diff --git a/CMakeLists.txt b/CMakeLists.txt index ba1d4a68..2e98620b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -208,9 +208,6 @@ add_subdirectory(src/sign/dilithium/dilithium2/clean) add_subdirectory(src/sign/dilithium/dilithium3/clean) add_subdirectory(src/sign/dilithium/dilithium5/clean) add_subdirectory(src/sign/falcon) -add_subdirectory(src/sign/rainbow/rainbowV-classic/clean) -add_subdirectory(src/sign/rainbow/rainbowI-classic/clean) -add_subdirectory(src/sign/rainbow/rainbowIII-classic/clean) add_subdirectory(src/sign/sphincs/sphincs-sha256-192f-simple/clean) add_subdirectory(src/sign/sphincs/sphincs-shake256-256f-simple/clean) add_subdirectory(src/sign/sphincs/sphincs-shake256-192f-robust/clean) diff --git a/public/pqc/pqc.h b/public/pqc/pqc.h index baee68c4..627fa3a5 100644 --- a/public/pqc/pqc.h +++ b/public/pqc/pqc.h @@ -16,9 +16,6 @@ extern "C" { _(DILITHIUM5) \ _(FALCON512) \ _(FALCON1024) \ - _(RAINBOWICLASSIC) \ - _(RAINBOWIIICLASSIC) \ - _(RAINBOWVCLASSIC) \ _(SPHINCSSHAKE256128FSIMPLE) \ _(SPHINCSSHAKE256128SSIMPLE) \ _(SPHINCSSHAKE256128FROBUST) \ diff --git a/src/capi/schemes.h b/src/capi/schemes.h index de778768..02ff3acf 100644 --- a/src/capi/schemes.h +++ b/src/capi/schemes.h @@ -2,9 +2,6 @@ #define PQC_SCHEMES_ // PQClean include -#include "sign/rainbow/rainbowV-classic/clean/api.h" -#include "sign/rainbow/rainbowI-classic/clean/api.h" -#include "sign/rainbow/rainbowIII-classic/clean/api.h" #include "sign/sphincs/sphincs-sha256-192f-simple/clean/api.h" #include "sign/sphincs/sphincs-sha256-192f-simple/avx2/api.h" #include "sign/sphincs/sphincs-shake256-256f-simple/clean/api.h" diff --git a/src/rustapi/pqc-sys/src/bindings.rs b/src/rustapi/pqc-sys/src/bindings.rs index 81728f5a..f7c6314b 100644 --- a/src/rustapi/pqc-sys/src/bindings.rs +++ b/src/rustapi/pqc-sys/src/bindings.rs @@ -28,13 +28,13 @@ pub const __STDC_IEC_559_COMPLEX__: u32 = 1; pub const __STDC_ISO_10646__: u32 = 201706; pub const __GNU_LIBRARY__: u32 = 6; pub const __GLIBC__: u32 = 2; -pub const __GLIBC_MINOR__: u32 = 33; +pub const __GLIBC_MINOR__: u32 = 31; pub const _SYS_CDEFS_H: u32 = 1; pub const __glibc_c99_flexarr_available: u32 = 1; pub const __WORDSIZE: u32 = 64; pub const __WORDSIZE_TIME64_COMPAT32: u32 = 1; pub const __SYSCALL_WORDSIZE: u32 = 64; -pub const __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI: u32 = 0; +pub const __LONG_DOUBLE_USES_FLOAT128: u32 = 0; pub const __HAVE_GENERIC_SELECTION: u32 = 1; pub const __GLIBC_USE_LIB_EXT2: u32 = 0; pub const __GLIBC_USE_IEC_60559_BFP_EXT: u32 = 0; @@ -49,7 +49,6 @@ pub const __OFF_T_MATCHES_OFF64_T: u32 = 1; pub const __INO_T_MATCHES_INO64_T: u32 = 1; pub const __RLIM_T_MATCHES_RLIM64_T: u32 = 1; pub const __STATFS_MATCHES_STATFS64: u32 = 1; -pub const __KERNEL_OLD_TIMEVAL_MATCHES_TIMEVAL64: u32 = 1; pub const __FD_SETSIZE: u32 = 1024; pub const _BITS_TIME64_H: u32 = 1; pub const _BITS_WCHAR_H: u32 = 1; @@ -164,7 +163,6 @@ pub type __id_t = ::std::os::raw::c_uint; pub type __time_t = ::std::os::raw::c_long; pub type __useconds_t = ::std::os::raw::c_uint; pub type __suseconds_t = ::std::os::raw::c_long; -pub type __suseconds64_t = ::std::os::raw::c_long; pub type __daddr_t = ::std::os::raw::c_int; pub type __key_t = ::std::os::raw::c_int; pub type __clockid_t = ::std::os::raw::c_int; @@ -208,34 +206,31 @@ pub const PQC_ALG_SIG_DILITHIUM3: ::std::os::raw::c_uint = 1; pub const PQC_ALG_SIG_DILITHIUM5: ::std::os::raw::c_uint = 2; pub const PQC_ALG_SIG_FALCON512: ::std::os::raw::c_uint = 3; pub const PQC_ALG_SIG_FALCON1024: ::std::os::raw::c_uint = 4; -pub const PQC_ALG_SIG_RAINBOWICLASSIC: ::std::os::raw::c_uint = 5; -pub const PQC_ALG_SIG_RAINBOWIIICLASSIC: ::std::os::raw::c_uint = 6; -pub const PQC_ALG_SIG_RAINBOWVCLASSIC: ::std::os::raw::c_uint = 7; -pub const PQC_ALG_SIG_SPHINCSSHAKE256128FSIMPLE: ::std::os::raw::c_uint = 8; -pub const PQC_ALG_SIG_SPHINCSSHAKE256128SSIMPLE: ::std::os::raw::c_uint = 9; -pub const PQC_ALG_SIG_SPHINCSSHAKE256128FROBUST: ::std::os::raw::c_uint = 10; -pub const PQC_ALG_SIG_SPHINCSSHAKE256128SROBUST: ::std::os::raw::c_uint = 11; -pub const PQC_ALG_SIG_SPHINCSSHAKE256192FSIMPLE: ::std::os::raw::c_uint = 12; -pub const PQC_ALG_SIG_SPHINCSSHAKE256192SSIMPLE: ::std::os::raw::c_uint = 13; -pub const PQC_ALG_SIG_SPHINCSSHAKE256192FROBUST: ::std::os::raw::c_uint = 14; -pub const PQC_ALG_SIG_SPHINCSSHAKE256192SROBUST: ::std::os::raw::c_uint = 15; -pub const PQC_ALG_SIG_SPHINCSSHAKE256256FSIMPLE: ::std::os::raw::c_uint = 16; -pub const PQC_ALG_SIG_SPHINCSSHAKE256256SSIMPLE: ::std::os::raw::c_uint = 17; -pub const PQC_ALG_SIG_SPHINCSSHAKE256256FROBUST: ::std::os::raw::c_uint = 18; -pub const PQC_ALG_SIG_SPHINCSSHAKE256256SROBUST: ::std::os::raw::c_uint = 19; -pub const PQC_ALG_SIG_SPHINCSSHA256128FSIMPLE: ::std::os::raw::c_uint = 20; -pub const PQC_ALG_SIG_SPHINCSSHA256128SSIMPLE: ::std::os::raw::c_uint = 21; -pub const PQC_ALG_SIG_SPHINCSSHA256128FROBUST: ::std::os::raw::c_uint = 22; -pub const PQC_ALG_SIG_SPHINCSSHA256128SROBUST: ::std::os::raw::c_uint = 23; -pub const PQC_ALG_SIG_SPHINCSSHA256192FSIMPLE: ::std::os::raw::c_uint = 24; -pub const PQC_ALG_SIG_SPHINCSSHA256192SSIMPLE: ::std::os::raw::c_uint = 25; -pub const PQC_ALG_SIG_SPHINCSSHA256192FROBUST: ::std::os::raw::c_uint = 26; -pub const PQC_ALG_SIG_SPHINCSSHA256192SROBUST: ::std::os::raw::c_uint = 27; -pub const PQC_ALG_SIG_SPHINCSSHA256256FSIMPLE: ::std::os::raw::c_uint = 28; -pub const PQC_ALG_SIG_SPHINCSSHA256256SSIMPLE: ::std::os::raw::c_uint = 29; -pub const PQC_ALG_SIG_SPHINCSSHA256256FROBUST: ::std::os::raw::c_uint = 30; -pub const PQC_ALG_SIG_SPHINCSSHA256256SROBUST: ::std::os::raw::c_uint = 31; -pub const PQC_ALG_SIG_MAX: ::std::os::raw::c_uint = 32; +pub const PQC_ALG_SIG_SPHINCSSHAKE256128FSIMPLE: ::std::os::raw::c_uint = 5; +pub const PQC_ALG_SIG_SPHINCSSHAKE256128SSIMPLE: ::std::os::raw::c_uint = 6; +pub const PQC_ALG_SIG_SPHINCSSHAKE256128FROBUST: ::std::os::raw::c_uint = 7; +pub const PQC_ALG_SIG_SPHINCSSHAKE256128SROBUST: ::std::os::raw::c_uint = 8; +pub const PQC_ALG_SIG_SPHINCSSHAKE256192FSIMPLE: ::std::os::raw::c_uint = 9; +pub const PQC_ALG_SIG_SPHINCSSHAKE256192SSIMPLE: ::std::os::raw::c_uint = 10; +pub const PQC_ALG_SIG_SPHINCSSHAKE256192FROBUST: ::std::os::raw::c_uint = 11; +pub const PQC_ALG_SIG_SPHINCSSHAKE256192SROBUST: ::std::os::raw::c_uint = 12; +pub const PQC_ALG_SIG_SPHINCSSHAKE256256FSIMPLE: ::std::os::raw::c_uint = 13; +pub const PQC_ALG_SIG_SPHINCSSHAKE256256SSIMPLE: ::std::os::raw::c_uint = 14; +pub const PQC_ALG_SIG_SPHINCSSHAKE256256FROBUST: ::std::os::raw::c_uint = 15; +pub const PQC_ALG_SIG_SPHINCSSHAKE256256SROBUST: ::std::os::raw::c_uint = 16; +pub const PQC_ALG_SIG_SPHINCSSHA256128FSIMPLE: ::std::os::raw::c_uint = 17; +pub const PQC_ALG_SIG_SPHINCSSHA256128SSIMPLE: ::std::os::raw::c_uint = 18; +pub const PQC_ALG_SIG_SPHINCSSHA256128FROBUST: ::std::os::raw::c_uint = 19; +pub const PQC_ALG_SIG_SPHINCSSHA256128SROBUST: ::std::os::raw::c_uint = 20; +pub const PQC_ALG_SIG_SPHINCSSHA256192FSIMPLE: ::std::os::raw::c_uint = 21; +pub const PQC_ALG_SIG_SPHINCSSHA256192SSIMPLE: ::std::os::raw::c_uint = 22; +pub const PQC_ALG_SIG_SPHINCSSHA256192FROBUST: ::std::os::raw::c_uint = 23; +pub const PQC_ALG_SIG_SPHINCSSHA256192SROBUST: ::std::os::raw::c_uint = 24; +pub const PQC_ALG_SIG_SPHINCSSHA256256FSIMPLE: ::std::os::raw::c_uint = 25; +pub const PQC_ALG_SIG_SPHINCSSHA256256SSIMPLE: ::std::os::raw::c_uint = 26; +pub const PQC_ALG_SIG_SPHINCSSHA256256FROBUST: ::std::os::raw::c_uint = 27; +pub const PQC_ALG_SIG_SPHINCSSHA256256SROBUST: ::std::os::raw::c_uint = 28; +pub const PQC_ALG_SIG_MAX: ::std::os::raw::c_uint = 29; pub type _bindgen_ty_1 = ::std::os::raw::c_uint; pub const PQC_ALG_KEM_FRODOKEM640SHAKE: ::std::os::raw::c_uint = 0; pub const PQC_ALG_KEM_FRODOKEM976SHAKE: ::std::os::raw::c_uint = 1; diff --git a/src/sign/rainbow/rainbowI-classic/clean/CMakeLists.txt b/src/sign/rainbow/rainbowI-classic/clean/CMakeLists.txt deleted file mode 100644 index dfe8e907..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -set( - SRC_CLEAN_RAINBOW_I_CLASSSIC - blas.c - blas_comm.c - gf.c - parallel_matrix_op.c - rainbow.c - rainbow_keypair.c - rainbow_keypair_computation.c - sign.c - utils_hash.c - utils_prng.c) - -define_sig_alg( - rainbowIclassic_clean - PQCLEAN_RAINBOWICLASSIC_CLEAN "${SRC_CLEAN_RAINBOW_I_CLASSSIC}" "${CMAKE_CURRENT_SOURCE_DIR}") diff --git a/src/sign/rainbow/rainbowI-classic/clean/api.h b/src/sign/rainbow/rainbowI-classic/clean/api.h deleted file mode 100644 index 1b2bf5b1..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/api.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef PQCLEAN_RAINBOWICLASSIC_CLEAN_API_H -#define PQCLEAN_RAINBOWICLASSIC_CLEAN_API_H - -#include -#include - -#define PQCLEAN_RAINBOWICLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 103648 -#define PQCLEAN_RAINBOWICLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 161600 -#define PQCLEAN_RAINBOWICLASSIC_CLEAN_CRYPTO_BYTES 66 -#define PQCLEAN_RAINBOWICLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(16,36,32,32) - classic" - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_signature( - uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk); - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_verify( - const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk); - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#endif diff --git a/src/sign/rainbow/rainbowI-classic/clean/blas.c b/src/sign/rainbow/rainbowI-classic/clean/blas.c deleted file mode 100644 index 72f13dd0..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/blas.c +++ /dev/null @@ -1,43 +0,0 @@ -#include "blas.h" -#include "gf.h" - -#include - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_predicated_add(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, size_t _num_byte) { - uint8_t pr_u8 = (uint8_t) ((uint8_t) 0 - predicate); - for (size_t i = 0; i < _num_byte; i++) { - accu_b[i] ^= (a[i] & pr_u8); - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(uint8_t *accu_b, const uint8_t *a, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - accu_b[i] ^= a[i]; - } -} - - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_mul_scalar(uint8_t *a, uint8_t gf16_b, size_t _num_byte) { - uint8_t tmp; - for (size_t i = 0; i < _num_byte; i++) { - tmp = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(a[i] & 0xF, gf16_b); - tmp |= (uint8_t) (PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(a[i] >> 4, gf16_b) << 4); - a[i] = tmp; - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - accu_c[i] ^= PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(a[i] & 0xF, gf16_b); - accu_c[i] ^= (uint8_t) (PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(a[i] >> 4, gf16_b) << 4); - } -} - -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_dot(const uint8_t *a, const uint8_t *b, size_t _num_byte) { - uint8_t r = 0; - for (size_t i = 0; i < _num_byte; i++) { - r ^= PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(a[i], b[i]); - } - return r; -} - diff --git a/src/sign/rainbow/rainbowI-classic/clean/blas.h b/src/sign/rainbow/rainbowI-classic/clean/blas.h deleted file mode 100644 index 57201967..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/blas.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef _BLAS_H_ -#define _BLAS_H_ -/// @file blas.h -/// @brief Functions for implementing basic linear algebra functions. -/// - -#include "rainbow_config.h" -#include -#include - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_predicated_add(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, size_t _num_byte); -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(uint8_t *accu_b, const uint8_t *a, size_t _num_byte); - - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(uint8_t *accu_c, const uint8_t *a, uint8_t gf16_b, size_t _num_byte); -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_mul_scalar(uint8_t *a, uint8_t gf16_b, size_t _num_byte); -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_dot(const uint8_t *a, const uint8_t *b, size_t _num_byte); - - -#endif // _BLAS_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/blas_comm.c b/src/sign/rainbow/rainbowI-classic/clean/blas_comm.c deleted file mode 100644 index 931297b5..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/blas_comm.c +++ /dev/null @@ -1,152 +0,0 @@ -/// @file blas_comm.c -/// @brief The standard implementations for blas_comm.h -/// - -#include "blas_comm.h" -#include "blas.h" -#include "gf.h" -#include "rainbow_config.h" - -#include -#include - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - b[i] = 0; - } -} - -/// @brief get an element from GF(16) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i) { - uint8_t r = a[i >> 1]; - uint8_t r0 = r & 0xf; - uint8_t r1 = r >> 4; - uint8_t m = (uint8_t)(-((int8_t)i & 1)); - return (uint8_t)((r1 & m) | ((~m) & r0)); -} - -/// @brief set an element for a GF(16) vector . -/// -/// @param[in,out] a - the vector a. -/// @param[in] i - the index in the vector a. -/// @param[in] v - the value for the i-th element in vector a. -/// @return the value of the element. -/// -static uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_set_ele(uint8_t *a, unsigned int i, uint8_t v) { - uint8_t m = (uint8_t)(0xf ^ (-((int8_t)i & 1))); /// 1--> 0xf0 , 0--> 0x0f - uint8_t ai_remaining = (uint8_t)(a[i >> 1] & (~m)); /// erase - a[i >> 1] = (uint8_t)(ai_remaining | (m & (v << 4)) | (m & v & 0xf)); /// set - return v; -} - -static void gf16mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned int i = 0; i < n_A_width; i++) { - uint8_t bb = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(b, i); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(c, matA, bb, n_A_vec_byte); - matA += n_A_vec_byte; - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { - unsigned int n_vec_byte = (len_vec + 1) / 2; - for (unsigned int k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned int i = 0; i < len_vec; i++) { - uint8_t bb = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(bk, i); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(c, a + n_vec_byte * i, bb, n_vec_byte); - } - c += n_vec_byte; - } -} - -static unsigned int gf16mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { - unsigned int n_w_byte = (w + 1) / 2; - unsigned int r8 = 1; - for (unsigned int i = 0; i < h; i++) { - unsigned int offset_byte = i >> 1; - uint8_t *ai = mat + n_w_byte * i; - for (unsigned int j = i + 1; j < h; j++) { - uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_predicated_add(ai + offset_byte, 1 ^ PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_is_nonzero(PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(ai, i)), aj + offset_byte, n_w_byte - offset_byte); - } - uint8_t pivot = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(ai, i); - r8 &= PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_is_nonzero(pivot); - pivot = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_inv(pivot); - offset_byte = (i + 1) >> 1; - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_mul_scalar(ai + offset_byte, pivot, n_w_byte - offset_byte); - for (unsigned int j = 0; j < h; j++) { - if (i == j) { - continue; - } - uint8_t *aj = mat + n_w_byte * j; - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(aj + offset_byte, ai + offset_byte, PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(aj, i), n_w_byte - offset_byte); - } - } - return r8; -} - -static unsigned int gf16mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { - uint8_t mat[64 * 33]; - unsigned int n_byte = (n + 1) >> 1; - for (unsigned int i = 0; i < n; i++) { - memcpy(mat + i * (n_byte + 1), inp_mat + i * n_byte, n_byte); - mat[i * (n_byte + 1) + n_byte] = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(c_terms, i); - } - unsigned int r8 = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_gauss_elim(mat, n, n + 2); - for (unsigned int i = 0; i < n; i++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_set_ele(sol, i, mat[i * (n_byte + 1) + n_byte]); - } - return r8; -} - -static inline void gf16mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { - unsigned int n_byte_w1 = (w + 1) / 2; - unsigned int n_byte_w2 = (w2 + 1) / 2; - unsigned int st_2 = st / 2; - for (unsigned int i = 0; i < h; i++) { - for (unsigned int j = 0; j < n_byte_w2; j++) { - mat2[i * n_byte_w2 + j] = mat[i * n_byte_w1 + st_2 + j]; - } - } -} - -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { - unsigned int n_w_byte = (H + 1) / 2; - - uint8_t *aa = buffer; - for (unsigned int i = 0; i < H; i++) { - uint8_t *ai = aa + i * 2 * n_w_byte; - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(ai, 2 * n_w_byte); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(ai, a + i * n_w_byte, n_w_byte); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_set_ele(ai + n_w_byte, i, 1); - } - unsigned int r8 = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_gauss_elim(aa, H, 2 * H); - gf16mat_submat(inv_a, H, H, aa, 2 * H, H); - return r8; -} - -// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE - -#define gf16mat_prod_impl gf16mat_prod_ref -#define gf16mat_gauss_elim_impl gf16mat_gauss_elim_ref -#define gf16mat_solve_linear_eq_impl gf16mat_solve_linear_eq_ref - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { - gf16mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); -} - -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { - return gf16mat_gauss_elim_impl(mat, h, w); -} - -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { - return gf16mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); -} - diff --git a/src/sign/rainbow/rainbowI-classic/clean/blas_comm.h b/src/sign/rainbow/rainbowI-classic/clean/blas_comm.h deleted file mode 100644 index 4278b495..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/blas_comm.h +++ /dev/null @@ -1,74 +0,0 @@ -#ifndef _BLAS_COMM_H_ -#define _BLAS_COMM_H_ -/// @file blas_comm.h -/// @brief Common functions for linear algebra. -/// - -#include "rainbow_config.h" -#include - -/// @brief set a vector to 0. -/// -/// @param[in,out] b - the vector b. -/// @param[in] _num_byte - number of bytes for the vector b. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); - -/// @brief get an element from GF(16) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(const uint8_t *a, unsigned int i); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(16) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); - -/// @brief Gauss elimination for a matrix, in GF(16) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); - -/// @brief Solving linear equations, in GF(16) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); - -/// @brief Computing the inverse matrix, in GF(16) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); - -/// @brief matrix-vector multiplication: c = matA * b , in GF(16) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); - - -#endif // _BLAS_COMM_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/gf.c b/src/sign/rainbow/rainbowI-classic/clean/gf.c deleted file mode 100644 index 486e0fdc..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/gf.c +++ /dev/null @@ -1,54 +0,0 @@ -#include "gf.h" - -//// gf4 := gf2[x]/x^2+x+1 -static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t)(a << 1); - r ^= (uint8_t)((a >> 1) * 7); - return r; -} - -static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t)(a * (b & 1)); - return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); -} - -static inline uint8_t gf4_squ(uint8_t a) { - return a ^ (a >> 1); -} - -//// gf16 := gf4[y]/y^2+y+x -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 3; - uint8_t a1 = (a >> 2); - uint8_t b0 = b & 3; - uint8_t b1 = (b >> 2); - uint8_t a0b0 = gf4_mul(a0, b0); - uint8_t a1b1 = gf4_mul(a1, b1); - uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); -} - -static inline uint8_t gf16_squ(uint8_t a) { - uint8_t a0 = a & 3; - uint8_t a1 = (a >> 2); - a1 = gf4_squ(a1); - uint8_t a1squ_x2 = gf4_mul_2(a1); - return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_is_nonzero(uint8_t a) { - unsigned int a4 = a & 0xf; - unsigned int r = ((unsigned int)0) - a4; - r >>= 4; - return r & 1; -} - -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_inv(uint8_t a) { - uint8_t a2 = gf16_squ(a); - uint8_t a4 = gf16_squ(a2); - uint8_t a8 = gf16_squ(a4); - uint8_t a6 = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(a4, a2); - return PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(a8, a6); -} - diff --git a/src/sign/rainbow/rainbowI-classic/clean/gf.h b/src/sign/rainbow/rainbowI-classic/clean/gf.h deleted file mode 100644 index 367e03cd..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/gf.