1
1
mirror of https://github.com/henrydcase/pqc.git synced 2024-11-22 23:48:58 +00:00

fix clang-tidy warnings, replace variable-time schoolbook multiplications

This commit is contained in:
Leon Botros 2019-08-22 12:59:04 +02:00
parent b084f55ff6
commit 1fc2f51f82
12 changed files with 184 additions and 191 deletions

View File

@ -10,9 +10,9 @@
int PQCLEAN_LEDAKEMLT12_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) { int PQCLEAN_LEDAKEMLT12_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */ POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
int gamma[N0][N0][P] = {{{0}}}; unsigned int gamma[N0][N0][P] = {{{0}}};
int maxMut[N0], maxMutMinusOne[N0]; unsigned int maxMut[N0], maxMutMinusOne[N0];
int allBlockMaxSumst, allBlockMaxSumstMinusOne; unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gammaHist[N0][DV * M + 1] = {{0}}; unsigned int gammaHist[N0][DV * M + 1] = {{0}};
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {

View File

@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
unsigned int j; unsigned int j;
DIGIT mask; DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1; mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0 ; j--) { for (j = length - 1; j > 0; j--) {
in[j] >>= amount; in[j] >>= amount;
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount); in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
} }
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
int j; int j;
DIGIT mask; DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1); mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1 ; j++) { for (j = 0 ; j < length - 1; j++) {
in[j] <<= amount; in[j] <<= amount;
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount); in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
} }
in[j] <<= amount; in[j] <<= amount;
} }
static void gf2x_mul_comb(int nr, DIGIT Res[],
int na, const DIGIT A[],
int nb, const DIGIT B[]) {
int i, j, k; static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
DIGIT u, h; DIGIT tmp;
memset(Res, 0x00, nr * sizeof(DIGIT)); R[0] = 0;
R[1] = (A & 1) * B;
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
tmp = ((A >> i) & 1) * B;
R[1] ^= tmp << i;
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
}
}
for (k = DIGIT_SIZE_b - 1; k > 0; k--) { static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
for (i = na - 1; i >= 0; i--) { DIGIT tmp[2];
if ( A[i] & (((DIGIT)0x1) << k) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
}
u = Res[na + nb - 1]; memset(R, 0x00, 2 * n * sizeof(DIGIT));
Res[na + nb - 1] = u << 0x1; for (size_t i = 0; i < n; i++) {
for (j = 1; j < na + nb; ++j) { for (size_t j = 0; j < n; j++) {
h = u >> (DIGIT_SIZE_b - 1); gf2x_mul1(tmp, A[i], B[j]);
u = Res[na + nb - 1 - j]; R[i + j] ^= tmp[0];
Res[na + nb - 1 - j] = h ^ (u << 0x1); R[i + j + 1] ^= tmp[1];
}
}
for (i = na - 1; i >= 0; i--) {
if ( A[i] & ((DIGIT)0x1) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
} }
} }
} }
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
* first operand must be the bigger one. * first operand must be the bigger one.
* aligns last array elements */ * aligns last array elements */
static inline void gf2x_add_asymm(DIGIT *R, static inline void gf2x_add_asymm(DIGIT *R,
int na, const DIGIT *A, size_t na, const DIGIT *A,
int nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
gf2x_cpy(R, A, delta); gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);; PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
/* aligns first array elements */ /* aligns first array elements */
static inline void gf2x_add_asymm2(DIGIT *R, static inline void gf2x_add_asymm2(DIGIT *R,
int na, const DIGIT *A, size_t na, const DIGIT *A,
int nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R, A, B, nb); PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta); gf2x_cpy(R + nb, A + nb, delta);
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
DIGIT *stack) { DIGIT *stack) {
if (n < MIN_KAR_DIGITS) { if (n < MIN_KAR_DIGITS) {
gf2x_mul_comb(2 * n, R, n, A, n, B); gf2x_mul_n(R, A, B, n);
return; return;
} }

