diff --git a/crypto_kem/ledakemlt12/clean/gf2x_arith.c b/crypto_kem/ledakemlt12/clean/gf2x_arith.c index 31e505f1..c2d76059 100644 --- a/crypto_kem/ledakemlt12/clean/gf2x_arith.c +++ b/crypto_kem/ledakemlt12/clean/gf2x_arith.c @@ -98,285 +98,3 @@ static inline void gf2x_exact_div_x_plus_one(const int na, DIGIT A[]) { t >>= DIGIT_SIZE_b - 1; } } - -// #define MIN_KAR_DIGITS 20 -// -// static void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(const int nr, DIGIT Res[], -// const int na, const DIGIT A[], -// const int nb, const DIGIT B[]) { -// -// if (na < MIN_KAR_DIGITS || nb < MIN_KAR_DIGITS) { -// /* fall back to schoolbook */ -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_comb(nr, Res, na, A, nb, B); -// return; -// } -// -// if (na % 2 == 0) { -// unsigned bih = na / 2; -// DIGIT middle[2 * bih], sumA[bih], sumB[bih]; -// gf2x_add(sumA, A, A + bih, bih); -// gf2x_add(sumB, B, B + bih, bih); -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(2 * bih, middle, -// bih, sumA, -// bih, sumB); -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(2 * bih, Res + 2 * bih, -// bih, A + bih, -// bih, B + bih); -// gf2x_add(middle, middle, Res + 2 * bih, 2 * bih); -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(2 * bih, Res, -// bih, A, -// bih, B); -// gf2x_add(middle, middle, Res, 2 * bih); -// gf2x_add(Res + bih, Res + bih, middle, 2 * bih); -// } else { -// unsigned bih = na / 2 + 1; -// DIGIT middle[2 * bih], sumA[bih], sumB[bih]; -// gf2x_add_asymm(bih, sumA, -// bih, A + bih - 1, -// bih - 1, A); -// gf2x_add_asymm(bih, sumB, -// bih, B + bih - 1, -// bih - 1, B); -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(2 * bih, middle, -// bih, sumA, -// bih, sumB); -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(2 * bih, Res + 2 * (bih - 1), -// bih, A + bih - 1, -// bih, B + bih - 1); -// gf2x_add(middle, middle, Res + 2 * (bih - 1), 2 * bih); -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(2 * (bih - 1), Res, -// (bih - 1), A, -// (bih - 1), B); -// gf2x_add_asymm(2 * bih, middle, -// 2 * bih, middle, -// 2 * (bih - 1), Res); -// gf2x_add(Res + bih - 2, Res + bih - 2, middle, 2 * bih); -// } -// } -// -// #define MIN_TOOM_DIGITS 35 -// -// void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_TC3(const int nr, DIGIT Res[], -// const int na, const DIGIT A[], -// const int nb, const DIGIT B[]) { -// -// if (na < MIN_TOOM_DIGITS || nb < MIN_TOOM_DIGITS) { -// /* fall back to Karatsuba */ -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_Kar(nr, Res, na, A, nb, B); -// return; -// } -// -// int bih; //number of limbs for each part. -// if (na % 3 == 0) { -// bih = na / 3; -// } else { -// bih = na / 3 + 1; -// } -// -// DIGIT u2[bih], u1[bih], u0[bih]; -// -// int leading_slack = (3 - (na) % 3) % 3; -// // printf("leading slack %d",leading_slack); -// int i; -// for (i = 0; i < leading_slack ; i++) { -// u2[i] = 0; -// } -// for (; i < bih; ++i) { -// u2[i] = A[i - leading_slack]; -// } -// /* note: only u2 needs to be a copy, refactor */ -// for (; i < 2 * bih; ++i) { -// u1[i - bih] = A[i - leading_slack]; -// } -// for (; i < 3 * bih; ++i) { -// u0[i - 2 * bih] = A[i - leading_slack]; -// } -// -// DIGIT v2[bih], v1[bih], v0[bih]; /* partitioned inputs */ -// /* note: only v2 needs to be a copy, refactor */ -// for (i = 0; i < leading_slack ; i++) { -// v2[i] = 0; -// } -// for (; i < bih; ++i) { -// v2[i] = B[i - leading_slack]; -// } -// /* note , only v2 needs to be a copy */ -// for (; i < 2 * bih; ++i) { -// v1[i - bih] = B[i - leading_slack]; -// } -// for (; i < 3 * bih; ++i) { -// v0[i - 2 * bih] = B[i - leading_slack]; -// } -// -// DIGIT sum_u[bih]; /*bih digit wide*/ -// gf2x_add(sum_u, u0, u1, bih); -// gf2x_add(sum_u, sum_u, u2, bih); -// -// DIGIT sum_v[bih]; /*bih digit wide*/ -// gf2x_add(sum_v, v0, v1, bih); -// gf2x_add(sum_v, sum_v, v2, bih); -// -// -// DIGIT w1[2 * bih]; -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_TC3(2 * bih, w1, -// bih, sum_u, -// bih, sum_v); -// -// -// DIGIT u2_x2[bih + 1]; -// u2_x2[0] = 0; -// memcpy(u2_x2 + 1, u2, bih * DIGIT_SIZE_B); -// PQCLEAN_LEDAKEMLT12_CLEAN_left_bit_shift_n(bih + 1, u2_x2, 2); -// -// DIGIT u1_x[bih + 1]; -// u1_x[0] = 0; -// memcpy(u1_x + 1, u1, bih * DIGIT_SIZE_B); -// PQCLEAN_LEDAKEMLT12_CLEAN_left_bit_shift_n(bih + 1, u1_x, 1); -// -// DIGIT u1_x1_u2_x2[bih + 1]; -// gf2x_add(u1_x1_u2_x2, u1_x, u2_x2, bih + 1); -// -// DIGIT temp_u_components[bih + 1]; -// gf2x_add_asymm(bih + 1, temp_u_components, -// bih + 1, u1_x1_u2_x2, -// bih, sum_u); -// -// DIGIT v2_x2[bih + 1]; -// v2_x2[0] = 0; -// memcpy(v2_x2 + 1, v2, bih * DIGIT_SIZE_B); -// PQCLEAN_LEDAKEMLT12_CLEAN_left_bit_shift_n(bih + 1, v2_x2, 2); -// -// DIGIT v1_x[bih + 1]; -// v1_x[0] = 0; -// memcpy(v1_x + 1, v1, bih * DIGIT_SIZE_B); -// PQCLEAN_LEDAKEMLT12_CLEAN_left_bit_shift_n(bih + 1, v1_x, 1); -// -// DIGIT v1_x1_v2_x2[bih + 1]; -// gf2x_add(v1_x1_v2_x2, v1_x, v2_x2, bih + 1); -// -// DIGIT temp_v_components[bih + 1]; -// gf2x_add_asymm(bih + 1, temp_v_components, -// bih + 1, v1_x1_v2_x2, -// bih, sum_v); -// -// DIGIT w3[2 * bih + 2]; -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_TC3(2 * bih + 2, w3, -// bih + 1, temp_u_components, -// bih + 1, temp_v_components); -// -// gf2x_add_asymm(bih + 1, u1_x1_u2_x2, -// bih + 1, u1_x1_u2_x2, -// bih, u0); -// gf2x_add_asymm(bih + 1, v1_x1_v2_x2, -// bih + 1, v1_x1_v2_x2, -// bih, v0); -// -// DIGIT w2[2 * bih + 2]; -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_TC3(2 * bih + 2, w2, -// bih + 1, u1_x1_u2_x2, -// bih + 1, v1_x1_v2_x2); -// -// DIGIT w4[2 * bih]; -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_TC3(2 * bih, w4, -// bih, u2, -// bih, v2); -// DIGIT w0[2 * bih]; -// PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mul_TC3(2 * bih, w0, -// bih, u0, -// bih, v0); -// -// // Interpolation starts -// gf2x_add(w3, w2, w3, 2 * bih + 2); -// gf2x_add_asymm(2 * bih + 2, w2, -// 2 * bih + 2, w2, -// 2 * bih, w0); -// PQCLEAN_LEDAKEMLT12_CLEAN_right_bit_shift_n(2 * bih + 2, w2, 1); -// gf2x_add(w2, w2, w3, 2 * bih + 2); -// -// // w2 + (w4 * x^3+1) = w2 + w4 + w4 << 3 -// DIGIT w4_x3_plus_1[2 * bih + 1]; -// w4_x3_plus_1[0] = 0; -// memcpy(w4_x3_plus_1 + 1, w4, 2 * bih * DIGIT_SIZE_B); -// PQCLEAN_LEDAKEMLT12_CLEAN_left_bit_shift_n(2 * bih + 1, w4_x3_plus_1, 3); -// gf2x_add_asymm(2 * bih + 2, w2, -// 2 * bih + 2, w2, -// 2 * bih, w4); -// gf2x_add_asymm(2 * bih + 2, w2, -// 2 * bih + 2, w2, -// 2 * bih + 1, w4_x3_plus_1); -// -// gf2x_exact_div_x_plus_one(2 * bih + 2, w2); -// -// gf2x_add(w1, w1, w0, 2 * bih); -// gf2x_add_asymm(2 * bih + 2, w3, -// 2 * bih + 2, w3, -// 2 * bih, w1); -// -// PQCLEAN_LEDAKEMLT12_CLEAN_right_bit_shift_n(2 * bih + 2, w3, 1); -// gf2x_exact_div_x_plus_one(2 * bih + 2, w3); -// -// gf2x_add(w1, w1, w4, 2 * bih); -// -// DIGIT w1_final[2 * bih + 2]; -// gf2x_add_asymm(2 * bih + 2, w1_final, -// 2 * bih + 2, w2, -// 2 * bih, w1); -// gf2x_add(w2, w2, w3, 2 * bih + 2); -// -// // Result recombination starts here -// -// memset(Res, 0, nr * DIGIT_SIZE_B); -// /* optimization: topmost slack digits should be computed, and not addedd, -// * zeroization can be avoided altogether with a proper merge of the -// * results */ -// -// int leastSignifDigitIdx = nr - 1; -// for (int i = 0; i < 2 * bih; i++) { -// Res[leastSignifDigitIdx - i] ^= w0[2 * bih - 1 - i]; -// } -// leastSignifDigitIdx -= bih; -// for (int i = 0; i < 2 * bih + 2; i++) { -// Res[leastSignifDigitIdx - i] ^= w1_final[2 * bih + 2 - 1 - i]; -// } -// leastSignifDigitIdx -= bih; -// for (int i = 0; i < 2 * bih + 2; i++) { -// Res[leastSignifDigitIdx - i] ^= w2[2 * bih + 2 - 1 - i]; -// } -// leastSignifDigitIdx -= bih; -// for (int i = 0; i < 2 * bih + 2 ; i++) { -// Res[leastSignifDigitIdx - i] ^= w3[2 * bih + 2 - 1 - i]; -// } -// leastSignifDigitIdx -= bih; -// for (int i = 0; i < 2 * bih && (leastSignifDigitIdx - i >= 0) ; i++) { -// Res[leastSignifDigitIdx - i] ^= w4[2 * bih - 1 - i]; -// } -// } -// // Unused -// static int gf2x_cmp(const unsigned lenA, const DIGIT A[], -// const unsigned lenB, const DIGIT B[]) { -// -// int i; -// unsigned lA = lenA, lB = lenB; -// for (i = 0; i < lenA && A[i] == 0; i++) { -// lA--; -// } -// for (i = 0; i < lenB && B[i] == 0; i++) { -// lB--; -// } -// if (lA < lB) { -// return -1; -// } -// if (lA > lB) { -// return +1; -// } -// for (i = 0; i < lA; i++) { -// if (A[i] > B[i]) { -// return +1; -// } -// if (A[i] < B[i]) { -// return -1; -// } -// } -// return 0; -// -// } diff --git a/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c b/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c index e4b0557a..5ca7aa83 