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef _GF16_H_ -#define _GF16_H_ - -#include "rainbow_config.h" -#include - -/// @file gf16.h -/// @brief Library for arithmetics in GF(16) and GF(256) -/// - -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_mul(uint8_t a, uint8_t b); - - -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_is_nonzero(uint8_t a); -uint8_t PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16_inv(uint8_t a); - - -#endif // _GF16_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/parallel_matrix_op.c b/src/sign/rainbow/rainbowI-classic/clean/parallel_matrix_op.c deleted file mode 100644 index 91624d6a..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/parallel_matrix_op.c +++ /dev/null @@ -1,182 +0,0 @@ -/// @file parallel_matrix_op.c -/// @brief the standard implementations for functions in parallel_matrix_op.h -/// -/// the standard implementations for functions in parallel_matrix_op.h -/// - -#include "parallel_matrix_op.h" -#include "blas.h" -#include "blas_comm.h" - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. -/// -/// @param[in] i_row - the i-th row in an upper-triangle matrix. -/// @param[in] j_col - the j-th column in an upper-triangle matrix. -/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { - return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; -} - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. -/// -/// @param[in] i_row - the i-th row in a triangle matrix. -/// @param[in] j_col - the j-th column in a triangle matrix. -/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { - if (i_row > j_col) { - return PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); - } - return PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { - unsigned char *runningC = btriC; - unsigned int Aheight = Awidth; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < i; j++) { - unsigned int idx = PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); - runningC += size_batch * (Aheight - i); - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Awidth = Bheight; - unsigned int Aheight = Awidth; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Aheight = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Aheight = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Atr_height = Awidth; - unsigned int Atr_width = Aheight; - for (unsigned int i = 0; i < Atr_height; i++) { - for (unsigned int j = 0; j < Atr_width; j++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); - } - bC += size_batch * Bwidth; - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - const unsigned char *bA = bA_to_tr; - unsigned int Aheight = Awidth_before_tr; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Awidth = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, - const unsigned char *x, unsigned int dim_x, unsigned int size_batch) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned int i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(x, i); - } - unsigned char _y[128]; - for (unsigned int i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(y, i); - } - - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned int i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned int j = 0; j < dim_x; j++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(tmp, mat, _x[j], size_batch); - mat += size_batch; - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(z, tmp, _y[i], size_batch); - } -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned int i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele(x, i); - } - - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned int i = 0; i < dim; i++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned int j = i; j < dim; j++) { - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(tmp, trimat, _x[j], size_batch); - trimat += size_batch; - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd(y, tmp, _x[i], size_batch); - } -} diff --git a/src/sign/rainbow/rainbowI-classic/clean/parallel_matrix_op.h b/src/sign/rainbow/rainbowI-classic/clean/parallel_matrix_op.h deleted file mode 100644 index 52f596e5..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/parallel_matrix_op.h +++ /dev/null @@ -1,260 +0,0 @@ -#ifndef _P_MATRIX_OP_H_ -#define _P_MATRIX_OP_H_ -/// @file parallel_matrix_op.h -/// @brief Librarys for operations of batched matrixes. -/// -/// - -//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. -/// -/// @param[in] i_row - the i-th row in an upper-triangle matrix. -/// @param[in] j_col - the j-th column in an upper-triangle matrix. -/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -unsigned int PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); - -/// -/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. -/// -/// @param[out] btriC - the batched upper-trianglized matrix C. -/// @param[in] bA - a batched retangle matrix A. -/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); - -//////////////////// Section: matrix multiplications /////////////////////////////// - -/// -/// @brief bC += btriA * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA^Tr * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA^Tr * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += A^Tr * bB , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. -/// @param[in] Aheight - the height of A. -/// @param[in] size_Acolvec - the size of a column vector in A. -/// @param[in] Awidth - the width of A. -/// @param[in] bB - a batched matrix B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += A^Tr * bB , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. -/// @param[in] Aheight - the height of A. -/// @param[in] size_Acolvec - the size of a column vector in A. -/// @param[in] Awidth - the width of A. -/// @param[in] bB - a batched matrix B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA^Tr * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). -/// @param[in] Awidth_befor_tr - the width of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA^Tr * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). -/// @param[in] Awidth_befor_tr - the width of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA - a batched matrix A. -/// @param[in] Aheigh - the height of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA - a batched matrix A. -/// @param[in] Aheigh - the height of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - -/// -/// @brief y = x^Tr * trimat * x , in GF(16) -/// -/// @param[out] y - the returned batched element y. -/// @param[in] trimat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim - the dimension of matrix trimat (and x). -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); - -/// -/// @brief y = x^Tr * trimat * x , in GF(256) -/// -/// @param[out] y - the returned batched element y. -/// @param[in] trimat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim - the dimension of matrix trimat (and x). -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); - -/// -/// @brief z = y^Tr * mat * x , in GF(16) -/// -/// @param[out] z - the returned batched element z. -/// @param[in] y - an input vector y. -/// @param[in] dim_y - the length of y. -/// @param[in] mat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim_x - the length of x. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, - const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); - -/// -/// @brief z = y^Tr * mat * x , in GF(256) -/// -/// @param[out] z - the returned batched element z. -/// @param[in] y - an input vector y. -/// @param[in] dim_y - the length of y. -/// @param[in] mat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim_x - the length of x. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, - const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); - -#endif // _P_MATRIX_OP_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow.c b/src/sign/rainbow/rainbowI-classic/clean/rainbow.c deleted file mode 100644 index 05add91c..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow.c +++ /dev/null @@ -1,168 +0,0 @@ -/// @file rainbow.c -/// @brief The standard implementations for functions in rainbow.h -/// - -#include "blas.h" -#include "parallel_matrix_op.h" -#include "rainbow.h" -#include "rainbow_blas.h" -#include "rainbow_config.h" -#include "rainbow_keypair.h" -#include "utils_hash.h" -#include "utils_prng.h" -#include -#include -#include - -#define MAX_ATTEMPT_FRMAT 128 - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { - uint8_t mat_l1[_O1 * _O1_BYTE]; - uint8_t mat_l2[_O2 * _O2_BYTE]; - uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; - - // setup PRNG - prng_t prng_sign; - uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); - memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest - uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean - } - for (unsigned int i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean - } - - // roll vinegars. - uint8_t vinegar[_V1_BYTE]; - unsigned int n_attempt = 0; - unsigned int l1_succ = 0; - while (!l1_succ) { - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - break; - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars - gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 - l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable - n_attempt++; - } - - // Given the vinegars, pre-compute variables needed for layer 2 - uint8_t r_l1_F1[_O1_BYTE] = {0}; - uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); - batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); - uint8_t mat_l2_F3[_O2 * _O2_BYTE]; - uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); - gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); - - // Some local variables. - uint8_t _z[_PUB_M_BYTE]; - uint8_t y[_PUB_M_BYTE]; - uint8_t *x_v1 = vinegar; - uint8_t x_o1[_O1_BYTE]; - uint8_t x_o2[_O2_BYTE]; - - uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy(digest_salt, _digest, _HASH_LEN); - uint8_t *salt = digest_salt + _HASH_LEN; - - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned int succ = 0; - while (!succ) { - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - break; - } - // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) - - // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S - gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(y, temp_o, _O1_BYTE); - - // Central Map: - // layer 1: calculate x_o1 - memcpy(temp_o, r_l1_F1, _O1_BYTE); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(temp_o, y, _O1_BYTE); - gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); - - // layer 2: calculate x_o2 - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); - gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 - batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(temp_o, mat_l2, _O2_BYTE); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); - - // generate the linear equations of the 2nd layer - gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); - gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - - n_attempt++; - }; - // w = T^-1 * y - uint8_t w[_PUB_N_BYTE]; - // identity part of T. - memcpy(w, x_v1, _V1_BYTE); - memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); - memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); - // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(w, y, _V1_BYTE); - // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(w, y, _V1_BYTE); - // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - - memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 - // clean - memset(&prng_sign, 0, sizeof(prng_t)); - memset(vinegar, 0, _V1_BYTE); - memset(r_l1_F1, 0, _O1_BYTE); - memset(r_l2_F1, 0, _O2_BYTE); - memset(_z, 0, _PUB_M_BYTE); - memset(y, 0, _PUB_M_BYTE); - memset(x_o1, 0, _O1_BYTE); - memset(x_o2, 0, _O2_BYTE); - memset(temp_o, 0, sizeof(temp_o)); - - // return: copy w and salt to the signature. - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - return -1; - } - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(signature, w, _PUB_N_BYTE); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); - return 0; -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { - unsigned char digest_ck[_PUB_M_BYTE]; - // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); - - unsigned char correct[_PUB_M_BYTE]; - unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy(digest_salt, digest, _HASH_LEN); - memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) - - // check consistancy. - unsigned char cc = 0; - for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { - cc |= (digest_ck[i] ^ correct[i]); - } - return (0 == cc) ? 0 : -1; -} - - diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow.h b/src/sign/rainbow/rainbowI-classic/clean/rainbow.h deleted file mode 100644 index cf7f2b4c..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _RAINBOW_H_ -#define _RAINBOW_H_ -/// @file rainbow.h -/// @brief APIs for rainbow. -/// - -#include "rainbow_config.h" -#include "rainbow_keypair.h" - -#include - -/// -/// @brief Signing function for classical secret key. -/// -/// @param[out] signature - the signature. -/// @param[in] sk - the secret key. -/// @param[in] digest - the digest. -/// -int PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); - -/// -/// @brief Verifying function. -/// -/// @param[in] digest - the digest. -/// @param[in] signature - the signature. -/// @param[in] pk - the public key. -/// @return 0 for successful verified. -1 for failed verification. -/// -int PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); - - - -#endif // _RAINBOW_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow_blas.h b/src/sign/rainbow/rainbowI-classic/clean/rainbow_blas.h deleted file mode 100644 index 99fc5be4..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow_blas.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _RAINBOW_BLAS_H_ -#define _RAINBOW_BLAS_H_ -/// @file rainbow_blas.h -/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h -/// -/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - -#include "blas.h" -#include "blas_comm.h" -#include "parallel_matrix_op.h" -#include "rainbow_config.h" - - -#define gfv_get_ele PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16v_madd - -#define gfmat_prod PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_prod -#define gfmat_inv PQCLEAN_RAINBOWICLASSIC_CLEAN_gf16mat_inv - -#define batch_trimat_madd PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimat_madd_gf16 -#define batch_trimatTr_madd PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_trimatTr_madd_gf16 -#define batch_2trimat_madd PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_2trimat_madd_gf16 -#define batch_matTr_madd PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_matTr_madd_gf16 -#define batch_bmatTr_madd PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_bmatTr_madd_gf16 -#define batch_mat_madd PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_mat_madd_gf16 - -#define batch_quad_trimat_eval PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_trimat_eval_gf16 -#define batch_quad_recmat_eval PQCLEAN_RAINBOWICLASSIC_CLEAN_batch_quad_recmat_eval_gf16 - - -#endif // _RAINBOW_BLAS_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow_config.h b/src/sign/rainbow/rainbowI-classic/clean/rainbow_config.h deleted file mode 100644 index a581af34..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow_config.h +++ /dev/null @@ -1,49 +0,0 @@ -#ifndef _H_RAINBOW_CONFIG_H_ -#define _H_RAINBOW_CONFIG_H_ - -/// @file rainbow_config.h -/// @brief Defining the parameters of the Rainbow and the corresponding constants. -/// - -#define _USE_GF16 -#define _GFSIZE 16 -#define _V1 36 -#define _O1 32 -#define _O2 32 -#define _MAX_O 32 -#define _HASH_LEN 32 - - -#define _V2 ((_V1) + (_O1)) - -/// size of N, in # of gf elements. -#define _PUB_N (_V1 + _O1 + _O2) - -/// size of M, in # gf elements. -#define _PUB_M (_O1 + _O2) - -/// size of variables, in # bytes. - -// GF16 -#define _V1_BYTE (_V1 / 2) -#define _V2_BYTE (_V2 / 2) -#define _O1_BYTE (_O1 / 2) -#define _O2_BYTE (_O2 / 2) -#define _MAX_O_BYTE (_MAX_O / 2) -#define _PUB_N_BYTE (_PUB_N / 2) -#define _PUB_M_BYTE (_PUB_M / 2) - - -/// length of seed for public key, in # bytes -#define LEN_PKSEED 32 - -/// length of seed for secret key, in # bytes -#define LEN_SKSEED 32 - -/// length of salt for a signature, in # bytes -#define _SALT_BYTE 16 - -/// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) - -#endif // _H_RAINBOW_CONFIG_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair.c b/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair.c deleted file mode 100644 index 39d059e6..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair.c +++ /dev/null @@ -1,155 +0,0 @@ -/// @file rainbow_keypair.c -/// @brief implementations of functions in rainbow_keypair.h -/// - -#include "rainbow_keypair.h" -#include "blas.h" -#include "blas_comm.h" -#include "rainbow_blas.h" -#include "rainbow_keypair_computation.h" -#include "utils_prng.h" -#include -#include -#include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->s1); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t1); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t4); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t3); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); -} - - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { - unsigned n_byte_generated = 0; - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->l1_F1); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l1_F2); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - n_byte_generated += size; - - return n_byte_generated; -} - - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { - unsigned n_byte_generated = 0; - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->l2_F1); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F2); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F3); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F5); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F6); - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - n_byte_generated += size; - - return n_byte_generated; -} - - -static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { - sk += generate_l1_F12(sk, prng0); - generate_l2_F12356(sk, prng0); -} - -static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { - // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 - unsigned char temp[_V1_BYTE + 32]; - unsigned char *t4 = t2_to_t4; - for (unsigned int i = 0; i < _O2; i++) { /// t3 width - gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(t4, temp, _V1_BYTE); - t4 += _V1_BYTE; - t3 += _O1_BYTE; - } -} - -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { - unsigned char temp[_O1_BYTE + 32]; - while (n_terms--) { - gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); - PQCLEAN_RAINBOWICLASSIC_CLEAN_gf256v_add(l1_polys, temp, _O1_BYTE); - l1_polys += _O1_BYTE; - l2_polys += _O2_BYTE; - } -} - -/////////////////// Classic ////////////////////////////////// - -static void generate_secretkey(sk_t *sk, const unsigned char *sk_seed) { - memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); - - // set up prng - prng_t prng0; - PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); - - // generating secret key with prng. - generate_S_T(sk->s1, &prng0); - generate_B1_B2(sk->l1_F1, &prng0); - - // clean prng - memset(&prng0, 0, sizeof(prng_t)); -} - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_generate_keypair(pk_t *rpk, sk_t *sk, const unsigned char *sk_seed) { - generate_secretkey(sk, sk_seed); - - // set up a temporary structure ext_cpk_t for calculating public key. - ext_cpk_t pk; - - PQCLEAN_RAINBOWICLASSIC_CLEAN_calculate_Q_from_F(&pk, sk, sk); // compute the public key in ext_cpk_t format. - calculate_t4(sk->t4, sk->t1, sk->t3); - - obsfucate_l1_polys(pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1); - obsfucate_l1_polys(pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1); - obsfucate_l1_polys(pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1); - obsfucate_l1_polys(pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1); - obsfucate_l1_polys(pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1); - obsfucate_l1_polys(pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); - // so far, the pk contains the full pk but in ext_cpk_t format. - - PQCLEAN_RAINBOWICLASSIC_CLEAN_extcpk_to_pk(rpk, &pk); // convert the public key from ext_cpk_t to pk_t. -} - - - diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair.h b/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair.h deleted file mode 100644 index a47366f5..