Browse Source

NTRU Prime: Simplified patch set

tags/v0.0.1
John M. Schanck 4 years ago
committed by Kris Kwiatkowski
parent
commit
b568d01ac6
78 changed files with 746 additions and 320 deletions
  1. +17
    -15
      crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c
  2. +4
    -6
      crypto_kem/ntrulpr653/avx2/crypto_sort_int32.h
  3. +3
    -5
      crypto_kem/ntrulpr653/avx2/crypto_sort_uint32.c
  4. +2
    -4
      crypto_kem/ntrulpr653/avx2/crypto_sort_uint32.h
  5. +2
    -0
      crypto_kem/ntrulpr653/avx2/params.h
  6. +4
    -4
      crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c
  7. +74
    -4
      crypto_kem/ntrulpr653/clean/crypto_sort_int32.c
  8. +2
    -4
      crypto_kem/ntrulpr653/clean/crypto_sort_int32.h
  9. +3
    -5
      crypto_kem/ntrulpr653/clean/crypto_sort_uint32.c
  10. +2
    -4
      crypto_kem/ntrulpr653/clean/crypto_sort_uint32.h
  11. +4
    -2
      crypto_kem/ntrulpr653/clean/params.h
  12. +17
    -15
      crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c
  13. +4
    -6
      crypto_kem/ntrulpr761/avx2/crypto_sort_int32.h
  14. +3
    -5
      crypto_kem/ntrulpr761/avx2/crypto_sort_uint32.c
  15. +2
    -4
      crypto_kem/ntrulpr761/avx2/crypto_sort_uint32.h
  16. +2
    -0
      crypto_kem/ntrulpr761/avx2/params.h
  17. +5
    -5
      crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c
  18. +74
    -4
      crypto_kem/ntrulpr761/clean/crypto_sort_int32.c
  19. +2
    -4
      crypto_kem/ntrulpr761/clean/crypto_sort_int32.h
  20. +3
    -5
      crypto_kem/ntrulpr761/clean/crypto_sort_uint32.c
  21. +2
    -4
      crypto_kem/ntrulpr761/clean/crypto_sort_uint32.h
  22. +4
    -2
      crypto_kem/ntrulpr761/clean/params.h
  23. +17
    -15
      crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c
  24. +4
    -6
      crypto_kem/ntrulpr857/avx2/crypto_sort_int32.h
  25. +3
    -5
      crypto_kem/ntrulpr857/avx2/crypto_sort_uint32.c
  26. +2
    -4
      crypto_kem/ntrulpr857/avx2/crypto_sort_uint32.h
  27. +2
    -0
      crypto_kem/ntrulpr857/avx2/params.h
  28. +4
    -4
      crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c
  29. +74
    -4
      crypto_kem/ntrulpr857/clean/crypto_sort_int32.c
  30. +2
    -4
      crypto_kem/ntrulpr857/clean/crypto_sort_int32.h
  31. +3
    -5
      crypto_kem/ntrulpr857/clean/crypto_sort_uint32.c
  32. +2
    -4
      crypto_kem/ntrulpr857/clean/crypto_sort_uint32.h
  33. +4
    -2
      crypto_kem/ntrulpr857/clean/params.h
  34. +17
    -15
      crypto_kem/sntrup653/avx2/crypto_sort_int32.c
  35. +4
    -6
      crypto_kem/sntrup653/avx2/crypto_sort_int32.h
  36. +3
    -5
      crypto_kem/sntrup653/avx2/crypto_sort_uint32.c
  37. +2
    -4
      crypto_kem/sntrup653/avx2/crypto_sort_uint32.h
  38. +3
    -1
      crypto_kem/sntrup653/avx2/params.h
  39. +4
    -4
      crypto_kem/sntrup653/clean/crypto_encode_653x3.c
  40. +74
    -4
      crypto_kem/sntrup653/clean/crypto_sort_int32.c
  41. +2
    -4
      crypto_kem/sntrup653/clean/crypto_sort_int32.h
  42. +3
    -5
      crypto_kem/sntrup653/clean/crypto_sort_uint32.c
  43. +2
    -4
      crypto_kem/sntrup653/clean/crypto_sort_uint32.h
  44. +3
    -1
      crypto_kem/sntrup653/clean/params.h
  45. +17
    -15
      crypto_kem/sntrup761/avx2/crypto_sort_int32.c
  46. +4
    -6
      crypto_kem/sntrup761/avx2/crypto_sort_int32.h
  47. +3
    -5
      crypto_kem/sntrup761/avx2/crypto_sort_uint32.c
  48. +2
    -4
      crypto_kem/sntrup761/avx2/crypto_sort_uint32.h
  49. +3
    -1
      crypto_kem/sntrup761/avx2/params.h
  50. +5
    -5
      crypto_kem/sntrup761/clean/crypto_encode_761x3.c
  51. +74
    -4
      crypto_kem/sntrup761/clean/crypto_sort_int32.c
  52. +2
    -4
      crypto_kem/sntrup761/clean/crypto_sort_int32.h
  53. +3
    -5
      crypto_kem/sntrup761/clean/crypto_sort_uint32.c
  54. +2
    -4
      crypto_kem/sntrup761/clean/crypto_sort_uint32.h
  55. +3
    -1
      crypto_kem/sntrup761/clean/params.h
  56. +17
    -15
      crypto_kem/sntrup857/avx2/crypto_sort_int32.c
  57. +4
    -6
      crypto_kem/sntrup857/avx2/crypto_sort_int32.h
  58. +3
    -5
      crypto_kem/sntrup857/avx2/crypto_sort_uint32.c
  59. +2
    -4
      crypto_kem/sntrup857/avx2/crypto_sort_uint32.h
  60. +3
    -1
      crypto_kem/sntrup857/avx2/params.h
  61. +4
    -4
      crypto_kem/sntrup857/clean/crypto_encode_857x3.c
  62. +74
    -4
      crypto_kem/sntrup857/clean/crypto_sort_int32.c
  63. +2
    -4
      crypto_kem/sntrup857/clean/crypto_sort_int32.h
  64. +3
    -5
      crypto_kem/sntrup857/clean/crypto_sort_uint32.c
  65. +2
    -4
      crypto_kem/sntrup857/clean/crypto_sort_uint32.h
  66. +3
    -1
      crypto_kem/sntrup857/clean/params.h
  67. +6
    -0
      test/duplicate_consistency/ntrulpr653_avx2.yml
  68. +6
    -0
      test/duplicate_consistency/ntrulpr653_clean.yml
  69. +5
    -0
      test/duplicate_consistency/ntrulpr761_avx2.yml
  70. +5
    -0
      test/duplicate_consistency/ntrulpr761_clean.yml
  71. +4
    -0
      test/duplicate_consistency/ntrulpr857_avx2.yml
  72. +4
    -0
      test/duplicate_consistency/ntrulpr857_clean.yml
  73. +3
    -0
      test/duplicate_consistency/sntrup653_avx2.yml
  74. +3
    -0
      test/duplicate_consistency/sntrup653_clean.yml
  75. +2
    -0
      test/duplicate_consistency/sntrup761_avx2.yml
  76. +2
    -0
      test/duplicate_consistency/sntrup761_clean.yml
  77. +1
    -0
      test/duplicate_consistency/sntrup857_avx2.yml
  78. +1
    -0
      test/duplicate_consistency/sntrup857_clean.yml

+ 17
- 15
crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <immintrin.h>
// Based on supercop-20200820/crypto_sort/int32/avx2