View File

@ -294,15 +294,17 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
} }
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[], size_t sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) { size_t sizeB, const POSITION_T B[]) {
POSITION_T prod;
/* compute all the coefficients, filling invalid positions with P*/ /* compute all the coefficients, filling invalid positions with P*/
int lastFilledPos = 0; size_t lastFilledPos = 0;
for (int i = 0 ; i < sizeA ; i++) { for (size_t i = 0 ; i < sizeA ; i++) {
for (int j = 0 ; j < sizeB ; j++) { for (size_t j = 0 ; j < sizeB ; j++) {
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]); prod = A[i] + B[j];
prod = ( (prod >= P) ? prod - P : prod); prod = ( (prod >= P) ? prod - P : prod);
if ((A[i] != INVALID_POS_VALUE) && if ((A[i] != INVALID_POS_VALUE) &&
(B[j] != INVALID_POS_VALUE)) { (B[j] != INVALID_POS_VALUE)) {
@ -320,9 +322,9 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
PQCLEAN_LEDAKEMLT12_LEAKTIME_uint32_sort(Res, sizeR); PQCLEAN_LEDAKEMLT12_LEAKTIME_uint32_sort(Res, sizeR);
/* eliminate duplicates */ /* eliminate duplicates */
POSITION_T lastReadPos = Res[0]; POSITION_T lastReadPos = Res[0];
int duplicateCount; size_t duplicateCount;
int write_idx = 0; size_t write_idx = 0;
int read_idx = 0; size_t read_idx = 0;
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) { while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
lastReadPos = Res[read_idx]; lastReadPos = Res[read_idx];
read_idx++; read_idx++;
@ -446,16 +448,15 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0; size_t polyIndex, duplicated, counter = 0;
int p, polyIndex, exponent; POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) { for (size_t j = 0; j < counter; j++) {
if (rndPos[j] == p) { if (rndPos[j] == p) {
duplicated = 1; duplicated = 1;
} }
@ -465,7 +466,7 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
counter++; counter++;
} }
} }
for (int j = 0; j < counter; j++) { for (size_t j = 0; j < counter; j++) {
polyIndex = rndPos[j] / P; polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P; exponent = rndPos[j] % P;
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
@ -478,14 +479,17 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int duplicated, counter = 0; int duplicated;
size_t counter = 0;
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx); POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) if (errorPos[j] == p) { for (size_t j = 0; j < counter; j++) {
if (errorPos[j] == p) {
duplicated = 1; duplicated = 1;
} }
}
if (duplicated == 0) { if (duplicated == 0) {
errorPos[counter] = p; errorPos[counter] = p;
counter++; counter++;
@ -494,13 +498,15 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
} }
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
POSITION_T errorPos[NUM_ERRORS_T]) { const POSITION_T errorPos[NUM_ERRORS_T]) {
size_t polyIndex;
POSITION_T exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (int j = 0; j < NUM_ERRORS_T; j++) { for (int j = 0; j < NUM_ERRORS_T; j++) {
int polyIndex = errorPos[j] / P; polyIndex = errorPos[j] / P;
int exponent = errorPos[j] % P; exponent = errorPos[j] % P;
PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1)); ( (DIGIT) 1));
} }

View File

@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT12_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]); void PQCLEAN_LEDAKEMLT12_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
int PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]); int PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes); void PQCLEAN_LEDAKEMLT12_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);

View File

@ -10,9 +10,9 @@
int PQCLEAN_LEDAKEMLT32_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) { int PQCLEAN_LEDAKEMLT32_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */ POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
int gamma[N0][N0][P] = {{{0}}}; unsigned int gamma[N0][N0][P] = {{{0}}};
int maxMut[N0], maxMutMinusOne[N0]; unsigned int maxMut[N0], maxMutMinusOne[N0];
int allBlockMaxSumst, allBlockMaxSumstMinusOne; unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gammaHist[N0][DV * M + 1] = {{0}}; unsigned int gammaHist[N0][DV * M + 1] = {{0}};
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {