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef _RAINBOW_KEYPAIR_H_ -#define _RAINBOW_KEYPAIR_H_ -/// @file rainbow_keypair.h -/// @brief Formats of key pairs and functions for generating key pairs. -/// Formats of key pairs and functions for generating key pairs. -/// - -#include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) - -/// @brief public key for classic rainbow -/// -/// public key for classic rainbow -/// -typedef struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; -} pk_t; - -/// @brief secret key for classic rainbow -/// -/// secret key for classic rainbow -/// -typedef struct rainbow_secretkey { - /// - /// seed for generating secret key. - /// Generating S, T, and F for classic rainbow. - /// Generating S and T only for cyclic rainbow. - unsigned char sk_seed[LEN_SKSEED]; - - unsigned char s1[_O1_BYTE * _O2]; ///< part of S map - unsigned char t1[_V1_BYTE * _O1]; ///< part of T map - unsigned char t4[_V1_BYTE * _O2]; ///< part of T map - unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 -} sk_t; - - -/// -/// @brief Generate key pairs for classic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the secret key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_generate_keypair(pk_t *pk, sk_t *sk, const unsigned char *sk_seed); - - - - - -#endif // _RAINBOW_KEYPAIR_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair_computation.c b/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair_computation.c deleted file mode 100644 index 0eb7290c..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair_computation.c +++ /dev/null @@ -1,189 +0,0 @@ -/// @file rainbow_keypair_computation.c -/// @brief Implementations for functions in rainbow_keypair_computation.h -/// - -#include "rainbow_keypair_computation.h" -#include "blas.h" -#include "blas_comm.h" -#include "rainbow_blas.h" -#include "rainbow_keypair.h" -#include -#include -#include - -void PQCLEAN_RAINBOWICLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { - const unsigned char *idx_l1 = cpk->l1_Q1; - const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = i; j < _V1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q2; - idx_l2 = cpk->l2_Q2; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = _V1; j < _V1 + _O1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q3; - idx_l2 = cpk->l2_Q3; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q5; - idx_l2 = cpk->l2_Q5; - for (unsigned int i = _V1; i < _V1 + _O1; i++) { - for (unsigned int j = i; j < _V1 + _O1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q6; - idx_l2 = cpk->l2_Q6; - for (unsigned int i = _V1; i < _V1 + _O1; i++) { - for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q9; - idx_l2 = cpk->l2_Q9; - for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned int j = i; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } -} - -static void calculate_Q_from_F_ref(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { - /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ - const unsigned char *t2 = Ts->t4; - - memcpy(Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); - - memcpy(Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); - batch_trimat_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 - - memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); - memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); - memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); - memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); - - // l1_Q5 : _O1_BYTE * _O1 * _O1 - // l1_Q9 : _O1_BYTE * _O2 * _O2 - // l2_Q5 : _O2_BYTE * _V1 * _O1 - // l2_Q9 : _O2_BYTE * _V1 * _O2 - - unsigned char tempQ[_MAX_O_BYTE * _MAX_O * _MAX_O + 32]; - - memset(tempQ, 0, _O1_BYTE * _O1 * _O1); // l1_Q5 - batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWICLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ, _O1, _O1_BYTE); // UT( ... ) // Q5 - - batch_trimatTr_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // Q2 - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 - batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 - - memset(tempQ, 0, _O1_BYTE * _O2 * _O2); // l1_Q9 - batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWICLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ, _O2, _O1_BYTE); // Q9 - - batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 - batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 - - /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy(Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); - - memcpy(Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1); - batch_trimat_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F1*T1 + F2 - - memcpy(Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); - memset(tempQ, 0, _O2_BYTE * _O1 * _O1); // l2_Q5 - batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWICLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q5, tempQ, _O1, _O2_BYTE); // UT( ... ) // Q5 - - batch_trimatTr_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q2 - - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy(Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); - batch_trimat_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 - batch_mat_madd(Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - - memset(tempQ, 0, _O2_BYTE * _O2 * _O2); // l2_Q9 - batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE); // T2tr * ( ..... ) - - memcpy(Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); - - batch_trimat_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd(tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) - memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); - PQCLEAN_RAINBOWICLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ, _O2, _O2_BYTE); // Q9 - - batch_trimatTr_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd(Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd(Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE); // Q6 -} -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWICLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { - calculate_Q_from_F_impl(Qs, Fs, Ts); -} diff --git a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair_computation.h b/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair_computation.h deleted file mode 100644 index 13a931e8..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/rainbow_keypair_computation.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef _RAINBOW_KEYPAIR_COMP_H_ -#define _RAINBOW_KEYPAIR_COMP_H_ -/// @file rainbow_keypair_computation.h -/// @brief Functions for calculating pk/sk while generating keys. -/// -/// Defining an internal structure of public key. -/// Functions for calculating pk/sk for key generation. -/// - -#include "rainbow_keypair.h" - -/// @brief The (internal use) public key for rainbow -/// -/// The (internal use) public key for rainbow. The public -/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, -/// l2_Q1, .... , l2_Q9. -/// -typedef struct rainbow_extend_publickey { - unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; - unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; - - unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; - unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; - unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; - unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; - unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; -} ext_cpk_t; - -/// -/// @brief converting formats of public keys : from ext_cpk_t version to pk_t -/// -/// @param[out] pk - the classic public key. -/// @param[in] cpk - the internel public key. -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); -///////////////////////////////////////////////// - -/// -/// @brief Computing public key from secret key -/// -/// @param[out] Qs - the public key -/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 -/// @param[in] Ts - parts of the secret key: T1, T4, T3 -/// -void PQCLEAN_RAINBOWICLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); - - -#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/sign.c b/src/sign/rainbow/rainbowI-classic/clean/sign.c deleted file mode 100644 index 7ffdca39..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/sign.c +++ /dev/null @@ -1,74 +0,0 @@ -/// @file sign.c -/// @brief the implementations for functions in api.h -/// -/// - -#include "api.h" -#include "rainbow.h" -#include "rainbow_config.h" -#include "rainbow_keypair.h" -#include "randombytes.h" -#include "utils_hash.h" -#include -#include - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { - unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes(sk_seed, LEN_SKSEED); - - PQCLEAN_RAINBOWICLASSIC_CLEAN_generate_keypair((pk_t *)pk, (sk_t *)sk, sk_seed); - return 0; -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { - unsigned char digest[_HASH_LEN]; - - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - - memcpy(sm, m, mlen); - smlen[0] = mlen + _SIGNATURE_BYTE; - - return PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - int rc; - if (_SIGNATURE_BYTE > smlen) { - rc = -1; - } else { - *mlen = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); - - rc = PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); - } - if (!rc) { - memmove(m, sm, smlen - _SIGNATURE_BYTE); - } else { // bad signature - *mlen = (size_t) -1; - memset(m, 0, smlen); - } - return rc; -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_signature( - uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk) { - unsigned char digest[_HASH_LEN]; - - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_crypto_sign_verify( - const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk) { - if (siglen != _SIGNATURE_BYTE) { - return -1; - } - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - return PQCLEAN_RAINBOWICLASSIC_CLEAN_rainbow_verify(digest, sig, (const pk_t *)pk); -} diff --git a/src/sign/rainbow/rainbowI-classic/clean/utils_hash.c b/src/sign/rainbow/rainbowI-classic/clean/utils_hash.c deleted file mode 100644 index eab04da8..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/utils_hash.c +++ /dev/null @@ -1,50 +0,0 @@ -/// @file utils_hash.c -/// @brief the adapter for SHA2 families. -/// -/// - -#include "utils_hash.h" -#include "rainbow_config.h" -#include "sha2.h" - -static inline int h(unsigned char *digest, const unsigned char *m, size_t mlen) { - sha256(digest, m, mlen); - return 0; -} - -static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if (_HASH_LEN >= n_digest) { - for (size_t i = 0; i < n_digest; i++) { - digest[i] = hash[i]; - } - return 0; - } - for (size_t i = 0; i < _HASH_LEN; i++) { - digest[i] = hash[i]; - } - n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest) { - h(digest + _HASH_LEN, digest, _HASH_LEN); - - n_digest -= _HASH_LEN; - digest += _HASH_LEN; - } - unsigned char temp[_HASH_LEN]; - if (n_digest) { - h(temp, digest, _HASH_LEN); - for (size_t i = 0; i < n_digest; i++) { - digest[_HASH_LEN + i] = temp[i]; - } - } - return 0; -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(unsigned char *digest, - size_t len_digest, - const unsigned char *m, - size_t mlen) { - unsigned char buf[_HASH_LEN]; - h(buf, m, mlen); - return expand_hash(digest, len_digest, buf); -} diff --git a/src/sign/rainbow/rainbowI-classic/clean/utils_hash.h b/src/sign/rainbow/rainbowI-classic/clean/utils_hash.h deleted file mode 100644 index 5faa067a..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/utils_hash.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _UTILS_HASH_H_ -#define _UTILS_HASH_H_ -/// @file utils_hash.h -/// @brief the interface for adapting hash functions. -/// - -#include - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); - -#endif // _UTILS_HASH_H_ diff --git a/src/sign/rainbow/rainbowI-classic/clean/utils_prng.c b/src/sign/rainbow/rainbowI-classic/clean/utils_prng.c deleted file mode 100644 index 4d6c9b95..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/utils_prng.c +++ /dev/null @@ -1,97 +0,0 @@ -/// @file utils_prng.c -/// @brief The implementation of PRNG related functions. -/// - -#include "utils_prng.h" -#include "aes.h" -#include "randombytes.h" -#include "utils_hash.h" -#include -#include - -static void prng_update(const unsigned char *provided_data, - unsigned char *Key, - unsigned char *V) { - unsigned char temp[48]; - aes256ctx ctx; - aes256_ecb_keyexp(&ctx, Key); - for (int i = 0; i < 3; i++) { - //increment V - for (int j = 15; j >= 0; j--) { - if (V[j] == 0xff) { - V[j] = 0x00; - } else { - V[j]++; - break; - } - } - aes256_ecb(temp + 16 * i, V, 1, &ctx); - } - if (provided_data != NULL) { - for (int i = 0; i < 48; i++) { - temp[i] ^= provided_data[i]; - } - } - aes256_ctx_release(&ctx); - memcpy(Key, temp, 32); - memcpy(V, temp + 32, 16); -} -static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes) { - memset(state->Key, 0x00, 32); - memset(state->V, 0x00, 16); - prng_update(entropy_input_48bytes, state->Key, state->V); -} - -static int randombytes_with_state(prng_t *state, - unsigned char *x, - size_t xlen) { - - unsigned char block[16]; - int i = 0; - - aes256ctx ctx; - aes256_ecb_keyexp(&ctx, state->Key); - - while (xlen > 0) { - //increment V - for (int j = 15; j >= 0; j--) { - if (state->V[j] == 0xff) { - state->V[j] = 0x00; - } else { - state->V[j]++; - break; - } - } - aes256_ecb(block, state->V, 1, &ctx); - if (xlen > 15) { - memcpy(x + i, block, 16); - i += 16; - xlen -= 16; - } else { - memcpy(x + i, block, xlen); - xlen = 0; - } - } - aes256_ctx_release(&ctx); - prng_update(NULL, state->Key, state->V); - return 0; -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { - unsigned char seed[48]; - if (prng_seedlen >= 48) { - memcpy(seed, prng_seed, 48); - } else { - memcpy(seed, prng_seed, prng_seedlen); - PQCLEAN_RAINBOWICLASSIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); - } - - randombytes_init_with_state(ctx, seed); - - return 0; -} - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state(ctx, out, outlen); -} diff --git a/src/sign/rainbow/rainbowI-classic/clean/utils_prng.h b/src/sign/rainbow/rainbowI-classic/clean/utils_prng.h deleted file mode 100644 index 76b869f8..00000000 --- a/src/sign/rainbow/rainbowI-classic/clean/utils_prng.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef _UTILS_PRNG_H_ -#define _UTILS_PRNG_H_ -/// @file utils_prng.h -/// @brief the interface for adapting PRNG functions. -/// -/// - -#include "randombytes.h" - -typedef struct { - unsigned char Key[32]; - unsigned char V[16]; -} prng_t; - -int PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); -int PQCLEAN_RAINBOWICLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - -#endif // _UTILS_PRNG_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/CMakeLists.txt b/src/sign/rainbow/rainbowIII-classic/clean/CMakeLists.txt deleted file mode 100644 index 4219979c..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -set( - SRC_CLEAN_RAINBOW_III_CLASSSIC - blas.c - blas_comm.c - gf.c - parallel_matrix_op.c - rainbow.c - rainbow_keypair.c - rainbow_keypair_computation.c - sign.c - utils_hash.c - utils_prng.c) - -define_sig_alg( - rainbowIIIclassic_clean - PQCLEAN_RAINBOWIIICLASSIC_CLEAN "${SRC_CLEAN_RAINBOW_III_CLASSSIC}" "${CMAKE_CURRENT_SOURCE_DIR}") diff --git a/src/sign/rainbow/rainbowIII-classic/clean/api.h b/src/sign/rainbow/rainbowIII-classic/clean/api.h deleted file mode 100644 index 8b4d1661..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/api.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef PQCLEAN_RAINBOWIIICLASSIC_CLEAN_API_H -#define PQCLEAN_RAINBOWIIICLASSIC_CLEAN_API_H - -#include -#include - -#define PQCLEAN_RAINBOWIIICLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 626048 -#define PQCLEAN_RAINBOWIIICLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 882080 -#define PQCLEAN_RAINBOWIIICLASSIC_CLEAN_CRYPTO_BYTES 164 -#define PQCLEAN_RAINBOWIIICLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,68,32,48) - classic" - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_signature( - uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk); - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_verify( - const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk); - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#endif diff --git a/src/sign/rainbow/rainbowIII-classic/clean/blas.c b/src/sign/rainbow/rainbowIII-classic/clean/blas.c deleted file mode 100644 index aaaefdf5..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/blas.c +++ /dev/null @@ -1,31 +0,0 @@ -#include "blas.h" -#include "gf.h" - -#include - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_predicated_add(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, size_t _num_byte) { - uint8_t pr_u8 = (uint8_t) ((uint8_t) 0 - predicate); - for (size_t i = 0; i < _num_byte; i++) { - accu_b[i] ^= (a[i] & pr_u8); - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(uint8_t *accu_b, const uint8_t *a, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - accu_b[i] ^= a[i]; - } -} - - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_mul_scalar(uint8_t *a, uint8_t b, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - a[i] = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(a[i], b); - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - accu_c[i] ^= PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(a[i], gf256_b); - } -} - diff --git a/src/sign/rainbow/rainbowIII-classic/clean/blas.h b/src/sign/rainbow/rainbowIII-classic/clean/blas.h deleted file mode 100644 index 035cec12..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/blas.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef _BLAS_H_ -#define _BLAS_H_ -/// @file blas.h -/// @brief Functions for implementing basic linear algebra functions. -/// - -#include "rainbow_config.h" -#include -#include - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_predicated_add(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, size_t _num_byte); -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(uint8_t *accu_b, const uint8_t *a, size_t _num_byte); - - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_mul_scalar(uint8_t *a, uint8_t b, size_t _num_byte); -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, size_t _num_byte); - - -#endif // _BLAS_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/blas_comm.c b/src/sign/rainbow/rainbowIII-classic/clean/blas_comm.c deleted file mode 100644 index 77aedcd5..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/blas_comm.c +++ /dev/null @@ -1,144 +0,0 @@ -/// @file blas_comm.c -/// @brief The standard implementations for blas_comm.h -/// - -#include "blas_comm.h" -#include "blas.h" -#include "gf.h" -#include "rainbow_config.h" - -#include -#include - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - b[i] = 0; - } -} -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { - return a[i]; -} - -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { - uint8_t r = 0; - while (_num_byte--) { - r |= a[0]; - a++; - } - return (0 == r); -} - -/// polynomial multplication -/// School boook -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned int i = 0; i < _num; i++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(c + i, a, b[i], _num); - } -} - -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned int i = 0; i < n_A_width; i++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { - unsigned int n_vec_byte = len_vec; - for (unsigned int k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned int i = 0; i < len_vec; i++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { - unsigned int r8 = 1; - - for (unsigned int i = 0; i < h; i++) { - uint8_t *ai = mat + w * i; - unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - - for (unsigned int j = i + 1; j < h; j++) { - uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); - } - r8 &= PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_is_nonzero(ai[i]); - uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_inv(pivot); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned int j = 0; j < h; j++) { - if (i == j) { - continue; - } - uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); - } - } - - return r8; -} - -static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { - uint8_t mat[64 * 64]; - for (unsigned int i = 0; i < n; i++) { - memcpy(mat + i * (n + 1), inp_mat + i * n, n); - mat[i * (n + 1) + n] = c_terms[i]; - } - unsigned int r8 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned int i = 0; i < n; i++) { - sol[i] = mat[i * (n + 1) + n]; - } - return r8; -} - -static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { - for (unsigned int i = 0; i < h; i++) { - for (unsigned int j = 0; j < w2; j++) { - mat2[i * w2 + j] = mat[i * w + st + j]; - } - } -} - -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { - uint8_t *aa = buffer; - for (unsigned int i = 0; i < H; i++) { - uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(ai, 2 * H); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(ai, a + i * H, H); - ai[H + i] = 1; - } - unsigned int r8 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); - gf256mat_submat(inv_a, H, H, aa, 2 * H, H); - return r8; -} - - -// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE - -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { - gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); -} - -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { - return gf256mat_gauss_elim_impl(mat, h, w); -} - -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { - return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); -} - diff --git a/src/sign/rainbow/rainbowIII-classic/clean/blas_comm.h b/src/sign/rainbow/rainbowIII-classic/clean/blas_comm.h deleted file mode 100644 index c21256e7..