#define int32 int32_t

@@ -28,9 +26,9 @@ static inline void int32_MINMAX(int32 *a, int32 *b) {
*b ^= c;
}

static void minmax_vector(int32 *x, int32 *y, size_t n) {
if ((long long) n < 8) {
while ((long long) n > 0) {
static void minmax_vector(int32 *x, int32 *y, long long n) {
if (n < 8) {
while (n > 0) {
int32_MINMAX(x, y);
++x;
++y;
@@ -44,7 +42,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~(size_t) 7;
n &= ~7;
}
do {
int32x8 x0 = int32x8_load(x);
@@ -99,8 +97,8 @@ static void merge16_finish(int32 *x, int32x8 x0, int32x8 x1, int flagdown) {
}

/* stages 64,32 of bitonic merging; n is multiple of 128 */
static void int32_twostages_32(int32 *x, size_t n) {
size_t i;
static void int32_twostages_32(int32 *x, long long n) {
long long i;

while (n > 0) {
for (i = 0; i < 32; i += 8) {
@@ -125,8 +123,8 @@ static void int32_twostages_32(int32 *x, size_t n) {
}

/* stages 4q,2q,q of bitonic merging */
static size_t int32_threestages(int32 *x, size_t n, size_t q) {
size_t k, i;
static long long int32_threestages(int32 *x, long long n, long long q) {
long long k, i;

for (k = 0; k + 8 * q <= n; k += 8 * q) {
for (i = k; i < k + q; i += 8) {
@@ -168,8 +166,8 @@ static size_t int32_threestages(int32 *x, size_t n, size_t q) {

/* n is a power of 2; n >= 8; if n == 8 then flagdown */
// NOLINTNEXTLINE(google-readability-function-size)
static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
size_t p, q, i, j, k;
static void int32_sort_2power(int32 *x, long long n, int flagdown) {
long long p, q, i, j, k;
int32x8 mask;

if (n == 8) {
@@ -892,8 +890,8 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
}
}

void PQCLEAN_NTRULPR653_AVX2_crypto_sort_int32(int32 *x, size_t n) {
size_t q, i, j;
static void int32_sort(int32 *x, long long n) {
long long q, i, j;

if (n <= 8) {
if (n == 8) {
@@ -968,7 +966,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_sort_int32(int32 *x, size_t n) {
}

int32_sort_2power(x, q, 1);
PQCLEAN_NTRULPR653_AVX2_crypto_sort_int32(x + q, n - q);
int32_sort(x + q, n - q);

while (q >= 64) {
q >>= 2;
@@ -1208,3 +1206,7 @@ continue8:
int32_MINMAX(&x[j], &x[j + 1]);
}
}

void PQCLEAN_NTRULPR653_AVX2_crypto_sort_int32(void *array, long long n) {
int32_sort(array, n);
}

+ 4
- 6
crypto_kem/ntrulpr653/avx2/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR653_AVX2_CRYPTO_SORT
#define PQCLEAN_NTRULPR653_AVX2_CRYPTO_SORT
#ifndef PQCLEAN_NTRULPR653_AVX2_CRYPTO_SORT_INT32_H
#define PQCLEAN_NTRULPR653_AVX2_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR653_AVX2_crypto_sort_int32_BYTES 4


void PQCLEAN_NTRULPR653_AVX2_crypto_sort_int32(int32_t *x, size_t n);

void PQCLEAN_NTRULPR653_AVX2_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/ntrulpr653/avx2/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_NTRULPR653_AVX2_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_NTRULPR653_AVX2_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/ntrulpr653/avx2/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR653_AVX2_CRYPTO_SORT_UINT32_H
#define PQCLEAN_NTRULPR653_AVX2_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR653_AVX2_crypto_sort_uint32_BYTES 4


void PQCLEAN_NTRULPR653_AVX2_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_NTRULPR653_AVX2_crypto_sort_uint32(void *array, long long n);
#endif

+ 2
- 0
crypto_kem/ntrulpr653/avx2/params.h View File

@@ -13,6 +13,8 @@
#include "crypto_encode_653x1541round.h"
#include "crypto_encode_653x3.h"
#include "crypto_encode_653xint16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1025.h"




+ 4
- 4
crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c View File

@@ -10,10 +10,10 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x3(unsigned char *s, const void *
int i;

for (i = 0; i < p / 4; ++i) {
x = (uint8) (*f++ + 1);
x = (uint8) (x + ((*f++ + 1) << 2));
x = (uint8) (x + ((*f++ + 1) << 4));
x = (uint8) (x + ((*f++ + 1) << 6));
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
*s++ = x;
}
x = *f++ + 1;


+ 74
- 4
crypto_kem/ntrulpr653/clean/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <stdint.h>
// Based on supercop-20190110/crypto_sort/int32/x86


#define int32 int32_t

@@ -17,10 +15,82 @@
} while(0)

/* assume 2 <= n <= 0x40000000 */
void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_int32(int32 *array, size_t n) {
size_t top, p, q, r, i, j;
static void crypto_sort_smallindices(int32 *x, int32 n) {
int32 top, p, q, r, i, j;

top = 1;
while (top < n - top) {
top += top;
}

for (p = top; p >= 1; p >>= 1) {
i = 0;
while (i + 2 * p <= n) {
for (j = i; j < i + p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}
i += 2 * p;
}
for (j = i; j < n - p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}

i = 0;
j = 0;
for (q = top; q > p; q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) {
goto done;
}
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
if (j == i + p) {
i += 2 * p;
break;
}
}
while (i + p <= n - q) {
for (j = i; j < i + p; ++j) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
}
i += 2 * p;
}
/* now i + p > n - q */
j = i;
while (j < n - q) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
}

done:
;
}
}
}

void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_int32(void *array, long long n) {
long long top, p, q, r, i, j;
int32 *x = array;

if (n < 2) {
return;
}
if (n < 0x40000000) {
crypto_sort_smallindices(x, n);
return;
}
top = 1;
while (top < n - top) {
top += top;


+ 2
- 4
crypto_kem/ntrulpr653/clean/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR653_CLEAN_CRYPTO_SORT_INT32_H
#define PQCLEAN_NTRULPR653_CLEAN_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR653_CLEAN_crypto_sort_int32_BYTES 4


void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_int32(int32_t *array, size_t n);

void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/ntrulpr653/clean/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/ntrulpr653/clean/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR653_CLEAN_CRYPTO_SORT_UINT32_H
#define PQCLEAN_NTRULPR653_CLEAN_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR653_CLEAN_crypto_sort_uint32_BYTES 4


void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_NTRULPR653_CLEAN_crypto_sort_uint32(void *array, long long n);
#endif

+ 4
- 2
crypto_kem/ntrulpr653/clean/params.h View File

@@ -13,14 +13,16 @@
#include "crypto_encode_653x1541round.h"
#include "crypto_encode_653x3.h"
#include "crypto_encode_653xint16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1025.h"


#define p 653
#define q 4621
#define w 252
#define q27 29045 /* closest integer to 2^27/q */
#define q18 57 /* closest integer to 2^18/q */
#define q 4621
#define w 252
#define tau0 2175
#define tau1 113
#define tau2 2031


+ 17
- 15
crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <immintrin.h>
// Based on supercop-20200820/crypto_sort/int32/avx2


#define int32 int32_t

@@ -28,9 +26,9 @@ static inline void int32_MINMAX(int32 *a, int32 *b) {
*b ^= c;
}

static void minmax_vector(int32 *x, int32 *y, size_t n) {
if ((long long) n < 8) {
while ((long long) n > 0) {
static void minmax_vector(int32 *x, int32 *y, long long n) {
if (n < 8) {
while (n > 0) {
int32_MINMAX(x, y);
++x;
++y;
@@ -44,7 +42,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~(size_t) 7;
n &= ~7;
}
do {
int32x8 x0 = int32x8_load(x);
@@ -99,8 +97,8 @@ static void merge16_finish(int32 *x, int32x8 x0, int32x8 x1, int flagdown) {
}

