From f0940f92f20801e44b7b4bafc2484fcb43b76beb Mon Sep 17 00:00:00 2001
From: "John M. Schanck" <jschanck@uwaterloo.ca>
Date: Wed, 9 Sep 2020 16:05:44 -0400
Subject: [PATCH] Avoid using log(a) to check if a==0

---
 crypto_kem/hqc-rmrs-128/avx2/gf.c  |  4 +--
 crypto_kem/hqc-rmrs-128/clean/gf.c | 54 ++++--------------------------
 crypto_kem/hqc-rmrs-128/clean/gf.h |  5 ---
 crypto_kem/hqc-rmrs-192/avx2/gf.c  |  4 +--
 crypto_kem/hqc-rmrs-192/clean/gf.c | 54 ++++--------------------------
 crypto_kem/hqc-rmrs-192/clean/gf.h |  5 ---
 crypto_kem/hqc-rmrs-256/avx2/gf.c  |  4 +--
 crypto_kem/hqc-rmrs-256/clean/gf.c | 54 ++++--------------------------
 crypto_kem/hqc-rmrs-256/clean/gf.h |  5 ---
 9 files changed, 27 insertions(+), 162 deletions(-)

diff --git a/crypto_kem/hqc-rmrs-128/avx2/gf.c b/crypto_kem/hqc-rmrs-128/avx2/gf.c
index 1a2a17a5..31195a00 100644
--- a/crypto_kem/hqc-rmrs-128/avx2/gf.c
+++ b/crypto_kem/hqc-rmrs-128/avx2/gf.c
@@ -125,10 +125,10 @@ uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_inverse(uint16_t a) {
  * @param[in] i The integer whose modulo is taken
  */
 uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_mod(uint16_t i) {
-    uint16_t tmp = i - PARAM_GF_MUL_ORDER;
+    uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if (i < GF_MUL_ORDER)
-    int16_t mask = -(tmp >> 15);
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }
diff --git a/crypto_kem/hqc-rmrs-128/clean/gf.c b/crypto_kem/hqc-rmrs-128/clean/gf.c
index 5a9da4b8..10b1aa92 100644
--- a/crypto_kem/hqc-rmrs-128/clean/gf.c
+++ b/crypto_kem/hqc-rmrs-128/clean/gf.c
@@ -8,47 +8,6 @@
 
 
 
-/**
- * Generates exp and log lookup tables of GF(2^m).
- * The logarithm of 0 is defined as 2^PARAM_M by convention. <br>
- * The last two elements of the exp table are needed by the PQCLEAN_HQCRMRS128_CLEAN_gf_mul function.
- * (for example if both elements to multiply are zero).
- * @param[out] exp Array of size 2^PARAM_M + 2 receiving the powers of the primitive element
- * @param[out] log Array of size 2^PARAM_M receiving the logarithms of the elements of GF(2^m)
- * @param[in] m Parameter of Galois field GF(2^m)
- */
-void PQCLEAN_HQCRMRS128_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m) {
-    uint16_t elt = 1;
-    uint16_t alpha = 2; // primitive element of GF(2^PARAM_M)
-    uint16_t gf_poly = PARAM_GF_POLY;
-
-    for (size_t i = 0 ; i < (1U << m) - 1 ; ++i) {
-        exp[i] = elt;
-        log[elt] = i;
-
-        elt *= alpha;
-        if (elt >= 1 << m) {
-            elt ^= gf_poly;
-        }
-    }
-
-    exp[(1 << m) - 1] = 1;
-    exp[1 << m] = 2;
-    exp[(1 << m) + 1] = 4;
-    log[0] = 1 << m; // by convention
-}
-
-
-
-/**
- * Returns the requested power of the primitive element of GF(2^PARAM_M).
- * @returns a^i
- */
-uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_exp(uint16_t i) {
-    return exp[i];
-}
-
-
 
 /**
  * Returns the integer i such that elt = a^i
@@ -68,9 +27,9 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_log(uint16_t elt) {
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
  */
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b) {
-    // mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
-    // mask = 0xffff si ni a ni b n'est nul. sinon mask = 0
-    int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
+    uint16_t mask;
+    mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
     return mask & exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(log[a] + log[b])];
 }
 
@@ -82,7 +41,7 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b) {
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a) {
-    int16_t mask = (log[a] >> PARAM_M) - 1;
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
     return mask & exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(2 * log[a])];
 }
 
@@ -94,7 +53,8 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a) {
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_inverse(uint16_t a) {
-    return exp[PARAM_GF_MUL_ORDER - log[a]];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
 }
 