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/blas_comm.h +++ /dev/null @@ -1,90 +0,0 @@ -#ifndef _BLAS_COMM_H_ -#define _BLAS_COMM_H_ -/// @file blas_comm.h -/// @brief Common functions for linear algebra. -/// - -#include "rainbow_config.h" -#include - -/// @brief set a vector to 0. -/// -/// @param[in,out] b - the vector b. -/// @param[in] _num_byte - number of bytes for the vector b. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); - -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); - -/// @brief check if a vector is 0. -/// -/// @param[in] a - the vector a. -/// @param[in] _num_byte - number of bytes for the vector a. -/// @return 1(true) if a is 0. 0(false) else. -/// -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); - -/// @brief polynomial multiplication: c = a*b -/// -/// @param[out] c - the output polynomial c -/// @param[in] a - the vector a. -/// @param[in] b - the vector b. -/// @param[in] _num - number of elements for the polynomials a and b. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); - -/// @brief matrix-vector multiplication: c = matA * b , in GF(256) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(256) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); - -/// @brief Gauss elimination for a matrix, in GF(256) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); - -/// @brief Solving linear equations, in GF(256) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); - -/// @brief Computing the inverse matrix, in GF(256) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); - -#endif // _BLAS_COMM_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/gf.c b/src/sign/rainbow/rainbowIII-classic/clean/gf.c deleted file mode 100644 index b6043f9a..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/gf.c +++ /dev/null @@ -1,91 +0,0 @@ -#include "gf.h" - -//// gf4 := gf2[x]/x^2+x+1 -static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t)(a << 1); - r ^= (uint8_t)((a >> 1) * 7); - return r; -} - -static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t)(a * (b & 1)); - return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); -} - -static inline uint8_t gf4_squ(uint8_t a) { - return a ^ (a >> 1); -} - -//// gf16 := gf4[y]/y^2+y+x -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf16_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 3; - uint8_t a1 = (a >> 2); - uint8_t b0 = b & 3; - uint8_t b1 = (b >> 2); - uint8_t a0b0 = gf4_mul(a0, b0); - uint8_t a1b1 = gf4_mul(a1, b1); - uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); -} - -static inline uint8_t gf16_squ(uint8_t a) { - uint8_t a0 = a & 3; - uint8_t a1 = (a >> 2); - a1 = gf4_squ(a1); - uint8_t a1squ_x2 = gf4_mul_2(a1); - return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned int a8 = a; - unsigned int r = ((unsigned int)0) - a8; - r >>= 8; - return r & 1; -} - -static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t)((a - 2) >> 1); - return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); -} -static inline uint8_t gf16_mul_8(uint8_t a) { - uint8_t a0 = a & 3; - uint8_t a1 = a >> 2; - return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); -} - -// gf256 := gf16[X]/X^2+X+xy -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - uint8_t b0 = b & 15; - uint8_t b1 = (b >> 4); - uint8_t a0b0 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf16_mul(a0, b0); - uint8_t a1b1 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf16_mul(a1, b1); - uint8_t a0b1_a1b0 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x8 = gf16_mul_8(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); -} - -static inline uint8_t gf256_squ(uint8_t a) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - a1 = gf16_squ(a1); - uint8_t a1squ_x8 = gf16_mul_8(a1); - return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_inv(uint8_t a) { - // 128+64+32+16+8+4+2 = 254 - uint8_t a2 = gf256_squ(a); - uint8_t a4 = gf256_squ(a2); - uint8_t a8 = gf256_squ(a4); - uint8_t a4_2 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(a4, a2); - uint8_t a8_4_2 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(a4_2, a8); - uint8_t a64_ = gf256_squ(a8_4_2); - a64_ = gf256_squ(a64_); - a64_ = gf256_squ(a64_); - uint8_t a64_2 = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(a64_, a8_4_2); - uint8_t a128_ = gf256_squ(a64_2); - return PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(a2, a128_); -} diff --git a/src/sign/rainbow/rainbowIII-classic/clean/gf.h b/src/sign/rainbow/rainbowIII-classic/clean/gf.h deleted file mode 100644 index 021c161d..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/gf.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef _GF16_H_ -#define _GF16_H_ - -#include "rainbow_config.h" -#include - -/// @file gf16.h -/// @brief Library for arithmetics in GF(16) and GF(256) -/// - -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf16_mul(uint8_t a, uint8_t b); - - -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_inv(uint8_t a); -uint8_t PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256_mul(uint8_t a, uint8_t b); - - -#endif // _GF16_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/parallel_matrix_op.c b/src/sign/rainbow/rainbowIII-classic/clean/parallel_matrix_op.c deleted file mode 100644 index dae3807d..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/parallel_matrix_op.c +++ /dev/null @@ -1,183 +0,0 @@ -/// @file parallel_matrix_op.c -/// @brief the standard implementations for functions in parallel_matrix_op.h -/// -/// the standard implementations for functions in parallel_matrix_op.h -/// - -#include "parallel_matrix_op.h" -#include "blas.h" -#include "blas_comm.h" - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. -/// -/// @param[in] i_row - the i-th row in an upper-triangle matrix. -/// @param[in] j_col - the j-th column in an upper-triangle matrix. -/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { - return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; -} - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. -/// -/// @param[in] i_row - the i-th row in a triangle matrix. -/// @param[in] j_col - the j-th column in a triangle matrix. -/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { - if (i_row > j_col) { - return PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); - } - return PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { - unsigned char *runningC = btriC; - unsigned int Aheight = Awidth; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < i; j++) { - unsigned int idx = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); - runningC += size_batch * (Aheight - i); - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Awidth = Bheight; - unsigned int Aheight = Awidth; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Aheight = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Aheight = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Atr_height = Awidth; - unsigned int Atr_width = Aheight; - for (unsigned int i = 0; i < Atr_height; i++) { - for (unsigned int j = 0; j < Atr_width; j++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); - } - bC += size_batch * Bwidth; - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - const unsigned char *bA = bA_to_tr; - unsigned int Aheight = Awidth_before_tr; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Awidth = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned int i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(x, i); - } - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned int i = 0; i < dim; i++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned int j = i; j < dim; j++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(tmp, trimat, _x[j], size_batch); - trimat += size_batch; - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(y, tmp, _x[i], size_batch); - } -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned int i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(x, i); - } - unsigned char _y[128]; - for (unsigned int i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele(y, i); - } - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned int i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned int j = 0; j < dim_x; j++) { - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(tmp, mat, _x[j], size_batch); - mat += size_batch; - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd(z, tmp, _y[i], size_batch); - } -} - diff --git a/src/sign/rainbow/rainbowIII-classic/clean/parallel_matrix_op.h b/src/sign/rainbow/rainbowIII-classic/clean/parallel_matrix_op.h deleted file mode 100644 index 96a874c7..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/parallel_matrix_op.h +++ /dev/null @@ -1,260 +0,0 @@ -#ifndef _P_MATRIX_OP_H_ -#define _P_MATRIX_OP_H_ -/// @file parallel_matrix_op.h -/// @brief Librarys for operations of batched matrixes. -/// -/// - -//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. -/// -/// @param[in] i_row - the i-th row in an upper-triangle matrix. -/// @param[in] j_col - the j-th column in an upper-triangle matrix. -/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -unsigned int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); - -/// -/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. -/// -/// @param[out] btriC - the batched upper-trianglized matrix C. -/// @param[in] bA - a batched retangle matrix A. -/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); - -//////////////////// Section: matrix multiplications /////////////////////////////// - -/// -/// @brief bC += btriA * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA^Tr * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA^Tr * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += A^Tr * bB , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. -/// @param[in] Aheight - the height of A. -/// @param[in] size_Acolvec - the size of a column vector in A. -/// @param[in] Awidth - the width of A. -/// @param[in] bB - a batched matrix B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += A^Tr * bB , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. -/// @param[in] Aheight - the height of A. -/// @param[in] size_Acolvec - the size of a column vector in A. -/// @param[in] Awidth - the width of A. -/// @param[in] bB - a batched matrix B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA^Tr * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). -/// @param[in] Awidth_befor_tr - the width of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA^Tr * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). -/// @param[in] Awidth_befor_tr - the width of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA - a batched matrix A. -/// @param[in] Aheigh - the height of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA - a batched matrix A. -/// @param[in] Aheigh - the height of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - -/// -/// @brief y = x^Tr * trimat * x , in GF(16) -/// -/// @param[out] y - the returned batched element y. -/// @param[in] trimat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim - the dimension of matrix trimat (and x). -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); - -/// -/// @brief y = x^Tr * trimat * x , in GF(256) -/// -/// @param[out] y - the returned batched element y. -/// @param[in] trimat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim - the dimension of matrix trimat (and x). -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); - -/// -/// @brief z = y^Tr * mat * x , in GF(16) -/// -/// @param[out] z - the returned batched element z. -/// @param[in] y - an input vector y. -/// @param[in] dim_y - the length of y. -/// @param[in] mat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim_x - the length of x. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, - const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); - -/// -/// @brief z = y^Tr * mat * x , in GF(256) -/// -/// @param[out] z - the returned batched element z. -/// @param[in] y - an input vector y. -/// @param[in] dim_y - the length of y. -/// @param[in] mat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim_x - the length of x. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, - const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); - -#endif // _P_MATRIX_OP_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow.c b/src/sign/rainbow/rainbowIII-classic/clean/rainbow.c deleted file mode 100644 index 3d93036f..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow.c +++ /dev/null @@ -1,168 +0,0 @@ -/// @file rainbow.c -/// @brief The standard implementations for functions in rainbow.h -/// - -#include "blas.h" -#include "parallel_matrix_op.h" -#include "rainbow.h" -#include "rainbow_blas.h" -#include "rainbow_config.h" -#include "rainbow_keypair.h" -#include "utils_hash.h" -#include "utils_prng.h" -#include -#include -#include - -#define MAX_ATTEMPT_FRMAT 128 - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { - uint8_t mat_l1[_O1 * _O1_BYTE]; - uint8_t mat_l2[_O2 * _O2_BYTE]; - uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; - - // setup PRNG - prng_t prng_sign; - uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); - memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest - uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean - } - for (unsigned int i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean - } - - // roll vinegars. - uint8_t vinegar[_V1_BYTE]; - unsigned int n_attempt = 0; - unsigned int l1_succ = 0; - while (!l1_succ) { - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - break; - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars - gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 - l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable - n_attempt++; - } - - // Given the vinegars, pre-compute variables needed for layer 2 - uint8_t r_l1_F1[_O1_BYTE] = {0}; - uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); - batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); - uint8_t mat_l2_F3[_O2 * _O2_BYTE]; - uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); - gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); - - // Some local variables. - uint8_t _z[_PUB_M_BYTE]; - uint8_t y[_PUB_M_BYTE]; - uint8_t *x_v1 = vinegar; - uint8_t x_o1[_O1_BYTE]; - uint8_t x_o2[_O2_BYTE]; - - uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy(digest_salt, _digest, _HASH_LEN); - uint8_t *salt = digest_salt + _HASH_LEN; - - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned int succ = 0; - while (!succ) { - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - break; - } - // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) - - // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S - gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(y, temp_o, _O1_BYTE); - - // Central Map: - // layer 1: calculate x_o1 - memcpy(temp_o, r_l1_F1, _O1_BYTE); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(temp_o, y, _O1_BYTE); - gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); - - // layer 2: calculate x_o2 - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); - gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 - batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(temp_o, mat_l2, _O2_BYTE); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); - - // generate the linear equations of the 2nd layer - gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); - gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - - n_attempt++; - }; - // w = T^-1 * y - uint8_t w[_PUB_N_BYTE]; - // identity part of T. - memcpy(w, x_v1, _V1_BYTE); - memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); - memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); - // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(w, y, _V1_BYTE); - // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(w, y, _V1_BYTE); - // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - - memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 - // clean - memset(&prng_sign, 0, sizeof(prng_t)); - memset(vinegar, 0, _V1_BYTE); - memset(r_l1_F1, 0, _O1_BYTE); - memset(r_l2_F1, 0, _O2_BYTE); - memset(_z, 0, _PUB_M_BYTE); - memset(y, 0, _PUB_M_BYTE); - memset(x_o1, 0, _O1_BYTE); - memset(x_o2, 0, _O2_BYTE); - memset(temp_o, 0, sizeof(temp_o)); - - // return: copy w and salt to the signature. - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - return -1; - } - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(signature, w, _PUB_N_BYTE); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); - return 0; -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { - unsigned char digest_ck[_PUB_M_BYTE]; - // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); - - unsigned char correct[_PUB_M_BYTE]; - unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy(digest_salt, digest, _HASH_LEN); - memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) - - // check consistancy. - unsigned char cc = 0; - for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { - cc |= (digest_ck[i] ^ correct[i]); - } - return (0 == cc) ? 0 : -1; -} - - diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow.h b/src/sign/rainbow/rainbowIII-classic/clean/rainbow.h deleted file mode 100644 index 7d72637d..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _RAINBOW_H_ -#define _RAINBOW_H_ -/// @file rainbow.h -/// @brief APIs for rainbow. -/// - -#include "rainbow_config.h" -#include "rainbow_keypair.h" - -#include - -/// -/// @brief Signing function for classical secret key. -/// -/// @param[out] signature - the signature. -/// @param[in] sk - the secret key. -/// @param[in] digest - the digest. -/// -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); - -/// -/// @brief Verifying function. -/// -/// @param[in] digest - the digest. -/// @param[in] signature - the signature. -/// @param[in] pk - the public key. -/// @return 0 for successful verified. -1 for failed verification. -/// -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); - - - -#endif // _RAINBOW_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_blas.h b/src/sign/rainbow/rainbowIII-classic/clean/rainbow_blas.h deleted file mode 100644 index c5c54829..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_blas.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _RAINBOW_BLAS_H_ -#define _RAINBOW_BLAS_H_ -/// @file rainbow_blas.h -/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h -/// -/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - -#include "blas.h" -#include "blas_comm.h" -#include "parallel_matrix_op.h" -#include "rainbow_config.h" - - -#define gfv_get_ele PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_madd - -#define gfmat_prod PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256mat_inv - -#define batch_trimat_madd PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_mat_madd_gf256 - -#define batch_quad_trimat_eval PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_trimat_eval_gf256 -#define batch_quad_recmat_eval PQCLEAN_RAINBOWIIICLASSIC_CLEAN_batch_quad_recmat_eval_gf256 - - -#endif // _RAINBOW_BLAS_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_config.h b/src/sign/rainbow/rainbowIII-classic/clean/rainbow_config.h deleted file mode 100644 index f3cbb700..