From d42e96368a06115e31723295ce09a6cf90322470 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Sun, 16 Jun 2019 12:28:32 +0200 Subject: [PATCH] cyclic and compressedcycles parameter sets --- crypto_sign/rainbowIa-classic/clean/api.h | 30 -- crypto_sign/rainbowIa-classic/clean/blas.h | 16 +- .../rainbowIa-classic/clean/blas_comm.c | 137 ++++---- .../rainbowIa-classic/clean/blas_comm.h | 168 +++++----- .../rainbowIa-classic/clean/blas_u32.c | 139 ++++---- .../rainbowIa-classic/clean/blas_u32.h | 18 +- crypto_sign/rainbowIa-classic/clean/gf.c | 20 +- crypto_sign/rainbowIa-classic/clean/gf.h | 9 + .../clean/parallel_matrix_op.c | 303 ++++++++---------- crypto_sign/rainbowIa-classic/clean/rainbow.c | 21 +- crypto_sign/rainbowIa-classic/clean/rainbow.h | 11 +- .../rainbowIa-classic/clean/rainbow_blas.h | 26 +- .../rainbowIa-classic/clean/rainbow_config.h | 77 ++--- .../rainbowIa-classic/clean/rainbow_keypair.c | 135 ++++---- .../rainbowIa-classic/clean/rainbow_keypair.h | 22 +- .../clean/rainbow_keypair_computation.c | 30 +- .../clean/rainbow_keypair_computation.h | 9 +- crypto_sign/rainbowIa-classic/clean/sign.c | 92 +++--- .../rainbowIa-classic/clean/utils_hash.c | 16 +- 19 files changed, 589 insertions(+), 690 deletions(-) diff --git a/crypto_sign/rainbowIa-classic/clean/api.h b/crypto_sign/rainbowIa-classic/clean/api.h index c47a5ff5..f4447b75 100644 --- a/crypto_sign/rainbowIa-classic/clean/api.h +++ b/crypto_sign/rainbowIa-classic/clean/api.h @@ -4,41 +4,11 @@ #include #include -#define _RAINBOW_CLASSIC -//#define _RAINBOW_CYCLIC -//#define _RAINBOW_CYCLIC_COMPRESSED - #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 92960 #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 148992 #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES 64 #define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(16,32,32,32) - classic" -//TODO: remove this after creating the other parameter sets - -//#if defined _RAINBOW_CLASSIC -// -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES sizeof(sk_t) -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES sizeof(pk_t) -// -//#elif defined _RAINBOW_CYCLIC -// -//#define CRYPTO_SECRETKEYBYTES sizeof(sk_t) -//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t) -// -//#elif defined _RAINBOW_CYCLIC_COMPRESSED -// -//#define CRYPTO_SECRETKEYBYTES sizeof(csk_t) -//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t) -// -//#else -//error here -//#endif -// -// -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES _SIGNATURE_BYTE -// -//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME _S_NAME _SUFFIX - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); diff --git a/crypto_sign/rainbowIa-classic/clean/blas.h b/crypto_sign/rainbowIa-classic/clean/blas.h index 0055ab74..efb19a34 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas.h +++ b/crypto_sign/rainbowIa-classic/clean/blas.h @@ -4,21 +4,25 @@ /// @brief Defining the implementations for linear algebra functions depending on the machine architecture. /// - #include "blas_comm.h" #include "blas_u32.h" +#include "rainbow_config.h" + +#define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32 +#define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32 + +#ifdef _USE_GF16 -//TODO remove the gf16v/gf256v if they are not used in the parameter sets #define gf16v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32 #define gf16v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32 +#define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32 + +#else -#define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32 #define gf256v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32 #define gf256v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32 -#define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32 -#define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32 - +#endif #endif // _BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.c b/crypto_sign/rainbowIa-classic/clean/blas_comm.c index 768fe58a..ffa3b02f 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.c @@ -2,13 +2,20 @@ /// @brief The standard implementations for blas_comm.h /// -#include "blas_comm.h" #include "blas.h" +#include "blas_comm.h" #include "gf.h" +#include "rainbow_config.h" #include #include + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { + gf256v_add(b, b, _num_byte); +} +#ifdef _USE_GF16 + /// @brief get an element from GF(16) vector . /// /// @param[in] a - the input vector a. @@ -37,45 +44,6 @@ static uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned return v; } - -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { - return a[i]; -} - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) { - gf256v_add(b, b, _num_byte); -} - -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { - uint8_t r = 0; - while ( _num_byte-- ) { - r |= a[0]; - a++; - } - return (0 == r); -} - -///////////////// multiplications //////////////////////////////// - -/// polynomial multplication -/// School boook - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned i = 0; i < _num; i++) { - gf256v_madd(c + i, a, b[i], _num); - } -} - -/////////// matrix-vector - static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); for (unsigned i = 0; i < n_A_width; i++) { @@ -85,17 +53,6 @@ static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_b } } -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned i = 0; i < n_A_width; i++) { - gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - - -/////////// matrix-matrix - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { unsigned n_vec_byte = (len_vec + 1) / 2; for (unsigned k = 0; k < len_vec; k++) { @@ -109,20 +66,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { - unsigned n_vec_byte = len_vec; - for (unsigned k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned i = 0; i < len_vec; i++) { - gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -///////////////// algorithms: gaussian elim ////////////////// - static unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) { unsigned n_w_byte = (w + 1) / 2; @@ -190,9 +133,54 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ gf16mat_submat(inv_a, H, H, aa, 2 * H, H); return r8; } +#else +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) { + return a[i]; +} +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) { + uint8_t r = 0; + while ( _num_byte-- ) { + r |= a[0]; + a++; + } + return (0 == r); +} -///////////////////////////////////////////////// +/// polynomial multplication +/// School boook +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); + for (unsigned i = 0; i < _num; i++) { + gf256v_madd(c + i, a, b[i], _num); + } +} + +static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); + for (unsigned i = 0; i < n_A_width; i++) { + gf256v_madd(c, matA, b[i], n_A_vec_byte); + matA += n_A_vec_byte; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) { + unsigned n_vec_byte = len_vec; + for (unsigned k = 0; k < len_vec; k++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); + const uint8_t *bk = b + n_vec_byte * k; + for (unsigned i = 0; i < len_vec; i++) { + gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); + } + c += n_vec_byte; + } +} static unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) { @@ -261,22 +249,17 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint return r8; } +#endif -//////////////////////////////////////////////////// - - -// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE_ +// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE +#ifdef _USE_GF16 #define gf16mat_prod_impl gf16mat_prod_ref #define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref #define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref - @@ -294,6 +277,10 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, c } +#else +#define gf256mat_prod_impl gf256mat_prod_ref +#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref +#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) { gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b); } @@ -307,4 +294,4 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol, return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n ); } - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_comm.h b/crypto_sign/rainbowIa-classic/clean/blas_comm.h index 777a4761..00fa8a01 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_comm.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_comm.h @@ -4,26 +4,10 @@ /// @brief Common functions for linear algebra. /// +#include "rainbow_config.h" #include -/// @brief get an element from GF(16) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); - -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); - - /// @brief set a vector to 0. /// /// @param[in,out] b - the vector b. @@ -31,51 +15,14 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte); - -/// @brief check if a vector is 0. +#ifdef _USE_GF16 +/// @brief get an element from GF(16) vector . /// -/// @param[in] a - the vector a. -/// @param[in] _num_byte - number of bytes for the vector a. -/// @return 1(true) if a is 0. 0(false) else. +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. /// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); - - - -///////////////// Section: multiplications //////////////////////////////// - - -/// @brief polynomial multiplication: c = a*b -/// -/// @param[out] c - the output polynomial c -/// @param[in] a - the vector a. -/// @param[in] b - the vector b. -/// @param[in] _num - number of elements for the polynomials a and b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); - - -/// @brief matrix-vector multiplication: c = matA * b , in GF(16) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - - -/// @brief matrix-vector multiplication: c = matA * b , in GF(256) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); - +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i); /// @brief matrix-matrix multiplication: c = a * b , in GF(16) /// @@ -86,22 +33,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *mat /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(256) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); - - - - -///////////////// algorithms: gaussian elim ////////////////// - - /// @brief Gauss elimination for a matrix, in GF(16) /// /// @param[in,out] mat - the matrix. @@ -121,6 +52,74 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigne /// unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); +/// @brief Computing the inverse matrix, in GF(16) +/// +/// @param[out] inv_a - the output of matrix a. +/// @param[in] a - a matrix a. +/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. +/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. +/// @return 1(true) if success. 0(false) if the matrix is singular. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); + +/// @brief matrix-vector multiplication: c = matA * b , in GF(16) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +#else +/// @brief get an element from GF(256) vector . +/// +/// @param[in] a - the input vector a. +/// @param[in] i - the index in the vector a. +/// @return the value of the element. +/// +uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i); + + + +/// @brief check if a vector is 0. +/// +/// @param[in] a - the vector a. +/// @param[in] _num_byte - number of bytes for the vector a. +/// @return 1(true) if a is 0. 