kris
/
pqc
1
1
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
Преглед на файлове

cyclic and compressedcycles parameter sets

master
Matthias J. Kannwischer преди 5 години
committed by Douglas Stebila
родител
64413d2bab
ревизия
d42e96368a
променени са 19 файла, в които са добавени 523 реда и са изтрити 624 реда
Разделен изглед
Diff Options
Показване на статистика Download Patch File Download Diff File
  1. +0
    -30
      crypto_sign/rainbowIa-classic/clean/api.h
  2. +10
    -6
      crypto_sign/rainbowIa-classic/clean/blas.h
  3. +62
    -75
      crypto_sign/rainbowIa-classic/clean/blas_comm.c
  4. +59
    -75
      crypto_sign/rainbowIa-classic/clean/blas_comm.h
  5. +55
    -50
      crypto_sign/rainbowIa-classic/clean/blas_u32.c
  6. +12
    -4
      crypto_sign/rainbowIa-classic/clean/blas_u32.h
  7. +10
    -10
      crypto_sign/rainbowIa-classic/clean/gf.c
  8. +9
    -0
      crypto_sign/rainbowIa-classic/clean/gf.h
  9. +101
    -144
      crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c
  10. +8
    -13
      crypto_sign/rainbowIa-classic/clean/rainbow.c
  11. +8
    -3
      crypto_sign/rainbowIa-classic/clean/rainbow.h
  12. +24
    -2
      crypto_sign/rainbowIa-classic/clean/rainbow_blas.h
  13. +34
    -41
      crypto_sign/rainbowIa-classic/clean/rainbow_config.h
  14. +54
    -81
      crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c
  15. +8
    -14
      crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h
  16. +9
    -19
      crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c
  17. +7
    -2
      crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h
  18. +45
    -47
      crypto_sign/rainbowIa-classic/clean/sign.c
  19. +8
    -8
      crypto_sign/rainbowIa-classic/clean/utils_hash.c

+ 0
- 30
crypto_sign/rainbowIa-classic/clean/api.h Целия файл

@@ -4,41 +4,11 @@
#include <stddef.h>
#include <stdint.h>

#define _RAINBOW_CLASSIC
//#define _RAINBOW_CYCLIC
//#define _RAINBOW_CYCLIC_COMPRESSED

#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 92960
#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 148992
#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES 64
#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(16,32,32,32) - classic"

//TODO: remove this after creating the other parameter sets

//#if defined _RAINBOW_CLASSIC
//
//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES sizeof(sk_t)
//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES sizeof(pk_t)
//
//#elif defined _RAINBOW_CYCLIC
//
//#define CRYPTO_SECRETKEYBYTES sizeof(sk_t)
//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t)
//
//#elif defined _RAINBOW_CYCLIC_COMPRESSED
//
//#define CRYPTO_SECRETKEYBYTES sizeof(csk_t)
//#define CRYPTO_PUBLICKEYBYTES sizeof(cpk_t)
//
//#else
//error here
//#endif
//
//
//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_BYTES _SIGNATURE_BYTE
//
//#define PQCLEAN_RAINBOWIACLASSIC_CLEAN_CRYPTO_ALGNAME _S_NAME _SUFFIX

int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk);




+ 10
- 6
crypto_sign/rainbowIa-classic/clean/blas.h Целия файл

@@ -4,21 +4,25 @@
/// @brief Defining the implementations for linear algebra functions depending on the machine architecture.
///


#include "blas_comm.h"
#include "blas_u32.h"
#include "rainbow_config.h"

#define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32
#define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32

#ifdef _USE_GF16

//TODO remove the gf16v/gf256v if they are not used in the parameter sets
#define gf16v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32
#define gf16v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32
#define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32

#else

#define gf256v_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32
#define gf256v_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32
#define gf256v_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32

#define gf256v_predicated_add PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32
#define gf16v_dot PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32

#endif

#endif // _BLAS_H_


+ 62
- 75
crypto_sign/rainbowIa-classic/clean/blas_comm.c Целия файл

@@ -2,13 +2,20 @@
/// @brief The standard implementations for blas_comm.h
///

#include "blas_comm.h"
#include "blas.h"
#include "blas_comm.h"
#include "gf.h"
#include "rainbow_config.h"

#include <stdint.h>
#include <string.h>


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) {
gf256v_add(b, b, _num_byte);
}
#ifdef _USE_GF16

/// @brief get an element from GF(16) vector .
///
/// @param[in] a - the input vector a.
@@ -37,45 +44,6 @@ static uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned
return v;
}


/// @brief get an element from GF(256) vector .
///
/// @param[in] a - the input vector a.
/// @param[in] i - the index in the vector a.
/// @return the value of the element.
///
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) {
return a[i];
}


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte) {
gf256v_add(b, b, _num_byte);
}

unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) {
uint8_t r = 0;
while ( _num_byte-- ) {
r |= a[0];
a++;
}
return (0 == r);
}

///////////////// multiplications ////////////////////////////////

/// polynomial multplication
/// School boook

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1);
for (unsigned i = 0; i < _num; i++) {
gf256v_madd(c + i, a, b[i], _num);
}
}

/////////// matrix-vector

static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte);
for (unsigned i = 0; i < n_A_width; i++) {
@@ -85,17 +53,6 @@ static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_b
}
}

static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte);
for (unsigned i = 0; i < n_A_width; i++) {
gf256v_madd(c, matA, b[i], n_A_vec_byte);
matA += n_A_vec_byte;
}
}


/////////// matrix-matrix

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) {
unsigned n_vec_byte = (len_vec + 1) / 2;
for (unsigned k = 0; k < len_vec; k++) {
@@ -109,20 +66,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) {
unsigned n_vec_byte = len_vec;
for (unsigned k = 0; k < len_vec; k++) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte);
const uint8_t *bk = b + n_vec_byte * k;
for (unsigned i = 0; i < len_vec; i++) {
gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte);
}
c += n_vec_byte;
}
}

///////////////// algorithms: gaussian elim //////////////////

static
unsigned gf16mat_gauss_elim_ref(uint8_t *mat, unsigned h, unsigned w) {
unsigned n_w_byte = (w + 1) / 2;
@@ -190,9 +133,54 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_
gf16mat_submat(inv_a, H, H, aa, 2 * H, H);
return r8;
}
#else
/// @brief get an element from GF(256) vector .
///
/// @param[in] a - the input vector a.
/// @param[in] i - the index in the vector a.
/// @return the value of the element.
///
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i) {
return a[i];
}

unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte) {
uint8_t r = 0;
while ( _num_byte-- ) {
r |= a[0];
a++;
}
return (0 == r);
}