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_config.h +++ /dev/null @@ -1,48 +0,0 @@ -#ifndef _H_RAINBOW_CONFIG_H_ -#define _H_RAINBOW_CONFIG_H_ - -/// @file rainbow_config.h -/// @brief Defining the parameters of the Rainbow and the corresponding constants. -/// - -#define _GFSIZE 256 -#define _V1 68 -#define _O1 32 -#define _O2 48 -#define _MAX_O 48 -#define _HASH_LEN 48 - - -#define _V2 ((_V1) + (_O1)) - -/// size of N, in # of gf elements. -#define _PUB_N (_V1 + _O1 + _O2) - -/// size of M, in # gf elements. -#define _PUB_M (_O1 + _O2) - -/// size of variables, in # bytes. - -// GF256 -#define _V1_BYTE (_V1) -#define _V2_BYTE (_V2) -#define _O1_BYTE (_O1) -#define _O2_BYTE (_O2) -#define _MAX_O_BYTE (_MAX_O) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - - -/// length of seed for public key, in # bytes -#define LEN_PKSEED 32 - -/// length of seed for secret key, in # bytes -#define LEN_SKSEED 32 - -/// length of salt for a signature, in # bytes -#define _SALT_BYTE 16 - -/// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) - -#endif // _H_RAINBOW_CONFIG_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair.c b/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair.c deleted file mode 100644 index 63708a9b..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair.c +++ /dev/null @@ -1,155 +0,0 @@ -/// @file rainbow_keypair.c -/// @brief implementations of functions in rainbow_keypair.h -/// - -#include "rainbow_keypair.h" -#include "blas.h" -#include "blas_comm.h" -#include "rainbow_blas.h" -#include "rainbow_keypair_computation.h" -#include "utils_prng.h" -#include -#include -#include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->s1); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t1); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t4); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t3); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); -} - - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { - unsigned n_byte_generated = 0; - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->l1_F1); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l1_F2); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - n_byte_generated += size; - - return n_byte_generated; -} - - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { - unsigned n_byte_generated = 0; - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->l2_F1); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F2); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F3); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F5); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F6); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen( prng0, sk, size ); - n_byte_generated += size; - - return n_byte_generated; -} - - -static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { - sk += generate_l1_F12(sk, prng0); - generate_l2_F12356(sk, prng0); -} - -static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { - // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 - unsigned char temp[_V1_BYTE + 32]; - unsigned char *t4 = t2_to_t4; - for (unsigned int i = 0; i < _O2; i++) { /// t3 width - gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(t4, temp, _V1_BYTE); - t4 += _V1_BYTE; - t3 += _O1_BYTE; - } -} - -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { - unsigned char temp[_O1_BYTE + 32]; - while (n_terms--) { - gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_gf256v_add(l1_polys, temp, _O1_BYTE); - l1_polys += _O1_BYTE; - l2_polys += _O2_BYTE; - } -} - -/////////////////// Classic ////////////////////////////////// - -static void generate_secretkey(sk_t *sk, const unsigned char *sk_seed) { - memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); - - // set up prng - prng_t prng0; - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); - - // generating secret key with prng. - generate_S_T(sk->s1, &prng0); - generate_B1_B2(sk->l1_F1, &prng0); - - // clean prng - memset(&prng0, 0, sizeof(prng_t)); -} - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_generate_keypair(pk_t *rpk, sk_t *sk, const unsigned char *sk_seed) { - generate_secretkey(sk, sk_seed); - - // set up a temporary structure ext_cpk_t for calculating public key. - ext_cpk_t pk; - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_calculate_Q_from_F(&pk, sk, sk); // compute the public key in ext_cpk_t format. - calculate_t4(sk->t4, sk->t1, sk->t3); - - obsfucate_l1_polys(pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1); - obsfucate_l1_polys(pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1); - obsfucate_l1_polys(pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1); - obsfucate_l1_polys(pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1); - obsfucate_l1_polys(pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1); - obsfucate_l1_polys(pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); - // so far, the pk contains the full pk but in ext_cpk_t format. - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_extcpk_to_pk(rpk, &pk); // convert the public key from ext_cpk_t to pk_t. -} - - - diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair.h b/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair.h deleted file mode 100644 index 1812f885..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef _RAINBOW_KEYPAIR_H_ -#define _RAINBOW_KEYPAIR_H_ -/// @file rainbow_keypair.h -/// @brief Formats of key pairs and functions for generating key pairs. -/// Formats of key pairs and functions for generating key pairs. -/// - -#include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) - -/// @brief public key for classic rainbow -/// -/// public key for classic rainbow -/// -typedef struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; -} pk_t; - -/// @brief secret key for classic rainbow -/// -/// secret key for classic rainbow -/// -typedef struct rainbow_secretkey { - /// - /// seed for generating secret key. - /// Generating S, T, and F for classic rainbow. - /// Generating S and T only for cyclic rainbow. - unsigned char sk_seed[LEN_SKSEED]; - - unsigned char s1[_O1_BYTE * _O2]; ///< part of S map - unsigned char t1[_V1_BYTE * _O1]; ///< part of T map - unsigned char t4[_V1_BYTE * _O2]; ///< part of T map - unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 -} sk_t; - - -/// -/// @brief Generate key pairs for classic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the secret key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_generate_keypair(pk_t *pk, sk_t *sk, const unsigned char *sk_seed); - - - - - -#endif // _RAINBOW_KEYPAIR_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair_computation.c b/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair_computation.c deleted file mode 100644 index 62367d44..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair_computation.c +++ /dev/null @@ -1,189 +0,0 @@ -/// @file rainbow_keypair_computation.c -/// @brief Implementations for functions in rainbow_keypair_computation.h -/// - -#include "rainbow_keypair_computation.h" -#include "blas.h" -#include "blas_comm.h" -#include "rainbow_blas.h" -#include "rainbow_keypair.h" -#include -#include -#include - -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { - const unsigned char *idx_l1 = cpk->l1_Q1; - const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = i; j < _V1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q2; - idx_l2 = cpk->l2_Q2; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = _V1; j < _V1 + _O1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q3; - idx_l2 = cpk->l2_Q3; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q5; - idx_l2 = cpk->l2_Q5; - for (unsigned int i = _V1; i < _V1 + _O1; i++) { - for (unsigned int j = i; j < _V1 + _O1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q6; - idx_l2 = cpk->l2_Q6; - for (unsigned int i = _V1; i < _V1 + _O1; i++) { - for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q9; - idx_l2 = cpk->l2_Q9; - for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned int j = i; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } -} - -static void calculate_Q_from_F_ref(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { - /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ - const unsigned char *t2 = Ts->t4; - - memcpy(Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); - - memcpy(Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); - batch_trimat_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 - - memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); - memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); - memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); - memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); - - // l1_Q5 : _O1_BYTE * _O1 * _O1 - // l1_Q9 : _O1_BYTE * _O2 * _O2 - // l2_Q5 : _O2_BYTE * _V1 * _O1 - // l2_Q9 : _O2_BYTE * _V1 * _O2 - - unsigned char tempQ[_MAX_O_BYTE * _MAX_O * _MAX_O + 32]; - - memset(tempQ, 0, _O1_BYTE * _O1 * _O1); // l1_Q5 - batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ, _O1, _O1_BYTE); // UT( ... ) // Q5 - - batch_trimatTr_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // Q2 - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 - batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 - - memset(tempQ, 0, _O1_BYTE * _O2 * _O2); // l1_Q9 - batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ, _O2, _O1_BYTE); // Q9 - - batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 - batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 - - /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy(Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); - - memcpy(Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1); - batch_trimat_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F1*T1 + F2 - - memcpy(Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); - memset(tempQ, 0, _O2_BYTE * _O1 * _O1); // l2_Q5 - batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q5, tempQ, _O1, _O2_BYTE); // UT( ... ) // Q5 - - batch_trimatTr_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q2 - - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy(Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); - batch_trimat_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 - batch_mat_madd(Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - - memset(tempQ, 0, _O2_BYTE * _O2 * _O2); // l2_Q9 - batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE); // T2tr * ( ..... ) - - memcpy(Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); - - batch_trimat_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd(tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) - memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ, _O2, _O2_BYTE); // Q9 - - batch_trimatTr_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd(Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd(Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE); // Q6 -} -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { - calculate_Q_from_F_impl(Qs, Fs, Ts); -} diff --git a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair_computation.h b/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair_computation.h deleted file mode 100644 index c9add890..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/rainbow_keypair_computation.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef _RAINBOW_KEYPAIR_COMP_H_ -#define _RAINBOW_KEYPAIR_COMP_H_ -/// @file rainbow_keypair_computation.h -/// @brief Functions for calculating pk/sk while generating keys. -/// -/// Defining an internal structure of public key. -/// Functions for calculating pk/sk for key generation. -/// - -#include "rainbow_keypair.h" - -/// @brief The (internal use) public key for rainbow -/// -/// The (internal use) public key for rainbow. The public -/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, -/// l2_Q1, .... , l2_Q9. -/// -typedef struct rainbow_extend_publickey { - unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; - unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; - - unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; - unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; - unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; - unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; - unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; -} ext_cpk_t; - -/// -/// @brief converting formats of public keys : from ext_cpk_t version to pk_t -/// -/// @param[out] pk - the classic public key. -/// @param[in] cpk - the internel public key. -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); -///////////////////////////////////////////////// - -/// -/// @brief Computing public key from secret key -/// -/// @param[out] Qs - the public key -/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 -/// @param[in] Ts - parts of the secret key: T1, T4, T3 -/// -void PQCLEAN_RAINBOWIIICLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); - - -#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/sign.c b/src/sign/rainbow/rainbowIII-classic/clean/sign.c deleted file mode 100644 index 81e3b0f2..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/sign.c +++ /dev/null @@ -1,74 +0,0 @@ -/// @file sign.c -/// @brief the implementations for functions in api.h -/// -/// - -#include "api.h" -#include "rainbow.h" -#include "rainbow_config.h" -#include "rainbow_keypair.h" -#include "randombytes.h" -#include "utils_hash.h" -#include -#include - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { - unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes(sk_seed, LEN_SKSEED); - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_generate_keypair((pk_t *)pk, (sk_t *)sk, sk_seed); - return 0; -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { - unsigned char digest[_HASH_LEN]; - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - - memcpy(sm, m, mlen); - smlen[0] = mlen + _SIGNATURE_BYTE; - - return PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - int rc; - if (_SIGNATURE_BYTE > smlen) { - rc = -1; - } else { - *mlen = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); - - rc = PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); - } - if (!rc) { - memmove(m, sm, smlen - _SIGNATURE_BYTE); - } else { // bad signature - *mlen = (size_t) -1; - memset(m, 0, smlen); - } - return rc; -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_signature( - uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk) { - unsigned char digest[_HASH_LEN]; - - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_crypto_sign_verify( - const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk) { - if (siglen != _SIGNATURE_BYTE) { - return -1; - } - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - return PQCLEAN_RAINBOWIIICLASSIC_CLEAN_rainbow_verify(digest, sig, (const pk_t *)pk); -} diff --git a/src/sign/rainbow/rainbowIII-classic/clean/utils_hash.c b/src/sign/rainbow/rainbowIII-classic/clean/utils_hash.c deleted file mode 100644 index a00c94e5..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/utils_hash.c +++ /dev/null @@ -1,50 +0,0 @@ -/// @file utils_hash.c -/// @brief the adapter for SHA2 families. -/// -/// - -#include "utils_hash.h" -#include "rainbow_config.h" -#include "sha2.h" - -static inline int h(unsigned char *digest, const unsigned char *m, size_t mlen) { - sha384(digest, m, mlen); - return 0; -} - -static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if (_HASH_LEN >= n_digest) { - for (size_t i = 0; i < n_digest; i++) { - digest[i] = hash[i]; - } - return 0; - } - for (size_t i = 0; i < _HASH_LEN; i++) { - digest[i] = hash[i]; - } - n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest) { - h(digest + _HASH_LEN, digest, _HASH_LEN); - - n_digest -= _HASH_LEN; - digest += _HASH_LEN; - } - unsigned char temp[_HASH_LEN]; - if (n_digest) { - h(temp, digest, _HASH_LEN); - for (size_t i = 0; i < n_digest; i++) { - digest[_HASH_LEN + i] = temp[i]; - } - } - return 0; -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(unsigned char *digest, - size_t len_digest, - const unsigned char *m, - size_t mlen) { - unsigned char buf[_HASH_LEN]; - h(buf, m, mlen); - return expand_hash(digest, len_digest, buf); -} diff --git a/src/sign/rainbow/rainbowIII-classic/clean/utils_hash.h b/src/sign/rainbow/rainbowIII-classic/clean/utils_hash.h deleted file mode 100644 index a36aa481..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/utils_hash.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _UTILS_HASH_H_ -#define _UTILS_HASH_H_ -/// @file utils_hash.h -/// @brief the interface for adapting hash functions. -/// - -#include - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); - -#endif // _UTILS_HASH_H_ diff --git a/src/sign/rainbow/rainbowIII-classic/clean/utils_prng.c b/src/sign/rainbow/rainbowIII-classic/clean/utils_prng.c deleted file mode 100644 index 2bfa1b1a..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/utils_prng.c +++ /dev/null @@ -1,97 +0,0 @@ -/// @file utils_prng.c -/// @brief The implementation of PRNG related functions. -/// - -#include "utils_prng.h" -#include "aes.h" -#include "randombytes.h" -#include "utils_hash.h" -#include -#include - -static void prng_update(const unsigned char *provided_data, - unsigned char *Key, - unsigned char *V) { - unsigned char temp[48]; - aes256ctx ctx; - aes256_ecb_keyexp(&ctx, Key); - for (int i = 0; i < 3; i++) { - //increment V - for (int j = 15; j >= 0; j--) { - if (V[j] == 0xff) { - V[j] = 0x00; - } else { - V[j]++; - break; - } - } - aes256_ecb(temp + 16 * i, V, 1, &ctx); - } - if (provided_data != NULL) { - for (int i = 0; i < 48; i++) { - temp[i] ^= provided_data[i]; - } - } - aes256_ctx_release(&ctx); - memcpy(Key, temp, 32); - memcpy(V, temp + 32, 16); -} -static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes) { - memset(state->Key, 0x00, 32); - memset(state->V, 0x00, 16); - prng_update(entropy_input_48bytes, state->Key, state->V); -} - -static int randombytes_with_state(prng_t *state, - unsigned char *x, - size_t xlen) { - - unsigned char block[16]; - int i = 0; - - aes256ctx ctx; - aes256_ecb_keyexp(&ctx, state->Key); - - while (xlen > 0) { - //increment V - for (int j = 15; j >= 0; j--) { - if (state->V[j] == 0xff) { - state->V[j] = 0x00; - } else { - state->V[j]++; - break; - } - } - aes256_ecb(block, state->V, 1, &ctx); - if (xlen > 15) { - memcpy(x + i, block, 16); - i += 16; - xlen -= 16; - } else { - memcpy(x + i, block, xlen); - xlen = 0; - } - } - aes256_ctx_release(&ctx); - prng_update(NULL, state->Key, state->V); - return 0; -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { - unsigned char seed[48]; - if (prng_seedlen >= 48) { - memcpy(seed, prng_seed, 48); - } else { - memcpy(seed, prng_seed, prng_seedlen); - PQCLEAN_RAINBOWIIICLASSIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); - } - - randombytes_init_with_state(ctx, seed); - - return 0; -} - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state(ctx, out, outlen); -} diff --git a/src/sign/rainbow/rainbowIII-classic/clean/utils_prng.h b/src/sign/rainbow/rainbowIII-classic/clean/utils_prng.h deleted file mode 100644 index 40214f42..00000000 --- a/src/sign/rainbow/rainbowIII-classic/clean/utils_prng.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef _UTILS_PRNG_H_ -#define _UTILS_PRNG_H_ -/// @file utils_prng.h -/// @brief the interface for adapting PRNG functions. -/// -/// - -#include "randombytes.h" - -typedef struct { - unsigned char Key[32]; - unsigned char V[16]; -} prng_t; - -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); -int PQCLEAN_RAINBOWIIICLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - -#endif // _UTILS_PRNG_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/CMakeLists.txt b/src/sign/rainbow/rainbowV-classic/clean/CMakeLists.txt deleted file mode 100644 index 31332c71..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -set( - SRC_CLEAN_RAINBOW_V_CLASSSIC - blas.c - blas_comm.c - gf.c - parallel_matrix_op.c - rainbow.c - rainbow_keypair.c - rainbow_keypair_computation.c - sign.c - utils_hash.c - utils_prng.c) - -define_sig_alg( - rainbowVclassic_clean - PQCLEAN_RAINBOWVCLASSIC_CLEAN "${SRC_CLEAN_RAINBOW_V_CLASSSIC}" "${CMAKE_CURRENT_SOURCE_DIR}") diff --git a/src/sign/rainbow/rainbowV-classic/clean/api.h b/src/sign/rainbow/rainbowV-classic/clean/api.h deleted file mode 100644 index b26496e1..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/api.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef PQCLEAN_RAINBOWVCLASSIC_CLEAN_API_H -#define PQCLEAN_RAINBOWVCLASSIC_CLEAN_API_H - -#include -#include - -#define PQCLEAN_RAINBOWVCLASSIC_CLEAN_CRYPTO_SECRETKEYBYTES 1408736 -#define PQCLEAN_RAINBOWVCLASSIC_CLEAN_CRYPTO_PUBLICKEYBYTES 1930600 -#define PQCLEAN_RAINBOWVCLASSIC_CLEAN_CRYPTO_BYTES 212 -#define PQCLEAN_RAINBOWVCLASSIC_CLEAN_CRYPTO_ALGNAME "RAINBOW(256,96,36,64) - classic" - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk); - - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_signature( - uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk); - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_verify( - const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk); - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign(uint8_t *sm, size_t *smlen, - const uint8_t *m, size_t mlen, - const uint8_t *sk); - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_open(uint8_t *m, size_t *mlen, - const uint8_t *sm, size_t smlen, - const uint8_t *pk); - - -#endif diff --git a/src/sign/rainbow/rainbowV-classic/clean/blas.c b/src/sign/rainbow/rainbowV-classic/clean/blas.c deleted file mode 100644 index 4a0b7d3e..