Rename log and exp to gf_log and gf_exp

crypto_kem/hqc-128/avx2/bch.c

@@ -41,7 +41,7 @@ void PQCLEAN_HQC128_AVX2_table_alphaij_generation(const uint16_t *exp) {
         alpha_tmp = table_alpha_ij + i * (PARAM_DELTA << 1);
         for (uint16_t j = 0; j < (PARAM_DELTA << 1); j++) {
             tmp_value = PQCLEAN_HQC128_AVX2_gf_mod(tmp_value + i);
-            alpha_tmp[j] = exp[tmp_value];
+            alpha_tmp[j] = gf_exp[tmp_value];
         }
     }
 }

crypto_kem/hqc-128/avx2/fft.c

@@ -339,11 +339,11 @@ void PQCLEAN_HQC128_AVX2_fft_retrieve_bch_error_poly(uint64_t *error, const uint
     error[index / 8] ^= bit << (index % 64);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC128_AVX2_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         bit = 1 ^ ((uint16_t) - w[i] >> 15);
         error[index / 64] ^= bit << (index % 64);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC128_AVX2_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         bit = 1 ^ ((uint16_t) - w[k + i] >> 15);
         error[index / 64] ^= bit << (index % 64);
     }

crypto_kem/hqc-128/avx2/gf.c

@@ -14,17 +14,6 @@ static uint16_t gf_quad(uint64_t a);
 
 
 
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^GF_M).
- *@returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQC128_AVX2_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
  * Reduces polynomial x modulo primitive polynomial GF_POLY.
  * @returns x mod GF_POLY

crypto_kem/hqc-128/clean/fft.c

@@ -611,8 +611,8 @@ void PQCLEAN_HQC128_CLEAN_fft_t_preprocess_bch_codeword(uint16_t *w, const uint6
     w[0] = 0;
     w[k] = -r[0] & 1;
     for (i = 1; i < k; ++i) {
-        w[i] = -r[PQCLEAN_HQC128_CLEAN_gf_log(gammas_sums[i])] & gammas_sums[i];
-        w[k + i] = -r[PQCLEAN_HQC128_CLEAN_gf_log(gammas_sums[i] ^ 1)] & (gammas_sums[i] ^ 1);
+        w[i] = -r[gf_log[gammas_sums[i]]] & gammas_sums[i];
+        w[k + i] = -r[gf_log[gammas_sums[i] ^ 1]] & (gammas_sums[i] ^ 1);
     }
 }
 
@@ -642,11 +642,11 @@ void PQCLEAN_HQC128_CLEAN_fft_retrieve_bch_error_poly(uint64_t *error, const uin
     error[index / 8] ^= bit << (index % 64);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC128_CLEAN_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         bit = 1 ^ ((uint16_t) - w[i] >> 15);
         error[index / 64] ^= bit << (index % 64);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC128_CLEAN_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         bit = 1 ^ ((uint16_t) - w[k + i] >> 15);
         error[index / 64] ^= bit << (index % 64);
     }

crypto_kem/hqc-128/clean/gf.c

@@ -7,71 +7,57 @@
  */
 
 
-/**
- * @brief Returns the integer i such that elt = a^i where a is the primitive element of GF(2^PARAM_M).
- *
- * @returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQC128_CLEAN_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
  * @brief Multiplies nonzero element a by element b
- *
  * @returns the product a*b
  * @param[in] a First element of GF(2^PARAM_M) to multiply (cannot be zero)
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
  */
 uint16_t PQCLEAN_HQC128_CLEAN_gf_mul(uint16_t a, uint16_t b) {
-    // mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
-    int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
-    return mask & exp[PQCLEAN_HQC128_CLEAN_gf_mod(log[a] + log[b])];
+    uint16_t mask;
+    mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
+    return mask & gf_exp[PQCLEAN_HQC128_CLEAN_gf_mod(gf_log[a] + gf_log[b])];
 }
 
 
 
 /**
  * @brief Squares an element of GF(2^PARAM_M)
- *
  * @returns a^2
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQC128_CLEAN_gf_square(uint16_t a) {
-    int16_t mask = (log[a] >> PARAM_M) - 1;
-    return mask & exp[PQCLEAN_HQC128_CLEAN_gf_mod(2 * log[a])];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & gf_exp[PQCLEAN_HQC128_CLEAN_gf_mod(2 * gf_log[a])];
 }
 
 
 
 /**
  * @brief Computes the inverse of an element of GF(2^PARAM_M)
- *
  * @returns the inverse of a
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQC128_CLEAN_gf_inverse(uint16_t a) {
-    return exp[PARAM_GF_MUL_ORDER - log[a]];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & gf_exp[PARAM_GF_MUL_ORDER - gf_log[a]];
 }
 