/* stages 64,32 of bitonic merging; n is multiple of 128 */
static void int32_twostages_32(int32 *x, size_t n) {
size_t i;
static void int32_twostages_32(int32 *x, long long n) {
long long i;

while (n > 0) {
for (i = 0; i < 32; i += 8) {
@@ -125,8 +123,8 @@ static void int32_twostages_32(int32 *x, size_t n) {
}

/* stages 4q,2q,q of bitonic merging */
static size_t int32_threestages(int32 *x, size_t n, size_t q) {
size_t k, i;
static long long int32_threestages(int32 *x, long long n, long long q) {
long long k, i;

for (k = 0; k + 8 * q <= n; k += 8 * q) {
for (i = k; i < k + q; i += 8) {
@@ -168,8 +166,8 @@ static size_t int32_threestages(int32 *x, size_t n, size_t q) {

/* n is a power of 2; n >= 8; if n == 8 then flagdown */
// NOLINTNEXTLINE(google-readability-function-size)
static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
size_t p, q, i, j, k;
static void int32_sort_2power(int32 *x, long long n, int flagdown) {
long long p, q, i, j, k;
int32x8 mask;

if (n == 8) {
@@ -892,8 +890,8 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
}
}

void PQCLEAN_NTRULPR761_AVX2_crypto_sort_int32(int32 *x, size_t n) {
size_t q, i, j;
static void int32_sort(int32 *x, long long n) {
long long q, i, j;

if (n <= 8) {
if (n == 8) {
@@ -968,7 +966,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_sort_int32(int32 *x, size_t n) {
}

int32_sort_2power(x, q, 1);
PQCLEAN_NTRULPR761_AVX2_crypto_sort_int32(x + q, n - q);
int32_sort(x + q, n - q);

while (q >= 64) {
q >>= 2;
@@ -1208,3 +1206,7 @@ continue8:
int32_MINMAX(&x[j], &x[j + 1]);
}
}

void PQCLEAN_NTRULPR761_AVX2_crypto_sort_int32(void *array, long long n) {
int32_sort(array, n);
}

+ 4
- 6
crypto_kem/ntrulpr761/avx2/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR761_AVX2_CRYPTO_SORT
#define PQCLEAN_NTRULPR761_AVX2_CRYPTO_SORT
#ifndef PQCLEAN_NTRULPR761_AVX2_CRYPTO_SORT_INT32_H
#define PQCLEAN_NTRULPR761_AVX2_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR761_AVX2_crypto_sort_int32_BYTES 4


void PQCLEAN_NTRULPR761_AVX2_crypto_sort_int32(int32_t *x, size_t n);

void PQCLEAN_NTRULPR761_AVX2_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/ntrulpr761/avx2/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_NTRULPR761_AVX2_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_NTRULPR761_AVX2_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/ntrulpr761/avx2/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR761_AVX2_CRYPTO_SORT_UINT32_H
#define PQCLEAN_NTRULPR761_AVX2_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR761_AVX2_crypto_sort_uint32_BYTES 4


void PQCLEAN_NTRULPR761_AVX2_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_NTRULPR761_AVX2_crypto_sort_uint32(void *array, long long n);
#endif

+ 2
- 0
crypto_kem/ntrulpr761/avx2/params.h View File

@@ -13,6 +13,8 @@
#include "crypto_encode_761x1531round.h"
#include "crypto_encode_761x3.h"
#include "crypto_encode_761xint16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1167.h"




+ 5
- 5
crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c View File

@@ -5,15 +5,15 @@
#define p 761

void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x3(unsigned char *s, const void *v) {
const uint8 *f = (const uint8 *)v;
const uint8 *f = v;
uint8 x;
int i;

for (i = 0; i < p / 4; ++i) {
x = (uint8) (*f++ + 1);
x = (uint8) (x + ((*f++ + 1) << 2));
x = (uint8) (x + ((*f++ + 1) << 4));
x = (uint8) (x + ((*f++ + 1) << 6));
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
*s++ = x;
}
x = *f++ + 1;


+ 74
- 4
crypto_kem/ntrulpr761/clean/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <stdint.h>
// Based on supercop-20190110/crypto_sort/int32/x86


#define int32 int32_t

@@ -17,10 +15,82 @@
} while(0)

/* assume 2 <= n <= 0x40000000 */
void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_int32(int32 *array, size_t n) {
size_t top, p, q, r, i, j;
static void crypto_sort_smallindices(int32 *x, int32 n) {
int32 top, p, q, r, i, j;

top = 1;
while (top < n - top) {
top += top;
}

for (p = top; p >= 1; p >>= 1) {
i = 0;
while (i + 2 * p <= n) {
for (j = i; j < i + p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}
i += 2 * p;
}
for (j = i; j < n - p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}

i = 0;
j = 0;
for (q = top; q > p; q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) {
goto done;
}
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
if (j == i + p) {
i += 2 * p;
break;
}
}
while (i + p <= n - q) {
for (j = i; j < i + p; ++j) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
}
i += 2 * p;
}
/* now i + p > n - q */
j = i;
while (j < n - q) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
}

done:
;
}
}
}

void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_int32(void *array, long long n) {
long long top, p, q, r, i, j;
int32 *x = array;

if (n < 2) {
return;
}
if (n < 0x40000000) {
crypto_sort_smallindices(x, n);
return;
}
top = 1;
while (top < n - top) {
top += top;


+ 2
- 4
crypto_kem/ntrulpr761/clean/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR761_CLEAN_CRYPTO_SORT_INT32_H
#define PQCLEAN_NTRULPR761_CLEAN_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR761_CLEAN_crypto_sort_int32_BYTES 4


void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_int32(int32_t *array, size_t n);

void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/ntrulpr761/clean/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/ntrulpr761/clean/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR761_CLEAN_CRYPTO_SORT_UINT32_H
#define PQCLEAN_NTRULPR761_CLEAN_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR761_CLEAN_crypto_sort_uint32_BYTES 4


void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_NTRULPR761_CLEAN_crypto_sort_uint32(void *array, long long n);
#endif

+ 4
- 2
crypto_kem/ntrulpr761/clean/params.h View File

@@ -13,14 +13,16 @@
#include "crypto_encode_761x1531round.h"
#include "crypto_encode_761x3.h"
#include "crypto_encode_761xint16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1167.h"


#define p 761
#define q 4591
#define w 250
#define q27 29235 /* closest integer to 2^27/q */
#define q18 57 /* closest integer to 2^18/q */
#define q 4591
#define w 250
#define tau0 2156
#define tau1 114
#define tau2 2007


+ 17
- 15
crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <immintrin.h>
// Based on supercop-20200820/crypto_sort/int32/avx2


#define int32 int32_t

@@ -28,9 +26,9 @@ static inline void int32_MINMAX(int32 *a, int32 *b) {
*b ^= c;
}

static void minmax_vector(int32 *x, int32 *y, size_t n) {
if ((long long) n < 8) {
while ((long long) n > 0) {
static void minmax_vector(int32 *x, int32 *y, long long n) {
if (n < 8) {
while (n > 0) {
int32_MINMAX(x, y);
++x;
++y;
@@ -44,7 +42,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~(size_t) 7;
n &= ~7;
}
do {
int32x8 x0 = int32x8_load(x);
@@ -99,8 +97,8 @@ static void merge16_finish(int32 *x, int32x8 x0, int32x8 x1, int flagdown) {
}