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/blas.c +++ /dev/null @@ -1,31 +0,0 @@ -#include "blas.h" -#include "gf.h" - -#include - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_predicated_add(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, size_t _num_byte) { - uint8_t pr_u8 = (uint8_t) ((uint8_t) 0 - predicate); - for (size_t i = 0; i < _num_byte; i++) { - accu_b[i] ^= (a[i] & pr_u8); - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(uint8_t *accu_b, const uint8_t *a, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - accu_b[i] ^= a[i]; - } -} - - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_mul_scalar(uint8_t *a, uint8_t b, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - a[i] = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(a[i], b); - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, size_t _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - accu_c[i] ^= PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(a[i], gf256_b); - } -} - diff --git a/src/sign/rainbow/rainbowV-classic/clean/blas.h b/src/sign/rainbow/rainbowV-classic/clean/blas.h deleted file mode 100644 index 78dc991a..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/blas.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef _BLAS_H_ -#define _BLAS_H_ -/// @file blas.h -/// @brief Functions for implementing basic linear algebra functions. -/// - -#include "rainbow_config.h" -#include -#include - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_predicated_add(uint8_t *accu_b, uint8_t predicate, const uint8_t *a, size_t _num_byte); -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(uint8_t *accu_b, const uint8_t *a, size_t _num_byte); - - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_mul_scalar(uint8_t *a, uint8_t b, size_t _num_byte); -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(uint8_t *accu_c, const uint8_t *a, uint8_t gf256_b, size_t _num_byte); - - -#endif // _BLAS_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/blas_comm.c b/src/sign/rainbow/rainbowV-classic/clean/blas_comm.c deleted file mode 100644 index 9cb4979a..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/blas_comm.c +++ /dev/null @@ -1,144 +0,0 @@ -/// @file blas_comm.c -/// @brief The standard implementations for blas_comm.h -/// - -#include "blas_comm.h" -#include "blas.h" -#include "gf.h" -#include "rainbow_config.h" - -#include -#include - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte) { - for (size_t i = 0; i < _num_byte; i++) { - b[i] = 0; - } -} -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i) { - return a[i]; -} - -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte) { - uint8_t r = 0; - while (_num_byte--) { - r |= a[0]; - a++; - } - return (0 == r); -} - -/// polynomial multplication -/// School boook -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(c, _num * 2 - 1); - for (unsigned int i = 0; i < _num; i++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(c + i, a, b[i], _num); - } -} - -static void gf256mat_prod_ref(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(c, n_A_vec_byte); - for (unsigned int i = 0; i < n_A_width; i++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(c, matA, b[i], n_A_vec_byte); - matA += n_A_vec_byte; - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec) { - unsigned int n_vec_byte = len_vec; - for (unsigned int k = 0; k < len_vec; k++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(c, n_vec_byte); - const uint8_t *bk = b + n_vec_byte * k; - for (unsigned int i = 0; i < len_vec; i++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(c, a + n_vec_byte * i, bk[i], n_vec_byte); - } - c += n_vec_byte; - } -} - -static unsigned int gf256mat_gauss_elim_ref(uint8_t *mat, unsigned int h, unsigned int w) { - unsigned int r8 = 1; - - for (unsigned int i = 0; i < h; i++) { - uint8_t *ai = mat + w * i; - unsigned int skip_len_align4 = i & ((unsigned int)~0x3); - - for (unsigned int j = i + 1; j < h; j++) { - uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_predicated_add(ai + skip_len_align4, 1 ^ PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_is_nonzero(ai[i]), aj + skip_len_align4, w - skip_len_align4); - } - r8 &= PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_is_nonzero(ai[i]); - uint8_t pivot = ai[i]; - pivot = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_inv(pivot); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_mul_scalar(ai + skip_len_align4, pivot, w - skip_len_align4); - for (unsigned int j = 0; j < h; j++) { - if (i == j) { - continue; - } - uint8_t *aj = mat + w * j; - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(aj + skip_len_align4, ai + skip_len_align4, aj[i], w - skip_len_align4); - } - } - - return r8; -} - -static unsigned int gf256mat_solve_linear_eq_ref(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { - uint8_t mat[64 * 64]; - for (unsigned int i = 0; i < n; i++) { - memcpy(mat + i * (n + 1), inp_mat + i * n, n); - mat[i * (n + 1) + n] = c_terms[i]; - } - unsigned int r8 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_gauss_elim(mat, n, n + 1); - for (unsigned int i = 0; i < n; i++) { - sol[i] = mat[i * (n + 1) + n]; - } - return r8; -} - -static inline void gf256mat_submat(uint8_t *mat2, unsigned int w2, unsigned int st, const uint8_t *mat, unsigned int w, unsigned int h) { - for (unsigned int i = 0; i < h; i++) { - for (unsigned int j = 0; j < w2; j++) { - mat2[i * w2 + j] = mat[i * w + st + j]; - } - } -} - -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer) { - uint8_t *aa = buffer; - for (unsigned int i = 0; i < H; i++) { - uint8_t *ai = aa + i * 2 * H; - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(ai, 2 * H); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(ai, a + i * H, H); - ai[H + i] = 1; - } - unsigned int r8 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_gauss_elim(aa, H, 2 * H); - gf256mat_submat(inv_a, H, H, aa, 2 * H, H); - return r8; -} - - -// choosing the implementations depends on the macros _BLAS_AVX2_ and _BLAS_SSE - -#define gf256mat_prod_impl gf256mat_prod_ref -#define gf256mat_gauss_elim_impl gf256mat_gauss_elim_ref -#define gf256mat_solve_linear_eq_impl gf256mat_solve_linear_eq_ref -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b) { - gf256mat_prod_impl(c, matA, n_A_vec_byte, n_A_width, b); -} - -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w) { - return gf256mat_gauss_elim_impl(mat, h, w); -} - -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n) { - return gf256mat_solve_linear_eq_impl(sol, inp_mat, c_terms, n); -} - diff --git a/src/sign/rainbow/rainbowV-classic/clean/blas_comm.h b/src/sign/rainbow/rainbowV-classic/clean/blas_comm.h deleted file mode 100644 index 0db6bb28..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/blas_comm.h +++ /dev/null @@ -1,90 +0,0 @@ -#ifndef _BLAS_COMM_H_ -#define _BLAS_COMM_H_ -/// @file blas_comm.h -/// @brief Common functions for linear algebra. -/// - -#include "rainbow_config.h" -#include - -/// @brief set a vector to 0. -/// -/// @param[in,out] b - the vector b. -/// @param[in] _num_byte - number of bytes for the vector b. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(uint8_t *b, unsigned int _num_byte); - -/// @brief get an element from GF(256) vector . -/// -/// @param[in] a - the input vector a. -/// @param[in] i - the index in the vector a. -/// @return the value of the element. -/// -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(const uint8_t *a, unsigned int i); - -/// @brief check if a vector is 0. -/// -/// @param[in] a - the vector a. -/// @param[in] _num_byte - number of bytes for the vector a. -/// @return 1(true) if a is 0. 0(false) else. -/// -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_is_zero(const uint8_t *a, unsigned int _num_byte); - -/// @brief polynomial multiplication: c = a*b -/// -/// @param[out] c - the output polynomial c -/// @param[in] a - the vector a. -/// @param[in] b - the vector b. -/// @param[in] _num - number of elements for the polynomials a and b. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_polymul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int _num); - -/// @brief matrix-vector multiplication: c = matA * b , in GF(256) -/// -/// @param[out] c - the output vector c -/// @param[in] matA - a column-major matrix A. -/// @param[in] n_A_vec_byte - the size of column vectors in bytes. -/// @param[in] n_A_width - the width of matrix A. -/// @param[in] b - the vector b. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_prod(uint8_t *c, const uint8_t *matA, unsigned int n_A_vec_byte, unsigned int n_A_width, const uint8_t *b); - -/// @brief matrix-matrix multiplication: c = a * b , in GF(256) -/// -/// @param[out] c - the output matrix c -/// @param[in] c - a matrix a. -/// @param[in] b - a matrix b. -/// @param[in] len_vec - the length of column vectors. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_mul(uint8_t *c, const uint8_t *a, const uint8_t *b, unsigned int len_vec); - -/// @brief Gauss elimination for a matrix, in GF(256) -/// -/// @param[in,out] mat - the matrix. -/// @param[in] h - the height of the matrix. -/// @param[in] w - the width of the matrix. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_gauss_elim(uint8_t *mat, unsigned int h, unsigned int w); - -/// @brief Solving linear equations, in GF(256) -/// -/// @param[out] sol - the solutions. -/// @param[in] inp_mat - the matrix parts of input equations. -/// @param[in] c_terms - the constant terms of the input equations. -/// @param[in] n - the number of equations. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_solve_linear_eq(uint8_t *sol, const uint8_t *inp_mat, const uint8_t *c_terms, unsigned int n); - -/// @brief Computing the inverse matrix, in GF(256) -/// -/// @param[out] inv_a - the output of matrix a. -/// @param[in] a - a matrix a. -/// @param[in] H - height of matrix a, i.e., matrix a is an HxH matrix. -/// @param[in] buffer - The buffer for computations. it has to be as large as 2 input matrixes. -/// @return 1(true) if success. 0(false) if the matrix is singular. -/// -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_inv(uint8_t *inv_a, const uint8_t *a, unsigned int H, uint8_t *buffer); - -#endif // _BLAS_COMM_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/gf.c b/src/sign/rainbow/rainbowV-classic/clean/gf.c deleted file mode 100644 index f1abbc4e..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/gf.c +++ /dev/null @@ -1,91 +0,0 @@ -#include "gf.h" - -//// gf4 := gf2[x]/x^2+x+1 -static inline uint8_t gf4_mul_2(uint8_t a) { - uint8_t r = (uint8_t)(a << 1); - r ^= (uint8_t)((a >> 1) * 7); - return r; -} - -static inline uint8_t gf4_mul(uint8_t a, uint8_t b) { - uint8_t r = (uint8_t)(a * (b & 1)); - return r ^ (uint8_t)(gf4_mul_2(a) * (b >> 1)); -} - -static inline uint8_t gf4_squ(uint8_t a) { - return a ^ (a >> 1); -} - -//// gf16 := gf4[y]/y^2+y+x -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf16_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 3; - uint8_t a1 = (a >> 2); - uint8_t b0 = b & 3; - uint8_t b1 = (b >> 2); - uint8_t a0b0 = gf4_mul(a0, b0); - uint8_t a1b1 = gf4_mul(a1, b1); - uint8_t a0b1_a1b0 = gf4_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x2 = gf4_mul_2(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 2 ^ a0b0 ^ a1b1_x2); -} - -static inline uint8_t gf16_squ(uint8_t a) { - uint8_t a0 = a & 3; - uint8_t a1 = (a >> 2); - a1 = gf4_squ(a1); - uint8_t a1squ_x2 = gf4_mul_2(a1); - return (uint8_t)((a1 << 2) ^ a1squ_x2 ^ gf4_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a) { - unsigned int a8 = a; - unsigned int r = ((unsigned int)0) - a8; - r >>= 8; - return r & 1; -} - -static inline uint8_t gf4_mul_3(uint8_t a) { - uint8_t msk = (uint8_t)((a - 2) >> 1); - return (uint8_t)((msk & ((int)a * 3)) | ((~msk) & ((int)a - 1))); -} -static inline uint8_t gf16_mul_8(uint8_t a) { - uint8_t a0 = a & 3; - uint8_t a1 = a >> 2; - return (uint8_t)((gf4_mul_2(a0 ^ a1) << 2) | gf4_mul_3(a1)); -} - -// gf256 := gf16[X]/X^2+X+xy -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(uint8_t a, uint8_t b) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - uint8_t b0 = b & 15; - uint8_t b1 = (b >> 4); - uint8_t a0b0 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf16_mul(a0, b0); - uint8_t a1b1 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf16_mul(a1, b1); - uint8_t a0b1_a1b0 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf16_mul(a0 ^ a1, b0 ^ b1) ^ a0b0 ^ a1b1; - uint8_t a1b1_x8 = gf16_mul_8(a1b1); - return (uint8_t)((a0b1_a1b0 ^ a1b1) << 4 ^ a0b0 ^ a1b1_x8); -} - -static inline uint8_t gf256_squ(uint8_t a) { - uint8_t a0 = a & 15; - uint8_t a1 = (a >> 4); - a1 = gf16_squ(a1); - uint8_t a1squ_x8 = gf16_mul_8(a1); - return (uint8_t)((a1 << 4) ^ a1squ_x8 ^ gf16_squ(a0)); -} - -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_inv(uint8_t a) { - // 128+64+32+16+8+4+2 = 254 - uint8_t a2 = gf256_squ(a); - uint8_t a4 = gf256_squ(a2); - uint8_t a8 = gf256_squ(a4); - uint8_t a4_2 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(a4, a2); - uint8_t a8_4_2 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(a4_2, a8); - uint8_t a64_ = gf256_squ(a8_4_2); - a64_ = gf256_squ(a64_); - a64_ = gf256_squ(a64_); - uint8_t a64_2 = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(a64_, a8_4_2); - uint8_t a128_ = gf256_squ(a64_2); - return PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(a2, a128_); -} diff --git a/src/sign/rainbow/rainbowV-classic/clean/gf.h b/src/sign/rainbow/rainbowV-classic/clean/gf.h deleted file mode 100644 index 8fa48d2e..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/gf.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef _GF16_H_ -#define _GF16_H_ - -#include "rainbow_config.h" -#include - -/// @file gf16.h -/// @brief Library for arithmetics in GF(16) and GF(256) -/// - -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf16_mul(uint8_t a, uint8_t b); - - -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_is_nonzero(uint8_t a); -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_inv(uint8_t a); -uint8_t PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256_mul(uint8_t a, uint8_t b); - - -#endif // _GF16_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/parallel_matrix_op.c b/src/sign/rainbow/rainbowV-classic/clean/parallel_matrix_op.c deleted file mode 100644 index 44713eaf..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/parallel_matrix_op.c +++ /dev/null @@ -1,183 +0,0 @@ -/// @file parallel_matrix_op.c -/// @brief the standard implementations for functions in parallel_matrix_op.h -/// -/// the standard implementations for functions in parallel_matrix_op.h -/// - -#include "parallel_matrix_op.h" -#include "blas.h" -#include "blas_comm.h" - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. -/// -/// @param[in] i_row - the i-th row in an upper-triangle matrix. -/// @param[in] j_col - the j-th column in an upper-triangle matrix. -/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim) { - return (dim + dim - i_row + 1) * i_row / 2 + j_col - i_row; -} - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle or lower-triangle matrix. -/// -/// @param[in] i_row - the i-th row in a triangle matrix. -/// @param[in] j_col - the j-th column in a triangle matrix. -/// @param[in] dim - the dimension of the triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -static inline unsigned int idx_of_2trimat(unsigned int i_row, unsigned int j_col, unsigned int n_var) { - if (i_row > j_col) { - return PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(j_col, i_row, n_var); - } - return PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(i_row, j_col, n_var); -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch) { - unsigned char *runningC = btriC; - unsigned int Aheight = Awidth; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < i; j++) { - unsigned int idx = PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(j, i, Aheight); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(btriC + idx * size_batch, bA + size_batch * (i * Awidth + j), size_batch); - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(runningC, bA + size_batch * (i * Awidth + i), size_batch * (Aheight - i)); - runningC += size_batch * (Aheight - i); - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Awidth = Bheight; - unsigned int Aheight = Awidth; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (k < i) { - continue; - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(bC, &btriA[(k - i) * size_batch], PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - btriA += (Aheight - i) * size_batch; - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Aheight = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (i < k) { - continue; - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(bC, &btriA[size_batch * (PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(k, i, Aheight))], PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Aheight = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - if (i == k) { - continue; - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(bC, &btriA[size_batch * (idx_of_2trimat(i, k, Aheight))], PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Atr_height = Awidth; - unsigned int Atr_width = Aheight; - for (unsigned int i = 0; i < Atr_height; i++) { - for (unsigned int j = 0; j < Atr_width; j++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(bC, &bB[j * Bwidth * size_batch], PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(&A_to_tr[size_Acolvec * i], j), size_batch * Bwidth); - } - bC += size_batch * Bwidth; - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - const unsigned char *bA = bA_to_tr; - unsigned int Aheight = Awidth_before_tr; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(bC, &bA[size_batch * (i + k * Aheight)], PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch) { - unsigned int Awidth = Bheight; - for (unsigned int i = 0; i < Aheight; i++) { - for (unsigned int j = 0; j < Bwidth; j++) { - for (unsigned int k = 0; k < Bheight; k++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(bC, &bA[k * size_batch], PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(&B[j * size_Bcolvec], k), size_batch); - } - bC += size_batch; - } - bA += (Awidth) * size_batch; - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch) { - unsigned char tmp[256]; - - unsigned char _x[256]; - for (unsigned int i = 0; i < dim; i++) { - _x[i] = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(x, i); - } - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(y, size_batch); - for (unsigned int i = 0; i < dim; i++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned int j = i; j < dim; j++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(tmp, trimat, _x[j], size_batch); - trimat += size_batch; - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(y, tmp, _x[i], size_batch); - } -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, const unsigned char *mat, - const unsigned char *x, unsigned dim_x, unsigned size_batch) { - unsigned char tmp[128]; - - unsigned char _x[128]; - for (unsigned int i = 0; i < dim_x; i++) { - _x[i] = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(x, i); - } - unsigned char _y[128]; - for (unsigned int i = 0; i < dim_y; i++) { - _y[i] = PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele(y, i); - } - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(z, size_batch); - for (unsigned int i = 0; i < dim_y; i++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(tmp, size_batch); - for (unsigned int j = 0; j < dim_x; j++) { - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(tmp, mat, _x[j], size_batch); - mat += size_batch; - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd(z, tmp, _y[i], size_batch); - } -} - diff --git a/src/sign/rainbow/rainbowV-classic/clean/parallel_matrix_op.h b/src/sign/rainbow/rainbowV-classic/clean/parallel_matrix_op.h deleted file mode 100644 index b85c603b..