0(false) else. +/// +unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte); + + +/// @brief polynomial multiplication: c = a*b +/// +/// @param[out] c - the output polynomial c +/// @param[in] a - the vector a. +/// @param[in] b - the vector b. +/// @param[in] _num - number of elements for the polynomials a and b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num); + + +/// @brief matrix-vector multiplication: c = matA * b , in GF(256) +/// +/// @param[out] c - the output vector c +/// @param[in] matA - a column-major matrix A. +/// @param[in] n_A_vec_byte - the size of column vectors in bytes. +/// @param[in] n_A_width - the width of matrix A. +/// @param[in] b - the vector b. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b); + +/// @brief matrix-matrix multiplication: c = a * b , in GF(256) +/// +/// @param[out] c - the output matrix c +/// @param[in] c - a matrix a. +/// @param[in] b - a matrix b. +/// @param[in] len_vec - the length of column vectors. +/// +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec); /// @brief Gauss elimination for a matrix, in GF(256) /// @@ -141,22 +140,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsign /// unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n); - - -//////////////// Section: inversion for matrices ////////////////////////// - - -/// @brief Computing the inverse matrix, in GF(16) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); - - /// @brief Computing the inverse matrix, in GF(256) /// /// @param[out] inv_a - the output of matrix a. @@ -166,6 +149,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_ /// @return 1(true) if success. 0(false) if the matrix is singular. /// unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer); +#endif #endif // _BLAS_COMM_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.c b/crypto_sign/rainbowIa-classic/clean/blas_u32.c index e52d5a39..d6068a6d 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.c +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.c @@ -1,23 +1,6 @@ #include "blas_u32.h" #include "gf.h" -//TODO remove the gf16v/gf256v if they are not used in the parameter sets -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *b_u32 = (uint32_t *) accu_b; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - b_u32[i] ^= a_u32[i]; - } - - a += (n_u32 << 2); - accu_b += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - accu_b[i] ^= a[i]; - } -} - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) { uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate); uint8_t pr_u8 = pr_u32 & 0xff; @@ -37,6 +20,24 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, u } } +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *b_u32 = (uint32_t *) accu_b; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + b_u32[i] ^= a_u32[i]; + } + + a += (n_u32 << 2); + accu_b += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + accu_b[i] ^= a[i]; + } +} + + +#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; @@ -61,30 +62,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf1 } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *a_u32 = (uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); - for (unsigned i = 0; i < rem; i++) { - a[i] = t.u8[i]; - } -} - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; uint32_t *c_u32 = (uint32_t *) accu_c; @@ -110,32 +87,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_ } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { - unsigned n_u32 = _num_byte >> 2; - uint32_t *c_u32 = (uint32_t *) accu_c; - const uint32_t *a_u32 = (const uint32_t *) a; - for (unsigned i = 0; i < n_u32; i++) { - c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); - } - - union tmp_32 { - uint8_t u8[4]; - uint32_t u32; - } t; - t.u32 = 0; - accu_c += (n_u32 << 2); - a += (n_u32 << 2); - unsigned rem = _num_byte & 3; - for (unsigned i = 0; i < rem; i++) { - t.u8[i] = a[i]; - } - t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); - for (unsigned i = 0; i < rem; i++) { - accu_c[i] ^= t.u8[i]; - } -} - - uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) { unsigned n_u32 = _num_byte >> 2; const uint32_t *a_u32 = (const uint32_t *) a; @@ -163,3 +114,57 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uin } return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r); } + +#else + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *a_u32 = (uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b); + for (unsigned i = 0; i < rem; i++) { + a[i] = t.u8[i]; + } +} + + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) { + unsigned n_u32 = _num_byte >> 2; + uint32_t *c_u32 = (uint32_t *) accu_c; + const uint32_t *a_u32 = (const uint32_t *) a; + for (unsigned i = 0; i < n_u32; i++) { + c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], gf256_b); + } + + union tmp_32 { + uint8_t u8[4]; + uint32_t u32; + } t; + t.u32 = 0; + accu_c += (n_u32 << 2); + a += (n_u32 << 2); + unsigned rem = _num_byte & 3; + for (unsigned i = 0; i < rem; i++) { + t.u8[i] = a[i]; + } + t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, gf256_b); + for (unsigned i = 0; i < rem; i++) { + accu_c[i] ^= t.u8[i]; + } +} + +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/blas_u32.h b/crypto_sign/rainbowIa-classic/clean/blas_u32.h index 199427e0..5955b3e6 100644 --- a/crypto_sign/rainbowIa-classic/clean/blas_u32.h +++ b/crypto_sign/rainbowIa-classic/clean/blas_u32.h @@ -4,16 +4,24 @@ /// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch. /// +#include "rainbow_config.h" #include -//TODO remove the gf16v/gf256v if they are not used in the parameter sets -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte); + +#ifdef _USE_GF16 + void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte); -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte); +#else + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte); +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte); + +#endif + #endif // _BLAS_U32_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/gf.c b/crypto_sign/rainbowIa-classic/clean/gf.c index 2f5fc7c9..970d4c2e 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.c +++ b/crypto_sign/rainbowIa-classic/clean/gf.c @@ -1,8 +1,14 @@ #include "gf.h" -//TODO remove the gf16v/gf256v if they are not used in the parameter sets - +static inline uint8_t gf256v_reduce_u32(uint32_t a) { + // https://godbolt.org/z/7hirMb + uint16_t *aa = (uint16_t *) (&a); + uint16_t r = aa[0] ^ aa[1]; + uint8_t *rr = (uint8_t *) (&r); + return rr[0] ^ rr[1]; +} +#ifdef _USE_GF16 //// gf4 := gf2[x]/x^2+x+1 static inline uint8_t gf4_mul_2(uint8_t a) { uint8_t r = (uint8_t) (a << 1); @@ -129,14 +135,6 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3); } -static inline uint8_t gf256v_reduce_u32(uint32_t a) { - // https://godbolt.org/z/7hirMb - uint16_t *aa = (uint16_t *) (&a); - uint16_t r = aa[0] ^ aa[1]; - uint8_t *rr = (uint8_t *) (&r); - return rr[0] ^ rr[1]; -} - uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) { uint8_t r256 = gf256v_reduce_u32(a); return (uint8_t)((r256 & 0xf) ^ (r256 >> 4)); @@ -148,6 +146,7 @@ static inline uint32_t gf16v_mul_8_u32(uint32_t a) { return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2); } +#else uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { unsigned a8 = a; unsigned r = ((unsigned) 0) - a8; @@ -200,3 +199,4 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) { return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4); } +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/gf.h b/crypto_sign/rainbowIa-classic/clean/gf.h index 8bde5bcd..2db5c312 100644 --- a/crypto_sign/rainbowIa-classic/clean/gf.h +++ b/crypto_sign/rainbowIa-classic/clean/gf.h @@ -1,19 +1,28 @@ #ifndef _GF16_H_ #define _GF16_H_ +#include "rainbow_config.h" #include /// @file gf16.h /// @brief Library for arithmetics in GF(16) and GF(256) /// + +#ifdef _USE_GF16 + uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a); + +#else + uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a); uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b); +#endif + #endif // _GF16_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c index 4ecc5f58..d8d48f5a 100644 --- a/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c +++ b/crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c @@ -4,14 +4,10 @@ /// the standard implementations for functions in parallel_matrix_op.h /// -#include "blas_comm.h" #include "blas.h" - +#include "blas_comm.h" #include "parallel_matrix_op.h" - -//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - /// /// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. /// @@ -55,13 +51,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const } } - - - -///////////////// Section: matrix multiplications /////////////////////////////// - - - +#ifdef _USE_GF16 void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -80,28 +70,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - unsigned Aheight = Awidth; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Aheight = Bheight; @@ -118,25 +86,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Aheight = Bheight; @@ -153,25 +102,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Aheight = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { unsigned Atr_height = Awidth; @@ -184,21 +114,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, co } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, - const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { - unsigned Atr_height = Awidth; - unsigned Atr_width = Aheight; - for (unsigned i = 0; i < Atr_height; i++) { - for (unsigned j = 0; j < Atr_width; j++) { - gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); - } - bC += size_batch * Bwidth; - } -} - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { const unsigned char *bA = bA_to_tr; @@ -213,24 +128,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, c } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - const unsigned char *bA = bA_to_tr; - unsigned Aheight = Awidth_before_tr; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - } -} - - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight, const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { unsigned Awidth = Bheight; @@ -245,72 +142,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, cons } } -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, - const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { - unsigned Awidth = Bheight; - for (unsigned i = 0; i < Aheight; i++) { - for (unsigned j = 0; j < Bwidth; j++) { - for (unsigned k = 0; k < Bheight; k++) { - gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - - - - -//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); - for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = i; j < dim; j++) { - gf16v_madd( tmp, trimat, _x[j], size_batch ); - trimat += size_batch; - } - gf16v_madd( y, tmp, _x[i], size_batch ); - } -} - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); - } - - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); - for (unsigned i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); - for (unsigned j = i; j < dim; j++) { - gf256v_madd( tmp, trimat, _x[j], size_batch ); - trimat += size_batch; - } - gf256v_madd( y, tmp, _x[i], size_batch ); - } -} - - - - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ) { unsigned char tmp[128]; @@ -335,6 +166,133 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char * } } +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf16v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf16v_madd( y, tmp, _x[i], size_batch ); + } +} +#else +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + unsigned Aheight = Awidth; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (k < i) { + continue; + } + gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + btriA += (Aheight - i) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i < k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Aheight = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + if (i == k) { + continue; + } + gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth, + const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) { + unsigned Atr_height = Awidth; + unsigned Atr_width = Aheight; + for (unsigned i = 0; i < Atr_height; i++) { + for (unsigned j = 0; j < Atr_width; j++) { + gf256v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth ); + } + bC += size_batch * Bwidth; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + const unsigned char *bA = bA_to_tr; + unsigned Aheight = Awidth_before_tr; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight, + const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) { + unsigned Awidth = Bheight; + for (unsigned i = 0; i < Aheight; i++) { + for (unsigned j = 0; j < Bwidth; j++) { + for (unsigned k = 0; k < Bheight; k++) { + gf256v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch ); + } + bC += size_batch; + } + bA += (Awidth) * size_batch; + } +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) { + unsigned char tmp[256]; + + unsigned char _x[256]; + for (unsigned i = 0; i < dim; i++) { + _x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( x, i ); + } + + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch ); + for (unsigned i = 0; i < dim; i++) { + PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch ); + for (unsigned j = i; j < dim; j++) { + gf256v_madd( tmp, trimat, _x[j], size_batch ); + trimat += size_batch; + } + gf256v_madd( y, tmp, _x[i], size_batch ); + } +} void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat, const unsigned char *x, unsigned dim_x, unsigned size_batch ) { @@ -360,5 +318,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char } } - - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.c b/crypto_sign/rainbowIa-classic/clean/rainbow.c index 9ce5ff8b..bbbd1456 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.c @@ -18,8 +18,7 @@ #define _MAX_O ((_O1>_O2)?_O1:_O2) #define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE) - - +#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) { uint8_t mat_l1[_O1 * _O1_BYTE]; uint8_t mat_l2[_O2 * _O2_BYTE]; @@ -149,13 +148,10 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE ); return 0; } +#endif - - - - - +#ifdef _RAINBOW_CLASSIC int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) { unsigned char digest_ck[_PUB_M_BYTE]; // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. @@ -174,22 +170,21 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const } return (0 == cc) ? 0 : -1; } +#endif - - +#ifdef _RAINBOW_CYCLIC_COMPRESSED /////////////// cyclic version /////////////////////////// - - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) { unsigned char sk[sizeof(sk_t) + 32]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key. return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest ); } +#endif +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) { unsigned char pk[sizeof(pk_t) +32]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key. return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk ); } - - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow.h b/crypto_sign/rainbowIa-classic/clean/rainbow.h index 9aa4a11c..9e8c53f5 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow.h @@ -10,8 +10,7 @@ #include - - +#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC) /// /// @brief Signing function for classical secret key. /// @@ -20,7 +19,9 @@ /// @param[in] digest - the digest. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest ); +#endif +#ifdef _RAINBOW_CLASSIC /// /// @brief Verifying function. /// @@ -30,8 +31,9 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ); +#endif - +#ifdef _RAINBOW_CYCLIC_COMPRESSED /// /// @brief Signing function for compressed secret key of the cyclic rainbow. /// @@ -40,7 +42,9 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const /// @param[in] digest - the digest. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest ); +#endif +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// /// @brief Verifying function for cyclic public keys. /// @@ -50,5 +54,6 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, cons /// @return 0 for successful verified. -1 for failed verification. /// int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk ); +#endif #endif // _RAINBOW_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h index dd463840..a8253e37 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_blas.h @@ -7,11 +7,11 @@ #include "blas.h" - #include "parallel_matrix_op.h" - #include "rainbow_config.h" +#ifdef _USE_GF16 + #define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele #define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar #define gfv_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd @@ -29,5 +29,27 @@ #define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16 #define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16 +#else + +#define gfv_get_ele gf256v_get_ele +#define gfv_mul_scalar gf256v_mul_scalar +#define gfv_madd gf256v_madd + +#define gfmat_prod gf256mat_prod +#define gfmat_inv gf256mat_inv + +#define batch_trimat_madd batch_trimat_madd_gf256 +#define batch_trimatTr_madd batch_trimatTr_madd_gf256 +#define batch_2trimat_madd batch_2trimat_madd_gf256 +#define batch_matTr_madd batch_matTr_madd_gf256 +#define batch_bmatTr_madd batch_bmatTr_madd_gf256 +#define batch_mat_madd batch_mat_madd_gf256 + +#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256 +#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256 + +#endif + + #endif // _RAINBOW_BLAS_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h index b7750aa3..8245677c 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_config.