/* stages 64,32 of bitonic merging; n is multiple of 128 */
static void int32_twostages_32(int32 *x, size_t n) {
size_t i;
static void int32_twostages_32(int32 *x, long long n) {
long long i;

while (n > 0) {
for (i = 0; i < 32; i += 8) {
@@ -125,8 +123,8 @@ static void int32_twostages_32(int32 *x, size_t n) {
}

/* stages 4q,2q,q of bitonic merging */
static size_t int32_threestages(int32 *x, size_t n, size_t q) {
size_t k, i;
static long long int32_threestages(int32 *x, long long n, long long q) {
long long k, i;

for (k = 0; k + 8 * q <= n; k += 8 * q) {
for (i = k; i < k + q; i += 8) {
@@ -168,8 +166,8 @@ static size_t int32_threestages(int32 *x, size_t n, size_t q) {

/* n is a power of 2; n >= 8; if n == 8 then flagdown */
// NOLINTNEXTLINE(google-readability-function-size)
static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
size_t p, q, i, j, k;
static void int32_sort_2power(int32 *x, long long n, int flagdown) {
long long p, q, i, j, k;
int32x8 mask;

if (n == 8) {
@@ -892,8 +890,8 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
}
}

void PQCLEAN_NTRULPR857_AVX2_crypto_sort_int32(int32 *x, size_t n) {
size_t q, i, j;
static void int32_sort(int32 *x, long long n) {
long long q, i, j;

if (n <= 8) {
if (n == 8) {
@@ -968,7 +966,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_sort_int32(int32 *x, size_t n) {
}

int32_sort_2power(x, q, 1);
PQCLEAN_NTRULPR857_AVX2_crypto_sort_int32(x + q, n - q);
int32_sort(x + q, n - q);

while (q >= 64) {
q >>= 2;
@@ -1208,3 +1206,7 @@ continue8:
int32_MINMAX(&x[j], &x[j + 1]);
}
}

void PQCLEAN_NTRULPR857_AVX2_crypto_sort_int32(void *array, long long n) {
int32_sort(array, n);
}

+ 4
- 6
crypto_kem/ntrulpr857/avx2/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR857_AVX2_CRYPTO_SORT
#define PQCLEAN_NTRULPR857_AVX2_CRYPTO_SORT
#ifndef PQCLEAN_NTRULPR857_AVX2_CRYPTO_SORT_INT32_H
#define PQCLEAN_NTRULPR857_AVX2_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR857_AVX2_crypto_sort_int32_BYTES 4


void PQCLEAN_NTRULPR857_AVX2_crypto_sort_int32(int32_t *x, size_t n);

void PQCLEAN_NTRULPR857_AVX2_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/ntrulpr857/avx2/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_NTRULPR857_AVX2_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_NTRULPR857_AVX2_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/ntrulpr857/avx2/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR857_AVX2_CRYPTO_SORT_UINT32_H
#define PQCLEAN_NTRULPR857_AVX2_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR857_AVX2_crypto_sort_uint32_BYTES 4


void PQCLEAN_NTRULPR857_AVX2_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_NTRULPR857_AVX2_crypto_sort_uint32(void *array, long long n);
#endif

+ 2
- 0
crypto_kem/ntrulpr857/avx2/params.h View File

@@ -13,6 +13,8 @@
#include "crypto_encode_857x1723round.h"
#include "crypto_encode_857x3.h"
#include "crypto_encode_857xint16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1312.h"




+ 4
- 4
crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c View File

@@ -10,10 +10,10 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x3(unsigned char *s, const void *
int i;

for (i = 0; i < p / 4; ++i) {
x = (uint8) (*f++ + 1);
x = (uint8) (x + ((*f++ + 1) << 2));
x = (uint8) (x + ((*f++ + 1) << 4));
x = (uint8) (x + ((*f++ + 1) << 6));
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
*s++ = x;
}
x = *f++ + 1;


+ 74
- 4
crypto_kem/ntrulpr857/clean/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <stdint.h>
// Based on supercop-20190110/crypto_sort/int32/x86


#define int32 int32_t

@@ -17,10 +15,82 @@
} while(0)

/* assume 2 <= n <= 0x40000000 */
void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_int32(int32 *array, size_t n) {
size_t top, p, q, r, i, j;
static void crypto_sort_smallindices(int32 *x, int32 n) {
int32 top, p, q, r, i, j;

top = 1;
while (top < n - top) {
top += top;
}

for (p = top; p >= 1; p >>= 1) {
i = 0;
while (i + 2 * p <= n) {
for (j = i; j < i + p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}
i += 2 * p;
}
for (j = i; j < n - p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}

i = 0;
j = 0;
for (q = top; q > p; q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) {
goto done;
}
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
if (j == i + p) {
i += 2 * p;
break;
}
}
while (i + p <= n - q) {
for (j = i; j < i + p; ++j) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
}
i += 2 * p;
}
/* now i + p > n - q */
j = i;
while (j < n - q) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
}

done:
;
}
}
}

void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_int32(void *array, long long n) {
long long top, p, q, r, i, j;
int32 *x = array;

if (n < 2) {
return;
}
if (n < 0x40000000) {
crypto_sort_smallindices(x, n);
return;
}
top = 1;
while (top < n - top) {
top += top;


+ 2
- 4
crypto_kem/ntrulpr857/clean/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR857_CLEAN_CRYPTO_SORT_INT32_H
#define PQCLEAN_NTRULPR857_CLEAN_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR857_CLEAN_crypto_sort_int32_BYTES 4


void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_int32(int32_t *array, size_t n);

void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/ntrulpr857/clean/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/ntrulpr857/clean/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_NTRULPR857_CLEAN_CRYPTO_SORT_UINT32_H
#define PQCLEAN_NTRULPR857_CLEAN_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_NTRULPR857_CLEAN_crypto_sort_uint32_BYTES 4


void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_NTRULPR857_CLEAN_crypto_sort_uint32(void *array, long long n);
#endif

+ 4
- 2
crypto_kem/ntrulpr857/clean/params.h View File

@@ -13,14 +13,16 @@
#include "crypto_encode_857x1723round.h"
#include "crypto_encode_857x3.h"
#include "crypto_encode_857xint16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1312.h"


#define p 857
#define q 5167
#define w 281
#define q27 25976 /* closest integer to 2^27/q */
#define q18 51 /* closest integer to 2^18/q */
#define q 5167
#define w 281
#define tau0 2433
#define tau1 101
#define tau2 2265


+ 17
- 15
crypto_kem/sntrup653/avx2/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <immintrin.h>
// Based on supercop-20200820/crypto_sort/int32/avx2


#define int32 int32_t

@@ -28,9 +26,9 @@ static inline void int32_MINMAX(int32 *a, int32 *b) {
*b ^= c;
}

static void minmax_vector(int32 *x, int32 *y, size_t n) {
if ((long long) n < 8) {
while ((long long) n > 0) {
static void minmax_vector(int32 *x, int32 *y, long long n) {
if (n < 8) {
while (n > 0) {
int32_MINMAX(x, y);
++x;
++y;
@@ -44,7 +42,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~(size_t) 7;
n &= ~7;
}
do {
int32x8 x0 = int32x8_load(x);
@@ -99,8 +97,8 @@ static void merge16_finish(int32 *x, int32x8 x0, int32x8 x1, int flagdown) {
}

/* stages 64,32 of bitonic merging; n is multiple of 128 */
static void int32_twostages_32(int32 *x, size_t n) {
size_t i;
static void int32_twostages_32(int32 *x, long long n) {
long long i;

while (n > 0) {
for (i = 0; i < 32; i += 8) {
@@ -125,8 +123,8 @@ static void int32_twostages_32(int32 *x, size_t n) {
}