View File

@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
unsigned int j; unsigned int j;
DIGIT mask; DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1; mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0 ; j--) { for (j = length - 1; j > 0; j--) {
in[j] >>= amount; in[j] >>= amount;
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount); in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
} }
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
int j; int j;
DIGIT mask; DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1); mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1 ; j++) { for (j = 0 ; j < length - 1; j++) {
in[j] <<= amount; in[j] <<= amount;
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount); in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
} }
in[j] <<= amount; in[j] <<= amount;
} }
static void gf2x_mul_comb(int nr, DIGIT Res[],
int na, const DIGIT A[],
int nb, const DIGIT B[]) {
int i, j, k; static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
DIGIT u, h; DIGIT tmp;
memset(Res, 0x00, nr * sizeof(DIGIT)); R[0] = 0;
R[1] = (A & 1) * B;
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
tmp = ((A >> i) & 1) * B;
R[1] ^= tmp << i;
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
}
}
for (k = DIGIT_SIZE_b - 1; k > 0; k--) { static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
for (i = na - 1; i >= 0; i--) { DIGIT tmp[2];
if ( A[i] & (((DIGIT)0x1) << k) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
}
u = Res[na + nb - 1]; memset(R, 0x00, 2 * n * sizeof(DIGIT));
Res[na + nb - 1] = u << 0x1; for (size_t i = 0; i < n; i++) {
for (j = 1; j < na + nb; ++j) { for (size_t j = 0; j < n; j++) {
h = u >> (DIGIT_SIZE_b - 1); gf2x_mul1(tmp, A[i], B[j]);
u = Res[na + nb - 1 - j]; R[i + j] ^= tmp[0];
Res[na + nb - 1 - j] = h ^ (u << 0x1); R[i + j + 1] ^= tmp[1];
}
}
for (i = na - 1; i >= 0; i--) {
if ( A[i] & ((DIGIT)0x1) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
} }
} }
} }
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
* first operand must be the bigger one. * first operand must be the bigger one.
* aligns last array elements */ * aligns last array elements */
static inline void gf2x_add_asymm(DIGIT *R, static inline void gf2x_add_asymm(DIGIT *R,
int na, const DIGIT *A, size_t na, const DIGIT *A,
int nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
gf2x_cpy(R, A, delta); gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);; PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
/* aligns first array elements */ /* aligns first array elements */
static inline void gf2x_add_asymm2(DIGIT *R, static inline void gf2x_add_asymm2(DIGIT *R,
int na, const DIGIT *A, size_t na, const DIGIT *A,
int nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R, A, B, nb); PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta); gf2x_cpy(R + nb, A + nb, delta);
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
DIGIT *stack) { DIGIT *stack) {
if (n < MIN_KAR_DIGITS) { if (n < MIN_KAR_DIGITS) {
gf2x_mul_comb(2 * n, R, n, A, n, B); gf2x_mul_n(R, A, B, n);
return; return;
} }