/////////////////////////////////////////////////
/// polynomial multplication
/// School boook
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1);
for (unsigned i = 0; i < _num; i++) {
gf256v_madd(c + i, a, b[i], _num);
}
}

static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte);
for (unsigned i = 0; i < n_A_width; i++) {
gf256v_madd(c, matA, b[i], n_A_vec_byte);
matA += n_A_vec_byte;
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec) {
unsigned n_vec_byte = len_vec;
for (unsigned k = 0; k < len_vec; k++) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte);
const uint8_t *bk = b + n_vec_byte * k;
for (unsigned i = 0; i < len_vec; i++) {
gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte);
}
c += n_vec_byte;
}
}

static
unsigned gf256mat_gauss_elim_ref( uint8_t *mat, unsigned h, unsigned w ) {
@@ -261,22 +249,17 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv( uint8_t *inv_a, const uint
return r8;
}

#endif




////////////////////////////////////////////////////


// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE_
// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE

#ifdef _USE_GF16
#define gf16mat_prod_impl gf16mat_prod_ref
#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref
#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref
#define gf256mat_prod_impl gf256mat_prod_ref
#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref
#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref




@@ -294,6 +277,10 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq( uint8_t *sol, c
}


#else
#define gf256mat_prod_impl gf256mat_prod_ref
#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref
#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b) {
gf256mat_prod_impl( c, matA, n_A_vec_byte, n_A_width, b);
}
@@ -307,4 +294,4 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq( uint8_t *sol,
return gf256mat_solve_linear_eq_impl( sol, inp_mat, c_terms, n );
}

#endif

+ 59
- 75
crypto_sign/rainbowIa-classic/clean/blas_comm.h Целия файл

@@ -4,9 +4,18 @@
/// @brief Common functions for linear algebra.
///

#include "rainbow_config.h"
#include <stdint.h>


/// @brief set a vector to 0.
///
/// @param[in,out] b - the vector b.
/// @param[in] _num_byte - number of bytes for the vector b.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte);

#ifdef _USE_GF16
/// @brief get an element from GF(16) vector .
///
/// @param[in] a - the input vector a.
@@ -15,6 +24,55 @@
///
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned i);

/// @brief matrix-matrix multiplication: c = a * b , in GF(16)
///
/// @param[out] c - the output matrix c
/// @param[in] c - a matrix a.
/// @param[in] b - a matrix b.
/// @param[in] len_vec - the length of column vectors.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec);

/// @brief Gauss elimination for a matrix, in GF(16)
///
/// @param[in,out] mat - the matrix.
/// @param[in] h - the height of the matrix.
/// @param[in] w - the width of the matrix.
/// @return 1(true) if success. 0(false) if the matrix is singular.
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w);

/// @brief Solving linear equations, in GF(16)
///
/// @param[out] sol - the solutions.
/// @param[in] inp_mat - the matrix parts of input equations.
/// @param[in] c_terms - the constant terms of the input equations.
/// @param[in] n - the number of equations.
/// @return 1(true) if success. 0(false) if the matrix is singular.
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n);

/// @brief Computing the inverse matrix, in GF(16)
///
/// @param[out] inv_a - the output of matrix a.
/// @param[in] a - a matrix a.
/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix.
/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes.
/// @return 1(true) if success. 0(false) if the matrix is singular.
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer);

/// @brief matrix-vector multiplication: c = matA * b , in GF(16)
///
/// @param[out] c - the output vector c
/// @param[in] matA - a column-major matrix A.
/// @param[in] n_A_vec_byte - the size of column vectors in bytes.
/// @param[in] n_A_width - the width of matrix A.
/// @param[in] b - the vector b.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b);

#else
/// @brief get an element from GF(256) vector .
///
/// @param[in] a - the input vector a.
@@ -24,13 +82,6 @@ uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned i);


/// @brief set a vector to 0.
///
/// @param[in,out] b - the vector b.
/// @param[in] _num_byte - number of bytes for the vector b.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_byte);


/// @brief check if a vector is 0.
///
@@ -41,10 +92,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned _num_by
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned _num_byte);



///////////////// Section: multiplications ////////////////////////////////


/// @brief polynomial multiplication: c = a*b
///
/// @param[out] c - the output polynomial c
@@ -55,17 +102,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigne
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned _num);


/// @brief matrix-vector multiplication: c = matA * b , in GF(16)
///
/// @param[out] c - the output vector c
/// @param[in] matA - a column-major matrix A.
/// @param[in] n_A_vec_byte - the size of column vectors in bytes.
/// @param[in] n_A_width - the width of matrix A.
/// @param[in] b - the vector b.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b);


/// @brief matrix-vector multiplication: c = matA * b , in GF(256)
///
/// @param[out] c - the output vector c
@@ -76,17 +112,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned n_A_vec_byte, unsigned n_A_width, const uint8_t *b);


/// @brief matrix-matrix multiplication: c = a * b , in GF(16)
///
/// @param[out] c - the output matrix c
/// @param[in] c - a matrix a.
/// @param[in] b - a matrix b.
/// @param[in] len_vec - the length of column vectors.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec);


/// @brief matrix-matrix multiplication: c = a * b , in GF(256)
///
/// @param[out] c - the output matrix c
@@ -96,32 +121,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, co
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned len_vec);




///////////////// algorithms: gaussian elim //////////////////


/// @brief Gauss elimination for a matrix, in GF(16)
///
/// @param[in,out] mat - the matrix.
/// @param[in] h - the height of the matrix.
/// @param[in] w - the width of the matrix.
/// @return 1(true) if success. 0(false) if the matrix is singular.
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned h, unsigned w);

/// @brief Solving linear equations, in GF(16)
///
/// @param[out] sol - the solutions.
/// @param[in] inp_mat - the matrix parts of input equations.
/// @param[in] c_terms - the constant terms of the input equations.
/// @param[in] n - the number of equations.
/// @return 1(true) if success. 0(false) if the matrix is singular.
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n);


/// @brief Gauss elimination for a matrix, in GF(256)
///
/// @param[in,out] mat - the matrix.
@@ -141,22 +140,6 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsign
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned n);



//////////////// Section: inversion for matrices //////////////////////////


/// @brief Computing the inverse matrix, in GF(16)
///
/// @param[out] inv_a - the output of matrix a.
/// @param[in] a - a matrix a.
/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix.
/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes.
/// @return 1(true) if success. 0(false) if the matrix is singular.
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer);


/// @brief Computing the inverse matrix, in GF(256)
///
/// @param[out] inv_a - the output of matrix a.
@@ -166,6 +149,7 @@ unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_
/// @return 1(true) if success. 0(false) if the matrix is singular.
///
unsigned PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned H, uint8_t *buffer);
#endif

#endif // _BLAS_COMM_H_


+ 55
- 50
crypto_sign/rainbowIa-classic/clean/blas_u32.c Целия файл

@@ -1,43 +1,44 @@
#include "blas_u32.h"
#include "gf.h"

