1
1
의 미러 https://github.com/henrydcase/pqc.git synced 2024-11-22 07:35:38 +00:00

Prepare for round 3 update with packaging script

This commit is contained in:
John M. Schanck 2020-10-26 20:05:07 -04:00 committed by Kris Kwiatkowski
부모 7df37208d6
커밋 60111b36b2
344개의 변경된 파일3564개의 추가작업 그리고 2443개의 파일을 삭제

파일 보기

@ -21,14 +21,14 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: clean
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
- name: avx2
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
supported_platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Linux
- Darwin
required_flags:
- aes
- avx2

파일 보기

@ -1,44 +1,11 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024-90s_avx2.a
HEADERS= \
aes256ctr.h \
align.h \
api.h \
cbd.h \
cdecl.inc \
consts.h \
fq.inc \
indcpa.h \
kem.h \
ntt.h \
params.h \
poly.h \
polyvec.h \
reduce.h \
rejsample.h \
shuffle.inc \
symmetric.h \
verify.h
OBJECTS= \
aes256ctr.o \
basemul.o \
cbd.o \
consts.o \
fq.o \
indcpa.o \
invntt.o \
kem.o \
ntt.o \
poly.o \
polyvec.o \
rejsample.o \
shuffle.o \
verify.o
HEADERS=aes256ctr.h align.h api.h cbd.h cdecl.h consts.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h rejsample.h symmetric.h verify.h fq.inc shuffle.inc
OBJECTS=aes256ctr.o cbd.o consts.o indcpa.o kem.o poly.o polyvec.o rejsample.o verify.o basemul.o fq.o invntt.o ntt.o shuffle.o
CFLAGS=-mavx2 -maes -mbmi2 -mpopcnt -O3 -Wall -Wextra -Wpedantic -Werror \
-Wmissing-prototypes -Wredundant-decls -std=c99 \
-I../../../common $(EXTRAFLAGS)
-Wmissing-prototypes -Wredundant-decls -std=c99 \
-I../../../common $(EXTRAFLAGS)
all: $(LIB)

파일 보기

@ -1,3 +1,7 @@
#include "aes256ctr.h"
#include <immintrin.h>
#include <stddef.h>
#include <stdint.h>
/*
Based heavily on public-domain code by Romain Dolbeau
Different handling of nonce+counter than original version
@ -5,10 +9,6 @@
Public Domain
*/
#include "aes256ctr.h"
#include <immintrin.h>
#include <stddef.h>
#include <stdint.h>
static inline void aesni_encrypt4(uint8_t out[64],
__m128i *n,
@ -114,7 +114,7 @@ void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state, const uint8_
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
size_t nblocks,
aes256ctr_ctx *state) {
size_t i = 0;
size_t i;
for (i = 0; i < nblocks; i++) {
aesni_encrypt4(out, &state->n, state->rkeys);
out += 64;
@ -123,13 +123,13 @@ void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out,
size_t outlen,
const uint8_t seed[32],
const uint8_t key[32],
uint64_t nonce) {
unsigned int i = 0;
unsigned int i;
uint8_t buf[64];
aes256ctr_ctx state;
PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(&state, seed, nonce);
PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(&state, key, nonce);
while (outlen >= 64) {
aesni_encrypt4(out, &state.n, state.rkeys);

파일 보기

@ -1,11 +1,10 @@
#ifndef AES256CTR_H
#define AES256CTR_H
#ifndef PQCLEAN_KYBER102490S_AVX2_AES256CTR_H
#define PQCLEAN_KYBER102490S_AVX2_AES256CTR_H
#include <immintrin.h>
#include <stddef.h>
#include <stdint.h>
#define AES256CTR_NAMESPACE(s) pqcrystals_aes256ctr_avx2##s
#define AES256CTR_BLOCKBYTES 64
@ -14,8 +13,17 @@ typedef struct {
__m128i n;
} aes256ctr_ctx;
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state, const uint8_t key[32], uint64_t nonce);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out, size_t nblocks, aes256ctr_ctx *state);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t seed[32], uint64_t nonce);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state,
const uint8_t key[32],
uint64_t nonce);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
size_t nblocks,
aes256ctr_ctx *state);
void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out,
size_t outlen,
const uint8_t key[32],
uint64_t nonce);
#endif

파일 보기

@ -1,5 +1,6 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_ALIGN_H
#define PQCLEAN_KYBER102490S_AVX2_ALIGN_H
#include <immintrin.h>
#define ALIGN16_TYPE(t) \

파일 보기

@ -15,5 +15,4 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uin
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

파일 보기

@ -1,5 +1,5 @@
#include "cdecl.h"
#include "params.h"
#include "cdecl.inc"
.macro schoolbook off,sign
#load
@ -165,7 +165,9 @@ vmovdqa %ymm5,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1
@ -215,7 +217,9 @@ vmovdqa %ymm12,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,7 +14,7 @@
* - const unsigned char *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_cbd(poly *restrict r, const uint8_t *restrict buf) {
unsigned int i = 0;
unsigned int i;
__m256i vec0, vec1, vec2, vec3, tmp;
const __m256i mask55 = _mm256_set1_epi32(0x55555555);
const __m256i mask33 = _mm256_set1_epi32(0x33333333);

파일 보기

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_CBD_H
#define PQCLEAN_KYBER102490S_AVX2_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_AVX2_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

파일 보기

@ -1,5 +1,5 @@
#ifndef PQCLEAN_DILITHIUM2_AVX2_CDECL
#define PQCLEAN_DILITHIUM2_AVX2_CDECL
#ifndef PQCLEAN_KYBER102490S_AVX2_CDECL_H
#define PQCLEAN_KYBER102490S_AVX2_CDECL_H
#define _16XQ 0
#define _16XQINV 16
@ -21,10 +21,6 @@
* This define helps us get around this
*/
#if defined(__WIN32__) || defined(__APPLE__)
#define cdecl(s) _##s
#else
#define _cdecl(s) _##s
#define cdecl(s) s
#endif
#endif

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "consts.h"
#include "params.h"
#include <stdint.h>
#define Q KYBER_Q

파일 보기

@ -1,12 +1,11 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_CONSTS_H
#define PQCLEAN_KYBER102490S_AVX2_CONSTS_H
#include "cdecl.inc"
#include "cdecl.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
#define ALIGNED_UINT16_T(N) \
union { \
__m256i as_vec; \

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.text
@ -35,7 +35,9 @@ vmovdqa %ymm9,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XV*2(%rsi),%ymm1
@ -77,7 +79,9 @@ vmovdqa %ymm8,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
call csubq128_avx
@ -118,7 +122,9 @@ vmovdqa %ymm10,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XMONTSQLO*2(%rsi),%ymm1

파일 보기

@ -25,7 +25,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -45,7 +45,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -133,8 +133,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -168,7 +168,7 @@ static unsigned int rej_uniform(int16_t *r,
#define GEN_MATRIX_NBLOCKS ((2*KYBER_N*(1U << 16)/(19*KYBER_Q) \
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
unsigned int ctr = 0, i = 0, j = 0;
unsigned int ctr, i, j;
ALIGN16_TYPE(uint64_t) nonce = {.orig = 0};
ALIGN32_ARRAY(uint8_t, GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES) buf;
aes256ctr_ctx state;
@ -211,7 +211,7 @@ void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_S
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
const uint8_t *publicseed = buf.arr;
const uint8_t *noiseseed = buf.arr + KYBER_SYMBYTES;
@ -276,7 +276,7 @@ void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, KYBER_SYMBYTES) seed;
polyvec sp, pkpv, ep, at[KYBER_K], bp;
poly v, k, epp;