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/parallel_matrix_op.h +++ /dev/null @@ -1,260 +0,0 @@ -#ifndef _P_MATRIX_OP_H_ -#define _P_MATRIX_OP_H_ -/// @file parallel_matrix_op.h -/// @brief Librarys for operations of batched matrixes. -/// -/// - -//////////////// Section: triangle matrix <-> rectangle matrix /////////////////////////////////// - -/// -/// @brief Calculate the corresponding index in an array for an upper-triangle(UT) matrix. -/// -/// @param[in] i_row - the i-th row in an upper-triangle matrix. -/// @param[in] j_col - the j-th column in an upper-triangle matrix. -/// @param[in] dim - the dimension of the upper-triangle matrix, i.e., an dim x dim matrix. -/// @return the corresponding index in an array storage. -/// -unsigned int PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(unsigned int i_row, unsigned int j_col, unsigned int dim); - -/// -/// @brief Upper trianglize a rectangle matrix to the corresponding upper-trangle matrix. -/// -/// @param[out] btriC - the batched upper-trianglized matrix C. -/// @param[in] bA - a batched retangle matrix A. -/// @param[in] bwidth - the width of the batched matrix A, i.e., A is a Awidth x Awidth matrix. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_UpperTrianglize(unsigned char *btriC, const unsigned char *bA, unsigned int Awidth, unsigned int size_batch); - -//////////////////// Section: matrix multiplications /////////////////////////////// - -/// -/// @brief bC += btriA * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA^Tr * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. A will be transposed while multiplying. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimatTr_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += btriA^Tr * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A, which will be transposed while multiplying. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimatTr_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += (btriA + btriA^Tr) *B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_2trimat_madd_gf16(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += (btriA + btriA^Tr) *B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] btriA - a batched UT matrix A. The operand for multiplication is (btriA + btriA^Tr). -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_2trimat_madd_gf256(unsigned char *bC, const unsigned char *btriA, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += A^Tr * bB , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. -/// @param[in] Aheight - the height of A. -/// @param[in] size_Acolvec - the size of a column vector in A. -/// @param[in] Awidth - the width of A. -/// @param[in] bB - a batched matrix B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_matTr_madd_gf16(unsigned char *bC, - const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += A^Tr * bB , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] A_to_tr - a column-major matrix A. The operand for multiplication is A^Tr. -/// @param[in] Aheight - the height of A. -/// @param[in] size_Acolvec - the size of a column vector in A. -/// @param[in] Awidth - the width of A. -/// @param[in] bB - a batched matrix B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_matTr_madd_gf256(unsigned char *bC, - const unsigned char *A_to_tr, unsigned int Aheight, unsigned int size_Acolvec, unsigned int Awidth, - const unsigned char *bB, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA^Tr * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). -/// @param[in] Awidth_befor_tr - the width of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_bmatTr_madd_gf16(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA^Tr * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA_to_tr - a batched matrix A. The operand for multiplication is (bA^Tr). -/// @param[in] Awidth_befor_tr - the width of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_bmatTr_madd_gf256(unsigned char *bC, const unsigned char *bA_to_tr, unsigned int Awidth_before_tr, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA * B , in GF(16) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA - a batched matrix A. -/// @param[in] Aheigh - the height of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_mat_madd_gf16(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -/// -/// @brief bC += bA * B , in GF(256) -/// -/// @param[out] bC - the batched matrix C. -/// @param[in] bA - a batched matrix A. -/// @param[in] Aheigh - the height of A. -/// @param[in] B - a column-major matrix B. -/// @param[in] Bheight - the height of B. -/// @param[in] size_Bcolvec - the size of the column vector in B. -/// @param[in] Bwidth - the width of B. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_mat_madd_gf256(unsigned char *bC, const unsigned char *bA, unsigned int Aheight, - const unsigned char *B, unsigned int Bheight, unsigned int size_Bcolvec, unsigned int Bwidth, unsigned int size_batch); - -//////////////////// Section: "quadratric" matrix evaluation /////////////////////////////// - -/// -/// @brief y = x^Tr * trimat * x , in GF(16) -/// -/// @param[out] y - the returned batched element y. -/// @param[in] trimat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim - the dimension of matrix trimat (and x). -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_trimat_eval_gf16(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); - -/// -/// @brief y = x^Tr * trimat * x , in GF(256) -/// -/// @param[out] y - the returned batched element y. -/// @param[in] trimat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim - the dimension of matrix trimat (and x). -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_trimat_eval_gf256(unsigned char *y, const unsigned char *trimat, const unsigned char *x, unsigned int dim, unsigned int size_batch); - -/// -/// @brief z = y^Tr * mat * x , in GF(16) -/// -/// @param[out] z - the returned batched element z. -/// @param[in] y - an input vector y. -/// @param[in] dim_y - the length of y. -/// @param[in] mat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim_x - the length of x. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_recmat_eval_gf16(unsigned char *z, const unsigned char *y, unsigned int dim_y, - const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); - -/// -/// @brief z = y^Tr * mat * x , in GF(256) -/// -/// @param[out] z - the returned batched element z. -/// @param[in] y - an input vector y. -/// @param[in] dim_y - the length of y. -/// @param[in] mat - a batched matrix. -/// @param[in] x - an input vector x. -/// @param[in] dim_x - the length of x. -/// @param[in] size_batch - number of the batched elements in the corresponding position of the matrix. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_recmat_eval_gf256(unsigned char *z, const unsigned char *y, unsigned int dim_y, - const unsigned char *mat, const unsigned char *x, unsigned int dim_x, unsigned int size_batch); - -#endif // _P_MATRIX_OP_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow.c b/src/sign/rainbow/rainbowV-classic/clean/rainbow.c deleted file mode 100644 index 85452232..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow.c +++ /dev/null @@ -1,168 +0,0 @@ -/// @file rainbow.c -/// @brief The standard implementations for functions in rainbow.h -/// - -#include "blas.h" -#include "parallel_matrix_op.h" -#include "rainbow.h" -#include "rainbow_blas.h" -#include "rainbow_config.h" -#include "rainbow_keypair.h" -#include "utils_hash.h" -#include "utils_prng.h" -#include -#include -#include - -#define MAX_ATTEMPT_FRMAT 128 - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *_digest) { - uint8_t mat_l1[_O1 * _O1_BYTE]; - uint8_t mat_l2[_O2 * _O2_BYTE]; - uint8_t mat_buffer[2 * _MAX_O * _MAX_O_BYTE]; - - // setup PRNG - prng_t prng_sign; - uint8_t prng_preseed[LEN_SKSEED + _HASH_LEN]; - memcpy(prng_preseed, sk->sk_seed, LEN_SKSEED); - memcpy(prng_preseed + LEN_SKSEED, _digest, _HASH_LEN); // prng_preseed = sk_seed || digest - uint8_t prng_seed[_HASH_LEN]; - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(prng_seed, _HASH_LEN, prng_preseed, _HASH_LEN + LEN_SKSEED); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_set(&prng_sign, prng_seed, _HASH_LEN); // seed = H( sk_seed || digest ) - for (unsigned int i = 0; i < LEN_SKSEED + _HASH_LEN; i++) { - prng_preseed[i] ^= prng_preseed[i]; // clean - } - for (unsigned int i = 0; i < _HASH_LEN; i++) { - prng_seed[i] ^= prng_seed[i]; // clean - } - - // roll vinegars. - uint8_t vinegar[_V1_BYTE]; - unsigned int n_attempt = 0; - unsigned int l1_succ = 0; - while (!l1_succ) { - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - break; - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen(&prng_sign, vinegar, _V1_BYTE); // generating vinegars - gfmat_prod(mat_l1, sk->l1_F2, _O1 * _O1_BYTE, _V1, vinegar); // generating the linear equations for layer 1 - l1_succ = gfmat_inv(mat_l1, mat_l1, _O1, mat_buffer); // check if the linear equation solvable - n_attempt++; - } - - // Given the vinegars, pre-compute variables needed for layer 2 - uint8_t r_l1_F1[_O1_BYTE] = {0}; - uint8_t r_l2_F1[_O2_BYTE] = {0}; - batch_quad_trimat_eval(r_l1_F1, sk->l1_F1, vinegar, _V1, _O1_BYTE); - batch_quad_trimat_eval(r_l2_F1, sk->l2_F1, vinegar, _V1, _O2_BYTE); - uint8_t mat_l2_F3[_O2 * _O2_BYTE]; - uint8_t mat_l2_F2[_O1 * _O2_BYTE]; - gfmat_prod(mat_l2_F3, sk->l2_F3, _O2 * _O2_BYTE, _V1, vinegar); - gfmat_prod(mat_l2_F2, sk->l2_F2, _O1 * _O2_BYTE, _V1, vinegar); - - // Some local variables. - uint8_t _z[_PUB_M_BYTE]; - uint8_t y[_PUB_M_BYTE]; - uint8_t *x_v1 = vinegar; - uint8_t x_o1[_O1_BYTE]; - uint8_t x_o2[_O2_BYTE]; - - uint8_t digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy(digest_salt, _digest, _HASH_LEN); - uint8_t *salt = digest_salt + _HASH_LEN; - - uint8_t temp_o[_MAX_O_BYTE + 32] = {0}; - unsigned int succ = 0; - while (!succ) { - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - break; - } - // The computation: H(digest||salt) --> z --S--> y --C-map--> x --T--> w - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen(&prng_sign, salt, _SALT_BYTE); // roll the salt - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(_z, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H(digest||salt) - - // y = S^-1 * z - memcpy(y, _z, _PUB_M_BYTE); // identity part of S - gfmat_prod(temp_o, sk->s1, _O1_BYTE, _O2, _z + _O1_BYTE); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(y, temp_o, _O1_BYTE); - - // Central Map: - // layer 1: calculate x_o1 - memcpy(temp_o, r_l1_F1, _O1_BYTE); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(temp_o, y, _O1_BYTE); - gfmat_prod(x_o1, mat_l1, _O1_BYTE, _O1, temp_o); - - // layer 2: calculate x_o2 - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_set_zero(temp_o, _O2_BYTE); - gfmat_prod(temp_o, mat_l2_F2, _O2_BYTE, _O1, x_o1); // F2 - batch_quad_trimat_eval(mat_l2, sk->l2_F5, x_o1, _O1, _O2_BYTE); // F5 - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(temp_o, mat_l2, _O2_BYTE); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(temp_o, r_l2_F1, _O2_BYTE); // F1 - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(temp_o, y + _O1_BYTE, _O2_BYTE); - - // generate the linear equations of the 2nd layer - gfmat_prod(mat_l2, sk->l2_F6, _O2 * _O2_BYTE, _O1, x_o1); // F6 - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(mat_l2, mat_l2_F3, _O2 * _O2_BYTE); // F3 - succ = gfmat_inv(mat_l2, mat_l2, _O2, mat_buffer); - gfmat_prod(x_o2, mat_l2, _O2_BYTE, _O2, temp_o); // solve l2 eqs - - n_attempt++; - }; - // w = T^-1 * y - uint8_t w[_PUB_N_BYTE]; - // identity part of T. - memcpy(w, x_v1, _V1_BYTE); - memcpy(w + _V1_BYTE, x_o1, _O1_BYTE); - memcpy(w + _V2_BYTE, x_o2, _O2_BYTE); - // Computing the t1 part. - gfmat_prod(y, sk->t1, _V1_BYTE, _O1, x_o1); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(w, y, _V1_BYTE); - // Computing the t4 part. - gfmat_prod(y, sk->t4, _V1_BYTE, _O2, x_o2); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(w, y, _V1_BYTE); - // Computing the t3 part. - gfmat_prod(y, sk->t3, _O1_BYTE, _O2, x_o2); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(w + _V1_BYTE, y, _O1_BYTE); - - memset(signature, 0, _SIGNATURE_BYTE); // set the output 0 - // clean - memset(&prng_sign, 0, sizeof(prng_t)); - memset(vinegar, 0, _V1_BYTE); - memset(r_l1_F1, 0, _O1_BYTE); - memset(r_l2_F1, 0, _O2_BYTE); - memset(_z, 0, _PUB_M_BYTE); - memset(y, 0, _PUB_M_BYTE); - memset(x_o1, 0, _O1_BYTE); - memset(x_o2, 0, _O2_BYTE); - memset(temp_o, 0, sizeof(temp_o)); - - // return: copy w and salt to the signature. - if (MAX_ATTEMPT_FRMAT <= n_attempt) { - return -1; - } - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(signature, w, _PUB_N_BYTE); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(signature + _PUB_N_BYTE, salt, _SALT_BYTE); - return 0; -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk) { - unsigned char digest_ck[_PUB_M_BYTE]; - // public_map( digest_ck , pk , signature ); Evaluating the quadratic public polynomials. - batch_quad_trimat_eval(digest_ck, pk->pk, signature, _PUB_N, _PUB_M_BYTE); - - unsigned char correct[_PUB_M_BYTE]; - unsigned char digest_salt[_HASH_LEN + _SALT_BYTE]; - memcpy(digest_salt, digest, _HASH_LEN); - memcpy(digest_salt + _HASH_LEN, signature + _PUB_N_BYTE, _SALT_BYTE); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(correct, _PUB_M_BYTE, digest_salt, _HASH_LEN + _SALT_BYTE); // H( digest || salt ) - - // check consistancy. - unsigned char cc = 0; - for (unsigned int i = 0; i < _PUB_M_BYTE; i++) { - cc |= (digest_ck[i] ^ correct[i]); - } - return (0 == cc) ? 0 : -1; -} - - diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow.h b/src/sign/rainbow/rainbowV-classic/clean/rainbow.h deleted file mode 100644 index 1b8e379f..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _RAINBOW_H_ -#define _RAINBOW_H_ -/// @file rainbow.h -/// @brief APIs for rainbow. -/// - -#include "rainbow_config.h" -#include "rainbow_keypair.h" - -#include - -/// -/// @brief Signing function for classical secret key. -/// -/// @param[out] signature - the signature. -/// @param[in] sk - the secret key. -/// @param[in] digest - the digest. -/// -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_sign(uint8_t *signature, const sk_t *sk, const uint8_t *digest); - -/// -/// @brief Verifying function. -/// -/// @param[in] digest - the digest. -/// @param[in] signature - the signature. -/// @param[in] pk - the public key. -/// @return 0 for successful verified. -1 for failed verification. -/// -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_verify(const uint8_t *digest, const uint8_t *signature, const pk_t *pk); - - - -#endif // _RAINBOW_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow_blas.h b/src/sign/rainbow/rainbowV-classic/clean/rainbow_blas.h deleted file mode 100644 index e0114ab7..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow_blas.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _RAINBOW_BLAS_H_ -#define _RAINBOW_BLAS_H_ -/// @file rainbow_blas.h -/// @brief Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h -/// -/// Defining the functions used in rainbow.c acconding to the definitions in rainbow_config.h - -#include "blas.h" -#include "blas_comm.h" -#include "parallel_matrix_op.h" -#include "rainbow_config.h" - - -#define gfv_get_ele PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_get_ele -#define gfv_mul_scalar PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_mul_scalar -#define gfv_madd PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_madd - -#define gfmat_prod PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_prod -#define gfmat_inv PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256mat_inv - -#define batch_trimat_madd PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimat_madd_gf256 -#define batch_trimatTr_madd PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_trimatTr_madd_gf256 -#define batch_2trimat_madd PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_2trimat_madd_gf256 -#define batch_matTr_madd PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_matTr_madd_gf256 -#define batch_bmatTr_madd PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_bmatTr_madd_gf256 -#define batch_mat_madd PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_mat_madd_gf256 - -#define batch_quad_trimat_eval PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_trimat_eval_gf256 -#define batch_quad_recmat_eval PQCLEAN_RAINBOWVCLASSIC_CLEAN_batch_quad_recmat_eval_gf256 - - -#endif // _RAINBOW_BLAS_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow_config.h b/src/sign/rainbow/rainbowV-classic/clean/rainbow_config.h deleted file mode 100644 index e668ff3c..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow_config.h +++ /dev/null @@ -1,48 +0,0 @@ -#ifndef _H_RAINBOW_CONFIG_H_ -#define _H_RAINBOW_CONFIG_H_ - -/// @file rainbow_config.h -/// @brief Defining the parameters of the Rainbow and the corresponding constants. -/// - -#define _GFSIZE 256 -#define _V1 96 -#define _O1 36 -#define _O2 64 -#define _MAX_O 64 -#define _HASH_LEN 64 - - -#define _V2 ((_V1) + (_O1)) - -/// size of N, in # of gf elements. -#define _PUB_N (_V1 + _O1 + _O2) - -/// size of M, in # gf elements. -#define _PUB_M (_O1 + _O2) - -/// size of variables, in # bytes. - -// GF256 -#define _V1_BYTE (_V1) -#define _V2_BYTE (_V2) -#define _O1_BYTE (_O1) -#define _O2_BYTE (_O2) -#define _MAX_O_BYTE (_MAX_O) -#define _PUB_N_BYTE (_PUB_N) -#define _PUB_M_BYTE (_PUB_M) - - -/// length of seed for public key, in # bytes -#define LEN_PKSEED 32 - -/// length of seed for secret key, in # bytes -#define LEN_SKSEED 32 - -/// length of salt for a signature, in # bytes -#define _SALT_BYTE 16 - -/// length of a signature -#define _SIGNATURE_BYTE (_PUB_N_BYTE + _SALT_BYTE) - -#endif // _H_RAINBOW_CONFIG_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair.c b/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair.c deleted file mode 100644 index 7dff94f1..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair.c +++ /dev/null @@ -1,155 +0,0 @@ -/// @file rainbow_keypair.c -/// @brief implementations of functions in rainbow_keypair.h -/// - -#include "rainbow_keypair.h" -#include "blas.h" -#include "blas_comm.h" -#include "rainbow_blas.h" -#include "rainbow_keypair_computation.h" -#include "utils_prng.h" -#include -#include -#include - -static -void generate_S_T( unsigned char *s_and_t, prng_t *prng0 ) { - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->s1); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t1); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t4); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); - s_and_t += size; - - size = sizeof(_sk->t3); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, s_and_t, size ); -} - - -static -unsigned generate_l1_F12( unsigned char *sk, prng_t *prng0 ) { - unsigned n_byte_generated = 0; - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->l1_F1); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l1_F2); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, sk, size ); - n_byte_generated += size; - - return n_byte_generated; -} - - -static -unsigned generate_l2_F12356( unsigned char *sk, prng_t *prng0 ) { - unsigned n_byte_generated = 0; - sk_t *_sk; - unsigned size; - - size = sizeof(_sk->l2_F1); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F2); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F3); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F5); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, sk, size ); - sk += size; - n_byte_generated += size; - - size = sizeof(_sk->l2_F6); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen( prng0, sk, size ); - n_byte_generated += size; - - return n_byte_generated; -} - - -static void generate_B1_B2(unsigned char *sk, prng_t *prng0) { - sk += generate_l1_F12(sk, prng0); - generate_l2_F12356(sk, prng0); -} - -static void calculate_t4(unsigned char *t2_to_t4, const unsigned char *t1, const unsigned char *t3) { - // t4 = T_sk.t1 * T_sk.t3 - T_sk.t2 - unsigned char temp[_V1_BYTE + 32]; - unsigned char *t4 = t2_to_t4; - for (unsigned int i = 0; i < _O2; i++) { /// t3 width - gfmat_prod(temp, t1, _V1_BYTE, _O1, t3); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(t4, temp, _V1_BYTE); - t4 += _V1_BYTE; - t3 += _O1_BYTE; - } -} - -static void obsfucate_l1_polys(unsigned char *l1_polys, const unsigned char *l2_polys, unsigned int n_terms, const unsigned char *s1) { - unsigned char temp[_O1_BYTE + 32]; - while (n_terms--) { - gfmat_prod(temp, s1, _O1_BYTE, _O2, l2_polys); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_gf256v_add(l1_polys, temp, _O1_BYTE); - l1_polys += _O1_BYTE; - l2_polys += _O2_BYTE; - } -} - -/////////////////// Classic ////////////////////////////////// - -static void generate_secretkey(sk_t *sk, const unsigned char *sk_seed) { - memcpy(sk->sk_seed, sk_seed, LEN_SKSEED); - - // set up prng - prng_t prng0; - PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_set(&prng0, sk_seed, LEN_SKSEED); - - // generating secret key with prng. - generate_S_T(sk->s1, &prng0); - generate_B1_B2(sk->l1_F1, &prng0); - - // clean prng - memset(&prng0, 0, sizeof(prng_t)); -} - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_generate_keypair(pk_t *rpk, sk_t *sk, const unsigned char *sk_seed) { - generate_secretkey(sk, sk_seed); - - // set up a temporary structure ext_cpk_t for calculating public key. - ext_cpk_t pk; - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_calculate_Q_from_F(&pk, sk, sk); // compute the public key in ext_cpk_t format. - calculate_t4(sk->t4, sk->t1, sk->t3); - - obsfucate_l1_polys(pk.l1_Q1, pk.l2_Q1, N_TRIANGLE_TERMS(_V1), sk->s1); - obsfucate_l1_polys(pk.l1_Q2, pk.l2_Q2, _V1 * _O1, sk->s1); - obsfucate_l1_polys(pk.l1_Q3, pk.l2_Q3, _V1 * _O2, sk->s1); - obsfucate_l1_polys(pk.l1_Q5, pk.l2_Q5, N_TRIANGLE_TERMS(_O1), sk->s1); - obsfucate_l1_polys(pk.l1_Q6, pk.l2_Q6, _O1 * _O2, sk->s1); - obsfucate_l1_polys(pk.l1_Q9, pk.l2_Q9, N_TRIANGLE_TERMS(_O2), sk->s1); - // so far, the pk contains the full pk but in ext_cpk_t format. - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_extcpk_to_pk(rpk, &pk); // convert the public key from ext_cpk_t to pk_t. -} - - - diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair.h b/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair.h deleted file mode 100644 index d7994033..