/* stages 4q,2q,q of bitonic merging */
static size_t int32_threestages(int32 *x, size_t n, size_t q) {
size_t k, i;
static long long int32_threestages(int32 *x, long long n, long long q) {
long long k, i;

for (k = 0; k + 8 * q <= n; k += 8 * q) {
for (i = k; i < k + q; i += 8) {
@@ -168,8 +166,8 @@ static size_t int32_threestages(int32 *x, size_t n, size_t q) {

/* n is a power of 2; n >= 8; if n == 8 then flagdown */
// NOLINTNEXTLINE(google-readability-function-size)
static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
size_t p, q, i, j, k;
static void int32_sort_2power(int32 *x, long long n, int flagdown) {
long long p, q, i, j, k;
int32x8 mask;

if (n == 8) {
@@ -892,8 +890,8 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
}
}

void PQCLEAN_SNTRUP653_AVX2_crypto_sort_int32(int32 *x, size_t n) {
size_t q, i, j;
static void int32_sort(int32 *x, long long n) {
long long q, i, j;

if (n <= 8) {
if (n == 8) {
@@ -968,7 +966,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_sort_int32(int32 *x, size_t n) {
}

int32_sort_2power(x, q, 1);
PQCLEAN_SNTRUP653_AVX2_crypto_sort_int32(x + q, n - q);
int32_sort(x + q, n - q);

while (q >= 64) {
q >>= 2;
@@ -1208,3 +1206,7 @@ continue8:
int32_MINMAX(&x[j], &x[j + 1]);
}
}

void PQCLEAN_SNTRUP653_AVX2_crypto_sort_int32(void *array, long long n) {
int32_sort(array, n);
}

+ 4
- 6
crypto_kem/sntrup653/avx2/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP653_AVX2_CRYPTO_SORT
#define PQCLEAN_SNTRUP653_AVX2_CRYPTO_SORT
#ifndef PQCLEAN_SNTRUP653_AVX2_CRYPTO_SORT_INT32_H
#define PQCLEAN_SNTRUP653_AVX2_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP653_AVX2_crypto_sort_int32_BYTES 4


void PQCLEAN_SNTRUP653_AVX2_crypto_sort_int32(int32_t *x, size_t n);

void PQCLEAN_SNTRUP653_AVX2_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/sntrup653/avx2/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_SNTRUP653_AVX2_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_SNTRUP653_AVX2_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/sntrup653/avx2/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP653_AVX2_CRYPTO_SORT_UINT32_H
#define PQCLEAN_SNTRUP653_AVX2_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP653_AVX2_crypto_sort_uint32_BYTES 4


void PQCLEAN_SNTRUP653_AVX2_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_SNTRUP653_AVX2_crypto_sort_uint32(void *array, long long n);
#endif

+ 3
- 1
crypto_kem/sntrup653/avx2/params.h View File

@@ -19,15 +19,17 @@
#include "crypto_encode_653xfreeze3.h"
#include "crypto_encode_653xint16.h"
#include "crypto_encode_int16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_897.h"


#define p 653
#define qinv (-29499) /* reciprocal of q mod 2^16 */
#define q27 29045 /* closest integer to 2^27/q */
#define q18 57 /* closest integer to 2^18/q */
#define ppad 657
#define crypto_core_weight PQCLEAN_SNTRUP653_AVX2_crypto_core_weightsntrup653
#define p 653
#define q 4621
#define w 288



+ 4
- 4
crypto_kem/sntrup653/clean/crypto_encode_653x3.c View File

@@ -10,10 +10,10 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x3(unsigned char *s, const void *v
int i;

for (i = 0; i < p / 4; ++i) {
x = (uint8) (*f++ + 1);
x = (uint8) (x + ((*f++ + 1) << 2));
x = (uint8) (x + ((*f++ + 1) << 4));
x = (uint8) (x + ((*f++ + 1) << 6));
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
*s++ = x;
}
x = *f++ + 1;


+ 74
- 4
crypto_kem/sntrup653/clean/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <stdint.h>
// Based on supercop-20190110/crypto_sort/int32/x86


#define int32 int32_t

@@ -17,10 +15,82 @@
} while(0)

/* assume 2 <= n <= 0x40000000 */
void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_int32(int32 *array, size_t n) {
size_t top, p, q, r, i, j;
static void crypto_sort_smallindices(int32 *x, int32 n) {
int32 top, p, q, r, i, j;

top = 1;
while (top < n - top) {
top += top;
}

for (p = top; p >= 1; p >>= 1) {
i = 0;
while (i + 2 * p <= n) {
for (j = i; j < i + p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}
i += 2 * p;
}
for (j = i; j < n - p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}

i = 0;
j = 0;
for (q = top; q > p; q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) {
goto done;
}
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
if (j == i + p) {
i += 2 * p;
break;
}
}
while (i + p <= n - q) {
for (j = i; j < i + p; ++j) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
}
i += 2 * p;
}
/* now i + p > n - q */
j = i;
while (j < n - q) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
}

done:
;
}
}
}

void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_int32(void *array, long long n) {
long long top, p, q, r, i, j;
int32 *x = array;

if (n < 2) {
return;
}
if (n < 0x40000000) {
crypto_sort_smallindices(x, n);
return;
}
top = 1;
while (top < n - top) {
top += top;


+ 2
- 4
crypto_kem/sntrup653/clean/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP653_CLEAN_CRYPTO_SORT_INT32_H
#define PQCLEAN_SNTRUP653_CLEAN_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP653_CLEAN_crypto_sort_int32_BYTES 4


void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_int32(int32_t *array, size_t n);

void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/sntrup653/clean/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/sntrup653/clean/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP653_CLEAN_CRYPTO_SORT_UINT32_H
#define PQCLEAN_SNTRUP653_CLEAN_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP653_CLEAN_crypto_sort_uint32_BYTES 4


void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_SNTRUP653_CLEAN_crypto_sort_uint32(void *array, long long n);
#endif

+ 3
- 1
crypto_kem/sntrup653/clean/params.h View File

@@ -19,12 +19,14 @@
#include "crypto_encode_653xfreeze3.h"
#include "crypto_encode_653xint16.h"
#include "crypto_encode_int16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_897.h"


#define p 653
#define q27 29045 /* closest integer to 2^27/q */
#define q18 57 /* closest integer to 2^18/q */
#define p 653
#define q 4621
#define w 288



+ 17
- 15
crypto_kem/sntrup761/avx2/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <immintrin.h>
// Based on supercop-20200820/crypto_sort/int32/avx2


#define int32 int32_t

@@ -28,9 +26,9 @@ static inline void int32_MINMAX(int32 *a, int32 *b) {
*b ^= c;
}

static void minmax_vector(int32 *x, int32 *y, size_t n) {
if ((long long) n < 8) {
while ((long long) n > 0) {
static void minmax_vector(int32 *x, int32 *y, long long n) {
if (n < 8) {
while (n > 0) {
int32_MINMAX(x, y);
++x;
++y;
@@ -44,7 +42,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~(size_t) 7;
n &= ~7;
}
do {
int32x8 x0 = int32x8_load(x);
@@ -99,8 +97,8 @@ static void merge16_finish(int32 *x, int32x8 x0, int32x8 x1, int flagdown) {
}

/* stages 64,32 of bitonic merging; n is multiple of 128 */
static void int32_twostages_32(int32 *x, size_t n) {
size_t i;
static void int32_twostages_32(int32 *x, long long n) {
long long i;

while (n > 0) {
for (i = 0; i < 32; i += 8) {
@@ -125,8 +123,8 @@ static void int32_twostages_32(int32 *x, size_t n) {
}