//TODO remove the gf16v/gf256v if they are not used in the parameter sets
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) {
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) {
uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate);
uint8_t pr_u8 = pr_u32 & 0xff;

unsigned n_u32 = _num_byte >> 2;
uint32_t *b_u32 = (uint32_t *) accu_b;
const uint32_t *a_u32 = (const uint32_t *) a;
for (unsigned i = 0; i < n_u32; i++) {
b_u32[i] ^= a_u32[i];
b_u32[i] ^= (a_u32[i] & pr_u32);
}

a += (n_u32 << 2);
accu_b += (n_u32 << 2);
unsigned rem = _num_byte & 3;
for (unsigned i = 0; i < rem; i++) {
accu_b[i] ^= a[i];
accu_b[i] ^= (a[i] & pr_u8);
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte) {
uint32_t pr_u32 = ((uint32_t) 0) - ((uint32_t) predicate);
uint8_t pr_u8 = pr_u32 & 0xff;

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte) {
unsigned n_u32 = _num_byte >> 2;
uint32_t *b_u32 = (uint32_t *) accu_b;
const uint32_t *a_u32 = (const uint32_t *) a;
for (unsigned i = 0; i < n_u32; i++) {
b_u32[i] ^= (a_u32[i] & pr_u32);
b_u32[i] ^= a_u32[i];
}

a += (n_u32 << 2);
accu_b += (n_u32 << 2);
unsigned rem = _num_byte & 3;
for (unsigned i = 0; i < rem; i++) {
accu_b[i] ^= (a[i] & pr_u8);
accu_b[i] ^= a[i];
}
}


#ifdef _USE_GF16

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte) {
unsigned n_u32 = _num_byte >> 2;
uint32_t *a_u32 = (uint32_t *) a;
@@ -61,11 +62,12 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf1
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) {
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) {
unsigned n_u32 = _num_byte >> 2;
uint32_t *a_u32 = (uint32_t *) a;
uint32_t *c_u32 = (uint32_t *) accu_c;
const uint32_t *a_u32 = (const uint32_t *) a;
for (unsigned i = 0; i < n_u32; i++) {
a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b);
c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b);
}

union tmp_32 {
@@ -73,24 +75,54 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b,
uint32_t u32;
} t;
t.u32 = 0;
accu_c += (n_u32 << 2);
a += (n_u32 << 2);
unsigned rem = _num_byte & 3;
for (unsigned i = 0; i < rem; i++) {
t.u8[i] = a[i];
}
t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b);
t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b);
for (unsigned i = 0; i < rem; i++) {
a[i] = t.u8[i];
accu_c[i] ^= t.u8[i];
}
}


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte) {
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) {
unsigned n_u32 = _num_byte >> 2;
uint32_t *c_u32 = (uint32_t *) accu_c;
const uint32_t *a_u32 = (const uint32_t *) a;
const uint32_t *b_u32 = (const uint32_t *) b;
uint32_t r = 0;
for (unsigned i = 0; i < n_u32; i++) {
c_u32[i] ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(a_u32[i], gf16_b);
r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]);
}

unsigned rem = _num_byte & 3;
if (rem) {
union tmp_32 {
uint8_t u8[4];
uint32_t u32;
} ta, tb;
ta.u32 = 0;
tb.u32 = 0;
for (unsigned i = 0; i < rem; i++) {
ta.u8[i] = a[(n_u32 << 2) + i];
}
for (unsigned i = 0; i < rem; i++) {
tb.u8[i] = b[(n_u32 << 2) + i];
}
r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32);
}
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r);
}

#else


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte) {
unsigned n_u32 = _num_byte >> 2;
uint32_t *a_u32 = (uint32_t *) a;
for (unsigned i = 0; i < n_u32; i++) {
a_u32[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(a_u32[i], b);
}

union tmp_32 {
@@ -98,18 +130,18 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_
uint32_t u32;
} t;
t.u32 = 0;
accu_c += (n_u32 << 2);
a += (n_u32 << 2);
unsigned rem = _num_byte & 3;
for (unsigned i = 0; i < rem; i++) {
t.u8[i] = a[i];
}
t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(t.u32, gf16_b);
t.u32 = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(t.u32, b);
for (unsigned i = 0; i < rem; i++) {
accu_c[i] ^= t.u8[i];
a[i] = t.u8[i];
}
}


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte) {
unsigned n_u32 = _num_byte >> 2;
uint32_t *c_u32 = (uint32_t *) accu_c;
@@ -135,31 +167,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8
}
}


uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte) {
unsigned n_u32 = _num_byte >> 2;
const uint32_t *a_u32 = (const uint32_t *) a;
const uint32_t *b_u32 = (const uint32_t *) b;
uint32_t r = 0;
for (unsigned i = 0; i < n_u32; i++) {
r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(a_u32[i], b_u32[i]);
}

unsigned rem = _num_byte & 3;
if (rem) {
union tmp_32 {
uint8_t u8[4];
uint32_t u32;
} ta, tb;
ta.u32 = 0;
tb.u32 = 0;
for (unsigned i = 0; i < rem; i++) {
ta.u8[i] = a[(n_u32 << 2) + i];
}
for (unsigned i = 0; i < rem; i++) {
tb.u8[i] = b[(n_u32 << 2) + i];
}
r ^= PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(ta.u32, tb.u32);
}
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(r);
}
#endif

+ 12
- 4
crypto_sign/rainbowIa-classic/clean/blas_u32.h Целия файл

@@ -4,16 +4,24 @@
/// @brief Inlined functions for implementing basic linear algebra functions for uint32 arch.
///

#include "rainbow_config.h"
#include <stdint.h>

//TODO remove the gf16v/gf256v if they are not used in the parameter sets
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte);
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_predicated_add_u32(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, unsigned _num_byte);
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_add_u32(uint8_t *accu_b, const uint8_t *a, unsigned _num_byte);

#ifdef _USE_GF16

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte);
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar_u32(uint8_t *a, uint8_t gf16_b, unsigned _num_byte);
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte);

#else

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_scalar_u32(uint8_t *a, uint8_t b, unsigned _num_byte);
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, unsigned _num_byte);
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_madd_u32(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, unsigned _num_byte);
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_dot_u32(const uint8_t *a, const uint8_t *b, unsigned _num_byte);

#endif

#endif // _BLAS_U32_H_


+ 10
- 10
crypto_sign/rainbowIa-classic/clean/gf.c Целия файл

@@ -1,8 +1,14 @@
#include "gf.h"

//TODO remove the gf16v/gf256v if they are not used in the parameter sets

static inline uint8_t gf256v_reduce_u32(uint32_t a) {
// https://godbolt.org/z/7hirMb
uint16_t *aa = (uint16_t *) (&a);
uint16_t r = aa[0] ^ aa[1];
uint8_t *rr = (uint8_t *) (&r);
return rr[0] ^ rr[1];
}