100644 --- a/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c +++ b/crypto_kem/ledakemlt12/clean/gf2x_arith_mod_xPplusOne.c @@ -126,10 +126,7 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) { A[NUM_DIGITS_GF2X_ELEMENT - 1 - i] = rev1; } - - if (NUM_DIGITS_GF2X_ELEMENT % 2 == 1) { - A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); - } + A[NUM_DIGITS_GF2X_ELEMENT / 2] = reverse_digit(A[NUM_DIGITS_GF2X_ELEMENT / 2]); // reverse middle digit if (slack_bits_amount) { PQCLEAN_LEDAKEMLT12_CLEAN_right_bit_shift_n(NUM_DIGITS_GF2X_ELEMENT, A, slack_bits_amount); @@ -140,21 +137,6 @@ void PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_transpose_in_place(DIGIT A[]) { static void rotate_bit_left(DIGIT in[]) { /* equivalent to x * in(x) mod x^P+1 */ DIGIT mask, rotated_bit; - /* - if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) { - int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1; - mask = ((DIGIT)0x1) << msb_offset_in_digit; - rotated_bit = !!(in[0] & mask); - in[0] &= ~mask; - left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in); - } else { - mask = ((DIGIT)0x1) << (DIGIT_SIZE_b - 1); - rotated_bit = !!(in[0] & mask); - in[0] &= ~mask; - left_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in); - - } */ - int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1; mask = ((DIGIT)0x1) << msb_offset_in_digit; rotated_bit = !!(in[0] & mask); @@ -167,14 +149,6 @@ static void rotate_bit_right(DIGIT in[]) { /* x^{-1} * in(x) mod x^P+1 */ DIGIT rotated_bit = in[NUM_DIGITS_GF2X_ELEMENT - 1] & ((DIGIT)0x1); right_bit_shift(NUM_DIGITS_GF2X_ELEMENT, in); - - /* - if (NUM_DIGITS_GF2X_MODULUS == NUM_DIGITS_GF2X_ELEMENT) { - int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1; - rotated_bit = rotated_bit << msb_offset_in_digit; - } else { - rotated_bit = rotated_bit << (DIGIT_SIZE_b - 1); - } */ int msb_offset_in_digit = MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS - 1; rotated_bit = rotated_bit << msb_offset_in_digit; in[0] |= rotated_bit; @@ -222,12 +196,7 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) { v[NUM_DIGITS_GF2X_ELEMENT - 1] = 0x0; s[NUM_DIGITS_GF2X_MODULUS - 1] = 0x1; - /* - if (MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS == 0) { - mask = 0x1; - } else { - mask = (((DIGIT)0x1) << MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS); - }*/ + mask = (((DIGIT)0x1) << MSb_POSITION_IN_MSB_DIGIT_OF_MODULUS); s[0] |= mask; @@ -236,16 +205,6 @@ int PQCLEAN_LEDAKEMLT12_CLEAN_gf2x_mod_inverse(DIGIT out[], const DIGIT in[]) { return 0; } - /* - if (NUM_DIGITS_GF2X_MODULUS == 1 + NUM_DIGITS_GF2X_ELEMENT) { - for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 1 ; i--) { - f[i] = in[i - 1]; - } - } else { - for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 0 ; i--) { - f[i] = in[i]; - } - }*/ for (i = NUM_DIGITS_GF2X_MODULUS - 1; i >= 0 ; i--) { f[i] = in[i]; }