파일 보기

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_INDCPA_H
#define PQCLEAN_KYBER102490S_AVX2_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -210,7 +210,9 @@ vmovdqa %ymm7,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

파일 보기

@ -8,7 +8,6 @@
#include <stddef.h>
#include <stdint.h>
/*************************************************
* Name: PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair
*
@ -23,7 +22,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -94,8 +93,8 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
/* Will contain key, coins */
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) kr;
@ -119,7 +118,7 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
hash_h(kr.arr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
/* Overwrite pre-k with z on re-encryption failure */
PQCLEAN_KYBER102490S_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail);
PQCLEAN_KYBER102490S_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail);
/* hash concatenation of pre-k and H(c) to k */
kdf(ss, kr.arr, 2 * KYBER_SYMBYTES);

파일 보기

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_KEM_H
#define PQCLEAN_KYBER102490S_AVX2_KEM_H
#include "params.h"
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -203,7 +203,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

파일 보기

@ -1,28 +1,24 @@
#ifndef NTT_H
#define NTT_H
#ifndef PQCLEAN_KYBER102490S_AVX2_NTT_H
#define PQCLEAN_KYBER102490S_AVX2_NTT_H
#include "consts.h"
#include "params.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_AVX2_ntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_invntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_nttunpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx(uint8_t *r, const int16_t *a, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
void PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx(int16_t *r, const uint8_t *a, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
#endif

파일 보기

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_PARAMS_H
#define PQCLEAN_KYBER102490S_AVX2_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

파일 보기

@ -19,7 +19,7 @@
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *restrict a) {
unsigned int i = 0, j = 0;
unsigned int i, j;
uint8_t t[8];
PQCLEAN_KYBER102490S_AVX2_poly_csubq(a);
@ -50,9 +50,9 @@ void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_decompress(poly *restrict r,
const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
unsigned int i = 0;
unsigned int i;
unsigned int j = 0;
unsigned int j;
uint8_t t[8];
for (i = 0; i < KYBER_N / 8; i++) {
t[0] = (a[0] >> 0);
@ -114,7 +114,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
const __m256i hqs = _mm256_set1_epi16((KYBER_Q + 1) / 2);
#define FROMMSG64(i) \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_sllv_epi32(g3,shift); \
g3 = _mm256_shuffle_epi8(g3,idx); \
g0 = _mm256_slli_epi16(g3,12); \
@ -136,9 +136,9 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
g2 = _mm256_permute2x128_si256(h0,h1,0x31); \
g1 = _mm256_permute2x128_si256(h2,h3,0x20); \
g3 = _mm256_permute2x128_si256(h2,h3,0x31); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+16],g3)
f = _mm256_load_si256((__m256i *)msg);
@ -157,8 +157,8 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *restrict a) {
unsigned int i = 0;
uint32_t small = 0;
unsigned int i;
uint32_t small;
__m256i f0, f1, g0, g1;
const __m256i hqs = _mm256_set1_epi16((KYBER_Q - 1) / 2);
const __m256i hhqs = _mm256_set1_epi16((KYBER_Q - 5) / 4);
@ -293,7 +293,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_csubq(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {
@ -314,7 +314,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_poly_sub(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {

파일 보기

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_POLY_H
#define PQCLEAN_KYBER102490S_AVX2_POLY_H
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,43 +13,27 @@ typedef union {
int16_t coeffs[KYBER_N];
} poly;
void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
void PQCLEAN_KYBER102490S_AVX2_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_AVX2_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
void PQCLEAN_KYBER102490S_AVX2_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
void PQCLEAN_KYBER102490S_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
void PQCLEAN_KYBER102490S_AVX2_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
void PQCLEAN_KYBER102490S_AVX2_poly_ntt(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_invntt_tomont(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_nttunpack(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_AVX2_poly_tomont(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_reduce(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_csubq(poly *r);
void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_AVX2_poly_sub(poly *r, const poly *a, const poly *b);
#endif

파일 보기

@ -1,6 +1,6 @@
#include "params.h"
#include "consts.h"
#include "ntt.h"
#include "params.h"
#include "poly.h"
#include "polyvec.h"
#include <stdint.h>
@ -16,7 +16,7 @@
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES],
polyvec *restrict a) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(a);
@ -24,10 +24,8 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE
for (i = 0; i < KYBER_K; i++) {
for (j = 0; j < KYBER_N / 8; j++) {
for (k = 0; k < 8; k++) {
{
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
r[ 0] = (t[0] >> 0);
@ -58,7 +56,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *restrict r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
uint16_t t[8];
for (i = 0; i < KYBER_K; i++) {
@ -90,7 +88,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *restrict r,
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
}
@ -107,7 +105,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], po
* (of length KYBER_POLYVECBYTES)
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
}
@ -121,7 +119,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYB
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_ntt(&r->vec[i]);
}
@ -136,7 +134,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r) {
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_invntt_tomont(&r->vec[i]);
}
@ -155,7 +153,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r) {
void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b) {
PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, &PQCLEAN_KYBER102490S_AVX2_qdata);
PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, & PQCLEAN_KYBER102490S_AVX2_qdata);
}
/*************************************************
@ -168,7 +166,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_reduce(&r->vec[i]);
}
@ -185,7 +183,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_csubq(&r->vec[i]);
}
@ -201,7 +199,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r) {
* - const polyvec *b: pointer to second input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_AVX2_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
}

파일 보기

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_POLYVEC_H
#define PQCLEAN_KYBER102490S_AVX2_POLYVEC_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
@ -9,33 +8,23 @@ typedef struct {
poly vec[KYBER_K];
} polyvec;
void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b);
void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r);
void PQCLEAN_KYBER102490S_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
#endif

파일 보기

@ -1,16 +1,10 @@
#ifndef REDUCE_H
#define REDUCE_H
#ifndef PQCLEAN_KYBER102490S_AVX2_REDUCE_H
#define PQCLEAN_KYBER102490S_AVX2_REDUCE_H
#include "consts.h"
#include <stdint.h>
#include "consts.h"
#include "params.h"
int16_t PQCLEAN_KYBER102490S_AVX2_reduce_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
int16_t PQCLEAN_KYBER102490S_AVX2_csubq_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
int16_t PQCLEAN_KYBER102490S_AVX2_tomont_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
#endif

파일 보기

@ -2,6 +2,7 @@
#include "consts.h"
#include "params.h"
#include "rejsample.h"
#include <immintrin.h>
#include <stdint.h>
static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
@ -270,9 +271,9 @@ static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
#define REJ_UNIFORM_BUFLEN 576
unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *restrict r,
const uint8_t *restrict buf) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
uint32_t good = 0;
unsigned int ctr, pos;
uint16_t val;
uint32_t good;
const __m256i bound = _mm256_set1_epi16((int16_t)(19 * KYBER_Q - 1));
const __m256i ones = _mm256_set1_epi8(1);
const __m256i kyberq = _mm256_load_si256((__m256i *)&PQCLEAN_KYBER102490S_AVX2_qdata.as_arr[_16XQ]);
@ -297,7 +298,7 @@ unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *restrict r,
g1 = _mm256_inserti128_si256(g1, _mm_loadl_epi64((__m128i *)&idx.arr[(good >> 24) & 0xFF]), 1);
//g0 = _mm256_cvtepu8_epi64(_mm_loadl_epi64((__m128i *)&good));
//g1 = _mm256_i64gather_epi64((long long *)idx, g0, 8);
//g1 = _mm256_i64gather_epi64((long long *)idx.arr, g0, 8);
/* Barrett reduction of (still unsigned) values */
g2 = _mm256_mulhi_epu16(f0, v);