#ifdef _USE_GF16
//// gf4 := gf2[x]/x^2+x+1
static inline uint8_t gf4_mul_2(uint8_t a) {
uint8_t r = (uint8_t) (a << 1);
@@ -129,14 +135,6 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b
return _gf16v_mul_u32_u32(a0, a1, a2, a3, b0, b1, b2, b3);
}

static inline uint8_t gf256v_reduce_u32(uint32_t a) {
// https://godbolt.org/z/7hirMb
uint16_t *aa = (uint16_t *) (&a);
uint16_t r = aa[0] ^ aa[1];
uint8_t *rr = (uint8_t *) (&r);
return rr[0] ^ rr[1];
}

uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a) {
uint8_t r256 = gf256v_reduce_u32(a);
return (uint8_t)((r256 & 0xf) ^ (r256 >> 4));
@@ -148,6 +146,7 @@ static inline uint32_t gf16v_mul_8_u32(uint32_t a) {
return gf4v_mul_2_u32(a0 ^ a1) | gf4v_mul_3_u32(a1 >> 2);
}

#else
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) {
unsigned a8 = a;
unsigned r = ((unsigned) 0) - a8;
@@ -200,3 +199,4 @@ uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b) {

return axb0 ^ a0b1 ^ a1b1 ^ gf16v_mul_8_u32(a1b1_4);
}
#endif

+ 9
- 0
crypto_sign/rainbowIa-classic/clean/gf.h Целия файл

@@ -1,19 +1,28 @@
#ifndef _GF16_H_
#define _GF16_H_

#include "rainbow_config.h"
#include <stdint.h>

/// @file gf16.h
/// @brief Library for arithmetics in GF(16) and GF(256)
///


#ifdef _USE_GF16

uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_is_nonzero(uint8_t a);
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16_inv(uint8_t a);
uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32(uint32_t a, uint8_t b);
uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_u32_u32(uint32_t a, uint32_t b);
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_reduce_u32(uint32_t a);

#else

uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_is_nonzero(uint8_t a);
uint8_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256_inv(uint8_t a);
uint32_t PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_mul_u32(uint32_t a, uint8_t b);

#endif

#endif // _GF16_H_

+ 101
- 144
crypto_sign/rainbowIa-classic/clean/parallel_matrix_op.c Целия файл

@@ -4,14 +4,10 @@
/// the standard implementations for functions in parallel_matrix_op.h
///

#include "blas_comm.h"
#include "blas.h"
#include "blas_comm.h"
#include "parallel_matrix_op.h"


//////////////// Section: triangle matrix <-> rectangle matrix ///////////////////////////////////

///
/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix.
///
@@ -55,13 +51,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_UpperTrianglize( unsigned char *btriC, const
}
}




///////////////// Section: matrix multiplications ///////////////////////////////



#ifdef _USE_GF16
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Awidth = Bheight;
@@ -80,107 +70,168 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf16( unsigned char *bC, c
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA,
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Awidth = Bheight;
unsigned Aheight = Awidth;
unsigned Aheight = Bheight;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
if (k < i) {
if (i < k) {
continue;
}
gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
btriA += (Aheight - i) * size_batch;
}
}





void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf16( unsigned char *bC, const unsigned char *btriA,
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Aheight = Bheight;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
if (i < k) {
if (i == k) {
continue;
}
gf16v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA,
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth,
const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) {
unsigned Atr_height = Awidth;
unsigned Atr_width = Aheight;
for (unsigned i = 0; i < Atr_height; i++) {
for (unsigned j = 0; j < Atr_width; j++) {
gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth );
}
bC += size_batch * Bwidth;
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Aheight = Bheight;
const unsigned char *bA = bA_to_tr;
unsigned Aheight = Awidth_before_tr;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
if (i < k) {
continue;
}
gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Awidth = Bheight;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
bA += (Awidth) * size_batch;
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat,
const unsigned char *x, unsigned dim_x, unsigned size_batch ) {
unsigned char tmp[128];

unsigned char _x[128];
for (unsigned i = 0; i < dim_x; i++) {
_x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i );
}
unsigned char _y[128];
for (unsigned i = 0; i < dim_y; i++) {
_y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( y, i );
}

PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch );
for (unsigned i = 0; i < dim_y; i++) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch );
for (unsigned j = 0; j < dim_x; j++) {
gf16v_madd( tmp, mat, _x[j], size_batch );
mat += size_batch;
}
gf16v_madd( z, tmp, _y[i], size_batch );
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf16( unsigned char *bC, const unsigned char *btriA,
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) {
unsigned char tmp[256];

unsigned char _x[256];
for (unsigned i = 0; i < dim; i++) {
_x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i );
}

PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch );
for (unsigned i = 0; i < dim; i++) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch );
for (unsigned j = i; j < dim; j++) {
gf16v_madd( tmp, trimat, _x[j], size_batch );
trimat += size_batch;
}
gf16v_madd( y, tmp, _x[i], size_batch );
}
}
#else
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Aheight = Bheight;
unsigned Awidth = Bheight;
unsigned Aheight = Awidth;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
if (i == k) {
if (k < i) {
continue;
}
gf16v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
gf256v_madd( bC, & btriA[ (k - i)*size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
btriA += (Aheight - i) * size_batch;
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA,
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_trimatTr_madd_gf256( unsigned char *bC, const unsigned char *btriA,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Aheight = Bheight;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
if (i == k) {
if (i < k) {
continue;
}
gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
gf256v_madd( bC, & btriA[ size_batch * (PQCLEAN_RAINBOWIACLASSIC_CLEAN_idx_of_trimat(k, i, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
}
}




void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf16( unsigned char *bC, const unsigned char *A_to_tr, unsigned Aheight, unsigned size_Acolvec, unsigned Awidth,
const unsigned char *bB, unsigned Bwidth, unsigned size_batch ) {
unsigned Atr_height = Awidth;
unsigned Atr_width = Aheight;
for (unsigned i = 0; i < Atr_height; i++) {
for (unsigned j = 0; j < Atr_width; j++) {
gf16v_madd( bC, & bB[ j * Bwidth * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &A_to_tr[size_Acolvec * i], j ), size_batch * Bwidth );
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_2trimat_madd_gf256( unsigned char *bC, const unsigned char *btriA,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Aheight = Bheight;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
if (i == k) {
continue;
}
gf256v_madd( bC, & btriA[ size_batch * (idx_of_2trimat(i, k, Aheight)) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
bC += size_batch * Bwidth;
}
}