View File

@ -84,6 +84,7 @@ static void right_bit_shift(unsigned int length, DIGIT in[]) {
in[j] >>= 1; in[j] >>= 1;
} }
/* shifts by whole digits */ /* shifts by whole digits */
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) { static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
unsigned int j; unsigned int j;
@ -291,15 +292,17 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
} }
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[], size_t sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) { size_t sizeB, const POSITION_T B[]) {
POSITION_T prod;
/* compute all the coefficients, filling invalid positions with P*/ /* compute all the coefficients, filling invalid positions with P*/
int lastFilledPos = 0; size_t lastFilledPos = 0;
for (int i = 0 ; i < sizeA ; i++) { for (size_t i = 0 ; i < sizeA ; i++) {
for (int j = 0 ; j < sizeB ; j++) { for (size_t j = 0 ; j < sizeB ; j++) {
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]); prod = A[i] + B[j];
prod = ( (prod >= P) ? prod - P : prod); prod = ( (prod >= P) ? prod - P : prod);
if ((A[i] != INVALID_POS_VALUE) && if ((A[i] != INVALID_POS_VALUE) &&
(B[j] != INVALID_POS_VALUE)) { (B[j] != INVALID_POS_VALUE)) {
@ -317,9 +320,9 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
PQCLEAN_LEDAKEMLT32_LEAKTIME_uint32_sort(Res, sizeR); PQCLEAN_LEDAKEMLT32_LEAKTIME_uint32_sort(Res, sizeR);
/* eliminate duplicates */ /* eliminate duplicates */
POSITION_T lastReadPos = Res[0]; POSITION_T lastReadPos = Res[0];
int duplicateCount; size_t duplicateCount;
int write_idx = 0; size_t write_idx = 0;
int read_idx = 0; size_t read_idx = 0;
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) { while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
lastReadPos = Res[read_idx]; lastReadPos = Res[read_idx];
read_idx++; read_idx++;
@ -443,16 +446,15 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0; size_t polyIndex, duplicated, counter = 0;
int p, polyIndex, exponent; POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) { for (size_t j = 0; j < counter; j++) {
if (rndPos[j] == p) { if (rndPos[j] == p) {
duplicated = 1; duplicated = 1;
} }
@ -462,7 +464,7 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
counter++; counter++;
} }
} }
for (int j = 0; j < counter; j++) { for (size_t j = 0; j < counter; j++) {
polyIndex = rndPos[j] / P; polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P; exponent = rndPos[j] % P;
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
@ -475,14 +477,17 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int duplicated, counter = 0; int duplicated;
size_t counter = 0;
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx); POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) if (errorPos[j] == p) { for (size_t j = 0; j < counter; j++) {
if (errorPos[j] == p) {
duplicated = 1; duplicated = 1;
} }
}
if (duplicated == 0) { if (duplicated == 0) {
errorPos[counter] = p; errorPos[counter] = p;
counter++; counter++;
@ -491,13 +496,15 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
} }
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
POSITION_T errorPos[NUM_ERRORS_T]) { const POSITION_T errorPos[NUM_ERRORS_T]) {
size_t polyIndex;
POSITION_T exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (int j = 0; j < NUM_ERRORS_T; j++) { for (int j = 0; j < NUM_ERRORS_T; j++) {
int polyIndex = errorPos[j] / P; polyIndex = errorPos[j] / P;
int exponent = errorPos[j] % P; exponent = errorPos[j] % P;
PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1)); ( (DIGIT) 1));
} }

View File

@ -6,7 +6,7 @@
#include "gf2x_arith.h" #include "gf2x_arith.h"
#include "rng.h" #include "rng.h"
#define NUM_BITS_GF2X_ELEMENT (P) // 96221 #define NUM_BITS_GF2X_ELEMENT (P)
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b) #define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1) #define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
#define NUM_BITS_GF2X_MODULUS (P+1) #define NUM_BITS_GF2X_MODULUS (P+1)
@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT32_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]); void PQCLEAN_LEDAKEMLT32_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
int PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]); int PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes); void PQCLEAN_LEDAKEMLT32_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);

View File

@ -10,9 +10,9 @@
int PQCLEAN_LEDAKEMLT52_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) { int PQCLEAN_LEDAKEMLT52_LEAKTIME_DFR_test(POSITION_T LSparse[N0][DV * M], uint8_t *secondIterThreshold) {
POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */ POSITION_T LSparse_loc[N0][DV * M]; /* vector of N_0 sparse blocks */
int gamma[N0][N0][P] = {{{0}}}; unsigned int gamma[N0][N0][P] = {{{0}}};
int maxMut[N0], maxMutMinusOne[N0]; unsigned int maxMut[N0], maxMutMinusOne[N0];
int allBlockMaxSumst, allBlockMaxSumstMinusOne; unsigned int allBlockMaxSumst, allBlockMaxSumstMinusOne;
unsigned int gammaHist[N0][DV * M + 1] = {{0}}; unsigned int gammaHist[N0][DV * M + 1] = {{0}};
for (int i = 0; i < N0; i++) { for (int i = 0; i < N0; i++) {

