kris
/
pqc
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fix NewHope verify 

https://github.com/mupq/pqm4/issues/132 repoorted that the NewHope verify function does not actually return 0 or 1, but 0 or -1, which consequenctly breaks the cmov in the FO transform.
This bug was introduced when I integrated this into PQClean.
kyber
Matthias J. Kannwischer 4 years ago
committed by Kris Kwiatkowski
parent
5a4b5f7358
commit
e93a6bef1f
8 changed files with 8 additions and 8 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      crypto_kem/newhope1024cca/clean/reduce.c
  2. +1
    -1
      crypto_kem/newhope1024cca/clean/verify.c
  3. +1
    -1
      crypto_kem/newhope1024cpa/clean/reduce.c
  4. +1
    -1
      crypto_kem/newhope1024cpa/clean/verify.c
  5. +1
    -1
      crypto_kem/newhope512cca/clean/reduce.c
  6. +1
    -1
      crypto_kem/newhope512cca/clean/verify.c
  7. +1
    -1
      crypto_kem/newhope512cpa/clean/reduce.c
  8. +1
    -1
      crypto_kem/newhope512cpa/clean/verify.c

+ 1
- 1
crypto_kem/newhope1024cca/clean/reduce.c View File

@@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;

/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,


+ 1
- 1
crypto_kem/newhope1024cca/clean/verify.c View File

@@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE1024CCA_CLEAN_verify(const unsigned char *a, const unsigned c
r |= a[i] ^ b[i];
}

r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}



+ 1
- 1
crypto_kem/newhope1024cpa/clean/reduce.c View File

@@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;

/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,


+ 1
- 1
crypto_kem/newhope1024cpa/clean/verify.c View File

@@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE1024CPA_CLEAN_verify(const unsigned char *a, const unsigned c
r |= a[i] ^ b[i];
}

r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}



+ 1
- 1
crypto_kem/newhope512cca/clean/reduce.c View File

@@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;

/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,


+ 1
- 1
crypto_kem/newhope512cca/clean/verify.c View File

@@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE512CCA_CLEAN_verify(const unsigned char *a, const unsigned ch
r |= a[i] ^ b[i];
}

r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}



+ 1
- 1
crypto_kem/newhope512cpa/clean/reduce.c View File

@@ -5,7 +5,7 @@ static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;

/*************************************************
* Name: verify
* Name: montgomery_reduce
*
* Description: Montgomery reduction; given a 32-bit integer a, computes
* 16-bit integer congruent to a * R^-1 mod q,


+ 1
- 1
crypto_kem/newhope512cpa/clean/verify.c View File

@@ -22,7 +22,7 @@ int PQCLEAN_NEWHOPE512CPA_CLEAN_verify(const unsigned char *a, const unsigned ch
r |= a[i] ^ b[i];
}

r = (-(int64_t)r) >> 63;
r = (-r) >> 63;
return (int)r;
}



Write Preview
Loading…
Cancel
Save