@@ -196,23 +247,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_matTr_madd_gf256( unsigned char *bC, c
}
}




void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf16( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
const unsigned char *bA = bA_to_tr;
unsigned Aheight = Awidth_before_tr;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
gf16v_madd( bC, & bA[ size_batch * (i + k * Aheight) ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC, const unsigned char *bA_to_tr, unsigned Awidth_before_tr,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
const unsigned char *bA = bA_to_tr;
@@ -227,24 +261,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_bmatTr_madd_gf256( unsigned char *bC,
}
}





void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf16( unsigned char *bC, const unsigned char *bA, unsigned Aheight,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Awidth = Bheight;
for (unsigned i = 0; i < Aheight; i++) {
for (unsigned j = 0; j < Bwidth; j++) {
for (unsigned k = 0; k < Bheight; k++) {
gf16v_madd( bC, & bA[ k * size_batch ], PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( &B[j * size_Bcolvec], k ), size_batch );
}
bC += size_batch;
}
bA += (Awidth) * size_batch;
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, const unsigned char *bA, unsigned Aheight,
const unsigned char *B, unsigned Bheight, unsigned size_Bcolvec, unsigned Bwidth, unsigned size_batch ) {
unsigned Awidth = Bheight;
@@ -259,33 +275,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_mat_madd_gf256( unsigned char *bC, con
}
}




//////////////////// Section: "quadratric" matrix evaluation ///////////////////////////////




void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) {
unsigned char tmp[256];

unsigned char _x[256];
for (unsigned i = 0; i < dim; i++) {
_x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i );
}

PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( y, size_batch );
for (unsigned i = 0; i < dim; i++) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch );
for (unsigned j = i; j < dim; j++) {
gf16v_madd( tmp, trimat, _x[j], size_batch );
trimat += size_batch;
}
gf16v_madd( y, tmp, _x[i], size_batch );
}
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned dim, unsigned size_batch ) {
unsigned char tmp[256];

@@ -305,37 +294,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf256( unsigned char
}
}







void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat,
const unsigned char *x, unsigned dim_x, unsigned size_batch ) {
unsigned char tmp[128];

unsigned char _x[128];
for (unsigned i = 0; i < dim_x; i++) {
_x[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( x, i );
}
unsigned char _y[128];
for (unsigned i = 0; i < dim_y; i++) {
_y[i] = PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele( y, i );
}

PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( z, size_batch );
for (unsigned i = 0; i < dim_y; i++) {
PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf256v_set_zero( tmp, size_batch );
for (unsigned j = 0; j < dim_x; j++) {
gf16v_madd( tmp, mat, _x[j], size_batch );
mat += size_batch;
}
gf16v_madd( z, tmp, _y[i], size_batch );
}
}


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char *z, const unsigned char *y, unsigned dim_y, const unsigned char *mat,
const unsigned char *x, unsigned dim_x, unsigned size_batch ) {
unsigned char tmp[128];
@@ -360,5 +318,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf256( unsigned char
}
}



#endif

+ 8
- 13
crypto_sign/rainbowIa-classic/clean/rainbow.c Целия файл

@@ -18,8 +18,7 @@
#define _MAX_O ((_O1>_O2)?_O1:_O2)
#define _MAX_O_BYTE ((_O1_BYTE>_O2_BYTE)?_O1_BYTE:_O2_BYTE)



#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC)
int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *_digest ) {
uint8_t mat_l1[_O1 * _O1_BYTE];
uint8_t mat_l2[_O2 * _O2_BYTE];
@@ -149,13 +148,10 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t
gf256v_add( signature + _PUB_N_BYTE, salt, _SALT_BYTE );
return 0;
}
#endif







#ifdef _RAINBOW_CLASSIC
int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk ) {
unsigned char digest_ck[_PUB_M_BYTE];
// public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials.
@@ -174,22 +170,21 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const
}
return (0 == cc) ? 0 : -1;
}
#endif



#ifdef _RAINBOW_CYCLIC_COMPRESSED
/////////////// cyclic version ///////////////////////////


int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *csk, const uint8_t *digest ) {
unsigned char sk[sizeof(sk_t) + 32];
PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic((sk_t *)sk, csk->pk_seed, csk->sk_seed ); // generating classic secret key.
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( signature, (sk_t *) sk, digest );
}
#endif

#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED)
int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *_pk ) {
unsigned char pk[sizeof(pk_t) +32];
PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( (pk_t *)pk, _pk ); // generating classic public key.
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, signature, (pk_t *)pk );
}


#endif

+ 8
- 3
crypto_sign/rainbowIa-classic/clean/rainbow.h Целия файл

@@ -10,8 +10,7 @@

#include <stdint.h>



#if defined(_RAINBOW_CLASSIC) || defined(_RAINBOW_CYCLIC)
///
/// @brief Signing function for classical secret key.
///
@@ -20,7 +19,9 @@
/// @param[in] digest - the digest.
///
int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t *sk, const uint8_t *digest );
#endif

#ifdef _RAINBOW_CLASSIC
///
/// @brief Verifying function.
///
@@ -30,8 +31,9 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( uint8_t *signature, const sk_t
/// @return 0 for successful verified. -1 for failed verification.
///
int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const uint8_t *signature, const pk_t *pk );
#endif

#ifdef _RAINBOW_CYCLIC_COMPRESSED
///
/// @brief Signing function for compressed secret key of the cyclic rainbow.
///
@@ -40,7 +42,9 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( const uint8_t *digest, const
/// @param[in] digest - the digest.
///
int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, const csk_t *sk, const uint8_t *digest );
#endif

#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED)
///
/// @brief Verifying function for cyclic public keys.
///
@@ -50,5 +54,6 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( uint8_t *signature, cons
/// @return 0 for successful verified. -1 for failed verification.
///
int PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( const uint8_t *digest, const uint8_t *signature, const cpk_t *pk );
#endif

#endif // _RAINBOW_H_

+ 24
- 2
crypto_sign/rainbowIa-classic/clean/rainbow_blas.h Целия файл

@@ -7,11 +7,11 @@


#include "blas.h"

#include "parallel_matrix_op.h"

#include "rainbow_config.h"

#ifdef _USE_GF16

#define gfv_get_ele PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_get_ele
#define gfv_mul_scalar PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_mul_scalar
#define gfv_madd PQCLEAN_RAINBOWIACLASSIC_CLEAN_gf16v_madd
@@ -29,5 +29,27 @@
#define batch_quad_trimat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_trimat_eval_gf16
#define batch_quad_recmat_eval PQCLEAN_RAINBOWIACLASSIC_CLEAN_batch_quad_recmat_eval_gf16

#else

#define gfv_get_ele gf256v_get_ele
#define gfv_mul_scalar gf256v_mul_scalar
#define gfv_madd gf256v_madd

#define gfmat_prod gf256mat_prod
#define gfmat_inv gf256mat_inv

#define batch_trimat_madd batch_trimat_madd_gf256
#define batch_trimatTr_madd batch_trimatTr_madd_gf256
#define batch_2trimat_madd batch_2trimat_madd_gf256
#define batch_matTr_madd batch_matTr_madd_gf256
#define batch_bmatTr_madd batch_bmatTr_madd_gf256
#define batch_mat_madd batch_mat_madd_gf256

#define batch_quad_trimat_eval batch_quad_trimat_eval_gf256
#define batch_quad_recmat_eval batch_quad_recmat_eval_gf256

