif defined _RAINBOW256_68_36_36 -#define _GFSIZE 256 -#define _V1 68 -#define _O1 36 -#define _O2 36 -#define _HASH_LEN 48 - -#elif defined _RAINBOW256_92_48_48 -#define _GFSIZE 256 -#define _V1 92 -#define _O1 48 -#define _O2 48 -#define _HASH_LEN 64 - -#else -error here. -#endif #define _V2 ((_V1)+(_O1)) @@ -57,7 +26,6 @@ error here. /// size of variables, in # bytes. -#ifdef _USE_GF16 // GF16 #define _V1_BYTE (_V1/2) #define _V2_BYTE (_V2/2) @@ -66,16 +34,6 @@ error here. #define _PUB_N_BYTE (_PUB_N/2) #define _PUB_M_BYTE (_PUB_M/2) -#else -// GF256 -#define _V1_BYTE (_V1) -#define _V2_BYTE (_V2) -#define _O1_BYTE (_O1) -#define _O2_BYTE (_O2) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - -#endif /// length of seed for public key, in # bytes diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c index eb49bd40..148ae4f3 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.c @@ -97,46 +97,8 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, /////////////////// Classic ////////////////////////////////// -#if defined _RAINBOW_CLASSIC -static -void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // set up prng - prng_t prng0; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - - // generating secret key with prng. - generate_S_T( sk->s1, &prng0 ); - generate_B1_B2( sk->l1_F1, &prng0 ); - - // clean prng - memset( &prng0, 0, sizeof(prng_t) ); -} - -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { - _generate_secretkey( sk, sk_seed ); - - // set up a temporary structure ext_cpk_t for calculating public key. - ext_cpk_t pk; - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( &pk, sk, sk ); // compute the public key in ext_cpk_t format. - calculate_t4( sk->t4, sk->t1, sk->t3 ); - - obsfucate_l1_polys( pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1 ); - obsfucate_l1_polys( pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1 ); - obsfucate_l1_polys( pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1 ); - // so far, the pk contains the full pk but in ext_cpk_t format. - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. -} -#endif -#if defined _RAINBOW_CYCLIC ///////////////////// Cyclic ////////////////////////////////// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); @@ -180,46 +142,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, memset( &prng, 0, sizeof(prng_t) ); } -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); - memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); - sk_t sk; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); -} -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng0; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); - - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t prng1; - PQCLEAN_RAINBOWIACYCLIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); - - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - - // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); - - // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); -} -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // procedure: cpk_t --> extcpk_t --> pk_t @@ -243,4 +168,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { // convert from extcpk_t to pk_t PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( rpk, &pk ); } -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h index fea7985c..b2a30111 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair.h @@ -54,7 +54,6 @@ struct rainbow_secretkey { -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow @@ -82,21 +81,9 @@ struct rainbow_secretkey_cyclic { unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; -#endif -#if defined _RAINBOW_CLASSIC -/// -/// @brief Generate key pairs for classic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the secret key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); -#endif -#if defined _RAINBOW_CYCLIC /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -106,32 +93,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const u /// @param[in] sk_seed - seed for generating secret key. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate compressed key pairs for cyclic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the compressed secret key. -/// @param[in] pk_seed - seed for generating parts of the public key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#ifdef _RAINBOW_CYCLIC_COMPRESSED -/// -/// @brief Generate secret key for cyclic rainbow. -/// -/// @param[out] sk - the secret key. -/// @param[in] pk_seed - seed for generating parts of the pbulic key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) //////////////////////////////////// /// @@ -141,6 +105,5 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const un /// @param[in] cpk - the cyclic public key. /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); -#endif #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c index a675a42a..5869d9b7 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.c @@ -13,7 +13,6 @@ #include -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -82,124 +81,9 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } } -#endif - -#if defined _RAINBOW_CLASSIC -static -void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ - const unsigned char *t2 = Ts->t4; - - memcpy( Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1) ); - - memcpy( Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - - memset( Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2 ); - memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2 ); - memset( Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2) ); - - // l1_Q5 : _O1_BYTE * _O1 * _O1 - // l1_Q9 : _O1_BYTE * _O2 * _O2 - // l2_Q5 : _O2_BYTE * _V1 * _O1 - // l2_Q9 : _O2_BYTE * _V1 * _O2 - unsigned char tempQ[_O1_BYTE * _O1 * _O1 + 32]; - memset( tempQ, 0, _O1_BYTE * _O1 * _O1 ); // l1_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ, _O1, _O1_BYTE ); // UT( ... ) // Q5 - - batch_trimatTr_madd( Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // Q2 - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1*T2 - batch_mat_madd( Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE ); // F1_T2 + F2_T3 - - memset( tempQ, 0, _O1_BYTE * _O2 * _O2 ); // l1_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE ); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q9, tempQ, _O2, _O1_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd( Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE ); // F2tr*T2 - batch_matTr_madd( Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE ); // Q6 - - /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy( Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1) ); - - memcpy( Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1 ); - batch_trimat_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // F1*T1 + F2 - - memcpy( Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1) ); - memset( tempQ, 0, _O2_BYTE * _O1 * _O1 ); // l2_Q5 - batch_matTr_madd( tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE ); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q5, tempQ, _O1, _O2_BYTE ); // UT( ... ) // Q5 - - batch_trimatTr_madd( Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE ); // Q2 - - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy( Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2 ); - batch_trimat_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1*T2 + F3 - batch_mat_madd( Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F1_T2 + F2_T3 + F3 - - memset( tempQ, 0, _O2_BYTE * _O2 * _O2 ); // l2_Q9 - batch_matTr_madd( tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE ); // T2tr * ( ..... ) - - memcpy( Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2 ); - - batch_trimat_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 - batch_matTr_madd( tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE ); // T2tr*( ..... ) + T3tr*( ..... ) - memset( Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l2_Q9, tempQ, _O2, _O2_BYTE ); // Q9 - - batch_trimatTr_madd( Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd( Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE ); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 -} -// TODO: these defines are not really required for a clean implementation - just implement directly -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_impl( Qs, Fs, Ts ); -} - -#endif - - -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { @@ -275,7 +159,8 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) sk_t tempQ; memcpy( tempQ.l1_F2, Fs->l1_F2, _O1_BYTE * _V1 * _O1 ); batch_trimat_madd( tempQ.l1_F2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE ); // F1*T1 + F2 - memset( tempQ.l2_F1, 0, _O1_BYTE * _V1 * _O2 ); + memset( tempQ.l2_F1, 0, sizeof(tempQ.l2_F1)); + memset( tempQ.l2_F2, 0, sizeof(tempQ.l2_F2)); batch_matTr_madd( tempQ.l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, tempQ.l1_F2, _O1, _O1_BYTE ); // T1tr*(F1*T1 + F2) memset( Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1) ); PQCLEAN_RAINBOWIACYCLIC_CLEAN_UpperTrianglize( Qs->l1_Q5, tempQ.l2_F1, _O1, _O1_BYTE ); // UT( ... ) // Q5 @@ -346,4 +231,3 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const s calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } -#endif diff --git a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h index 664fd499..1dc6e48f 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-cyclic/clean/rainbow_keypair_computation.h @@ -11,7 +11,6 @@ #include "rainbow_keypair.h" -#if defined _RAINBOW_CYCLIC || defined _RAINBOW_CLASSIC /// @brief The (internal use) public key for rainbow /// /// The (internal use) public key for rainbow. The public @@ -55,10 +54,8 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif -#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// @@ -78,7 +75,6 @@ void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, /// @param[in] Ts - parts of the sk: T1, T4, T3 /// void PQCLEAN_RAINBOWIACYCLIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); -#endif #endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-cyclic/clean/sign.c b/crypto_sign/rainbowIa-cyclic/clean/sign.c index 8cb208ab..065c9bad 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/sign.c +++ b/crypto_sign/rainbowIa-cyclic/clean/sign.c @@ -19,25 +19,11 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned ch unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); - #if defined _RAINBOW_CLASSIC - - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); - - #elif defined _RAINBOW_CYCLIC unsigned char pk_seed[LEN_PKSEED] = {0}; randombytes( pk_seed, LEN_PKSEED ); PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - unsigned char pk_seed[LEN_PKSEED] = {0}; - randombytes( pk_seed, LEN_PKSEED ); - PQCLEAN_RAINBOWIACYCLIC_CLEAN_generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); - - #else - error here - #endif return 0; } @@ -54,21 +40,9 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, cons memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); - - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); - - #else - error here - #endif } @@ -90,21 +64,9 @@ PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, c unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); - #if defined _RAINBOW_CLASSIC - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); - - #elif defined _RAINBOW_CYCLIC return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); - - #else - error here - #endif } @@ -116,15 +78,7 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_signature( PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); *siglen = _SIGNATURE_BYTE; - #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); - #else - error here - #endif } int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( @@ -135,14 +89,6 @@ int PQCLEAN_RAINBOWIACYCLIC_CLEAN_crypto_sign_verify( } unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACYCLIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - #if defined _RAINBOW_CLASSIC - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - #elif defined _RAINBOW_CYCLIC return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #elif defined _RAINBOW_CYCLIC_COMPRESSED - return PQCLEAN_RAINBOWIACYCLIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - #else - error here - #endif } diff --git a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c index 28b6b051..a48f6ad9 100644 --- a/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-cyclic/clean/utils_hash.c @@ -9,15 +9,7 @@ static inline int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { - #if 32 == _HASH_LEN sha256(digest, m, mlen); - #elif 48 == _HASH_LEN - sha384(digest, m, mlen); - #elif 64 == _HASH_LEN - sha512(digest, m, mlen); - #else -#error "unsupported _HASH_LEN" - #endif return 0; }