파일 보기

@ -1,10 +1,8 @@
#ifndef REJSAMPLE_H
#define REJSAMPLE_H
#ifndef PQCLEAN_KYBER102490S_AVX2_REJSAMPLE_H
#define PQCLEAN_KYBER102490S_AVX2_REJSAMPLE_H
#include "params.h"
#include <stdint.h>
unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *r,
const unsigned char *buf);

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.include "shuffle.inc"
@ -92,7 +92,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx):
call nttunpack128_avx
add $256,%rdi
call nttunpack128_avx
@ -169,7 +171,9 @@ vmovdqu %ymm9,160(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx):
#consts
vmovdqa _16XQ*2(%rdx),%ymm0
call ntttobytes128_avx
@ -245,7 +249,9 @@ vmovdqa %ymm1,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx)
.global _cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx)
cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx):
_cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx):
#consts
vmovdqa _16XMASK*2(%rdx),%ymm0
call nttfrombytes128_avx

파일 보기

@ -1,13 +1,12 @@
#ifndef SYMMETRIC_H
#define SYMMETRIC_H
#ifndef PQCLEAN_KYBER102490S_AVX2_SYMMETRIC_H
#define PQCLEAN_KYBER102490S_AVX2_SYMMETRIC_H
#include "aes256ctr.h"
#include "params.h"
#include "sha2.h"
#include <stddef.h>
#include <stdint.h>
#include "aes256ctr.h"
#include "sha2.h"
typedef aes256ctr_ctx xof_state;

파일 보기

@ -15,8 +15,8 @@
* Returns 0 if the byte arrays are equal, 1 otherwise
**************************************************/
int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len) {
size_t pos = 0;
uint64_t r = 0;
size_t pos;
uint64_t r;
__m256i avec, bvec, cvec;
cvec = _mm256_setzero_si256();
@ -53,7 +53,7 @@ int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t
* unsigned char b: Condition bit; has to be in {0,1}
**************************************************/
void PQCLEAN_KYBER102490S_AVX2_cmov(uint8_t *restrict r, const uint8_t *restrict x, size_t len, uint8_t b) {
size_t pos = 0;
size_t pos;
__m256i xvec, rvec, bvec;
b = -b;

파일 보기

@ -1,14 +1,11 @@
#ifndef PQCLEAN_KYBER102490S_AVX2_VERIFY_H
#define PQCLEAN_KYBER102490S_AVX2_VERIFY_H
#include "params.h"
#include <stddef.h>
#include <stdint.h>
int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len);
void PQCLEAN_KYBER102490S_AVX2_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
#endif

파일 보기

@ -1,29 +1,8 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024-90s_clean.a
HEADERS= \
api.h \
cbd.h \
indcpa.h \
kem.h \
ntt.h \
params.h \
poly.h \
polyvec.h \
reduce.h \
symmetric-aes.h \
symmetric.h \
verify.h
OBJECTS= \
cbd.o \
indcpa.o \
kem.o \
ntt.o \
poly.o \
polyvec.o \
reduce.o \
verify.o \
symmetric-aes.o
HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric-aes.h symmetric.h verify.h
OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-aes.o verify.o
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)

파일 보기

@ -2,7 +2,7 @@
# nmake /f Makefile.Microsoft_nmake
LIBRARY=libkyber1024-90s_clean.lib
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj verify.obj symmetric-aes.obj
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj symmetric-aes.obj verify.obj
# Warning C4146 is raised when a unary minus operator is applied to an
# unsigned type; this has nonetheless been standard and portable for as

파일 보기

@ -15,5 +15,4 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const ui
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <stdint.h>
/*************************************************
@ -13,7 +13,7 @@
* Returns 32-bit unsigned integer loaded from x
**************************************************/
static uint32_t load32_littleendian(const uint8_t x[4]) {
uint32_t r = 0;
uint32_t r;
r = (uint32_t)x[0];
r |= (uint32_t)x[1] << 8;
r |= (uint32_t)x[2] << 16;
@ -32,9 +32,9 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
* - const uint8_t *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]) {
unsigned int i = 0, j = 0;
uint32_t t = 0, d = 0;
int16_t a = 0, b = 0;
unsigned int i, j;
uint32_t t, d;
int16_t a, b;
for (i = 0; i < KYBER_N / 8; i++) {
t = load32_littleendian(buf + 4 * i);

파일 보기

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_CBD_H
#define PQCLEAN_KYBER102490S_CLEAN_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

파일 보기

@ -22,7 +22,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -44,7 +44,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -132,8 +132,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -169,8 +169,7 @@ static unsigned int rej_uniform(int16_t *r,
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
// Not static for benchmarking
void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
unsigned int ctr = 0;
uint8_t i = 0, j = 0;
unsigned int ctr, i, j;
uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES];
xof_state state;
@ -208,7 +207,7 @@ void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t buf[2 * KYBER_SYMBYTES];
const uint8_t *publicseed = buf;
const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
@ -264,7 +263,7 @@ void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t seed[KYBER_SYMBYTES];
uint8_t nonce = 0;
polyvec sp, pkpv, ep, at[KYBER_K], bp;

파일 보기

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_INDCPA_H
#define PQCLEAN_KYBER102490S_CLEAN_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

파일 보기

@ -21,7 +21,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -92,8 +92,8 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
uint8_t buf[2 * KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2 * KYBER_SYMBYTES];

파일 보기

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_KEM_H
#define PQCLEAN_KYBER102490S_CLEAN_KEM_H
#include "params.h"
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "ntt.h"
#include "params.h"
#include "reduce.h"
#include <stdint.h>
@ -89,8 +89,8 @@ static int16_t fqmul(int16_t a, int16_t b) {
* of Zq
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]) {
unsigned int len = 0, start = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int len, start, j, k;
int16_t t, zeta;
k = 1;
for (len = 128; len >= 2; len >>= 1) {
@ -116,8 +116,8 @@ void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]) {
* of Zq
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]) {
unsigned int start = 0, len = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int start, len, j, k;
int16_t t, zeta;
k = 0;
for (len = 2; len <= 128; len <<= 1) {
@ -148,7 +148,10 @@ void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]) {
* - const int16_t b[2]: pointer to the second factor
* - int16_t zeta: integer defining the reduction polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta) {
r[0] = fqmul(a[1], b[1]);
r[0] = fqmul(r[0], zeta);
r[0] += fqmul(a[0], b[0]);

파일 보기

@ -1,22 +1,19 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_NTT_H
#define PQCLEAN_KYBER102490S_CLEAN_NTT_H
#include "params.h"
#include <stdint.h>
extern const int16_t PQCLEAN_KYBER102490S_CLEAN_zetas[128];
extern const int16_t PQCLEAN_KYBER102490S_CLEAN_zetas_inv[128];
void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]);
void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]);
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta);
#endif

파일 보기

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_PARAMS_H
#define PQCLEAN_KYBER102490S_CLEAN_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