#endif


#endif // _RAINBOW_BLAS_H_


+ 34
- 41
crypto_sign/rainbowIa-classic/clean/rainbow_config.h Целия файл

@@ -1,58 +1,51 @@
#ifndef _H_RAINBOW_CONFIG_H_
#define _H_RAINBOW_CONFIG_H_

/// @file rainbow_config.h
/// @brief Defining the parameters of the Rainbow and the corresponding constants.
///
/// Defining one of the 3 parameter _RAINBOW16_32_32_32 , _RAINBOW256_68_36_36 , or _RAINBOW256_92_48_48
/// for (GF16,32,32,32) (GF256,68,36,36) (GF256,92,48,48) in this file.
///
///



// TODO: refactor this

/// the defined parameter
//#if (!defined(_RAINBOW16_32_32_32))&&(!defined(_RAINBOW256_68_36_36))&&(!defined(_RAINBOW256_92_48_48))
#define _RAINBOW16_32_32_32
//#define _RAINBOW256_68_36_36
//#define _RAINBOW256_92_48_48
//#endif

#define _RAINBOW_CLASSIC
//#define _RAINBOW_CYCLIC
//#define _RAINBOW_CYCLIC_COMPRESSED


//#if defined _RAINBOW16_32_32_32
#if defined _RAINBOW16_32_32_32
#define _USE_GF16
#define _GFSIZE 16
#define _V1 32
#define _O1 32
#define _O2 32
#define _HASH_LEN 32
//
//#elif defined _RAINBOW256_68_36_36
//#define _GFSIZE 256
//#define _V1 68
//#define _O1 36
//#define _O2 36
//#define _HASH_LEN 48
//
//#elif defined _RAINBOW256_92_48_48
//#define _GFSIZE 256
//#define _V1 92
//#define _O1 48
//#define _O2 48
//#define _HASH_LEN 64
//
//#else
//error here.
//#endif

#elif defined _RAINBOW256_68_36_36
#define _GFSIZE 256
#define _V1 68
#define _O1 36
#define _O2 36
#define _HASH_LEN 48

#define _V2 ((_V1)+(_O1))
#elif defined _RAINBOW256_92_48_48
#define _GFSIZE 256
#define _V1 92
#define _O1 48
#define _O2 48
#define _HASH_LEN 64

#else
error here.
#endif

#define STR1(x) #x
#define THE_NAME(gf,v1,o1,o2) "RAINBOW(" STR1(gf) "," STR1(v1) "," STR1(o1) "," STR1(o2) ")"
#define _S_NAME THE_NAME(_GFSIZE,_V1,_O1,_O2)

#define _V2 ((_V1)+(_O1))

/// size of N, in # of gf elements.
#define _PUB_N (_V1+_O1+_O2)
@@ -64,7 +57,7 @@
/// size of variables, in # bytes.


//#ifdef _USE_GF16
#ifdef _USE_GF16
// GF16
#define _V1_BYTE (_V1/2)
#define _V2_BYTE (_V2/2)
@@ -73,16 +66,16 @@
#define _PUB_N_BYTE (_PUB_N/2)
#define _PUB_M_BYTE (_PUB_M/2)

//#else
//// GF256
//#define _V1_BYTE (_V1)
//#define _V2_BYTE (_V2)
//#define _O1_BYTE (_O1)
//#define _O2_BYTE (_O2)
//#define _PUB_N_BYTE (_PUB_N)
//#define _PUB_M_BYTE (_PUB_M)
//
//#endif
#else
// GF256
#define _V1_BYTE (_V1)
#define _V2_BYTE (_V2)
#define _O1_BYTE (_O1)
#define _O2_BYTE (_O2)
#define _PUB_N_BYTE (_PUB_N)
#define _PUB_M_BYTE (_PUB_M)
#endif


/// length of seed for public key, in # bytes


+ 54
- 81
crypto_sign/rainbowIa-classic/clean/rainbow_keypair.c Целия файл

@@ -71,41 +71,6 @@ void generate_B1_B2( unsigned char *sk, prng_t *prng0 ) {
generate_l2_F12356( sk, prng0 );
}


//////////////////////////////////////////////////////////



void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) {
// procedure: cpk_t --> extcpk_t --> pk_t

// convert from cpk_t to extcpk_t
ext_cpk_t pk;

// setup prng
prng_t prng0;
PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED );

// generating parts of key with prng
generate_l1_F12( pk.l1_Q1, &prng0 );
// copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9
memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) );

// generating parts of key with prng
generate_l2_F12356( pk.l2_Q1, &prng0 );
// copying parts of key from input: l2_Q9
memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) );

// convert from extcpk_t to pk_t
PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk );
}



/////////////////////////////////////////////////////////



static
void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3 ) {
// t4 = T_sk.t1 * T_sk.t3 - T_sk.t2
@@ -119,8 +84,6 @@ void calculate_t4( unsigned char *t2_to_t4, const unsigned char *t1, const unsig
}
}



static
void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys, unsigned n_terms, const unsigned char *s1 ) {
unsigned char temp[_O1_BYTE + 32];
@@ -132,11 +95,8 @@ void obsfucate_l1_polys( unsigned char *l1_polys, const unsigned char *l2_polys,
}
}



/////////////////// Classic //////////////////////////////////


static
void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) {
memcpy( sk->sk_seed, sk_seed, LEN_SKSEED );
@@ -153,14 +113,7 @@ void _generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) {
memset( &prng0, 0, sizeof(prng_t) );
}


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed ) {
_generate_secretkey( sk, sk_seed );
calculate_t4( sk->t4, sk->t1, sk->t3 );
}



#if defined _RAINBOW_CLASSIC
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const unsigned char *sk_seed ) {
_generate_secretkey( sk, sk_seed );

@@ -180,42 +133,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *rpk, sk_t *sk, const

PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk ); // convert the public key from ext_cpk_t to pk_t.
}
#endif


#if defined _RAINBOW_CYCLIC
///////////////////// Cyclic //////////////////////////////////


void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) {
memcpy( sk->sk_seed, sk_seed, LEN_SKSEED );

// prng for sk
prng_t prng0;
PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED );
generate_S_T( sk->s1, &prng0 );
calculate_t4( sk->t4, sk->t1, sk->t3 );

// prng for pk
sk_t inst_Qs;
sk_t *Qs = &inst_Qs;
prng_t prng1;
PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED );
generate_B1_B2( Qs->l1_F1, &prng1 );

obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 );
obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 );

// calcuate the parts of sk according to pk.
PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk );

// clean prng for sk
memset( &prng0, 0, sizeof(prng_t) );
}





void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) {
memcpy( pk->pk_seed, pk_seed, LEN_PKSEED );

@@ -253,15 +175,66 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk
memset( &prng, 0, sizeof(prng_t) );
}