 
 
 /**
  * @brief Returns i modulo 2^PARAM_M-1
- *
  * i must be less than 2*(2^PARAM_M-1).
  * Therefore, the return value is either i or i-2^PARAM_M+1.
- *
  * @returns i mod (2^PARAM_M-1)
  * @param[in] i The integer whose modulo is taken
  */
 uint16_t PQCLEAN_HQC128_CLEAN_gf_mod(uint16_t i) {
-    uint16_t tmp = i - PARAM_GF_MUL_ORDER;
+    uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
-    int16_t mask = -(tmp >> 15);
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }

crypto_kem/hqc-192/avx2/bch.c

@@ -41,7 +41,7 @@ void PQCLEAN_HQC192_AVX2_table_alphaij_generation(const uint16_t *exp) {
         alpha_tmp = table_alpha_ij + i * (PARAM_DELTA << 1);
         for (uint16_t j = 0; j < (PARAM_DELTA << 1); j++) {
             tmp_value = PQCLEAN_HQC192_AVX2_gf_mod(tmp_value + i);
-            alpha_tmp[j] = exp[tmp_value];
+            alpha_tmp[j] = gf_exp[tmp_value];
         }
     }
 }

crypto_kem/hqc-192/avx2/fft.c

@@ -339,11 +339,11 @@ void PQCLEAN_HQC192_AVX2_fft_retrieve_bch_error_poly(uint64_t *error, const uint
     error[index / 8] ^= bit << (index % 64);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC192_AVX2_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         bit = 1 ^ ((uint16_t) - w[i] >> 15);
         error[index / 64] ^= bit << (index % 64);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC192_AVX2_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         bit = 1 ^ ((uint16_t) - w[k + i] >> 15);
         error[index / 64] ^= bit << (index % 64);
     }

crypto_kem/hqc-192/avx2/gf.c

@@ -14,17 +14,6 @@ static uint16_t gf_quad(uint64_t a);
 
 
 
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^GF_M).
- *@returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQC192_AVX2_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
  * Reduces polynomial x modulo primitive polynomial GF_POLY.
  * @returns x mod GF_POLY

crypto_kem/hqc-192/clean/fft.c

@@ -611,8 +611,8 @@ void PQCLEAN_HQC192_CLEAN_fft_t_preprocess_bch_codeword(uint16_t *w, const uint6
     w[0] = 0;
     w[k] = -r[0] & 1;
     for (i = 1; i < k; ++i) {
-        w[i] = -r[PQCLEAN_HQC192_CLEAN_gf_log(gammas_sums[i])] & gammas_sums[i];
-        w[k + i] = -r[PQCLEAN_HQC192_CLEAN_gf_log(gammas_sums[i] ^ 1)] & (gammas_sums[i] ^ 1);
+        w[i] = -r[gf_log[gammas_sums[i]]] & gammas_sums[i];
+        w[k + i] = -r[gf_log[gammas_sums[i] ^ 1]] & (gammas_sums[i] ^ 1);
     }
 }
 
@@ -641,11 +641,11 @@ void PQCLEAN_HQC192_CLEAN_fft_retrieve_bch_error_poly(uint64_t *error, const uin
     error[index / 8] ^= bit << (index % 64);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC192_CLEAN_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         bit = 1 ^ ((uint16_t) - w[i] >> 15);
         error[index / 64] ^= bit << (index % 64);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC192_CLEAN_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         bit = 1 ^ ((uint16_t) - w[k + i] >> 15);
         error[index / 64] ^= bit << (index % 64);
     }

crypto_kem/hqc-192/clean/gf.c

@@ -7,71 +7,57 @@
  */
 
 
-/**
- * @brief Returns the integer i such that elt = a^i where a is the primitive element of GF(2^PARAM_M).
- *
- * @returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQC192_CLEAN_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
  * @brief Multiplies nonzero element a by element b
- *
  * @returns the product a*b
  * @param[in] a First element of GF(2^PARAM_M) to multiply (cannot be zero)
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
  */
 uint16_t PQCLEAN_HQC192_CLEAN_gf_mul(uint16_t a, uint16_t b) {
-    // mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
-    int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
-    return mask & exp[PQCLEAN_HQC192_CLEAN_gf_mod(log[a] + log[b])];
+    uint16_t mask;
+    mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
+    return mask & gf_exp[PQCLEAN_HQC192_CLEAN_gf_mod(gf_log[a] + gf_log[b])];
 }
 
 
 
