diff --git a/src/kem/kyber/kyber768/clean/reduce.c b/src/kem/kyber/common/reduce.c similarity index 66% rename from src/kem/kyber/kyber768/clean/reduce.c rename to src/kem/kyber/common/reduce.c index 0fc06411..1a1c5a43 100644 --- a/src/kem/kyber/kyber768/clean/reduce.c +++ b/src/kem/kyber/common/reduce.c @@ -3,7 +3,7 @@ #include /************************************************* -* Name: PQCLEAN_KYBER768_CLEAN_montgomery_reduce +* Name: kyber_montgomery_reduce * * Description: Montgomery reduction; given a 32-bit integer a, computes * 16-bit integer congruent to a * R^-1 mod q, where R=2^16 @@ -13,7 +13,7 @@ * * Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q. **************************************************/ -int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) { +int16_t kyber_montgomery_reduce(int32_t a) { int32_t t; int16_t u; @@ -25,20 +25,19 @@ int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) { } /************************************************* -* Name: PQCLEAN_KYBER768_CLEAN_barrett_reduce +* Name: kyber_barrett_reduce * * Description: Barrett reduction; given a 16-bit integer a, computes -* centered representative congruent to a mod q in {-(q-1)/2,...,(q-1)/2} +* centered representative congruent to a mod q in {0,q} * * Arguments: - int16_t a: input integer to be reduced * -* Returns: integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q. +* Returns: integer in {0,q} congruent to a modulo q. **************************************************/ -int16_t PQCLEAN_KYBER768_CLEAN_barrett_reduce(int16_t a) { - int16_t t; - const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q; - - t = ((int32_t)v * a + (1 << 25)) >> 26; - t *= KYBER_Q; - return a - t; +int16_t kyber_barrett_reduce(int16_t a) { + static const int32_t v = 20159; + int32_t t; + t = v*a; + t >>= 26; + return a - ((int16_t)t)*KYBER_Q; } diff --git a/src/kem/kyber/kyber1024/clean/CMakeLists.txt b/src/kem/kyber/kyber1024/clean/CMakeLists.txt index 16176d48..4c2651f9 100644 --- a/src/kem/kyber/kyber1024/clean/CMakeLists.txt +++ b/src/kem/kyber/kyber1024/clean/CMakeLists.txt @@ -6,7 +6,7 @@ set( ntt.c poly.c polyvec.c - reduce.c + ../../common/reduce.c symmetric-shake.c verify.c ) diff --git a/src/kem/kyber/kyber1024/clean/ntt.c b/src/kem/kyber/kyber1024/clean/ntt.c index 7f7577c4..5717c9dd 100644 --- a/src/kem/kyber/kyber1024/clean/ntt.c +++ b/src/kem/kyber/kyber1024/clean/ntt.c @@ -1,6 +1,6 @@ #include "ntt.h" #include "params.h" -#include "reduce.h" +#include "../../common/reduce.h" #include /* Code to generate PQCLEAN_KYBER1024_CLEAN_zetas and zetas_inv used in the number-theoretic transform: diff --git a/src/kem/kyber/kyber1024/clean/poly.c b/src/kem/kyber/kyber1024/clean/poly.c index c5414f25..9d4cd4fa 100644 --- a/src/kem/kyber/kyber1024/clean/poly.c +++ b/src/kem/kyber/kyber1024/clean/poly.c @@ -2,7 +2,7 @@ #include "ntt.h" #include "params.h" #include "poly.h" -#include "reduce.h" +#include "../../common/reduce.h" #include "symmetric.h" #include diff --git a/src/kem/kyber/kyber1024/clean/reduce.c b/src/kem/kyber/kyber1024/clean/reduce.c deleted file mode 100644 index 6ddb6a52..00000000 --- a/src/kem/kyber/kyber1024/clean/reduce.c +++ /dev/null @@ -1,44 +0,0 @@ -#include "params.h" -#include "reduce.h" -#include - -/************************************************* -* Name: PQCLEAN_KYBER1024_CLEAN_montgomery_reduce -* -* Description: Montgomery reduction; given a 32-bit integer a, computes -* 16-bit integer congruent to a * R^-1 mod q, where R=2^16 -* -* Arguments: - int32_t a: input integer to be reduced; -* has to be in {-q2^15,...,q2^15-1} -* -* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q. -**************************************************/ -int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a) { - int32_t t; - int16_t u; - - u = (int16_t)(a * (int64_t)QINV); - t = (int32_t)u * KYBER_Q; - t = a - t; - t >>= 16; - return (int16_t)t; -} - -/************************************************* -* Name: PQCLEAN_KYBER1024_CLEAN_barrett_reduce -* -* Description: Barrett reduction; given a 16-bit integer a, computes -* centered representative congruent to a mod q in {-(q-1)/2,...,(q-1)/2} -* -* Arguments: - int16_t a: input integer to be reduced -* -* Returns: integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q. -**************************************************/ -int16_t PQCLEAN_KYBER1024_CLEAN_barrett_reduce(int16_t a) { - int16_t t; - const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q; - - t = ((int32_t)v * a + (1 << 25)) >> 26; - t *= KYBER_Q; - return a - t; -} diff --git a/src/kem/kyber/kyber1024/clean/reduce.h b/src/kem/kyber/kyber1024/clean/reduce.h deleted file mode 100644 index 34e86031..00000000 --- a/src/kem/kyber/kyber1024/clean/reduce.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef PQCLEAN_KYBER1024_CLEAN_REDUCE_H -#define PQCLEAN_KYBER1024_CLEAN_REDUCE_H -#include "params.h" -#include - -#define MONT 2285 // 2^16 mod q -#define QINV 62209 // q^-1 mod 2^16 - -int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a); - -int16_t PQCLEAN_KYBER1024_CLEAN_barrett_reduce(int16_t a); - -#endif diff --git a/src/kem/kyber/kyber512/clean/CMakeLists.txt b/src/kem/kyber/kyber512/clean/CMakeLists.txt index fa8f793e..045989d2 100644 --- a/src/kem/kyber/kyber512/clean/CMakeLists.txt +++ b/src/kem/kyber/kyber512/clean/CMakeLists.txt @@ -6,7 +6,6 @@ set( ntt.c poly.c polyvec.c - reduce.c symmetric-shake.c verify.c ) diff --git a/src/kem/kyber/kyber512/clean/ntt.c b/src/kem/kyber/kyber512/clean/ntt.c index e284a8c5..53df70f2 100644 --- a/src/kem/kyber/kyber512/clean/ntt.c +++ b/src/kem/kyber/kyber512/clean/ntt.c @@ -1,6 +1,6 @@ #include "ntt.h" #include "params.h" -#include "reduce.h" +#include "../../common/reduce.h" #include /* Code to generate PQCLEAN_KYBER512_CLEAN_zetas and zetas_inv used in the number-theoretic transform: diff --git a/src/kem/kyber/kyber512/clean/poly.c b/src/kem/kyber/kyber512/clean/poly.c index f10afd7d..d5e86f52 100644 --- a/src/kem/kyber/kyber512/clean/poly.c +++ b/src/kem/kyber/kyber512/clean/poly.c @@ -2,7 +2,7 @@ #include "ntt.h" #include "params.h" #include "poly.h" -#include "reduce.h" +#include "../../common/reduce.h" #include "symmetric.h" #include diff --git a/src/kem/kyber/kyber512/clean/reduce.c b/src/kem/kyber/kyber512/clean/reduce.c deleted file mode 100644 index 917e7681..00000000 --- a/src/kem/kyber/kyber512/clean/reduce.c +++ /dev/null @@ -1,44 +0,0 @@ -#include "params.h" -#include "reduce.h" -#include - -/************************************************* -* Name: PQCLEAN_KYBER512_CLEAN_montgomery_reduce -* -* Description: Montgomery reduction; given a 32-bit integer