#endif


#ifdef _RAINBOW_CYCLIC_COMPRESSED
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *rsk, const unsigned char *pk_seed, const unsigned char *sk_seed ) {
memcpy( rsk->pk_seed, pk_seed, LEN_PKSEED );
memcpy( rsk->sk_seed, sk_seed, LEN_SKSEED );
sk_t sk;
PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( pk, &sk, pk_seed, sk_seed );
}
#endif

#ifdef _RAINBOW_CYCLIC_COMPRESSED
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed ) {
memcpy( sk->sk_seed, sk_seed, LEN_SKSEED );

// prng for sk
prng_t prng0;
PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, sk_seed, LEN_SKSEED );
generate_S_T( sk->s1, &prng0 );
calculate_t4( sk->t4, sk->t1, sk->t3 );

// prng for pk
sk_t inst_Qs;
sk_t *Qs = &inst_Qs;
prng_t prng1;
PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng1, pk_seed, LEN_PKSEED );
generate_B1_B2( Qs->l1_F1, &prng1 );

obsfucate_l1_polys( Qs->l1_F1, Qs->l2_F1, N_TRIANGLE_TERMS(_V1), sk->s1 );
obsfucate_l1_polys( Qs->l1_F2, Qs->l2_F2, _V1 * _O1, sk->s1 );

// calcuate the parts of sk according to pk.
PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk, Qs, sk );

// clean prng for sk
memset( &prng0, 0, sizeof(prng_t) );
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *rpk, const cpk_t *cpk ) {
// procedure: cpk_t --> extcpk_t --> pk_t

// convert from cpk_t to extcpk_t
ext_cpk_t pk;

// setup prng
prng_t prng0;
PQCLEAN_RAINBOWIACLASSIC_CLEAN_prng_set( &prng0, cpk->pk_seed, LEN_SKSEED );

// generating parts of key with prng
generate_l1_F12( pk.l1_Q1, &prng0 );
// copying parts of key from input. l1_Q3, l1_Q5, l1_Q6, l1_Q9
memcpy( pk.l1_Q3, cpk->l1_Q3, _O1_BYTE * ( _V1 * _O2 + N_TRIANGLE_TERMS(_O1) + _O1 * _O2 + N_TRIANGLE_TERMS(_O2) ) );

// generating parts of key with prng
generate_l2_F12356( pk.l2_Q1, &prng0 );
// copying parts of key from input: l2_Q9
memcpy( pk.l2_Q9, cpk->l2_Q9, _O2_BYTE * N_TRIANGLE_TERMS(_O2) );

// convert from extcpk_t to pk_t
PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( rpk, &pk );
}
#endif

+ 8
- 14
crypto_sign/rainbowIa-classic/clean/rainbow_keypair.h Целия файл

@@ -54,6 +54,7 @@ struct rainbow_secretkey {



#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED)
/// @brief public key for cyclic rainbow
///
/// public key for cyclic rainbow
@@ -81,12 +82,10 @@ struct rainbow_secretkey_cyclic {
unsigned char pk_seed[LEN_PKSEED]; ///< seed for generating a part of public key.
unsigned char sk_seed[LEN_SKSEED]; ///< seed for generating a part of secret key.
} csk_t;
#endif



/////////////////////////////////////


#if defined _RAINBOW_CLASSIC
///
/// @brief Generate key pairs for classic rainbow.
///
@@ -96,6 +95,7 @@ struct rainbow_secretkey_cyclic {
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const unsigned char *sk_seed );

#elif defined _RAINBOW_CYCLIC
///
/// @brief Generate key pairs for cyclic rainbow.
///
@@ -106,6 +106,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( pk_t *pk, sk_t *sk, const
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed );

#elif defined _RAINBOW_CYCLIC_COMPRESSED
///
/// @brief Generate compressed key pairs for cyclic rainbow.
///
@@ -115,17 +116,9 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair_cyclic( cpk_t *pk, sk_t *sk
/// @param[in] sk_seed - seed for generating the secret key.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_compact_keypair_cyclic( cpk_t *pk, csk_t *sk, const unsigned char *pk_seed, const unsigned char *sk_seed );
#endif

////////////////////////////////////

///
/// @brief Generate secret key for classic rainbow.
///
/// @param[out] sk - the secret key.
/// @param[in] sk_seed - seed for generating the secret key.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey( sk_t *sk, const unsigned char *sk_seed );

#ifdef _RAINBOW_CYCLIC_COMPRESSED
///
/// @brief Generate secret key for cyclic rainbow.
///
@@ -144,5 +137,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_secretkey_cyclic( sk_t *sk, const u
/// @param[in] cpk - the cyclic public key.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_cpk_to_pk( pk_t *pk, const cpk_t *cpk );
#endif

#endif // _RAINBOW_KEYPAIR_H_

+ 9
- 19
crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.c Целия файл

@@ -13,11 +13,7 @@
#include <string.h>


////////////////////////////////////////////////////////////////




#if defined _RAINBOW_CLASSIC
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk ) {
const unsigned char *idx_l1 = cpk->l1_Q1;
const unsigned char *idx_l2 = cpk->l2_Q1;
@@ -87,11 +83,6 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk
}
}



/////////////////////////////////////////////////////////


static
void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) {
/*
@@ -197,12 +188,16 @@ void calculate_Q_from_F_ref( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) {
batch_trimatTr_madd( Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE ); // F2tr*T2 + F5_F5T*T3 + F6
batch_matTr_madd( Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE ); // Q6
}
// TODO: these defines are not really required for a clean implementation - just implement directly
#define calculate_Q_from_F_impl calculate_Q_from_F_ref
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) {
calculate_Q_from_F_impl( Qs, Fs, Ts );
}

#endif




/////////////////////////////////////////////////////
#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED)

static
void calculate_F_from_Q_ref( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) {
@@ -336,16 +331,11 @@ void calculate_Q_from_F_cyclic_ref( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts )


// Choosing implementations depends on the macros: _BLAS_SSE_ and _BLAS_AVX2_
#define calculate_Q_from_F_impl calculate_Q_from_F_ref
#define calculate_F_from_Q_impl calculate_F_from_Q_ref
#define calculate_Q_from_F_cyclic_impl calculate_Q_from_F_cyclic_ref



void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts ) {
calculate_Q_from_F_impl( Qs, Fs, Ts );
}

void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs, sk_t *Ts ) {
calculate_F_from_Q_impl( Fs, Qs, Ts );
}
@@ -354,4 +344,4 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const
calculate_Q_from_F_cyclic_impl( Qs, Fs, Ts );
}

#endif

+ 7
- 2
crypto_sign/rainbowIa-classic/clean/rainbow_keypair_computation.h Целия файл

@@ -11,6 +11,7 @@

#include "rainbow_keypair.h"

