1
1
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-30 03:11:43 +00:00
pqcrypto/crypto_kem/ledakemlt32/leaktime/bf_decoding.c

80 lines
3.4 KiB
C
Raw Normal View History

#include "bf_decoding.h"
#include "gf2x_arith_mod_xPplusOne.h"
2019-05-24 17:38:54 +01:00
#include <string.h>
2019-06-16 16:01:29 +01:00
int PQCLEAN_LEDAKEMLT32_LEAKTIME_bf_decoding(DIGIT err[],
2019-05-24 17:38:54 +01:00
const POSITION_T HtrPosOnes[N0][DV],
const POSITION_T QtrPosOnes[N0][M],
DIGIT privateSyndrome[],
2019-08-24 14:48:38 +01:00
uint8_t secondIterThreshold) {
2019-08-24 14:48:38 +01:00
DIGIT currSyndrome[NUM_DIGITS_GF2X_ELEMENT];
uint8_t unsatParityChecks[N0 * P];
POSITION_T currQBlkPos[M], currQBitPos[M];
2019-08-24 14:48:38 +01:00
POSITION_T syndromePosToFlip, tmp;
uint32_t correlation, corrt_syndrome_based;
2019-08-24 14:48:38 +01:00
size_t currQoneIdx, endQblockIdx, currblockoffset;
int check;
int iteration = 0;
do {
2019-06-16 16:01:29 +01:00
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_copy(currSyndrome, privateSyndrome);
memset(unsatParityChecks, 0x00, N0 * P * sizeof(uint8_t));
2019-08-24 14:48:38 +01:00
for (size_t i = 0; i < N0; i++) {
for (POSITION_T valueIdx = 0; valueIdx < P; valueIdx++) {
2019-08-24 14:48:38 +01:00
for (size_t HtrOneIdx = 0; HtrOneIdx < DV; HtrOneIdx++) {
tmp = (HtrPosOnes[i][HtrOneIdx] + valueIdx) >= P ?
(HtrPosOnes[i][HtrOneIdx] + valueIdx) - P :
(HtrPosOnes[i][HtrOneIdx] + valueIdx);
2019-06-16 16:01:29 +01:00
if (PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_get_coeff(currSyndrome, tmp)) {
unsatParityChecks[i * P + valueIdx]++;
}
}
}
}
/* iteration based threshold determination*/
2019-08-24 14:48:38 +01:00
corrt_syndrome_based = iteration * secondIterThreshold + (1 - iteration) * B0;
2019-08-24 14:48:38 +01:00
// Computation of correlation with a full Q matrix
for (size_t i = 0; i < N0; i++) {
for (POSITION_T j = 0; j < P; j++) {
2019-08-24 14:48:38 +01:00
currQoneIdx = endQblockIdx = 0;
correlation = 0;
2019-08-24 14:48:38 +01:00
for (size_t blockIdx = 0; blockIdx < N0; blockIdx++) {
endQblockIdx += qBlockWeights[blockIdx][i];
2019-08-24 14:48:38 +01:00
currblockoffset = blockIdx * P;
for (; currQoneIdx < endQblockIdx; currQoneIdx++) {
2019-08-24 14:48:38 +01:00
tmp = QtrPosOnes[i][currQoneIdx] + j;
tmp = tmp >= P ? tmp - P : tmp;
currQBitPos[currQoneIdx] = tmp;
currQBlkPos[currQoneIdx] = (POSITION_T)blockIdx;
correlation += unsatParityChecks[tmp + currblockoffset];
}
}
2019-08-24 14:48:38 +01:00
/* Correlation based flipping */
if (correlation >= corrt_syndrome_based) {
2019-06-16 16:01:29 +01:00
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_toggle_coeff(err + NUM_DIGITS_GF2X_ELEMENT * i, j);
2019-08-24 14:48:38 +01:00
for (size_t v = 0; v < M; v++) {
for (size_t HtrOneIdx = 0; HtrOneIdx < DV; HtrOneIdx++) {
syndromePosToFlip = (HtrPosOnes[currQBlkPos[v]][HtrOneIdx] + currQBitPos[v]);
syndromePosToFlip = syndromePosToFlip >= P ? syndromePosToFlip - P : syndromePosToFlip;
2019-06-16 16:01:29 +01:00
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_toggle_coeff(privateSyndrome, syndromePosToFlip);
}
} // end for v
} // end if
} // end for j
} // end for i
iteration = iteration + 1;
check = 0;
while (check < NUM_DIGITS_GF2X_ELEMENT && privateSyndrome[check++] == 0) {};
} while (iteration < ITERATIONS_MAX && check < NUM_DIGITS_GF2X_ELEMENT);
return (check == NUM_DIGITS_GF2X_ELEMENT);
2019-05-24 17:38:54 +01:00
}