 /**
  * @brief Squares an element of GF(2^PARAM_M)
- *
  * @returns a^2
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQC192_CLEAN_gf_square(uint16_t a) {
-    int16_t mask = (log[a] >> PARAM_M) - 1;
-    return mask & exp[PQCLEAN_HQC192_CLEAN_gf_mod(2 * log[a])];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & gf_exp[PQCLEAN_HQC192_CLEAN_gf_mod(2 * gf_log[a])];
 }
 
 
 
 /**
  * @brief Computes the inverse of an element of GF(2^PARAM_M)
- *
  * @returns the inverse of a
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQC192_CLEAN_gf_inverse(uint16_t a) {
-    return exp[PARAM_GF_MUL_ORDER - log[a]];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & gf_exp[PARAM_GF_MUL_ORDER - gf_log[a]];
 }
 
 
 
 /**
  * @brief Returns i modulo 2^PARAM_M-1
- *
  * i must be less than 2*(2^PARAM_M-1).
  * Therefore, the return value is either i or i-2^PARAM_M+1.
- *
  * @returns i mod (2^PARAM_M-1)
  * @param[in] i The integer whose modulo is taken
  */
 uint16_t PQCLEAN_HQC192_CLEAN_gf_mod(uint16_t i) {
-    uint16_t tmp = i - PARAM_GF_MUL_ORDER;
+    uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
-    int16_t mask = -(tmp >> 15);
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }

crypto_kem/hqc-256/avx2/bch.c

@@ -41,7 +41,7 @@ void PQCLEAN_HQC256_AVX2_table_alphaij_generation(const uint16_t *exp) {
         alpha_tmp = table_alpha_ij + i * (PARAM_DELTA << 1);
         for (uint16_t j = 0; j < (PARAM_DELTA << 1); j++) {
             tmp_value = PQCLEAN_HQC256_AVX2_gf_mod(tmp_value + i);
-            alpha_tmp[j] = exp[tmp_value];
+            alpha_tmp[j] = gf_exp[tmp_value];
         }
     }
 }

crypto_kem/hqc-256/avx2/fft.c

@@ -339,11 +339,11 @@ void PQCLEAN_HQC256_AVX2_fft_retrieve_bch_error_poly(uint64_t *error, const uint
     error[index / 8] ^= bit << (index % 64);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC256_AVX2_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         bit = 1 ^ ((uint16_t) - w[i] >> 15);
         error[index / 64] ^= bit << (index % 64);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC256_AVX2_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         bit = 1 ^ ((uint16_t) - w[k + i] >> 15);
         error[index / 64] ^= bit << (index % 64);
     }

crypto_kem/hqc-256/avx2/gf.c

@@ -14,17 +14,6 @@ static uint16_t gf_quad(uint64_t a);
 
 
 
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^GF_M).
- *@returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQC256_AVX2_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
  * Reduces polynomial x modulo primitive polynomial GF_POLY.
  * @returns x mod GF_POLY

crypto_kem/hqc-256/clean/fft.c

@@ -611,8 +611,8 @@ void PQCLEAN_HQC256_CLEAN_fft_t_preprocess_bch_codeword(uint16_t *w, const uint6
     w[0] = 0;
     w[k] = -r[0] & 1;
     for (i = 1; i < k; ++i) {
-        w[i] = -r[PQCLEAN_HQC256_CLEAN_gf_log(gammas_sums[i])] & gammas_sums[i];
-        w[k + i] = -r[PQCLEAN_HQC256_CLEAN_gf_log(gammas_sums[i] ^ 1)] & (gammas_sums[i] ^ 1);
+        w[i] = -r[gf_log[gammas_sums[i]]] & gammas_sums[i];
+        w[k + i] = -r[gf_log[gammas_sums[i] ^ 1]] & (gammas_sums[i] ^ 1);
     }
 }
 
@@ -641,11 +641,11 @@ void PQCLEAN_HQC256_CLEAN_fft_retrieve_bch_error_poly(uint64_t *error, const uin
     error[index / 8] ^= bit << (index % 64);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC256_CLEAN_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         bit = 1 ^ ((uint16_t) - w[i] >> 15);
         error[index / 64] ^= bit << (index % 64);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQC256_CLEAN_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         bit = 1 ^ ((uint16_t) - w[k + i] >> 15);
         error[index / 64] ^= bit << (index % 64);
     }