View File

@ -25,7 +25,7 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_right_bit_shift_n(int length, DIGIT in[], unsi
unsigned int j; unsigned int j;
DIGIT mask; DIGIT mask;
mask = ((DIGIT)0x01 << amount) - 1; mask = ((DIGIT)0x01 << amount) - 1;
for (j = length - 1; j > 0 ; j--) { for (j = length - 1; j > 0; j--) {
in[j] >>= amount; in[j] >>= amount;
in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount); in[j] |= (in[j - 1] & mask) << (DIGIT_SIZE_b - amount);
} }
@ -40,44 +40,35 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_left_bit_shift_n(int length, DIGIT in[], unsig
int j; int j;
DIGIT mask; DIGIT mask;
mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1); mask = ~(((DIGIT)0x01 << (DIGIT_SIZE_b - amount)) - 1);
for (j = 0 ; j < length - 1 ; j++) { for (j = 0 ; j < length - 1; j++) {
in[j] <<= amount; in[j] <<= amount;
in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount); in[j] |= (in[j + 1] & mask) >> (DIGIT_SIZE_b - amount);
} }
in[j] <<= amount; in[j] <<= amount;
} }
static void gf2x_mul_comb(int nr, DIGIT Res[],
int na, const DIGIT A[],
int nb, const DIGIT B[]) {
int i, j, k; static void gf2x_mul1(DIGIT *R, const DIGIT A, const DIGIT B) {
DIGIT u, h; DIGIT tmp;
memset(Res, 0x00, nr * sizeof(DIGIT)); R[0] = 0;
R[1] = (A & 1) * B;
for (unsigned i = 1; i < DIGIT_SIZE_b; i++) {
tmp = ((A >> i) & 1) * B;
R[1] ^= tmp << i;
R[0] ^= tmp >> (DIGIT_SIZE_b - i);
}
}
for (k = DIGIT_SIZE_b - 1; k > 0; k--) { static void gf2x_mul_n(DIGIT *R, const DIGIT *A, const DIGIT *B, size_t n) {
for (i = na - 1; i >= 0; i--) { DIGIT tmp[2];
if ( A[i] & (((DIGIT)0x1) << k) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
}
}
u = Res[na + nb - 1]; memset(R, 0x00, 2 * n * sizeof(DIGIT));
Res[na + nb - 1] = u << 0x1; for (size_t i = 0; i < n; i++) {
for (j = 1; j < na + nb; ++j) { for (size_t j = 0; j < n; j++) {
h = u >> (DIGIT_SIZE_b - 1); gf2x_mul1(tmp, A[i], B[j]);
u = Res[na + nb - 1 - j]; R[i + j] ^= tmp[0];
Res[na + nb - 1 - j] = h ^ (u << 0x1); R[i + j + 1] ^= tmp[1];
}
}
for (i = na - 1; i >= 0; i--) {
if ( A[i] & ((DIGIT)0x1) ) {
for (j = nb - 1; j >= 0; j--) {
Res[i + j + 1] ^= B[j];
}
} }
} }
} }
@ -96,8 +87,8 @@ static void gf2x_cpy(DIGIT *R, const DIGIT *A, size_t len) {
* first operand must be the bigger one. * first operand must be the bigger one.
* aligns last array elements */ * aligns last array elements */
static inline void gf2x_add_asymm(DIGIT *R, static inline void gf2x_add_asymm(DIGIT *R,
int na, const DIGIT *A, size_t na, const DIGIT *A,
int nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
gf2x_cpy(R, A, delta); gf2x_cpy(R, A, delta);
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);; PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R + delta, A + delta, B, nb);;
@ -105,8 +96,8 @@ static inline void gf2x_add_asymm(DIGIT *R,
/* aligns first array elements */ /* aligns first array elements */
static inline void gf2x_add_asymm2(DIGIT *R, static inline void gf2x_add_asymm2(DIGIT *R,
int na, const DIGIT *A, size_t na, const DIGIT *A,
int nb, const DIGIT *B) { size_t nb, const DIGIT *B) {
size_t delta = na - nb; size_t delta = na - nb;
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R, A, B, nb); PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_add(R, A, B, nb);
gf2x_cpy(R + nb, A + nb, delta); gf2x_cpy(R + nb, A + nb, delta);
@ -121,7 +112,7 @@ static void gf2x_mul_kar(DIGIT *R,
DIGIT *stack) { DIGIT *stack) {
if (n < MIN_KAR_DIGITS) { if (n < MIN_KAR_DIGITS) {
gf2x_mul_comb(2 * n, R, n, A, n, B); gf2x_mul_n(R, A, B, n);
return; return;
} }