/* stages 4q,2q,q of bitonic merging */
static size_t int32_threestages(int32 *x, size_t n, size_t q) {
size_t k, i;
static long long int32_threestages(int32 *x, long long n, long long q) {
long long k, i;

for (k = 0; k + 8 * q <= n; k += 8 * q) {
for (i = k; i < k + q; i += 8) {
@@ -168,8 +166,8 @@ static size_t int32_threestages(int32 *x, size_t n, size_t q) {

/* n is a power of 2; n >= 8; if n == 8 then flagdown */
// NOLINTNEXTLINE(google-readability-function-size)
static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
size_t p, q, i, j, k;
static void int32_sort_2power(int32 *x, long long n, int flagdown) {
long long p, q, i, j, k;
int32x8 mask;

if (n == 8) {
@@ -892,8 +890,8 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
}
}

void PQCLEAN_SNTRUP761_AVX2_crypto_sort_int32(int32 *x, size_t n) {
size_t q, i, j;
static void int32_sort(int32 *x, long long n) {
long long q, i, j;

if (n <= 8) {
if (n == 8) {
@@ -968,7 +966,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_sort_int32(int32 *x, size_t n) {
}

int32_sort_2power(x, q, 1);
PQCLEAN_SNTRUP761_AVX2_crypto_sort_int32(x + q, n - q);
int32_sort(x + q, n - q);

while (q >= 64) {
q >>= 2;
@@ -1208,3 +1206,7 @@ continue8:
int32_MINMAX(&x[j], &x[j + 1]);
}
}

void PQCLEAN_SNTRUP761_AVX2_crypto_sort_int32(void *array, long long n) {
int32_sort(array, n);
}

+ 4
- 6
crypto_kem/sntrup761/avx2/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP761_AVX2_CRYPTO_SORT
#define PQCLEAN_SNTRUP761_AVX2_CRYPTO_SORT
#ifndef PQCLEAN_SNTRUP761_AVX2_CRYPTO_SORT_INT32_H
#define PQCLEAN_SNTRUP761_AVX2_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP761_AVX2_crypto_sort_int32_BYTES 4


void PQCLEAN_SNTRUP761_AVX2_crypto_sort_int32(int32_t *x, size_t n);

void PQCLEAN_SNTRUP761_AVX2_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/sntrup761/avx2/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_SNTRUP761_AVX2_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_SNTRUP761_AVX2_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/sntrup761/avx2/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP761_AVX2_CRYPTO_SORT_UINT32_H
#define PQCLEAN_SNTRUP761_AVX2_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP761_AVX2_crypto_sort_uint32_BYTES 4


void PQCLEAN_SNTRUP761_AVX2_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_SNTRUP761_AVX2_crypto_sort_uint32(void *array, long long n);
#endif

+ 3
- 1
crypto_kem/sntrup761/avx2/params.h View File

@@ -19,15 +19,17 @@
#include "crypto_encode_761xfreeze3.h"
#include "crypto_encode_761xint16.h"
#include "crypto_encode_int16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1039.h"


#define p 761
#define qinv 15631 /* reciprocal of q mod 2^16 */
#define q27 29235 /* closest integer to 2^27/q */
#define q18 57 /* closest integer to 2^18/q */
#define ppad 769
#define crypto_core_weight PQCLEAN_SNTRUP761_AVX2_crypto_core_weightsntrup761
#define p 761
#define q 4591
#define w 286



+ 5
- 5
crypto_kem/sntrup761/clean/crypto_encode_761x3.c View File

@@ -5,15 +5,15 @@
#define p 761

void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x3(unsigned char *s, const void *v) {
const uint8 *f = (const uint8 *)v;
const uint8 *f = v;
uint8 x;
int i;

for (i = 0; i < p / 4; ++i) {
x = (uint8) (*f++ + 1);
x = (uint8) (x + ((*f++ + 1) << 2));
x = (uint8) (x + ((*f++ + 1) << 4));
x = (uint8) (x + ((*f++ + 1) << 6));
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
*s++ = x;
}
x = *f++ + 1;


+ 74
- 4
crypto_kem/sntrup761/clean/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <stdint.h>
// Based on supercop-20190110/crypto_sort/int32/x86


#define int32 int32_t

@@ -17,10 +15,82 @@
} while(0)

/* assume 2 <= n <= 0x40000000 */
void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_int32(int32 *array, size_t n) {
size_t top, p, q, r, i, j;
static void crypto_sort_smallindices(int32 *x, int32 n) {
int32 top, p, q, r, i, j;

top = 1;
while (top < n - top) {
top += top;
}

for (p = top; p >= 1; p >>= 1) {
i = 0;
while (i + 2 * p <= n) {
for (j = i; j < i + p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}
i += 2 * p;
}
for (j = i; j < n - p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}

i = 0;
j = 0;
for (q = top; q > p; q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) {
goto done;
}
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
if (j == i + p) {
i += 2 * p;
break;
}
}
while (i + p <= n - q) {
for (j = i; j < i + p; ++j) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
}
i += 2 * p;
}
/* now i + p > n - q */
j = i;
while (j < n - q) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
}

done:
;
}
}
}

void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_int32(void *array, long long n) {
long long top, p, q, r, i, j;
int32 *x = array;

if (n < 2) {
return;
}
if (n < 0x40000000) {
crypto_sort_smallindices(x, n);
return;
}
top = 1;
while (top < n - top) {
top += top;


+ 2
- 4
crypto_kem/sntrup761/clean/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP761_CLEAN_CRYPTO_SORT_INT32_H
#define PQCLEAN_SNTRUP761_CLEAN_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP761_CLEAN_crypto_sort_int32_BYTES 4


void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_int32(int32_t *array, size_t n);

void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/sntrup761/clean/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/sntrup761/clean/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP761_CLEAN_CRYPTO_SORT_UINT32_H
#define PQCLEAN_SNTRUP761_CLEAN_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP761_CLEAN_crypto_sort_uint32_BYTES 4


void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_SNTRUP761_CLEAN_crypto_sort_uint32(void *array, long long n);
#endif

+ 3
- 1
crypto_kem/sntrup761/clean/params.h View File

@@ -19,12 +19,14 @@
#include "crypto_encode_761xfreeze3.h"
#include "crypto_encode_761xint16.h"
#include "crypto_encode_int16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1039.h"


#define p 761
#define q27 29235 /* closest integer to 2^27/q */
#define q18 57 /* closest integer to 2^18/q */
#define p 761
#define q 4591
#define w 286



+ 17
- 15
crypto_kem/sntrup857/avx2/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <immintrin.h>
// Based on supercop-20200820/crypto_sort/int32/avx2


#define int32 int32_t

@@ -28,9 +26,9 @@ static inline void int32_MINMAX(int32 *a, int32 *b) {
*b ^= c;
}

static void minmax_vector(int32 *x, int32 *y, size_t n) {
if ((long long) n < 8) {
while ((long long) n > 0) {
static void minmax_vector(int32 *x, int32 *y, long long n) {
if (n < 8) {
while (n > 0) {
int32_MINMAX(x, y);
++x;
++y;
@@ -44,7 +42,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) {
int32x8_MINMAX(x0, y0);
int32x8_store(x + n - 8, x0);
int32x8_store(y + n - 8, y0);
n &= ~(size_t) 7;
n &= ~7;
}
do {
int32x8 x0 = int32x8_load(x);
@@ -99,8 +97,8 @@ static void merge16_finish(int32 *x, int32x8 x0, int32x8 x1, int flagdown) {
}

/* stages 64,32 of bitonic merging; n is multiple of 128 */
static void int32_twostages_32(int32 *x, size_t n) {
size_t i;
static void int32_twostages_32(int32 *x, long long n) {
long long i;

while (n > 0) {
for (i = 0; i < 32; i += 8) {
@@ -125,8 +123,8 @@ static void int32_twostages_32(int32 *x, size_t n) {
}