파일 보기

@ -1,6 +1,6 @@
#include "params.h"
#include "cbd.h"
#include "ntt.h"
#include "params.h"
#include "poly.h"
#include "reduce.h"
#include "symmetric.h"
@ -16,7 +16,7 @@
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a) {
unsigned int i = 0, j = 0;
size_t i, j;
uint8_t t[8];
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
@ -46,9 +46,9 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTE
* (of length KYBER_POLYCOMPRESSEDBYTES bytes)
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
unsigned int i = 0;
size_t i;
unsigned int j = 0;
size_t j;
uint8_t t[8];
for (i = 0; i < KYBER_N / 8; i++) {
t[0] = (a[0] >> 0);
@ -77,8 +77,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_P
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) {
unsigned int i = 0;
uint16_t t0 = 0, t1 = 0;
size_t i;
uint16_t t0, t1;
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
@ -102,7 +102,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a
* (of KYBER_POLYBYTES bytes)
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N / 2; i++) {
r->coeffs[2 * i] = ((a[3 * i + 0] >> 0) | ((uint16_t)a[3 * i + 1] << 8)) & 0xFFF;
r->coeffs[2 * i + 1] = ((a[3 * i + 1] >> 4) | ((uint16_t)a[3 * i + 2] << 4)) & 0xFFF;
@ -118,8 +118,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_PO
* - const uint8_t *msg: pointer to input message
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]) {
unsigned int i = 0, j = 0;
int16_t mask = 0;
size_t i, j;
int16_t mask;
for (i = 0; i < KYBER_N / 8; i++) {
for (j = 0; j < 8; j++) {
@ -138,8 +138,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_IN
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a) {
unsigned int i = 0, j = 0;
uint16_t t = 0;
size_t i, j;
uint16_t t;
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
@ -207,7 +207,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N / 4; i++) {
PQCLEAN_KYBER102490S_CLEAN_basemul(&r->coeffs[4 * i], &a->coeffs[4 * i], &b->coeffs[4 * i], PQCLEAN_KYBER102490S_CLEAN_zetas[64 + i]);
PQCLEAN_KYBER102490S_CLEAN_basemul(&r->coeffs[4 * i + 2], &a->coeffs[4 * i + 2], &b->coeffs[4 * i + 2],
@ -224,7 +224,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r) {
unsigned int i = 0;
size_t i;
const int16_t f = (1ULL << 32) % KYBER_Q;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce((int32_t)r->coeffs[i] * f);
@ -240,7 +240,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(r->coeffs[i]);
}
@ -256,7 +256,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_csubq(r->coeffs[i]);
}
@ -272,7 +272,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = a->coeffs[i] + b->coeffs[i];
}
@ -288,7 +288,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b)
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_N; i++) {
r->coeffs[i] = a->coeffs[i] - b->coeffs[i];
}

파일 보기

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_POLY_H
#define PQCLEAN_KYBER102490S_CLEAN_POLY_H
#include "params.h"
#include <stdint.h>
@ -12,41 +11,26 @@ typedef struct {
int16_t coeffs[KYBER_N];
} poly;
void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
void PQCLEAN_KYBER102490S_CLEAN_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
void PQCLEAN_KYBER102490S_CLEAN_poly_ntt(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r);
void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER102490S_CLEAN_poly_sub(poly *r, const poly *a, const poly *b);
#endif

파일 보기

@ -13,7 +13,7 @@
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a) {
unsigned int i = 0, j = 0, k = 0;
unsigned int i, j, k;
PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(a);
@ -21,10 +21,8 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS
for (i = 0; i < KYBER_K; i++) {
for (j = 0; j < KYBER_N / 8; j++) {
for (k = 0; k < 8; k++) {
{
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
r[ 0] = (uint8_t)(t[0] >> 0);
@ -55,7 +53,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
unsigned int i = 0, j = 0, k = 0;
unsigned int i, j, k;
uint16_t t[8];
for (i = 0; i < KYBER_K; i++) {
@ -87,7 +85,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
}
@ -104,7 +102,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], p
* (of length KYBER_POLYVECBYTES)
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
}
@ -118,7 +116,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KY
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_ntt(&r->vec[i]);
}
@ -133,7 +131,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r) {
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(&r->vec[i]);
}
@ -152,7 +150,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r) {
void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b) {
unsigned int i = 0;
unsigned int i;
poly t;
PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(r, &a->vec[0], &b->vec[0]);
@ -174,7 +172,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_reduce(&r->vec[i]);
}
@ -191,7 +189,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_csubq(&r->vec[i]);
}
@ -207,7 +205,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r) {
* - const polyvec *b: pointer to second input vector of polynomials
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER102490S_CLEAN_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
}

파일 보기

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_POLYVEC_H
#define PQCLEAN_KYBER102490S_CLEAN_POLYVEC_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
@ -9,33 +8,23 @@ typedef struct {
poly vec[KYBER_K];
} polyvec;
void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r);
void PQCLEAN_KYBER102490S_CLEAN_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
#endif

파일 보기

@ -15,8 +15,8 @@
* Returns: integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q.
**************************************************/
int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) {
int32_t t = 0;
int16_t u = 0;
int32_t t;
int16_t u;
u = (int16_t)(a * (int64_t)QINV);
t = (int32_t)u * KYBER_Q;
@ -36,7 +36,7 @@ int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) {
* Returns: integer in {0,...,q} congruent to a modulo q.
**************************************************/
int16_t PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(int16_t a) {
int16_t t = 0;
int16_t t;
const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
t = (int32_t)v * a >> 26;

파일 보기

@ -1,19 +1,15 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_REDUCE_H
#define PQCLEAN_KYBER102490S_CLEAN_REDUCE_H
#include "params.h"
#include <stdint.h>
#define MONT 2285 // 2^16 mod q
#define QINV 62209 // q^-1 mod 2^16
int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a);
int16_t PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(int16_t a);
int16_t PQCLEAN_KYBER102490S_CLEAN_csubq(int16_t a);
#endif

파일 보기

@ -1,5 +1,6 @@
#include "symmetric-aes.h"
#include "aes.h"
#include "params.h"
#include "symmetric.h"
#include <stddef.h>
#include <stdint.h>
#include <string.h>
@ -34,7 +35,7 @@ static void aes256_ctr_xof(unsigned char *out, size_t outlen, const unsigned cha
}
/*************************************************
* Name: aes256_prf
* Name: PQCLEAN_KYBER102490S_CLEAN_aes256_prf
*
* Description: AES256 stream generation in CTR mode using 32-bit counter,
* nonce is zero-padded to 12 bytes, counter starts at zero
@ -58,7 +59,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const
}
/*************************************************
* Name: aes256xof_absorb
* Name: PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb
*
* Description: AES256 CTR used as a replacement for a XOF; this function
* "absorbs" a 32-byte key and two additional bytes that are zero-padded
@ -80,7 +81,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t
}
/*************************************************
* Name: aes256xof_squeezeblocks
* Name: PQCLEAN_KYBER102490S_CLEAN_aes256xof_squeezeblocks
*
* Description: AES256 CTR used as a replacement for a XOF; this function
* generates 4 blocks out AES256-CTR output

파일 보기

@ -1,11 +1,10 @@
#ifndef AES256CTR_H
#define AES256CTR_H
#ifndef PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_AES_H
#define PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_AES_H
#include "aes.h"
#include <stddef.h>
#include <stdint.h>
typedef struct {
aes256ctx sk_exp;
uint8_t iv[12];

파일 보기

@ -1,13 +1,12 @@
#ifndef SYMMETRIC_H
#define SYMMETRIC_H
#ifndef PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_H
#define PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_H
#include "params.h"
#include "sha2.h"
#include "symmetric-aes.h"
#include <stddef.h>
#include <stdint.h>
#include "sha2.h"
#include "symmetric-aes.h"
typedef aes256xof_ctx xof_state;