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_config.h @@ -1,59 +1,52 @@ #ifndef _H_RAINBOW_CONFIG_H_ #define _H_RAINBOW_CONFIG_H_ + /// @file rainbow_config.h /// @brief Defining the parameters of the Rainbow and the corresponding constants. /// -/// Defining one of the 3 parameter _RAINBOW16_32_32_32 , _RAINBOW256_68_36_36 , or _RAINBOW256_92_48_48 -/// for (GF16,32,32,32) (GF256,68,36,36) (GF256,92,48,48) in this file. -/// -/// // TODO: refactor this - /// the defined parameter -//#if (!defined(_RAINBOW16_32_32_32))&&(!defined(_RAINBOW256_68_36_36))&&(!defined(_RAINBOW256_92_48_48)) #define _RAINBOW16_32_32_32 //#define _RAINBOW256_68_36_36 //#define _RAINBOW256_92_48_48 -//#endif + +#define _RAINBOW_CLASSIC +//#define _RAINBOW_CYCLIC +//#define _RAINBOW_CYCLIC_COMPRESSED -//#if defined _RAINBOW16_32_32_32 +#if defined _RAINBOW16_32_32_32 #define _USE_GF16 #define _GFSIZE 16 #define _V1 32 #define _O1 32 #define _O2 32 #define _HASH_LEN 32 -// -//#elif defined _RAINBOW256_68_36_36 -//#define _GFSIZE 256 -//#define _V1 68 -//#define _O1 36 -//#define _O2 36 -//#define _HASH_LEN 48 -// -//#elif defined _RAINBOW256_92_48_48 -//#define _GFSIZE 256 -//#define _V1 92 -//#define _O1 48 -//#define _O2 48 -//#define _HASH_LEN 64 -// -//#else -//error here. -//#endif + +#elif defined _RAINBOW256_68_36_36 +#define _GFSIZE 256 +#define _V1 68 +#define _O1 36 +#define _O2 36 +#define _HASH_LEN 48 + +#elif defined _RAINBOW256_92_48_48 +#define _GFSIZE 256 +#define _V1 92 +#define _O1 48 +#define _O2 48 +#define _HASH_LEN 64 + +#else +error here. +#endif #define _V2 ((_V1)+(_O1)) -#define STR1(x) #x -#define THE_NAME(gf,v1,o1,o2) "RAINBOW(" STR1(gf) "," STR1(v1) "," STR1(o1) "," STR1(o2) ")" -#define _S_NAME THE_NAME(_GFSIZE,_V1,_O1,_O2) - - /// size of N, in # of gf elements. #define _PUB_N (_V1+_O1+_O2) @@ -64,7 +57,7 @@ /// size of variables, in # bytes. -//#ifdef _USE_GF16 +#ifdef _USE_GF16 // GF16 #define _V1_BYTE (_V1/2) #define _V2_BYTE (_V2/2) @@ -73,16 +66,16 @@ #define _PUB_N_BYTE (_PUB_N/2) #define _PUB_M_BYTE (_PUB_M/2) -//#else -//// GF256 -//#define _V1_BYTE (_V1) -//#define _V2_BYTE (_V2) -//#define _O1_BYTE (_O1) -//#define _O2_BYTE (_O2) -//#define _PUB_N_BYTE (_PUB_N) -//#define _PUB_M_BYTE (_PUB_M) -// -//#endif +#else +// GF256 +#define _V1_BYTE (_V1) +#define _V2_BYTE (_V2) +#define _O1_BYTE (_O1) +#define _O2_BYTE (_O2) +#define _PUB_N_BYTE (_PUB_N) +#define _PUB_M_BYTE (_PUB_M) + +#endif /// length of seed for public key, in # bytes diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c index 009006f4..8c6ebebe 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c @@ -71,41 +71,6 @@ void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) { generate_l2_F12356( sk, prng0 ); } - -////////////////////////////////////////////////////////// - - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { - // procedure: cpk_t --> extcpk_t --> pk_t - - // convert from cpk_t to extcpk_t - ext_cpk_t pk; - - // setup prng - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); - - // generating parts of key with prng - generate_l1_F12( pk.l1_Q1, &prng0 ); - // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 - memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); - - // generating parts of key with prng - generate_l2_F12356( pk.l2_Q1, &prng0 ); - // copying parts of key from input: l2_Q9 - memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); - - // convert from extcpk_t to pk_t - PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); -} - - - -///////////////////////////////////////////////////////// - - - static void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) { // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 @@ -119,8 +84,6 @@ void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsig } } - - static void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) { unsigned char temp[_O1_BYTE + 32]; @@ -132,11 +95,8 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, } } - - /////////////////// Classic ////////////////////////////////// - static void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); @@ -153,14 +113,7 @@ void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { memset( &prng0, 0, sizeof(prng_t) ); } - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) { - _generate_secretkey( sk, sk_seed ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); -} - - - +#if defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) { _generate_secretkey( sk, sk_seed ); @@ -180,42 +133,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t. } +#endif - +#if defined _RAINBOW_CYCLIC ///////////////////// Cyclic ////////////////////////////////// - - -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { - memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); - - // prng for sk - prng_t prng0; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); - generate_S_T( sk->s1, &prng0 ); - calculate_t4( sk->t4, sk->t1, sk->t3 ); - - // prng for pk - sk_t inst_Qs; - sk_t *Qs = &inst_Qs; - prng_t prng1; - PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); - generate_B1_B2( Qs->l1_F1, &prng1 ); - - obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); - obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); - - // calcuate