/* stages 4q,2q,q of bitonic merging */
static size_t int32_threestages(int32 *x, size_t n, size_t q) {
size_t k, i;
static long long int32_threestages(int32 *x, long long n, long long q) {
long long k, i;

for (k = 0; k + 8 * q <= n; k += 8 * q) {
for (i = k; i < k + q; i += 8) {
@@ -168,8 +166,8 @@ static size_t int32_threestages(int32 *x, size_t n, size_t q) {

/* n is a power of 2; n >= 8; if n == 8 then flagdown */
// NOLINTNEXTLINE(google-readability-function-size)
static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
size_t p, q, i, j, k;
static void int32_sort_2power(int32 *x, long long n, int flagdown) {
long long p, q, i, j, k;
int32x8 mask;

if (n == 8) {
@@ -892,8 +890,8 @@ static void int32_sort_2power(int32 *x, size_t n, int flagdown) {
}
}

void PQCLEAN_SNTRUP857_AVX2_crypto_sort_int32(int32 *x, size_t n) {
size_t q, i, j;
static void int32_sort(int32 *x, long long n) {
long long q, i, j;

if (n <= 8) {
if (n == 8) {
@@ -968,7 +966,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_sort_int32(int32 *x, size_t n) {
}

int32_sort_2power(x, q, 1);
PQCLEAN_SNTRUP857_AVX2_crypto_sort_int32(x + q, n - q);
int32_sort(x + q, n - q);

while (q >= 64) {
q >>= 2;
@@ -1208,3 +1206,7 @@ continue8:
int32_MINMAX(&x[j], &x[j + 1]);
}
}

void PQCLEAN_SNTRUP857_AVX2_crypto_sort_int32(void *array, long long n) {
int32_sort(array, n);
}

+ 4
- 6
crypto_kem/sntrup857/avx2/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP857_AVX2_CRYPTO_SORT
#define PQCLEAN_SNTRUP857_AVX2_CRYPTO_SORT
#ifndef PQCLEAN_SNTRUP857_AVX2_CRYPTO_SORT_INT32_H
#define PQCLEAN_SNTRUP857_AVX2_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP857_AVX2_crypto_sort_int32_BYTES 4


void PQCLEAN_SNTRUP857_AVX2_crypto_sort_int32(int32_t *x, size_t n);

void PQCLEAN_SNTRUP857_AVX2_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/sntrup857/avx2/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_SNTRUP857_AVX2_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_SNTRUP857_AVX2_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/sntrup857/avx2/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP857_AVX2_CRYPTO_SORT_UINT32_H
#define PQCLEAN_SNTRUP857_AVX2_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP857_AVX2_crypto_sort_uint32_BYTES 4


void PQCLEAN_SNTRUP857_AVX2_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_SNTRUP857_AVX2_crypto_sort_uint32(void *array, long long n);
#endif

+ 3
- 1
crypto_kem/sntrup857/avx2/params.h View File

@@ -19,15 +19,17 @@
#include "crypto_encode_857xfreeze3.h"
#include "crypto_encode_857xint16.h"
#include "crypto_encode_int16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1184.h"


#define p 857
#define qinv (-19761) /* reciprocal of q mod 2^16 */
#define q27 25976 /* closest integer to 2^27/q */
#define q18 51 /* closest integer to 2^18/q */
#define ppad 865
#define crypto_core_weight PQCLEAN_SNTRUP857_AVX2_crypto_core_weightsntrup857
#define p 857
#define q 5167
#define w 322



+ 4
- 4
crypto_kem/sntrup857/clean/crypto_encode_857x3.c View File

@@ -10,10 +10,10 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x3(unsigned char *s, const void *v
int i;

for (i = 0; i < p / 4; ++i) {
x = (uint8) (*f++ + 1);
x = (uint8) (x + ((*f++ + 1) << 2));
x = (uint8) (x + ((*f++ + 1) << 4));
x = (uint8) (x + ((*f++ + 1) << 6));
x = *f++ + 1;
x += (*f++ + 1) << 2;
x += (*f++ + 1) << 4;
x += (*f++ + 1) << 6;
*s++ = x;
}
x = *f++ + 1;


+ 74
- 4
crypto_kem/sntrup857/clean/crypto_sort_int32.c View File

@@ -1,7 +1,5 @@
#include "crypto_sort_int32.h"
#include <stdint.h>
// Based on supercop-20190110/crypto_sort/int32/x86


#define int32 int32_t

@@ -17,10 +15,82 @@
} while(0)

/* assume 2 <= n <= 0x40000000 */
void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_int32(int32 *array, size_t n) {
size_t top, p, q, r, i, j;
static void crypto_sort_smallindices(int32 *x, int32 n) {
int32 top, p, q, r, i, j;

top = 1;
while (top < n - top) {
top += top;
}

for (p = top; p >= 1; p >>= 1) {
i = 0;
while (i + 2 * p <= n) {
for (j = i; j < i + p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}
i += 2 * p;
}
for (j = i; j < n - p; ++j) {
int32_MINMAX(x[j], x[j + p]);
}

i = 0;
j = 0;
for (q = top; q > p; q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) {
goto done;
}
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
if (j == i + p) {
i += 2 * p;
break;
}
}
while (i + p <= n - q) {
for (j = i; j < i + p; ++j) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
}
i += 2 * p;
}
/* now i + p > n - q */
j = i;
while (j < n - q) {
int32 a = x[j + p];
for (r = q; r > p; r >>= 1) {
int32_MINMAX(a, x[j + r]);
}
x[j + p] = a;
++j;
}

done:
;
}
}
}

void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_int32(void *array, long long n) {
long long top, p, q, r, i, j;
int32 *x = array;

if (n < 2) {
return;
}
if (n < 0x40000000) {
crypto_sort_smallindices(x, n);
return;
}
top = 1;
while (top < n - top) {
top += top;


+ 2
- 4
crypto_kem/sntrup857/clean/crypto_sort_int32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP857_CLEAN_CRYPTO_SORT_INT32_H
#define PQCLEAN_SNTRUP857_CLEAN_CRYPTO_SORT_INT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP857_CLEAN_crypto_sort_int32_BYTES 4


void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_int32(int32_t *array, size_t n);

void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_int32(void *array, long long n);
#endif

+ 3
- 5
crypto_kem/sntrup857/clean/crypto_sort_uint32.c View File

@@ -1,15 +1,13 @@
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include <stdint.h>

#define uint32 uint32_t

/* can save time by vectorizing xor loops */
/* can save time by integrating xor loops with int32_sort */

void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n) {
uint32 *x = array;
size_t j;
void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_uint32(void *array, long long n) {
uint32_t *x = array;
long long j;
for (j = 0; j < n; ++j) {
x[j] ^= 0x80000000;
}


+ 2
- 4
crypto_kem/sntrup857/clean/crypto_sort_uint32.h View File

@@ -1,10 +1,8 @@
#ifndef PQCLEAN_SNTRUP857_CLEAN_CRYPTO_SORT_UINT32_H
#define PQCLEAN_SNTRUP857_CLEAN_CRYPTO_SORT_UINT32_H

#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_SNTRUP857_CLEAN_crypto_sort_uint32_BYTES 4


void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_uint32(uint32_t *array, size_t n);

void PQCLEAN_SNTRUP857_CLEAN_crypto_sort_uint32(void *array, long long n);
#endif