파일 보기

@ -14,7 +14,7 @@
* Returns 0 if the byte arrays are equal, 1 otherwise
**************************************************/
int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t len) {
size_t i = 0;
size_t i;
uint8_t r = 0;
for (i = 0; i < len; i++) {
@ -38,7 +38,7 @@ int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t
* uint8_t b: Condition bit; has to be in {0,1}
**************************************************/
void PQCLEAN_KYBER102490S_CLEAN_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) {
size_t i = 0;
size_t i;
b = -b;
for (i = 0; i < len; i++) {

파일 보기

@ -1,14 +1,11 @@
#ifndef PQCLEAN_KYBER102490S_CLEAN_VERIFY_H
#define PQCLEAN_KYBER102490S_CLEAN_VERIFY_H
#include "params.h"
#include <stddef.h>
#include <stdint.h>
int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t len);
void PQCLEAN_KYBER102490S_CLEAN_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
#endif

파일 보기

@ -21,15 +21,16 @@ auxiliary-submitters:
- Damien Stehlé
implementations:
- name: clean
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
- name: avx2
version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
supported_platforms:
- architecture: x86_64
operating_systems:
- Linux
- Darwin
- Linux
- Darwin
required_flags:
- aes
- avx2
- bmi2
- popcnt

파일 보기

@ -1,50 +1,16 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024_avx2.a
HEADERS= \
align.h \
api.h \
cbd.h \
cdecl.inc \
consts.h \
fips202x4.h \
fq.inc \
indcpa.h \
kem.h \
ntt.h \
params.h \
poly.h \
polyvec.h \
reduce.h \
rejsample.h \
shuffle.inc \
symmetric.h \
verify.h
OBJECTS= \
basemul.o \
cbd.o \
consts.o \
fips202x4.o \
fq.o \
indcpa.o \
invntt.o \
kem.o \
ntt.o \
poly.o \
polyvec.o \
rejsample.o \
shuffle.o \
symmetric-shake.o \
verify.o
HEADERS=align.h api.h cbd.h cdecl.h consts.h fips202x4.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h rejsample.h symmetric.h verify.h fq.inc shuffle.inc
OBJECTS=cbd.o consts.o fips202x4.o indcpa.o kem.o poly.o polyvec.o rejsample.o symmetric-shake.o verify.o basemul.o fq.o invntt.o ntt.o shuffle.o
KECCAK4XDIR=../../../common/keccak4x
KECCAK4XOBJ=KeccakP-1600-times4-SIMD256.o
KECCAK4X=$(KECCAK4XDIR)/$(KECCAK4XOBJ)
CFLAGS=-mavx2 -mbmi2 -mpopcnt -O3 -Wall -Wextra -Wpedantic -Werror \
-Wmissing-prototypes -Wredundant-decls \
-Wpointer-arith -Wshadow \
-std=c99 -I../../../common $(EXTRAFLAGS)
-Wmissing-prototypes -Wredundant-decls \
-Wpointer-arith -Wshadow \
-std=c99 -I../../../common $(EXTRAFLAGS)
all: $(LIB)

파일 보기

@ -1,5 +1,6 @@
#ifndef PQCLEAN_KYBER1024_AVX2_ALIGN_H
#define PQCLEAN_KYBER1024_AVX2_ALIGN_H
#include <immintrin.h>
#define ALIGN16_TYPE(t) \

파일 보기

@ -15,5 +15,4 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_
int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

파일 보기

@ -1,5 +1,5 @@
#include "cdecl.h"
#include "params.h"
#include "cdecl.inc"
.macro schoolbook off,sign
#load
@ -165,7 +165,9 @@ vmovdqa %ymm5,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1
@ -215,7 +217,9 @@ vmovdqa %ymm12,96(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx):
#consts
vmovdqa _16XQ*2(%rcx),%ymm0
vmovdqa _16XQINV*2(%rcx),%ymm1

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,7 +14,7 @@
* - const unsigned char *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER1024_AVX2_cbd(poly *restrict r, const uint8_t *restrict buf) {
unsigned int i = 0;
unsigned int i;
__m256i vec0, vec1, vec2, vec3, tmp;
const __m256i mask55 = _mm256_set1_epi32(0x55555555);
const __m256i mask33 = _mm256_set1_epi32(0x33333333);

파일 보기

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER1024_AVX2_CBD_H
#define PQCLEAN_KYBER1024_AVX2_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_AVX2_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

파일 보기

@ -1,5 +1,5 @@
#ifndef PQCLEAN_DILITHIUM2_AVX2_CDECL
#define PQCLEAN_DILITHIUM2_AVX2_CDECL
#ifndef PQCLEAN_KYBER1024_AVX2_CDECL_H
#define PQCLEAN_KYBER1024_AVX2_CDECL_H
#define _16XQ 0
#define _16XQINV 16
@ -21,10 +21,6 @@
* This define helps us get around this
*/
#if defined(__WIN32__) || defined(__APPLE__)
#define cdecl(s) _##s
#else
#define _cdecl(s) _##s
#define cdecl(s) s
#endif
#endif

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "consts.h"
#include "params.h"
#include <stdint.h>
#define Q KYBER_Q

파일 보기

@ -1,12 +1,11 @@
#ifndef PQCLEAN_KYBER1024_AVX2_CONSTS_H
#define PQCLEAN_KYBER1024_AVX2_CONSTS_H
#include "cdecl.inc"
#include "cdecl.h"
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
#define ALIGNED_UINT16_T(N) \
union { \
__m256i as_vec; \

파일 보기

@ -10,7 +10,7 @@
extern void KeccakF1600_StatePermute4x(__m256i *s);
static inline void store64(uint8_t x[8], uint64_t u) {
unsigned int i = 0;
unsigned int i;
for (i = 0; i < 8; i++) {
x[i] = u >> 8 * i;
@ -25,7 +25,7 @@ static void keccakx4_absorb(__m256i s[25],
const uint8_t *in3,
size_t inlen,
uint8_t p) {
size_t i = 0, pos = 0;
size_t i, pos = 0;
__m256i t, idx;
for (i = 0; i < 25; ++i) {
@ -74,8 +74,8 @@ static void keccakx4_squeezeblocks(uint8_t *out0,
size_t nblocks,
unsigned int r,
__m256i s[25]) {
unsigned int i = 0;
uint64_t f0 = 0, f1 = 0, f2 = 0, f3 = 0;
unsigned int i;
uint64_t f0, f1, f2, f3;
while (nblocks > 0) {
KeccakF1600_StatePermute4x(s);
@ -137,8 +137,17 @@ void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0,
state->s);
}
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) {
unsigned int i = 0;
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen) {
unsigned int i;
size_t nblocks = outlen / SHAKE128_RATE;
uint8_t t[4][SHAKE128_RATE];
keccakx4_state state;
@ -163,8 +172,17 @@ void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *ou
}
}
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) {
unsigned int i = 0;
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen) {
unsigned int i;
size_t nblocks = outlen / SHAKE256_RATE;
uint8_t t[4][SHAKE256_RATE];
keccakx4_state state;