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef _RAINBOW_KEYPAIR_H_ -#define _RAINBOW_KEYPAIR_H_ -/// @file rainbow_keypair.h -/// @brief Formats of key pairs and functions for generating key pairs. -/// Formats of key pairs and functions for generating key pairs. -/// - -#include "rainbow_config.h" - -#define N_TRIANGLE_TERMS(n_var) ((n_var) * ((n_var) + 1) / 2) - -/// @brief public key for classic rainbow -/// -/// public key for classic rainbow -/// -typedef struct rainbow_publickey { - unsigned char pk[(_PUB_M_BYTE)*N_TRIANGLE_TERMS(_PUB_N)]; -} pk_t; - -/// @brief secret key for classic rainbow -/// -/// secret key for classic rainbow -/// -typedef struct rainbow_secretkey { - /// - /// seed for generating secret key. - /// Generating S, T, and F for classic rainbow. - /// Generating S and T only for cyclic rainbow. - unsigned char sk_seed[LEN_SKSEED]; - - unsigned char s1[_O1_BYTE * _O2]; ///< part of S map - unsigned char t1[_V1_BYTE * _O1]; ///< part of T map - unsigned char t4[_V1_BYTE * _O2]; ///< part of T map - unsigned char t3[_O1_BYTE * _O2]; ///< part of T map - - unsigned char l1_F1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer1 - unsigned char l1_F2[_O1_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer1 - - unsigned char l2_F1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; ///< part of C-map, F1, Layer2 - unsigned char l2_F2[_O2_BYTE * _V1 * _O1]; ///< part of C-map, F2, Layer2 - - unsigned char l2_F3[_O2_BYTE * _V1 * _O2]; ///< part of C-map, F3, Layer2 - unsigned char l2_F5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; ///< part of C-map, F5, Layer2 - unsigned char l2_F6[_O2_BYTE * _O1 * _O2]; ///< part of C-map, F6, Layer2 -} sk_t; - - -/// -/// @brief Generate key pairs for classic rainbow. -/// -/// @param[out] pk - the public key. -/// @param[out] sk - the secret key. -/// @param[in] sk_seed - seed for generating the secret key. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_generate_keypair(pk_t *pk, sk_t *sk, const unsigned char *sk_seed); - - - - - -#endif // _RAINBOW_KEYPAIR_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair_computation.c b/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair_computation.c deleted file mode 100644 index a2848619..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair_computation.c +++ /dev/null @@ -1,189 +0,0 @@ -/// @file rainbow_keypair_computation.c -/// @brief Implementations for functions in rainbow_keypair_computation.h -/// - -#include "rainbow_keypair_computation.h" -#include "blas.h" -#include "blas_comm.h" -#include "rainbow_blas.h" -#include "rainbow_keypair.h" -#include -#include -#include - -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk) { - const unsigned char *idx_l1 = cpk->l1_Q1; - const unsigned char *idx_l2 = cpk->l2_Q1; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = i; j < _V1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q2; - idx_l2 = cpk->l2_Q2; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = _V1; j < _V1 + _O1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q3; - idx_l2 = cpk->l2_Q3; - for (unsigned int i = 0; i < _V1; i++) { - for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q5; - idx_l2 = cpk->l2_Q5; - for (unsigned int i = _V1; i < _V1 + _O1; i++) { - for (unsigned int j = i; j < _V1 + _O1; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q6; - idx_l2 = cpk->l2_Q6; - for (unsigned int i = _V1; i < _V1 + _O1; i++) { - for (unsigned int j = _V1 + _O1; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } - idx_l1 = cpk->l1_Q9; - idx_l2 = cpk->l2_Q9; - for (unsigned int i = _V1 + _O1; i < _PUB_N; i++) { - for (unsigned int j = i; j < _PUB_N; j++) { - unsigned int pub_idx = PQCLEAN_RAINBOWVCLASSIC_CLEAN_idx_of_trimat(i, j, _PUB_N); - memcpy(&pk->pk[_PUB_M_BYTE * pub_idx], idx_l1, _O1_BYTE); - memcpy((&pk->pk[_PUB_M_BYTE * pub_idx]) + _O1_BYTE, idx_l2, _O2_BYTE); - idx_l1 += _O1_BYTE; - idx_l2 += _O2_BYTE; - } - } -} - -static void calculate_Q_from_F_ref(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { - /* - Layer 1 - Computing : - Q_pk.l1_F1s[i] = F_sk.l1_F1s[i] - - Q_pk.l1_F2s[i] = (F1* T1 + F2) + F1tr * t1 - Q_pk.l1_F5s[i] = UT( T1tr* (F1 * T1 + F2) ) - */ - const unsigned char *t2 = Ts->t4; - - memcpy(Qs->l1_Q1, Fs->l1_F1, _O1_BYTE * N_TRIANGLE_TERMS(_V1)); - - memcpy(Qs->l1_Q2, Fs->l1_F2, _O1_BYTE * _V1 * _O1); - batch_trimat_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // F1*T1 + F2 - - memset(Qs->l1_Q3, 0, _O1_BYTE * _V1 * _O2); - memset(Qs->l1_Q5, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O1)); - memset(Qs->l1_Q6, 0, _O1_BYTE * _O1 * _O2); - memset(Qs->l1_Q9, 0, _O1_BYTE * N_TRIANGLE_TERMS(_O2)); - - // l1_Q5 : _O1_BYTE * _O1 * _O1 - // l1_Q9 : _O1_BYTE * _O2 * _O2 - // l2_Q5 : _O2_BYTE * _V1 * _O1 - // l2_Q9 : _O2_BYTE * _V1 * _O2 - - unsigned char tempQ[_MAX_O_BYTE * _MAX_O * _MAX_O + 32]; - - memset(tempQ, 0, _O1_BYTE * _O1 * _O1); // l1_Q5 - batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q2, _O1, _O1_BYTE); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWVCLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q5, tempQ, _O1, _O1_BYTE); // UT( ... ) // Q5 - - batch_trimatTr_madd(Qs->l1_Q2, Fs->l1_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O1_BYTE); // Q2 - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - Q_pk.l1_F3s[i] = F1_F1T_T2 + F2_T3 - Q_pk.l1_F6s[i] = T1tr* ( F1_F1T_T2 + F2_T3 ) + F2tr * t2 - Q_pk.l1_F9s[i] = UT( T2tr* ( F1_T2 + F2_T3 ) ) - */ - batch_trimat_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1*T2 - batch_mat_madd(Qs->l1_Q3, Fs->l1_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O1_BYTE); // F1_T2 + F2_T3 - - memset(tempQ, 0, _O1_BYTE * _O2 * _O2); // l1_Q9 - batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l1_Q3, _O2, _O1_BYTE); // T2tr * ( F1_T2 + F2_T3 ) - PQCLEAN_RAINBOWVCLASSIC_CLEAN_UpperTrianglize(Qs->l1_Q9, tempQ, _O2, _O1_BYTE); // Q9 - - batch_trimatTr_madd(Qs->l1_Q3, Fs->l1_F1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F1_F1T_T2 + F2_T3 // Q3 - - batch_bmatTr_madd(Qs->l1_Q6, Fs->l1_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O1_BYTE); // F2tr*T2 - batch_matTr_madd(Qs->l1_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l1_Q3, _O2, _O1_BYTE); // Q6 - - /* - layer 2 - Computing: - Q1 = F1 - Q2 = F1_F1T*T1 + F2 - Q5 = UT( T1tr( F1*T1 + F2 ) + F5 ) - */ - memcpy(Qs->l2_Q1, Fs->l2_F1, _O2_BYTE * N_TRIANGLE_TERMS(_V1)); - - memcpy(Qs->l2_Q2, Fs->l2_F2, _O2_BYTE * _V1 * _O1); - batch_trimat_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // F1*T1 + F2 - - memcpy(Qs->l2_Q5, Fs->l2_F5, _O2_BYTE * N_TRIANGLE_TERMS(_O1)); - memset(tempQ, 0, _O2_BYTE * _O1 * _O1); // l2_Q5 - batch_matTr_madd(tempQ, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q2, _O1, _O2_BYTE); // t1_tr*(F1*T1 + F2) - PQCLEAN_RAINBOWVCLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q5, tempQ, _O1, _O2_BYTE); // UT( ... ) // Q5 - - batch_trimatTr_madd(Qs->l2_Q2, Fs->l2_F1, Ts->t1, _V1, _V1_BYTE, _O1, _O2_BYTE); // Q2 - - /* - Computing: - F1_T2 = F1 * t2 - F2_T3 = F2 * t3 - F1_F1T_T2 + F2_T3 = F1_T2 + F2_T3 + F1tr * t2 - - Q3 = F1_F1T*T2 + F2*T3 + F3 - Q9 = UT( T2tr*( F1*T2 + F2*T3 + F3 ) + T3tr*( F5*T3 + F6 ) ) - Q6 = T1tr*( F1_F1T*T2 + F2*T3 + F3 ) + F2Tr*T2 + F5_F5T*T3 + F6 - */ - memcpy(Qs->l2_Q3, Fs->l2_F3, _O2_BYTE * _V1 * _O2); - batch_trimat_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1*T2 + F3 - batch_mat_madd(Qs->l2_Q3, Fs->l2_F2, _V1, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F1_T2 + F2_T3 + F3 - - memset(tempQ, 0, _O2_BYTE * _O2 * _O2); // l2_Q9 - batch_matTr_madd(tempQ, t2, _V1, _V1_BYTE, _O2, Qs->l2_Q3, _O2, _O2_BYTE); // T2tr * ( ..... ) - - memcpy(Qs->l2_Q6, Fs->l2_F6, _O2_BYTE * _O1 * _O2); - - batch_trimat_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 - batch_matTr_madd(tempQ, Ts->t3, _O1, _O1_BYTE, _O2, Qs->l2_Q6, _O2, _O2_BYTE); // T2tr*( ..... ) + T3tr*( ..... ) - memset(Qs->l2_Q9, 0, _O2_BYTE * N_TRIANGLE_TERMS(_O2)); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_UpperTrianglize(Qs->l2_Q9, tempQ, _O2, _O2_BYTE); // Q9 - - batch_trimatTr_madd(Qs->l2_Q3, Fs->l2_F1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F1_F1T_T2 + F2_T3 + F3 // Q3 - - batch_bmatTr_madd(Qs->l2_Q6, Fs->l2_F2, _O1, t2, _V1, _V1_BYTE, _O2, _O2_BYTE); // F5*T3 + F6 + F2tr*T2 - batch_trimatTr_madd(Qs->l2_Q6, Fs->l2_F5, Ts->t3, _O1, _O1_BYTE, _O2, _O2_BYTE); // F2tr*T2 + F5_F5T*T3 + F6 - batch_matTr_madd(Qs->l2_Q6, Ts->t1, _V1, _V1_BYTE, _O1, Qs->l2_Q3, _O2, _O2_BYTE); // Q6 -} -#define calculate_Q_from_F_impl calculate_Q_from_F_ref -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts) { - calculate_Q_from_F_impl(Qs, Fs, Ts); -} diff --git a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair_computation.h b/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair_computation.h deleted file mode 100644 index d37923e3..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/rainbow_keypair_computation.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef _RAINBOW_KEYPAIR_COMP_H_ -#define _RAINBOW_KEYPAIR_COMP_H_ -/// @file rainbow_keypair_computation.h -/// @brief Functions for calculating pk/sk while generating keys. -/// -/// Defining an internal structure of public key. -/// Functions for calculating pk/sk for key generation. -/// - -#include "rainbow_keypair.h" - -/// @brief The (internal use) public key for rainbow -/// -/// The (internal use) public key for rainbow. The public -/// polynomials are divided into l1_Q1, l1_Q2, ... l1_Q9, -/// l2_Q1, .... , l2_Q9. -/// -typedef struct rainbow_extend_publickey { - unsigned char l1_Q1[_O1_BYTE * N_TRIANGLE_TERMS(_V1)]; - unsigned char l1_Q2[_O1_BYTE * _V1 * _O1]; - unsigned char l1_Q3[_O1_BYTE * _V1 * _O2]; - unsigned char l1_Q5[_O1_BYTE * N_TRIANGLE_TERMS(_O1)]; - unsigned char l1_Q6[_O1_BYTE * _O1 * _O2]; - unsigned char l1_Q9[_O1_BYTE * N_TRIANGLE_TERMS(_O2)]; - - unsigned char l2_Q1[_O2_BYTE * N_TRIANGLE_TERMS(_V1)]; - unsigned char l2_Q2[_O2_BYTE * _V1 * _O1]; - unsigned char l2_Q3[_O2_BYTE * _V1 * _O2]; - unsigned char l2_Q5[_O2_BYTE * N_TRIANGLE_TERMS(_O1)]; - unsigned char l2_Q6[_O2_BYTE * _O1 * _O2]; - unsigned char l2_Q9[_O2_BYTE * N_TRIANGLE_TERMS(_O2)]; -} ext_cpk_t; - -/// -/// @brief converting formats of public keys : from ext_cpk_t version to pk_t -/// -/// @param[out] pk - the classic public key. -/// @param[in] cpk - the internel public key. -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_extcpk_to_pk(pk_t *pk, const ext_cpk_t *cpk); -///////////////////////////////////////////////// - -/// -/// @brief Computing public key from secret key -/// -/// @param[out] Qs - the public key -/// @param[in] Fs - parts of the secret key: l1_F1, l1_F2, l2_F1, l2_F2, l2_F3, l2_F5, l2_F6 -/// @param[in] Ts - parts of the secret key: T1, T4, T3 -/// -void PQCLEAN_RAINBOWVCLASSIC_CLEAN_calculate_Q_from_F(ext_cpk_t *Qs, const sk_t *Fs, const sk_t *Ts); - - -#endif // _RAINBOW_KEYPAIR_COMP_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/sign.c b/src/sign/rainbow/rainbowV-classic/clean/sign.c deleted file mode 100644 index 1cf228e9..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/sign.c +++ /dev/null @@ -1,74 +0,0 @@ -/// @file sign.c -/// @brief the implementations for functions in api.h -/// -/// - -#include "api.h" -#include "rainbow.h" -#include "rainbow_config.h" -#include "rainbow_keypair.h" -#include "randombytes.h" -#include "utils_hash.h" -#include -#include - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { - unsigned char sk_seed[LEN_SKSEED] = {0}; - randombytes(sk_seed, LEN_SKSEED); - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_generate_keypair((pk_t *)pk, (sk_t *)sk, sk_seed); - return 0; -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign(unsigned char *sm, size_t *smlen, const unsigned char *m, size_t mlen, const unsigned char *sk) { - unsigned char digest[_HASH_LEN]; - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - - memcpy(sm, m, mlen); - smlen[0] = mlen + _SIGNATURE_BYTE; - - return PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_sign(sm + mlen, (const sk_t *)sk, digest); -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_open(unsigned char *m, size_t *mlen, const unsigned char *sm, size_t smlen, const unsigned char *pk) { - int rc; - if (_SIGNATURE_BYTE > smlen) { - rc = -1; - } else { - *mlen = smlen - _SIGNATURE_BYTE; - - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, sm, *mlen); - - rc = PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_verify(digest, sm + mlen[0], (const pk_t *)pk); - } - if (!rc) { - memmove(m, sm, smlen - _SIGNATURE_BYTE); - } else { // bad signature - *mlen = (size_t) -1; - memset(m, 0, smlen); - } - return rc; -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_signature( - uint8_t *sig, size_t *siglen, - const uint8_t *m, size_t mlen, const uint8_t *sk) { - unsigned char digest[_HASH_LEN]; - - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - *siglen = _SIGNATURE_BYTE; - return PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_sign(sig, (const sk_t *)sk, digest); -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_crypto_sign_verify( - const uint8_t *sig, size_t siglen, - const uint8_t *m, size_t mlen, const uint8_t *pk) { - if (siglen != _SIGNATURE_BYTE) { - return -1; - } - unsigned char digest[_HASH_LEN]; - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(digest, _HASH_LEN, m, mlen); - return PQCLEAN_RAINBOWVCLASSIC_CLEAN_rainbow_verify(digest, sig, (const pk_t *)pk); -} diff --git a/src/sign/rainbow/rainbowV-classic/clean/utils_hash.c b/src/sign/rainbow/rainbowV-classic/clean/utils_hash.c deleted file mode 100644 index ca045fbf..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/utils_hash.c +++ /dev/null @@ -1,50 +0,0 @@ -/// @file utils_hash.c -/// @brief the adapter for SHA2 families. -/// -/// - -#include "utils_hash.h" -#include "rainbow_config.h" -#include "sha2.h" - -static inline int h(unsigned char *digest, const unsigned char *m, size_t mlen) { - sha512(digest, m, mlen); - return 0; -} - -static inline int expand_hash(unsigned char *digest, size_t n_digest, const unsigned char *hash) { - if (_HASH_LEN >= n_digest) { - for (size_t i = 0; i < n_digest; i++) { - digest[i] = hash[i]; - } - return 0; - } - for (size_t i = 0; i < _HASH_LEN; i++) { - digest[i] = hash[i]; - } - n_digest -= _HASH_LEN; - - while (_HASH_LEN <= n_digest) { - h(digest + _HASH_LEN, digest, _HASH_LEN); - - n_digest -= _HASH_LEN; - digest += _HASH_LEN; - } - unsigned char temp[_HASH_LEN]; - if (n_digest) { - h(temp, digest, _HASH_LEN); - for (size_t i = 0; i < n_digest; i++) { - digest[_HASH_LEN + i] = temp[i]; - } - } - return 0; -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(unsigned char *digest, - size_t len_digest, - const unsigned char *m, - size_t mlen) { - unsigned char buf[_HASH_LEN]; - h(buf, m, mlen); - return expand_hash(digest, len_digest, buf); -} diff --git a/src/sign/rainbow/rainbowV-classic/clean/utils_hash.h b/src/sign/rainbow/rainbowV-classic/clean/utils_hash.h deleted file mode 100644 index 9624ee69..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/utils_hash.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _UTILS_HASH_H_ -#define _UTILS_HASH_H_ -/// @file utils_hash.h -/// @brief the interface for adapting hash functions. -/// - -#include - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(unsigned char *digest, size_t len_digest, const unsigned char *m, size_t mlen); - -#endif // _UTILS_HASH_H_ diff --git a/src/sign/rainbow/rainbowV-classic/clean/utils_prng.c b/src/sign/rainbow/rainbowV-classic/clean/utils_prng.c deleted file mode 100644 index 4e552b6a..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/utils_prng.c +++ /dev/null @@ -1,97 +0,0 @@ -/// @file utils_prng.c -/// @brief The implementation of PRNG related functions. -/// - -#include "utils_prng.h" -#include "aes.h" -#include "randombytes.h" -#include "utils_hash.h" -#include -#include - -static void prng_update(const unsigned char *provided_data, - unsigned char *Key, - unsigned char *V) { - unsigned char temp[48]; - aes256ctx ctx; - aes256_ecb_keyexp(&ctx, Key); - for (int i = 0; i < 3; i++) { - //increment V - for (int j = 15; j >= 0; j--) { - if (V[j] == 0xff) { - V[j] = 0x00; - } else { - V[j]++; - break; - } - } - aes256_ecb(temp + 16 * i, V, 1, &ctx); - } - if (provided_data != NULL) { - for (int i = 0; i < 48; i++) { - temp[i] ^= provided_data[i]; - } - } - aes256_ctx_release(&ctx); - memcpy(Key, temp, 32); - memcpy(V, temp + 32, 16); -} -static void randombytes_init_with_state(prng_t *state, - unsigned char *entropy_input_48bytes) { - memset(state->Key, 0x00, 32); - memset(state->V, 0x00, 16); - prng_update(entropy_input_48bytes, state->Key, state->V); -} - -static int randombytes_with_state(prng_t *state, - unsigned char *x, - size_t xlen) { - - unsigned char block[16]; - int i = 0; - - aes256ctx ctx; - aes256_ecb_keyexp(&ctx, state->Key); - - while (xlen > 0) { - //increment V - for (int j = 15; j >= 0; j--) { - if (state->V[j] == 0xff) { - state->V[j] = 0x00; - } else { - state->V[j]++; - break; - } - } - aes256_ecb(block, state->V, 1, &ctx); - if (xlen > 15) { - memcpy(x + i, block, 16); - i += 16; - xlen -= 16; - } else { - memcpy(x + i, block, xlen); - xlen = 0; - } - } - aes256_ctx_release(&ctx); - prng_update(NULL, state->Key, state->V); - return 0; -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen) { - unsigned char seed[48]; - if (prng_seedlen >= 48) { - memcpy(seed, prng_seed, 48); - } else { - memcpy(seed, prng_seed, prng_seedlen); - PQCLEAN_RAINBOWVCLASSIC_CLEAN_hash_msg(seed + prng_seedlen, 48 - (unsigned)prng_seedlen, (const unsigned char *)prng_seed, prng_seedlen); - } - - randombytes_init_with_state(ctx, seed); - - return 0; -} - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen) { - return randombytes_with_state(ctx, out, outlen); -} diff --git a/src/sign/rainbow/rainbowV-classic/clean/utils_prng.h b/src/sign/rainbow/rainbowV-classic/clean/utils_prng.h deleted file mode 100644 index c0e58288..00000000 --- a/src/sign/rainbow/rainbowV-classic/clean/utils_prng.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef _UTILS_PRNG_H_ -#define _UTILS_PRNG_H_ -/// @file utils_prng.h -/// @brief the interface for adapting PRNG functions. -/// -/// - -#include "randombytes.h" - -typedef struct { - unsigned char Key[32]; - unsigned char V[16]; -} prng_t; - -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_set(prng_t *ctx, const void *prng_seed, unsigned long prng_seedlen); -int PQCLEAN_RAINBOWVCLASSIC_CLEAN_prng_gen(prng_t *ctx, unsigned char *out, unsigned long outlen); - -#endif // _UTILS_PRNG_H_ diff --git a/test/katrunner/src/main.rs b/test/katrunner/src/main.rs index 2acd184e..79e7d569 100644 --- a/test/katrunner/src/main.rs +++ b/test/katrunner/src/main.rs @@ -219,11 +219,6 @@ const KATS: &'static[Register] = &[ REG_KEM!(PQC_ALG_KEM_HQCRMRS192, "round3/hqc/hqc-192/hqc-192_kat.rsp"), REG_KEM!(PQC_ALG_KEM_HQCRMRS256, "round3/hqc/hqc-256/hqc-256_kat.rsp"), REG_KEM!(PQC_ALG_KEM_SIKE434, "round3/sike/PQCkemKAT_374.rsp"), - - // Those are Round2. KATs are very big, so skip testing until it makes sense to do so. - //REG_SIGN!(PQC_ALG_SIG_RAINBOWVCLASSIC), - //REG_SIGN!(PQC_ALG_SIG_RAINBOWICLASSIC), - //REG_SIGN!(PQC_ALG_SIG_RAINBOWIIICLASSIC), ]; fn execute(kat_dir: String, thc: usize, file_filter: &str) {