 
@@ -110,7 +70,7 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mod(uint16_t i) {
     uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
-    uint16_t mask = ~(tmp >> 15) + 1;
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }
diff --git a/crypto_kem/hqc-rmrs-128/clean/gf.h b/crypto_kem/hqc-rmrs-128/clean/gf.h
index 9082d688..0eb0a6d7 100644
--- a/crypto_kem/hqc-rmrs-128/clean/gf.h
+++ b/crypto_kem/hqc-rmrs-128/clean/gf.h
@@ -29,13 +29,8 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
 static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-void PQCLEAN_HQCRMRS128_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m);
-
-
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_log(uint16_t elt);
 
-uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_exp(uint16_t i);
-
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a);
diff --git a/crypto_kem/hqc-rmrs-192/avx2/gf.c b/crypto_kem/hqc-rmrs-192/avx2/gf.c
index 1d6920ef..2d74a30d 100644
--- a/crypto_kem/hqc-rmrs-192/avx2/gf.c
+++ b/crypto_kem/hqc-rmrs-192/avx2/gf.c
@@ -125,10 +125,10 @@ uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_inverse(uint16_t a) {
  * @param[in] i The integer whose modulo is taken
  */
 uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_mod(uint16_t i) {
-    uint16_t tmp = i - PARAM_GF_MUL_ORDER;
+    uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if (i < GF_MUL_ORDER)
-    int16_t mask = -(tmp >> 15);
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }
diff --git a/crypto_kem/hqc-rmrs-192/clean/gf.c b/crypto_kem/hqc-rmrs-192/clean/gf.c
index 9245800b..58e4b35d 100644
--- a/crypto_kem/hqc-rmrs-192/clean/gf.c
+++ b/crypto_kem/hqc-rmrs-192/clean/gf.c
@@ -8,47 +8,6 @@
 
 
 
-/**
- * Generates exp and log lookup tables of GF(2^m).
- * The logarithm of 0 is defined as 2^PARAM_M by convention. <br>
- * The last two elements of the exp table are needed by the PQCLEAN_HQCRMRS192_CLEAN_gf_mul function.
- * (for example if both elements to multiply are zero).
- * @param[out] exp Array of size 2^PARAM_M + 2 receiving the powers of the primitive element
- * @param[out] log Array of size 2^PARAM_M receiving the logarithms of the elements of GF(2^m)
- * @param[in] m Parameter of Galois field GF(2^m)
- */
-void PQCLEAN_HQCRMRS192_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m) {
-    uint16_t elt = 1;
-    uint16_t alpha = 2; // primitive element of GF(2^PARAM_M)
-    uint16_t gf_poly = PARAM_GF_POLY;
-
-    for (size_t i = 0 ; i < (1U << m) - 1 ; ++i) {
-        exp[i] = elt;
-        log[elt] = i;
-
-        elt *= alpha;
-        if (elt >= 1 << m) {
-            elt ^= gf_poly;
-        }
-    }
-
-    exp[(1 << m) - 1] = 1;
-    exp[1 << m] = 2;
-    exp[(1 << m) + 1] = 4;
-    log[0] = 1 << m; // by convention
-}
-
-
-
-/**
- * Returns the requested power of the primitive element of GF(2^PARAM_M).
- * @returns a^i
- */
-uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_exp(uint16_t i) {
-    return exp[i];
-}
-
-
 
 /**
  * Returns the integer i such that elt = a^i
@@ -68,9 +27,9 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_log(uint16_t elt) {
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
  */
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b) {
-    // mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
-    // mask = 0xffff si ni a ni b n'est nul. sinon mask = 0
-    int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
+    uint16_t mask;
+    mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
     return mask & exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(log[a] + log[b])];
 }
 
@@ -82,7 +41,7 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b) {
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a) {
-    int16_t mask = (log[a] >> PARAM_M) - 1;
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
     return mask & exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(2 * log[a])];
 }
 
@@ -94,7 +53,8 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a) {
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_inverse(uint16_t a) {
-    return exp[PARAM_GF_MUL_ORDER - log[a]];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
 }
 
 
@@ -110,7 +70,7 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mod(uint16_t i) {
     uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
-    uint16_t mask = ~(tmp >> 15) + 1;
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }
diff --git a/crypto_kem/hqc-rmrs-192/clean/gf.h b/crypto_kem/hqc-rmrs-192/clean/gf.h
index e93a4145..9adc5ba5 100644
--- a/crypto_kem/hqc-rmrs-192/clean/gf.h
+++ b/crypto_kem/hqc-rmrs-192/clean/gf.h
@@ -29,13 +29,8 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
 static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-void PQCLEAN_HQCRMRS192_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m);
-
-
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_log(uint16_t elt);
 
-uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_exp(uint16_t i);
-
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a);
diff --git a/crypto_kem/hqc-rmrs-256/avx2/gf.c b/crypto_kem/hqc-rmrs-256/avx2/gf.c
index ac333cac..40bb9da7 100644
--- a/crypto_kem/hqc-rmrs-256/avx2/gf.c
+++ b/crypto_kem/hqc-rmrs-256/avx2/gf.c
@@ -125,10 +125,10 @@ uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_inverse(uint16_t a) {
  * @param[in] i The integer whose modulo is taken
  */
 uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_mod(uint16_t i) {
-    uint16_t tmp = i - PARAM_GF_MUL_ORDER;
+    uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if (i < GF_MUL_ORDER)
-    int16_t mask = -(tmp >> 15);
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }
diff --git a/crypto_kem/hqc-rmrs-256/clean/gf.c b/crypto_kem/hqc-rmrs-256/clean/gf.c
index 06f47f6d..9c835a5c 100644
--- a/crypto_kem/hqc-rmrs-256/clean/gf.c
+++ b/crypto_kem/hqc-rmrs-256/clean/gf.c
@@ -8,47 +8,6 @@
 
 
 
-/**
- * Generates exp and log lookup tables of GF(2^m).
- * The logarithm of 0 is defined as 2^PARAM_M by convention. <br>
- * The last two elements of the exp table are needed by the PQCLEAN_HQCRMRS256_CLEAN_gf_mul function.
- * (for example if both elements to multiply are zero).
- * @param[out] exp Array of size 2^PARAM_M + 2 receiving the powers of the primitive element
- * @param[out] log Array of size 2^PARAM_M receiving the logarithms of the elements of GF(2^m)
- * @param[in] m Parameter of Galois field GF(2^m)
- */
-void PQCLEAN_HQCRMRS256_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m) {
-    uint16_t elt = 1;
-    uint16_t alpha = 2; // primitive element of GF(2^PARAM_M)
-    uint16_t gf_poly = PARAM_GF_POLY;
-
-    for (size_t i = 0 ; i < (1U << m) - 1 ; ++i) {
-        exp[i] = elt;
-        log[elt] = i;
-
-        elt *= alpha;
-        if (elt >= 1 << m) {
-            elt ^= gf_poly;
-        }
-    }
-
-    exp[(1 << m) - 1] = 1;
-    exp[1 << m] = 2;
-    exp[(1 << m) + 1] = 4;
-    log[0] = 1 << m; // by convention
-}
-
-
-
-/**
- * Returns the requested power of the primitive element of GF(2^PARAM_M).
- * @returns a^i
- */
-uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_exp(uint16_t i) {
-    return exp[i];
-}
-
-
 
 /**
  * Returns the integer i such that elt = a^i
@@ -68,9 +27,9 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_log(uint16_t elt) {
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
  */
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b) {
-    // mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
-    // mask = 0xffff si ni a ni b n'est nul. sinon mask = 0
-    int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
+    uint16_t mask;
+    mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
     return mask & exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(log[a] + log[b])];
 }
 
@@ -82,7 +41,7 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b) {
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a) {
-    int16_t mask = (log[a] >> PARAM_M) - 1;
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
     return mask & exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(2 * log[a])];
 }
 
@@ -94,7 +53,8 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a) {
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_inverse(uint16_t a) {
-    return exp[PARAM_GF_MUL_ORDER - log[a]];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
 }
 
 
@@ -110,7 +70,7 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mod(uint16_t i) {
     uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
-    uint16_t mask = ~(tmp >> 15) + 1;
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }
diff --git a/crypto_kem/hqc-rmrs-256/clean/gf.h b/crypto_kem/hqc-rmrs-256/clean/gf.h
index fafe89b4..03d4bdd2 100644
--- a/crypto_kem/hqc-rmrs-256/clean/gf.h
+++ b/crypto_kem/hqc-rmrs-256/clean/gf.h
@@ -29,13 +29,8 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
 static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-void PQCLEAN_HQCRMRS256_CLEAN_gf_generate(uint16_t *exp, uint16_t *log, int16_t m);
-
-
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_log(uint16_t elt);
 
-uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_exp(uint16_t i);
-
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a);