+ 3
- 1
crypto_kem/sntrup857/clean/params.h View File

@@ -19,12 +19,14 @@
#include "crypto_encode_857xfreeze3.h"
#include "crypto_encode_857xint16.h"
#include "crypto_encode_int16.h"
#include "crypto_sort_int32.h"
#include "crypto_sort_uint32.h"
#include "crypto_verify_1184.h"


#define p 857
#define q27 25976 /* closest integer to 2^27/q */
#define q18 51 /* closest integer to 2^18/q */
#define p 857
#define q 5167
#define w 322



+ 6
- 0
test/duplicate_consistency/ntrulpr653_avx2.yml View File

@@ -12,6 +12,7 @@ consistency_checks:
- crypto_encode_653x1541round.h
- crypto_encode_653x3.h
- crypto_encode_653xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_653xint16.c
@@ -53,6 +54,7 @@ consistency_checks:
scheme: sntrup761
implementation: clean
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -71,6 +73,7 @@ consistency_checks:
scheme: sntrup857
implementation: clean
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -103,6 +106,7 @@ consistency_checks:
- crypto_encode_653x1541round.h
- crypto_encode_653x3.h
- crypto_encode_653xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1025.h
@@ -122,6 +126,7 @@ consistency_checks:
- crypto_decode_256x2.h
- crypto_encode_256x16.h
- crypto_encode_256x2.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_256x16.c
@@ -156,6 +161,7 @@ consistency_checks:
- crypto_decode_256x2.h
- crypto_encode_256x16.h
- crypto_encode_256x2.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_256x16.c


+ 6
- 0
test/duplicate_consistency/ntrulpr653_clean.yml View File

@@ -40,6 +40,7 @@ consistency_checks:
- crypto_encode_653x1541round.h
- crypto_encode_653x3.h
- crypto_encode_653xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_653xint16.c
@@ -61,6 +62,7 @@ consistency_checks:
scheme: sntrup761
implementation: avx2
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -79,6 +81,7 @@ consistency_checks:
scheme: sntrup857
implementation: avx2
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -101,6 +104,7 @@ consistency_checks:
- crypto_encode_653x1541round.h
- crypto_encode_653x3.h
- crypto_encode_653xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1025.h
@@ -139,6 +143,7 @@ consistency_checks:
- crypto_decode_256x2.h
- crypto_encode_256x16.h
- crypto_encode_256x2.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_256x16.c
@@ -173,6 +178,7 @@ consistency_checks:
- crypto_decode_256x2.h
- crypto_encode_256x16.h
- crypto_encode_256x2.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_256x16.c


+ 5
- 0
test/duplicate_consistency/ntrulpr761_avx2.yml View File

@@ -3,6 +3,7 @@ consistency_checks:
scheme: sntrup653
implementation: clean
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -30,6 +31,7 @@ consistency_checks:
- crypto_encode_761x1531round.h
- crypto_encode_761x3.h
- crypto_encode_761xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_761xint16.c
@@ -71,6 +73,7 @@ consistency_checks:
scheme: sntrup857
implementation: clean
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -103,6 +106,7 @@ consistency_checks:
- crypto_encode_761x1531round.h
- crypto_encode_761x3.h
- crypto_encode_761xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1167.h
@@ -122,6 +126,7 @@ consistency_checks:
- crypto_decode_256x2.h
- crypto_encode_256x16.h
- crypto_encode_256x2.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_256x16.c


+ 5
- 0
test/duplicate_consistency/ntrulpr761_clean.yml View File

@@ -13,6 +13,7 @@ consistency_checks:
scheme: sntrup653
implementation: avx2
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -58,6 +59,7 @@ consistency_checks:
- crypto_encode_761x1531round.h
- crypto_encode_761x3.h
- crypto_encode_761xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_761xint16.c
@@ -79,6 +81,7 @@ consistency_checks:
scheme: sntrup857
implementation: avx2
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -101,6 +104,7 @@ consistency_checks:
- crypto_encode_761x1531round.h
- crypto_encode_761x3.h
- crypto_encode_761xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1167.h
@@ -139,6 +143,7 @@ consistency_checks:
- crypto_decode_256x2.h
- crypto_encode_256x16.h
- crypto_encode_256x2.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_256x16.c


+ 4
- 0
test/duplicate_consistency/ntrulpr857_avx2.yml View File

@@ -3,6 +3,7 @@ consistency_checks:
scheme: sntrup653
implementation: clean
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -21,6 +22,7 @@ consistency_checks:
scheme: sntrup761
implementation: clean
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -48,6 +50,7 @@ consistency_checks:
- crypto_encode_857x1723round.h
- crypto_encode_857x3.h
- crypto_encode_857xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_857xint16.c
@@ -103,6 +106,7 @@ consistency_checks:
- crypto_encode_857x1723round.h
- crypto_encode_857x3.h
- crypto_encode_857xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1312.h


+ 4
- 0
test/duplicate_consistency/ntrulpr857_clean.yml View File

@@ -13,6 +13,7 @@ consistency_checks:
scheme: sntrup653
implementation: avx2
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -31,6 +32,7 @@ consistency_checks:
scheme: sntrup761
implementation: avx2
files:
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_sort_uint32.c
@@ -76,6 +78,7 @@ consistency_checks:
- crypto_encode_857x1723round.h
- crypto_encode_857x3.h
- crypto_encode_857xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_decode_857xint16.c
@@ -101,6 +104,7 @@ consistency_checks:
- crypto_encode_857x1723round.h
- crypto_encode_857x3.h
- crypto_encode_857xint16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1312.h


+ 3
- 0
test/duplicate_consistency/sntrup653_avx2.yml View File

@@ -22,6 +22,7 @@ consistency_checks:
- crypto_encode_653xfreeze3.h
- crypto_encode_653xint16.h
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_897.h
@@ -37,6 +38,7 @@ consistency_checks:
implementation: clean
files:
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_encode_int16.c
@@ -63,6 +65,7 @@ consistency_checks:
implementation: clean
files:
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_encode_int16.c


+ 3
- 0
test/duplicate_consistency/sntrup653_clean.yml View File

@@ -22,6 +22,7 @@ consistency_checks:
- crypto_encode_653xfreeze3.h
- crypto_encode_653xint16.h
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_897.h
@@ -50,6 +51,7 @@ consistency_checks:
implementation: avx2
files:
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_encode_int16.c
@@ -74,6 +76,7 @@ consistency_checks:
implementation: avx2
files:
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_encode_int16.c


+ 2
- 0
test/duplicate_consistency/sntrup761_avx2.yml View File

@@ -22,6 +22,7 @@ consistency_checks:
- crypto_encode_761xfreeze3.h
- crypto_encode_761xint16.h
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1039.h
@@ -37,6 +38,7 @@ consistency_checks:
implementation: clean
files:
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_encode_int16.c


+ 2
- 0
test/duplicate_consistency/sntrup761_clean.yml View File

@@ -22,6 +22,7 @@ consistency_checks:
- crypto_encode_761xfreeze3.h
- crypto_encode_761xint16.h
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1039.h
@@ -50,6 +51,7 @@ consistency_checks:
implementation: avx2
files:
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_encode_int16.c


+ 1
- 0
test/duplicate_consistency/sntrup857_avx2.yml View File

@@ -22,6 +22,7 @@ consistency_checks:
- crypto_encode_857xfreeze3.h
- crypto_encode_857xint16.h
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1184.h


+ 1
- 0
test/duplicate_consistency/sntrup857_clean.yml View File

@@ -22,6 +22,7 @@ consistency_checks:
- crypto_encode_857xfreeze3.h
- crypto_encode_857xint16.h
- crypto_encode_int16.h
- crypto_sort_int32.h
- crypto_sort_uint32.h
- crypto_stream_aes256ctr.h
- crypto_verify_1184.h


Loading…
Cancel
Save