파일 보기

@ -1,5 +1,5 @@
#ifndef FIPS202X4_H
#define FIPS202X4_H
#ifndef PQCLEAN_KYBER1024_AVX2_FIPS202X4_H
#define PQCLEAN_KYBER1024_AVX2_FIPS202X4_H
#include <immintrin.h>
#include <stddef.h>
@ -9,17 +9,54 @@ typedef struct {
__m256i s[25];
} keccakx4_state;
void PQCLEAN_KYBER1024_AVX2_shake128x4_absorb(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake128x4_absorb(keccakx4_state *state,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake128x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks, keccakx4_state *state);
void PQCLEAN_KYBER1024_AVX2_shake256x4_absorb(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks,
void PQCLEAN_KYBER1024_AVX2_shake128x4_squeezeblocks(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t nblocks,
keccakx4_state *state);
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4_absorb(keccakx4_state *state,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t nblocks,
keccakx4_state *state);
void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0,
uint8_t *out1,
uint8_t *out2,
uint8_t *out3,
size_t outlen,
const uint8_t *in0,
const uint8_t *in1,
const uint8_t *in2,
const uint8_t *in3,
size_t inlen);
#endif

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.text
@ -35,7 +35,9 @@ vmovdqa %ymm9,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XV*2(%rsi),%ymm1
@ -77,7 +79,9 @@ vmovdqa %ymm8,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
call csubq128_avx
@ -118,7 +122,9 @@ vmovdqa %ymm10,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
vmovdqa _16XMONTSQLO*2(%rsi),%ymm1

파일 보기

@ -25,7 +25,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -45,7 +45,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -133,8 +133,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -168,7 +168,7 @@ static unsigned int rej_uniform(int16_t *r,
#define GEN_MATRIX_NBLOCKS ((2*KYBER_N*(1U << 16)/(19*KYBER_Q) \
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[32], int transposed) {
unsigned int i = 0, ctr0 = 0, ctr1 = 0, ctr2 = 0, ctr3 = 0;
unsigned int i, ctr0, ctr1, ctr2, ctr3;
ALIGN32_ARRAY_2D(uint8_t, 4, (GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES + 31) / 32 * 32) buf;
__m256i f;
keccakx4_state state;
@ -242,7 +242,7 @@ void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[32], int t
**************************************************/
void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
const uint8_t *publicseed = buf.arr;
const uint8_t *noiseseed = buf.arr + KYBER_SYMBYTES;
@ -295,7 +295,7 @@ void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
ALIGN32_ARRAY(uint8_t, KYBER_SYMBYTES) seed;
polyvec sp, pkpv, ep, at[KYBER_K], bp;
poly v, k, epp;

파일 보기

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER1024_AVX2_INDCPA_H
#define PQCLEAN_KYBER1024_AVX2_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -210,7 +210,9 @@ vmovdqa %ymm7,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

파일 보기

@ -8,7 +8,6 @@
#include <stddef.h>
#include <stdint.h>
/*************************************************
* Name: PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair
*
@ -23,7 +22,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_AVX2_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -94,8 +93,8 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
/* Will contain key, coins */
ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) kr;
@ -119,7 +118,7 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
hash_h(kr.arr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
/* Overwrite pre-k with z on re-encryption failure */
PQCLEAN_KYBER1024_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail);
PQCLEAN_KYBER1024_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail);
/* hash concatenation of pre-k and H(c) to k */
kdf(ss, kr.arr, 2 * KYBER_SYMBYTES);

파일 보기

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER1024_AVX2_KEM_H
#define PQCLEAN_KYBER1024_AVX2_KEM_H
#include "params.h"
int PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "shuffle.inc"
.include "fq.inc"
@ -203,7 +203,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx):
#consts
vmovdqa _16XQ*2(%rsi),%ymm0
mov %rsi,%rdx

파일 보기

@ -1,28 +1,24 @@
#ifndef NTT_H
#define NTT_H
#ifndef PQCLEAN_KYBER1024_AVX2_NTT_H
#define PQCLEAN_KYBER1024_AVX2_NTT_H
#include "consts.h"
#include "params.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_AVX2_ntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_invntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_nttunpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(int16_t *r,
const int16_t *a,
const int16_t *b,
const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_ntttobytes_avx(uint8_t *r, const int16_t *a, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
void PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx(int16_t *r, const uint8_t *a, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
#endif

파일 보기

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER1024_AVX2_PARAMS_H
#define PQCLEAN_KYBER1024_AVX2_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

파일 보기

@ -19,7 +19,7 @@
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *restrict a) {
unsigned int i = 0, j = 0;
unsigned int i, j;
uint8_t t[8];
PQCLEAN_KYBER1024_AVX2_poly_csubq(a);
@ -50,9 +50,9 @@ void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES],
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_decompress(poly *restrict r,
const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
unsigned int i = 0;
unsigned int i;
unsigned int j = 0;
unsigned int j;
uint8_t t[8];
for (i = 0; i < KYBER_N / 8; i++) {
t[0] = (a[0] >> 0);
@ -114,7 +114,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
const __m256i hqs = _mm256_set1_epi16((KYBER_Q + 1) / 2);
#define FROMMSG64(i) \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_shuffle_epi32(f,0x55*(i)); \
g3 = _mm256_sllv_epi32(g3,shift); \
g3 = _mm256_shuffle_epi8(g3,idx); \
g0 = _mm256_slli_epi16(g3,12); \
@ -136,9 +136,9 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
g2 = _mm256_permute2x128_si256(h0,h1,0x31); \
g1 = _mm256_permute2x128_si256(h2,h3,0x20); \
g3 = _mm256_permute2x128_si256(h2,h3,0x31); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+ 0],g0); \
_mm256_store_si256((__m256i *)&r->coeffs[ 0+32*(i)+16],g1); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2); \
_mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+16],g3)
f = _mm256_load_si256((__m256i *)msg);
@ -157,8 +157,8 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
* - poly *a: pointer to input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *restrict a) {
unsigned int i = 0;
uint32_t small = 0;
unsigned int i;
uint32_t small;
__m256i f0, f1, g0, g1;
const __m256i hqs = _mm256_set1_epi16((KYBER_Q - 1) / 2);
const __m256i hhqs = _mm256_set1_epi16((KYBER_Q - 5) / 4);
@ -325,7 +325,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_csubq(poly *r) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {
@ -346,7 +346,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
* - const poly *b: pointer to second input polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_poly_sub(poly *r, const poly *a, const poly *b) {
unsigned int i = 0;
unsigned int i;
__m256i f0, f1;
for (i = 0; i < KYBER_N; i += 16) {

파일 보기

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER1024_AVX2_POLY_H
#define PQCLEAN_KYBER1024_AVX2_POLY_H
#include "params.h"
#include <immintrin.h>
#include <stdint.h>
@ -14,24 +13,16 @@ typedef union {
int16_t coeffs[KYBER_N];
} poly;
void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
void PQCLEAN_KYBER1024_AVX2_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
void PQCLEAN_KYBER1024_AVX2_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
void PQCLEAN_KYBER1024_AVX2_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
void PQCLEAN_KYBER1024_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
void PQCLEAN_KYBER1024_AVX2_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
void PQCLEAN_KYBER1024_AVX2_poly_getnoise4x(poly *r0,
poly *r1,
poly *r2,
@ -42,25 +33,16 @@ void PQCLEAN_KYBER1024_AVX2_poly_getnoise4x(poly *r0,
uint8_t nonce2,
uint8_t nonce3);
void PQCLEAN_KYBER1024_AVX2_poly_ntt(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_invntt_tomont(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_nttunpack(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER1024_AVX2_poly_tomont(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_reduce(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_csubq(poly *r);
void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b);
void PQCLEAN_KYBER1024_AVX2_poly_sub(poly *r, const poly *a, const poly *b);
#endif