#if defined _RAINBOW_CLASSIC
/// @brief The (internal use) public key for rainbow
///
/// The (internal use) public key for rainbow. The public
@@ -43,8 +44,6 @@ struct rainbow_extend_publickey {
/// @param[in] cpk - the internel public key.
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk );


/////////////////////////////////////////////////

///
@@ -56,6 +55,11 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_extcpk_to_pk( pk_t *pk, const ext_cpk_t *cpk
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F( ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts );

#endif


#if defined(_RAINBOW_CYCLIC) || defined(_RAINBOW_CYCLIC_COMPRESSED)


///
/// @brief Computing parts of the sk from parts of pk and sk
@@ -74,6 +78,7 @@ void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_F_from_Q( sk_t *Fs, const sk_t *Qs
/// @param[in] Ts - parts of the sk: T1, T4, T3
///
void PQCLEAN_RAINBOWIACLASSIC_CLEAN_calculate_Q_from_F_cyclic( cpk_t *Qs, const sk_t *Fs, const sk_t *Ts );
#endif

#endif // _RAINBOW_KEYPAIR_COMP_H_


+ 45
- 47
crypto_sign/rainbowIa-classic/clean/sign.c Целия файл

@@ -14,31 +14,30 @@




int
PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
unsigned char sk_seed[LEN_SKSEED] = {0};
randombytes( sk_seed, LEN_SKSEED );

// #if defined _RAINBOW_CLASSIC
#if defined _RAINBOW_CLASSIC

PQCLEAN_RAINBOWIACLASSIC_CLEAN_generate_keypair( (pk_t *) pk, (sk_t *) sk, sk_seed );

// #elif defined _RAINBOW_CYCLIC
#elif defined _RAINBOW_CYCLIC

// unsigned char pk_seed[LEN_PKSEED] = {0};
// randombytes( pk_seed, LEN_PKSEED );
// generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed );
unsigned char pk_seed[LEN_PKSEED] = {0};
randombytes( pk_seed, LEN_PKSEED );
generate_keypair_cyclic( (cpk_t *) pk, (sk_t *) sk, pk_seed, sk_seed );

// #elif defined _RAINBOW_CYCLIC_COMPRESSED
#elif defined _RAINBOW_CYCLIC_COMPRESSED

// unsigned char pk_seed[LEN_PKSEED] = {0};
// randombytes( pk_seed, LEN_PKSEED );
// generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed );
unsigned char pk_seed[LEN_PKSEED] = {0};
randombytes( pk_seed, LEN_PKSEED );
generate_compact_keypair_cyclic( (cpk_t *) pk, (csk_t *) sk, pk_seed, sk_seed );

// #else
// error here
// #endif
#else
error here
#endif
return 0;
}

@@ -55,21 +54,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con
memcpy( sm, m, mlen );
smlen[0] = mlen + _SIGNATURE_BYTE;

// #if defined _RAINBOW_CLASSIC
#if defined _RAINBOW_CLASSIC

return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sm + mlen, (const sk_t *)sk, digest );

// #elif defined _RAINBOW_CYCLIC
#elif defined _RAINBOW_CYCLIC

// return rainbow_sign( sm + mlen, (const sk_t *)sk, digest );
return rainbow_sign( sm + mlen, (const sk_t *)sk, digest );

// #elif defined _RAINBOW_CYCLIC_COMPRESSED
#elif defined _RAINBOW_CYCLIC_COMPRESSED

// return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest );
return rainbow_sign_cyclic( sm + mlen, (const csk_t *)sk, digest );

// #else
// error here
// #endif
#else
error here
#endif


}
@@ -81,7 +80,7 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, con

int
PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) {
//TODO: this should not copy out the message if verification fails
//TODO: this should not copy out the message if verification fails
if ( _SIGNATURE_BYTE > smlen ) {
return -1;
}
@@ -91,21 +90,21 @@ PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen,
unsigned char digest[_HASH_LEN];
PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, *mlen );

// #if defined _RAINBOW_CLASSIC
#if defined _RAINBOW_CLASSIC

return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sm + mlen[0], (const pk_t *)pk );

// #elif defined _RAINBOW_CYCLIC
#elif defined _RAINBOW_CYCLIC

// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk );
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk );

// #elif defined _RAINBOW_CYCLIC_COMPRESSED
#elif defined _RAINBOW_CYCLIC_COMPRESSED

// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk );
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sm + mlen[0], (const cpk_t *)pk );

// #else
// error here
// #endif
#else
error here
#endif


}
@@ -117,16 +116,15 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_signature(

PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen );
*siglen = _SIGNATURE_BYTE;
// #if defined _RAINBOW_CLASSIC
#if defined _RAINBOW_CLASSIC
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest );
// #elif defined _RAINBOW_CYCLIC
// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest );
// #elif defined _RAINBOW_CYCLIC_COMPRESSED
// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest );
// #else
// error here
// #endif

#elif defined _RAINBOW_CYCLIC
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign( sig, (const sk_t *)sk, digest );
#elif defined _RAINBOW_CYCLIC_COMPRESSED
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_sign_cyclic( sig, (const csk_t *)sk, digest );
#else
error here
#endif
}

int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify(
@@ -137,14 +135,14 @@ int PQCLEAN_RAINBOWIACLASSIC_CLEAN_crypto_sign_verify(
}
unsigned char digest[_HASH_LEN];
PQCLEAN_RAINBOWIACLASSIC_CLEAN_hash_msg( digest, _HASH_LEN, m, mlen );
// #if defined _RAINBOW_CLASSIC
#if defined _RAINBOW_CLASSIC
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify( digest, sig, (const pk_t *)pk );
// #elif defined _RAINBOW_CYCLIC
// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk );
// #elif defined _RAINBOW_CYCLIC_COMPRESSED
// return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk );
// #else
// error here
// #endif
#elif defined _RAINBOW_CYCLIC
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk );
#elif defined _RAINBOW_CYCLIC_COMPRESSED
return PQCLEAN_RAINBOWIACLASSIC_CLEAN_rainbow_verify_cyclic( digest, sig, (const cpk_t *)pk );
#else
error here
#endif

}

+ 8
- 8
crypto_sign/rainbowIa-classic/clean/utils_hash.c Целия файл

@@ -9,15 +9,15 @@

static inline
int _hash( unsigned char *digest, const unsigned char *m, size_t mlen ) {
// #if 32 == _HASH_LEN
#if 32 == _HASH_LEN
sha256(digest, m, mlen);
// #elif 48 == _HASH_LEN
// sha384(digest, m, mlen);
// #elif 64 == _HASH_LEN
// sha512(digest, m, mlen);
// #else
//#error "unsupported _HASH_LEN"
// #endif
#elif 48 == _HASH_LEN
sha384(digest, m, mlen);
#elif 64 == _HASH_LEN
sha512(digest, m, mlen);
#else
#error "unsupported _HASH_LEN"
#endif
return 0;
}



Пиши Преглед
Зареждане…
Отказ
Запис