a, computes -* 16-bit integer congruent to a * R^-1 mod q, where R=2^16 -* -* Arguments: - int32_t a: input integer to be reduced; -* has to be in {-q2^15,...,q2^15-1} -* -* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q. -**************************************************/ -int16_t PQCLEAN_KYBER512_CLEAN_montgomery_reduce(int32_t a) { - int32_t t; - int16_t u; - - u = (int16_t)(a * (int64_t)QINV); - t = (int32_t)u * KYBER_Q; - t = a - t; - t >>= 16; - return (int16_t)t; -} - -/************************************************* -* Name: PQCLEAN_KYBER512_CLEAN_barrett_reduce -* -* Description: Barrett reduction; given a 16-bit integer a, computes -* centered representative congruent to a mod q in {-(q-1)/2,...,(q-1)/2} -* -* Arguments: - int16_t a: input integer to be reduced -* -* Returns: integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q. -**************************************************/ -int16_t PQCLEAN_KYBER512_CLEAN_barrett_reduce(int16_t a) { - int16_t t; - const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q; - - t = ((int32_t)v * a + (1 << 25)) >> 26; - t *= KYBER_Q; - return a - t; -} diff --git a/src/kem/kyber/kyber512/clean/reduce.h b/src/kem/kyber/kyber512/clean/reduce.h deleted file mode 100644 index c0668071..00000000 --- a/src/kem/kyber/kyber512/clean/reduce.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef PQCLEAN_KYBER512_CLEAN_REDUCE_H -#define PQCLEAN_KYBER512_CLEAN_REDUCE_H -#include "params.h" -#include - -#define MONT 2285 // 2^16 mod q -#define QINV 62209 // q^-1 mod 2^16 - -int16_t PQCLEAN_KYBER512_CLEAN_montgomery_reduce(int32_t a); - -int16_t PQCLEAN_KYBER512_CLEAN_barrett_reduce(int16_t a); - -#endif diff --git a/src/kem/kyber/kyber768/clean/CMakeLists.txt b/src/kem/kyber/kyber768/clean/CMakeLists.txt index cf027990..e2adabd6 100644 --- a/src/kem/kyber/kyber768/clean/CMakeLists.txt +++ b/src/kem/kyber/kyber768/clean/CMakeLists.txt @@ -6,7 +6,6 @@ set( ntt.c poly.c polyvec.c - reduce.c symmetric-shake.c verify.c ) diff --git a/src/kem/kyber/kyber768/clean/ntt.c b/src/kem/kyber/kyber768/clean/ntt.c index 893ee3c7..e5bf8b61 100644 --- a/src/kem/kyber/kyber768/clean/ntt.c +++ b/src/kem/kyber/kyber768/clean/ntt.c @@ -1,6 +1,6 @@ #include "ntt.h" #include "params.h" -#include "reduce.h" +#include "../../common/reduce.h" #include /* Code to generate PQCLEAN_KYBER768_CLEAN_zetas and zetas_inv used in the number-theoretic transform: diff --git a/src/kem/kyber/kyber768/clean/poly.c b/src/kem/kyber/kyber768/clean/poly.c index 477e462e..1f74705d 100644 --- a/src/kem/kyber/kyber768/clean/poly.c +++ b/src/kem/kyber/kyber768/clean/poly.c @@ -2,7 +2,7 @@ #include "ntt.h" #include "params.h" #include "poly.h" -#include "reduce.h" +#include "../../common/reduce.h" #include "symmetric.h" #include diff --git a/src/kem/kyber/kyber768/clean/reduce.h b/src/kem/kyber/kyber768/clean/reduce.h deleted file mode 100644 index 36d258bd..00000000 --- a/src/kem/kyber/kyber768/clean/reduce.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef PQCLEAN_KYBER768_CLEAN_REDUCE_H -#define PQCLEAN_KYBER768_CLEAN_REDUCE_H -#include "params.h" -#include - -#define MONT 2285 // 2^16 mod q -#define QINV 62209 // q^-1 mod 2^16 - -int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a); - -int16_t PQCLEAN_KYBER768_CLEAN_barrett_reduce(int16_t a); - -#endif