파일 보기

@ -1,6 +1,6 @@
#include "params.h"
#include "consts.h"
#include "ntt.h"
#include "params.h"
#include "poly.h"
#include "polyvec.h"
#include <stdint.h>
@ -16,7 +16,7 @@
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES],
polyvec *restrict a) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
PQCLEAN_KYBER1024_AVX2_polyvec_csubq(a);
@ -24,10 +24,8 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY
for (i = 0; i < KYBER_K; i++) {
for (j = 0; j < KYBER_N / 8; j++) {
for (k = 0; k < 8; k++) {
{
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
/ KYBER_Q) & 0x7ff;
}
r[ 0] = (t[0] >> 0);
@ -58,7 +56,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *restrict r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
unsigned int i = 0, j = 0, k = 0;
size_t i, j, k;
uint16_t t[8];
for (i = 0; i < KYBER_K; i++) {
@ -90,7 +88,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *restrict r,
* - polyvec *a: pointer to input vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
}
@ -107,7 +105,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyv
* (of length KYBER_POLYVECBYTES)
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
}
@ -121,7 +119,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_ntt(&r->vec[i]);
}
@ -136,7 +134,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r) {
* Arguments: - polyvec *r: pointer to in/output vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_invntt_tomont(&r->vec[i]);
}
@ -155,7 +153,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r) {
void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b) {
PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, &PQCLEAN_KYBER1024_AVX2_qdata);
PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, & PQCLEAN_KYBER1024_AVX2_qdata);
}
/*************************************************
@ -168,7 +166,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_reduce(&r->vec[i]);
}
@ -185,7 +183,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r) {
* Arguments: - poly *r: pointer to input/output polynomial
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_csubq(&r->vec[i]);
}
@ -201,7 +199,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r) {
* - const polyvec *b: pointer to second input vector of polynomials
**************************************************/
void PQCLEAN_KYBER1024_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
unsigned int i = 0;
size_t i;
for (i = 0; i < KYBER_K; i++) {
PQCLEAN_KYBER1024_AVX2_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
}

파일 보기

@ -1,6 +1,5 @@
#ifndef PQCLEAN_KYBER1024_AVX2_POLYVEC_H
#define PQCLEAN_KYBER1024_AVX2_POLYVEC_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
@ -9,33 +8,23 @@ typedef struct {
poly vec[KYBER_K];
} polyvec;
void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *r,
const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
const polyvec *a,
const polyvec *b);
void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r);
void PQCLEAN_KYBER1024_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
#endif

파일 보기

@ -1,16 +1,10 @@
#ifndef REDUCE_H
#define REDUCE_H
#ifndef PQCLEAN_KYBER1024_AVX2_REDUCE_H
#define PQCLEAN_KYBER1024_AVX2_REDUCE_H
#include "consts.h"
#include <stdint.h>
#include "consts.h"
#include "params.h"
int16_t PQCLEAN_KYBER1024_AVX2_reduce_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
int16_t PQCLEAN_KYBER1024_AVX2_csubq_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
int16_t PQCLEAN_KYBER1024_AVX2_tomont_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
#endif

파일 보기

@ -2,6 +2,7 @@
#include "consts.h"
#include "params.h"
#include "rejsample.h"
#include <immintrin.h>
#include <stdint.h>
static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
@ -270,9 +271,9 @@ static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
#define REJ_UNIFORM_BUFLEN 672
unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *restrict r,
const uint8_t *restrict buf) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
uint32_t good = 0;
unsigned int ctr, pos;
uint16_t val;
uint32_t good;
const __m256i bound = _mm256_set1_epi16((int16_t)(19 * KYBER_Q - 1));
const __m256i ones = _mm256_set1_epi8(1);
const __m256i kyberq = _mm256_load_si256((__m256i *)&PQCLEAN_KYBER1024_AVX2_qdata.as_arr[_16XQ]);
@ -297,7 +298,7 @@ unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *restrict r,
g1 = _mm256_inserti128_si256(g1, _mm_loadl_epi64((__m128i *)&idx.arr[(good >> 24) & 0xFF]), 1);
//g0 = _mm256_cvtepu8_epi64(_mm_loadl_epi64((__m128i *)&good));
//g1 = _mm256_i64gather_epi64((long long *)idx, g0, 8);
//g1 = _mm256_i64gather_epi64((long long *)idx.arr, g0, 8);
/* Barrett reduction of (still unsigned) values */
g2 = _mm256_mulhi_epu16(f0, v);

파일 보기

@ -1,10 +1,8 @@
#ifndef REJSAMPLE_H
#define REJSAMPLE_H
#ifndef PQCLEAN_KYBER1024_AVX2_REJSAMPLE_H
#define PQCLEAN_KYBER1024_AVX2_REJSAMPLE_H
#include "params.h"
#include <stdint.h>
unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *r,
const unsigned char *buf);

파일 보기

@ -1,4 +1,4 @@
#include "cdecl.inc"
#include "cdecl.h"
.include "fq.inc"
.include "shuffle.inc"
@ -92,7 +92,9 @@ vmovdqa %ymm11,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx):
call nttunpack128_avx
add $256,%rdi
call nttunpack128_avx
@ -169,7 +171,9 @@ vmovdqu %ymm9,160(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx):
#consts
vmovdqa _16XQ*2(%rdx),%ymm0
call ntttobytes128_avx
@ -245,7 +249,9 @@ vmovdqa %ymm1,224(%rdi)
ret
.global cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx)
.global _cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx)
cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx):
_cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx):
#consts
vmovdqa _16XMASK*2(%rdx),%ymm0
call nttfrombytes128_avx

파일 보기

@ -9,8 +9,8 @@
*
* Description: Absorb step of the SHAKE128 specialized for the Kyber context.
*
* Arguments: - keccak_state *state: pointer to (uninitialized) output
* Keccak state
* Arguments: - xof_state *state: pointer to (uninitialized) output
* Keccak state
* - const uint8_t *seed: pointer to KYBER_SYMBYTES input
* to be absorbed into state
* - uint8_t i additional byte of input
@ -20,7 +20,7 @@ void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(xof_state *state,
const uint8_t seed[KYBER_SYMBYTES],
uint8_t x,
uint8_t y) {
unsigned int i = 0;
unsigned int i;
uint8_t extseed[KYBER_SYMBYTES + 2];
for (i = 0; i < KYBER_SYMBYTES; i++) {
@ -48,7 +48,7 @@ void PQCLEAN_KYBER1024_AVX2_kyber_shake256_prf(uint8_t *out,
size_t outlen,
const uint8_t key[KYBER_SYMBYTES],
uint8_t nonce) {
unsigned int i = 0;
unsigned int i;
uint8_t extkey[KYBER_SYMBYTES + 1];
for (i = 0; i < KYBER_SYMBYTES; i++) {

파일 보기

@ -1,17 +1,16 @@
#ifndef SYMMETRIC_H
#define SYMMETRIC_H
#ifndef PQCLEAN_KYBER1024_AVX2_SYMMETRIC_H
#define PQCLEAN_KYBER1024_AVX2_SYMMETRIC_H
#include "fips202.h"
#include "fips202x4.h"
#include "params.h"
#include <stddef.h>
#include <stdint.h>
#include "fips202.h"
#include "fips202x4.h"
typedef shake128ctx xof_state;
void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(shake128ctx *s,
void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(xof_state *s,
const uint8_t seed[KYBER_SYMBYTES],
uint8_t x,
uint8_t y);