the parts of sk according to pk. - PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); - - // clean prng for sk - memset( &prng0, 0, sizeof(prng_t) ); -} - - - - - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { memcpy( pk->pk_seed, pk_seed, LEN_PKSEED ); @@ -253,15 +175,66 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk memset( &prng, 0, sizeof(prng_t) ); } +#endif +#ifdef _RAINBOW_CYCLIC_COMPRESSED void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED ); memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED ); sk_t sk; PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed ); } +#endif +#ifdef _RAINBOW_CYCLIC_COMPRESSED +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) { + memcpy( sk->sk_seed, sk_seed, LEN_SKSEED ); + // prng for sk + prng_t prng0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED ); + generate_S_T( sk->s1, &prng0 ); + calculate_t4( sk->t4, sk->t1, sk->t3 ); + // prng for pk + sk_t inst_Qs; + sk_t *Qs = &inst_Qs; + prng_t prng1; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED ); + generate_B1_B2( Qs->l1_F1, &prng1 ); + obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 ); + obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 ); + + // calcuate the parts of sk according to pk. + PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk ); + + // clean prng for sk + memset( &prng0, 0, sizeof(prng_t) ); +} + +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) { + // procedure: cpk_t --> extcpk_t --> pk_t + + // convert from cpk_t to extcpk_t + ext_cpk_t pk; + + // setup prng + prng_t prng0; + PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED ); + + // generating parts of key with prng + generate_l1_F12( pk.l1_Q1, &prng0 ); + // copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9 + memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) ); + + // generating parts of key with prng + generate_l2_F12356( pk.l2_Q1, &prng0 ); + // copying parts of key from input: l2_Q9 + memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) ); + + // convert from extcpk_t to pk_t + PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); +} +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h index d5996138..f32f3694 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h @@ -54,6 +54,7 @@ struct rainbow_secretkey { +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) /// @brief public key for cyclic rainbow /// /// public key for cyclic rainbow @@ -81,12 +82,10 @@ struct rainbow_secretkey_cyclic { unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key. unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key. } csk_t; +#endif - -///////////////////////////////////// - - +#if defined _RAINBOW_CLASSIC /// /// @brief Generate key pairs for classic rainbow. /// @@ -96,6 +95,7 @@ struct rainbow_secretkey_cyclic { /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed ); +#elif defined _RAINBOW_CYCLIC /// /// @brief Generate key pairs for cyclic rainbow. /// @@ -106,6 +106,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#elif defined _RAINBOW_CYCLIC_COMPRESSED /// /// @brief Generate compressed key pairs for cyclic rainbow. /// @@ -115,17 +116,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk /// @param[in] sk_seed - seed for generating the secret key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ); +#endif -//////////////////////////////////// - -/// -/// @brief Generate secret key for classic rainbow. -/// -/// @param[out] sk - the secret key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed ); - +#ifdef _RAINBOW_CYCLIC_COMPRESSED /// /// @brief Generate secret key for cyclic rainbow. /// @@ -144,5 +137,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const u /// @param[in] cpk - the cyclic public key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk ); +#endif #endif // _RAINBOW_KEYPAIR_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c index 2c229aa0..444be99f 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c @@ -13,11 +13,7 @@ #include -//////////////////////////////////////////////////////////////// - - - - +#if defined _RAINBOW_CLASSIC void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) { const unsigned char *idx_l1 = cpk->l1_Q1; const unsigned char *idx_l2 = cpk->l2_Q1; @@ -87,11 +83,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk } } - - -///////////////////////////////////////////////////////// - - static void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { /* @@ -197,12 +188,16 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6 batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6 } +// TODO: these defines are not really required for a clean implementation - just implement directly +#define calculate_Q_from_F_impl calculate_Q_from_F_ref +void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { + calculate_Q_from_F_impl( Qs, Fs, Ts ); +} + +#endif - - - -///////////////////////////////////////////////////// +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) static void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { @@ -336,16 +331,11 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) // Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_ -#define calculate_Q_from_F_impl calculate_Q_from_F_ref #define calculate_F_from_Q_impl calculate_F_from_Q_ref #define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref -void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) { - calculate_Q_from_F_impl( Qs, Fs, Ts ); -} - void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) { calculate_F_from_Q_impl( Fs, Qs, Ts ); } @@ -354,4 +344,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts ); } - +#endif diff --git a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h index ec27f572..761c52a2 100644 --- a/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h +++ b/crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h @@ -11,6 +11,7 @@ #include "rainbow_keypair.h" +#if defined _RAINBOW_CLASSIC /// @brief The (internal use) public key for rainbow /// /// The (internal use) public key for rainbow. The public @@ -43,8 +44,6 @@ struct rainbow_extend_publickey { /// @param[in] cpk - the internel public key. /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ); - - ///////////////////////////////////////////////// /// @@ -56,6 +55,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); +#endif + + +#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED) + /// /// @brief Computing parts of the sk from parts of pk and sk @@ -74,6 +78,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs /// @param[in] Ts - parts of the sk: T1, T4, T3 /// void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ); +#endif #endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/crypto_sign/rainbowIa-classic/clean/sign.c b/crypto_sign/rainbowIa-classic/clean/sign.c index cfc9280d..8fdb2c19 100644 --- a/crypto_sign/rainbowIa-classic/clean/sign.c +++ b/crypto_sign/rainbowIa-classic/clean/sign.c @@ -14,31 +14,30 @@ - int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char sk_seed[LEN_SKSEED] = {0}; randombytes( sk_seed, LEN_SKSEED ); -// #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed ); -// #elif defined _RAINBOW_CYCLIC + #elif defined _RAINBOW_CYCLIC -// unsigned char pk_seed[LEN_PKSEED] = {0}; -// randombytes( pk_seed, LEN_PKSEED ); -// generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed ); -// #elif defined _RAINBOW_CYCLIC_COMPRESSED + #elif defined _RAINBOW_CYCLIC_COMPRESSED -// unsigned char pk_seed[LEN_PKSEED] = {0}; -// randombytes( pk_seed, LEN_PKSEED ); -// generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); + unsigned char pk_seed[LEN_PKSEED] = {0}; + randombytes( pk_seed, LEN_PKSEED ); + generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed ); -// #else -// error here -// #endif + #else + error here + #endif return 0; } @@ -55,21 +54,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con memcpy( sm, m, mlen ); smlen[0] = mlen + _SIGNATURE_BYTE; -// #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); -// #elif defined _RAINBOW_CYCLIC + #elif defined _RAINBOW_CYCLIC -// return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); + return rainbow_sign( sm + mlen, (const sk_t *)sk, digest ); -// #elif defined _RAINBOW_CYCLIC_COMPRESSED + #elif defined _RAINBOW_CYCLIC_COMPRESSED -// return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); + return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest ); -// #else -// error here -// #endif + #else + error here + #endif } @@ -81,7 +80,7 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { -//TODO: this should not copy out the message if verification fails + //TODO: this should not copy out the message if verification fails if ( _SIGNATURE_BYTE > smlen ) { return -1; } @@ -91,21 +90,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen ); -// #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk ); -// #elif defined _RAINBOW_CYCLIC + #elif defined _RAINBOW_CYCLIC -// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); -// #elif defined _RAINBOW_CYCLIC_COMPRESSED + #elif defined _RAINBOW_CYCLIC_COMPRESSED -// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk ); -// #else -// error here -// #endif + #else + error here + #endif } @@ -117,16 +116,15 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature( PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); *siglen = _SIGNATURE_BYTE; - // #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - // #elif defined _RAINBOW_CYCLIC - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); - // #elif defined _RAINBOW_CYCLIC_COMPRESSED - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); - // #else - // error here - // #endif - + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest ); + #else + error here + #endif } int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( @@ -137,14 +135,14 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify( } unsigned char digest[_HASH_LEN]; PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen ); - // #if defined _RAINBOW_CLASSIC + #if defined _RAINBOW_CLASSIC return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk ); - // #elif defined _RAINBOW_CYCLIC - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - // #elif defined _RAINBOW_CYCLIC_COMPRESSED - // return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); - // #else - // error here - // #endif + #elif defined _RAINBOW_CYCLIC + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #elif defined _RAINBOW_CYCLIC_COMPRESSED + return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk ); + #else + error here + #endif } diff --git a/crypto_sign/rainbowIa-classic/clean/utils_hash.c b/crypto_sign/rainbowIa-classic/clean/utils_hash.c index ffe7d68e..6a4cac91 100644 --- a/crypto_sign/rainbowIa-classic/clean/utils_hash.c +++ b/crypto_sign/rainbowIa-classic/clean/utils_hash.c @@ -9,15 +9,15 @@ static inline int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) { -// #if 32 == _HASH_LEN + #if 32 == _HASH_LEN sha256(digest, m, mlen); -// #elif 48 == _HASH_LEN -// sha384(digest, m, mlen); -// #elif 64 == _HASH_LEN -// sha512(digest, m, mlen); -// #else -//#error "unsupported _HASH_LEN" -// #endif + #elif 48 == _HASH_LEN + sha384(digest, m, mlen); + #elif 64 == _HASH_LEN + sha512(digest, m, mlen); + #else +#error "unsupported _HASH_LEN" + #endif return 0; }