View File

@ -84,6 +84,7 @@ static void right_bit_shift(unsigned int length, DIGIT in[]) {
in[j] >>= 1; in[j] >>= 1;
} }
/* shifts by whole digits */ /* shifts by whole digits */
static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) { static void left_DIGIT_shift_n(unsigned int length, DIGIT in[], unsigned int amount) {
unsigned int j; unsigned int j;
@ -291,15 +292,17 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSI
} }
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[],
int sizeA, const POSITION_T A[], size_t sizeA, const POSITION_T A[],
int sizeB, const POSITION_T B[]) { size_t sizeB, const POSITION_T B[]) {
POSITION_T prod;
/* compute all the coefficients, filling invalid positions with P*/ /* compute all the coefficients, filling invalid positions with P*/
int lastFilledPos = 0; size_t lastFilledPos = 0;
for (int i = 0 ; i < sizeA ; i++) { for (size_t i = 0 ; i < sizeA ; i++) {
for (int j = 0 ; j < sizeB ; j++) { for (size_t j = 0 ; j < sizeB ; j++) {
uint32_t prod = ((uint32_t) A[i]) + ((uint32_t) B[j]); prod = A[i] + B[j];
prod = ( (prod >= P) ? prod - P : prod); prod = ( (prod >= P) ? prod - P : prod);
if ((A[i] != INVALID_POS_VALUE) && if ((A[i] != INVALID_POS_VALUE) &&
(B[j] != INVALID_POS_VALUE)) { (B[j] != INVALID_POS_VALUE)) {
@ -317,9 +320,9 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[
PQCLEAN_LEDAKEMLT52_LEAKTIME_uint32_sort(Res, sizeR); PQCLEAN_LEDAKEMLT52_LEAKTIME_uint32_sort(Res, sizeR);
/* eliminate duplicates */ /* eliminate duplicates */
POSITION_T lastReadPos = Res[0]; POSITION_T lastReadPos = Res[0];
int duplicateCount; size_t duplicateCount;
int write_idx = 0; size_t write_idx = 0;
int read_idx = 0; size_t read_idx = 0;
while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) { while (read_idx < sizeR && Res[read_idx] != INVALID_POS_VALUE) {
lastReadPos = Res[read_idx]; lastReadPos = Res[read_idx];
read_idx++; read_idx++;
@ -443,16 +446,15 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_on
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int rndPos[NUM_ERRORS_T], duplicated, counter = 0; size_t polyIndex, duplicated, counter = 0;
int p, polyIndex, exponent; POSITION_T p, exponent, rndPos[NUM_ERRORS_T];
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) { for (size_t j = 0; j < counter; j++) {
if (rndPos[j] == p) { if (rndPos[j] == p) {
duplicated = 1; duplicated = 1;
} }
@ -462,7 +464,7 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
counter++; counter++;
} }
} }
for (int j = 0; j < counter; j++) { for (size_t j = 0; j < counter; j++) {
polyIndex = rndPos[j] / P; polyIndex = rndPos[j] / P;
exponent = rndPos[j] % P; exponent = rndPos[j] % P;
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
@ -475,14 +477,17 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT sequence[
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T],
AES_XOF_struct *seed_expander_ctx) { AES_XOF_struct *seed_expander_ctx) {
int duplicated, counter = 0; int duplicated;
size_t counter = 0;
while (counter < NUM_ERRORS_T) { while (counter < NUM_ERRORS_T) {
uint32_t p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx); POSITION_T p = rand_range(N0 * NUM_BITS_GF2X_ELEMENT, P_BITS, seed_expander_ctx);
duplicated = 0; duplicated = 0;
for (int j = 0; j < counter; j++) if (errorPos[j] == p) { for (size_t j = 0; j < counter; j++) {
if (errorPos[j] == p) {
duplicated = 1; duplicated = 1;
} }
}
if (duplicated == 0) { if (duplicated == 0) {
errorPos[counter] = p; errorPos[counter] = p;
counter++; counter++;
@ -491,13 +496,15 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_
} }
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT],
POSITION_T errorPos[NUM_ERRORS_T]) { const POSITION_T errorPos[NUM_ERRORS_T]) {
size_t polyIndex;
POSITION_T exponent;
memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B); memset(sequence, 0x00, N0 * NUM_DIGITS_GF2X_ELEMENT * DIGIT_SIZE_B);
for (int j = 0; j < NUM_ERRORS_T; j++) { for (int j = 0; j < NUM_ERRORS_T; j++) {
int polyIndex = errorPos[j] / P; polyIndex = errorPos[j] / P;
int exponent = errorPos[j] % P; exponent = errorPos[j] % P;
PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent, PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_set_coeff( sequence + NUM_DIGITS_GF2X_ELEMENT * polyIndex, exponent,
( (DIGIT) 1)); ( (DIGIT) 1));
} }