파일 보기

@ -15,8 +15,8 @@
* Returns 0 if the byte arrays are equal, 1 otherwise
**************************************************/
int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len) {
size_t pos = 0;
uint64_t r = 0;
size_t pos;
uint64_t r;
__m256i avec, bvec, cvec;
cvec = _mm256_setzero_si256();
@ -53,7 +53,7 @@ int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len
* unsigned char b: Condition bit; has to be in {0,1}
**************************************************/
void PQCLEAN_KYBER1024_AVX2_cmov(uint8_t *restrict r, const uint8_t *restrict x, size_t len, uint8_t b) {
size_t pos = 0;
size_t pos;
__m256i xvec, rvec, bvec;
b = -b;

파일 보기

@ -1,14 +1,11 @@
#ifndef PQCLEAN_KYBER1024_AVX2_VERIFY_H
#define PQCLEAN_KYBER1024_AVX2_VERIFY_H
#include "params.h"
#include <stddef.h>
#include <stdint.h>
int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len);
void PQCLEAN_KYBER1024_AVX2_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
#endif

파일 보기

@ -1,8 +1,8 @@
# This Makefile can be used with GNU Make or BSD Make
LIB=libkyber1024_clean.a
HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h verify.h symmetric.h
OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o verify.o symmetric-shake.o
HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric.h verify.h
OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-shake.o verify.o
CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)

파일 보기

@ -2,7 +2,7 @@
# nmake /f Makefile.Microsoft_nmake
LIBRARY=libkyber1024_clean.lib
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj verify.obj symmetric-shake.obj
OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj symmetric-shake.obj verify.obj
# Warning C4146 is raised when a unary minus operator is applied to an
# unsigned type; this has nonetheless been standard and portable for as

파일 보기

@ -15,5 +15,4 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
#endif

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "cbd.h"
#include "params.h"
#include <stdint.h>
/*************************************************
@ -13,7 +13,7 @@
* Returns 32-bit unsigned integer loaded from x
**************************************************/
static uint32_t load32_littleendian(const uint8_t x[4]) {
uint32_t r = 0;
uint32_t r;
r = (uint32_t)x[0];
r |= (uint32_t)x[1] << 8;
r |= (uint32_t)x[2] << 16;
@ -32,9 +32,9 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
* - const uint8_t *buf: pointer to input byte array
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]) {
unsigned int i = 0, j = 0;
uint32_t t = 0, d = 0;
int16_t a = 0, b = 0;
unsigned int i, j;
uint32_t t, d;
int16_t a, b;
for (i = 0; i < KYBER_N / 8; i++) {
t = load32_littleendian(buf + 4 * i);

파일 보기

@ -1,11 +1,9 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_CBD_H
#define PQCLEAN_KYBER1024_CLEAN_CBD_H
#include "params.h"
#include "poly.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
#endif

파일 보기

@ -22,7 +22,7 @@
static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec *pk,
const uint8_t seed[KYBER_SYMBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_CLEAN_polyvec_tobytes(r, pk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
r[i + KYBER_POLYVECBYTES] = seed[i];
@ -44,7 +44,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
static void unpack_pk(polyvec *pk,
uint8_t seed[KYBER_SYMBYTES],
const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_CLEAN_polyvec_frombytes(pk, packedpk);
for (i = 0; i < KYBER_SYMBYTES; i++) {
seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@ -132,8 +132,8 @@ static unsigned int rej_uniform(int16_t *r,
unsigned int len,
const uint8_t *buf,
unsigned int buflen) {
unsigned int ctr = 0, pos = 0;
uint16_t val = 0;
unsigned int ctr, pos;
uint16_t val;
ctr = pos = 0;
while (ctr < len && pos + 2 <= buflen) {
@ -169,8 +169,7 @@ static unsigned int rej_uniform(int16_t *r,
+ XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
// Not static for benchmarking
void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
unsigned int ctr = 0;
uint8_t i = 0, j = 0;
unsigned int ctr, i, j;
uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES];
xof_state state;
@ -208,7 +207,7 @@ void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYM
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t buf[2 * KYBER_SYMBYTES];
const uint8_t *publicseed = buf;
const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
@ -264,7 +263,7 @@ void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]) {
unsigned int i = 0;
unsigned int i;
uint8_t seed[KYBER_SYMBYTES];
uint8_t nonce = 0;
polyvec sp, pkpv, ep, at[KYBER_K], bp;

파일 보기

@ -1,16 +1,20 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_INDCPA_H
#define PQCLEAN_KYBER1024_CLEAN_INDCPA_H
#include "params.h"
#include "polyvec.h"
#include <stdint.h>
void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
void PQCLEAN_KYBER1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
const uint8_t c[KYBER_INDCPA_BYTES],
const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
#endif

파일 보기

@ -21,7 +21,7 @@
* Returns 0 (success)
**************************************************/
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
size_t i = 0;
size_t i;
PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(pk, sk);
for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@ -92,8 +92,8 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(unsigned char *ct,
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk) {
size_t i = 0;
int fail = 0;
size_t i;
int fail;
uint8_t buf[2 * KYBER_SYMBYTES];
/* Will contain key, coins */
uint8_t kr[2 * KYBER_SYMBYTES];

파일 보기

@ -1,17 +1,14 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_KEM_H
#define PQCLEAN_KYBER1024_CLEAN_KEM_H
#include "params.h"
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(unsigned char *ct,
unsigned char *ss,
const unsigned char *pk);
int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss,
const unsigned char *ct,
const unsigned char *sk);

파일 보기

@ -1,5 +1,5 @@
#include "params.h"
#include "ntt.h"
#include "params.h"
#include "reduce.h"
#include <stdint.h>
@ -89,8 +89,8 @@ static int16_t fqmul(int16_t a, int16_t b) {
* of Zq
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]) {
unsigned int len = 0, start = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int len, start, j, k;
int16_t t, zeta;
k = 1;
for (len = 128; len >= 2; len >>= 1) {
@ -116,8 +116,8 @@ void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]) {
* of Zq
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]) {
unsigned int start = 0, len = 0, j = 0, k = 0;
int16_t t = 0, zeta = 0;
unsigned int start, len, j, k;
int16_t t, zeta;
k = 0;
for (len = 2; len <= 128; len <<= 1) {
@ -148,7 +148,10 @@ void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]) {
* - const int16_t b[2]: pointer to the second factor
* - int16_t zeta: integer defining the reduction polynomial
**************************************************/
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta) {
r[0] = fqmul(a[1], b[1]);
r[0] = fqmul(r[0], zeta);
r[0] += fqmul(a[0], b[0]);

파일 보기

@ -1,22 +1,19 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_NTT_H
#define PQCLEAN_KYBER1024_CLEAN_NTT_H
#include "params.h"
#include <stdint.h>
extern const int16_t PQCLEAN_KYBER1024_CLEAN_zetas[128];
extern const int16_t PQCLEAN_KYBER1024_CLEAN_zetas_inv[128];
void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]);
void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]);
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2],
const int16_t a[2],
const int16_t b[2],
int16_t zeta);
#endif

파일 보기

@ -1,6 +1,9 @@
#ifndef PQCLEAN_KYBER1024_CLEAN_PARAMS_H
#define PQCLEAN_KYBER1024_CLEAN_PARAMS_H
#define KYBER_N 256
#define KYBER_Q 3329

Some files were not shown because too many files have changed in this diff Show More