View File

@ -6,7 +6,7 @@
#include "gf2x_arith.h" #include "gf2x_arith.h"
#include "rng.h" #include "rng.h"
#define NUM_BITS_GF2X_ELEMENT (P) // 152267 #define NUM_BITS_GF2X_ELEMENT (P)
#define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b) #define NUM_DIGITS_GF2X_ELEMENT ((P+DIGIT_SIZE_b-1)/DIGIT_SIZE_b)
#define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1) #define MSb_POSITION_IN_MSB_DIGIT_OF_ELEMENT ((P % DIGIT_SIZE_b) ? (P % DIGIT_SIZE_b)-1 : DIGIT_SIZE_b-1)
#define NUM_BITS_GF2X_MODULUS (P+1) #define NUM_BITS_GF2X_MODULUS (P+1)
@ -26,11 +26,11 @@ void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place(DIGIT A[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_sparse_block(POSITION_T *pos_ones, int countOnes, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_circulant_blocks_sequence(DIGIT *sequence, AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx); void PQCLEAN_LEDAKEMLT52_LEAKTIME_rand_error_pos(POSITION_T errorPos[NUM_ERRORS_T], AES_XOF_struct *seed_expander_ctx);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], POSITION_T errorPos[NUM_ERRORS_T]); void PQCLEAN_LEDAKEMLT52_LEAKTIME_expand_error(DIGIT sequence[N0 * NUM_DIGITS_GF2X_ELEMENT], const POSITION_T errorPos[NUM_ERRORS_T]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_add_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_transpose_in_place_sparse(int sizeA, POSITION_T A[]);
int PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]); int PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(int sizeR, POSITION_T Res[], int sizeA, const POSITION_T A[], int sizeB, const POSITION_T B[]); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_sparse(size_t sizeR, POSITION_T Res[], size_t sizeA, const POSITION_T A[], size_t sizeB, const POSITION_T B[]);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_mod_mul_dense_to_sparse(DIGIT Res[], const DIGIT dense[], POSITION_T sparse[], unsigned int nPos);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_tobytes(uint8_t *bytes, const DIGIT *poly);
void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes); void PQCLEAN_LEDAKEMLT52_LEAKTIME_gf2x_frombytes(DIGIT *poly, const uint8_t *poly_bytes);