crypto_kem/hqc-256/clean/gf.c

@@ -7,71 +7,57 @@
  */
 
 
-/**
- * @brief Returns the integer i such that elt = a^i where a is the primitive element of GF(2^PARAM_M).
- *
- * @returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQC256_CLEAN_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
  * @brief Multiplies nonzero element a by element b
- *
  * @returns the product a*b
  * @param[in] a First element of GF(2^PARAM_M) to multiply (cannot be zero)
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
  */
 uint16_t PQCLEAN_HQC256_CLEAN_gf_mul(uint16_t a, uint16_t b) {
-    // mask = 0xffff if neither a nor b is zero. Otherwise mask is 0.
-    int16_t mask = ((log[a] | log[b]) >> PARAM_M) - 1;
-    return mask & exp[PQCLEAN_HQC256_CLEAN_gf_mod(log[a] + log[b])];
+    uint16_t mask;
+    mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
+    return mask & gf_exp[PQCLEAN_HQC256_CLEAN_gf_mod(gf_log[a] + gf_log[b])];
 }
 
 
 
 /**
  * @brief Squares an element of GF(2^PARAM_M)
- *
  * @returns a^2
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQC256_CLEAN_gf_square(uint16_t a) {
-    int16_t mask = (log[a] >> PARAM_M) - 1;
-    return mask & exp[PQCLEAN_HQC256_CLEAN_gf_mod(2 * log[a])];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & gf_exp[PQCLEAN_HQC256_CLEAN_gf_mod(2 * gf_log[a])];
 }
 
 
 
 /**
  * @brief Computes the inverse of an element of GF(2^PARAM_M)
- *
  * @returns the inverse of a
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQC256_CLEAN_gf_inverse(uint16_t a) {
-    return exp[PARAM_GF_MUL_ORDER - log[a]];
+    int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
+    return mask & gf_exp[PARAM_GF_MUL_ORDER - gf_log[a]];
 }
 
 
 
 /**
  * @brief Returns i modulo 2^PARAM_M-1
- *
  * i must be less than 2*(2^PARAM_M-1).
  * Therefore, the return value is either i or i-2^PARAM_M+1.
- *
  * @returns i mod (2^PARAM_M-1)
  * @param[in] i The integer whose modulo is taken
  */
 uint16_t PQCLEAN_HQC256_CLEAN_gf_mod(uint16_t i) {
-    uint16_t tmp = i - PARAM_GF_MUL_ORDER;
+    uint16_t tmp = (uint16_t) (i - PARAM_GF_MUL_ORDER);
 
     // mask = 0xffff if(i < PARAM_GF_MUL_ORDER)
-    int16_t mask = -(tmp >> 15);
+    uint16_t mask = -(tmp >> 15);
 
     return tmp + (mask & PARAM_GF_MUL_ORDER);
 }

crypto_kem/hqc-rmrs-128/avx2/fft.c

@@ -335,10 +335,10 @@ void PQCLEAN_HQCRMRS128_AVX2_fft_retrieve_error_poly(uint8_t *error, const uint1
     error[0] ^= 1 ^ ((uint16_t) - w[k] >> 15);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS128_AVX2_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         error[index] ^= 1 ^ ((uint16_t) - w[i] >> 15);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS128_AVX2_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         error[index] ^= 1 ^ ((uint16_t) - w[k + i] >> 15);
     }
 }

crypto_kem/hqc-rmrs-128/avx2/gf.c

@@ -12,16 +12,6 @@
 static uint16_t gf_reduce(uint64_t x, size_t deg_x);
 
 
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^GF_M).
- *@returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
 
 /**
  * Reduces polynomial x modulo primitive polynomial GF_POLY.

crypto_kem/hqc-rmrs-128/avx2/gf.h

@@ -18,7 +18,7 @@
  * The last two elements are needed by the PQCLEAN_HQCRMRS128_AVX2_gf_mul function
  * (for example if both elements to multiply are zero).
  */
-static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
+static const uint16_t gf_exp[258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
 
 
 
@@ -26,11 +26,9 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
  * Logarithm of elements of GF(2^8) to the base alpha (root of 1 + x^2 + x^3 + x^4 + x^8).
  * The logarithm of 0 is set to 0 by convention.
  */
-static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
+static const uint16_t gf_log[256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_log(uint16_t elt);
-
 uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS128_AVX2_gf_square(uint16_t a);

crypto_kem/hqc-rmrs-128/avx2/reed_solomon.c

@@ -231,7 +231,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
         int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
         for (size_t j = 0; j < PARAM_DELTA; j++) {
             int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
-            beta_j[j] += indexmask & valuemask & exp[i];
+            beta_j[j] += indexmask & valuemask & gf_exp[i];
             found += indexmask & valuemask & 1;
         }
         delta_counter += found;

crypto_kem/hqc-rmrs-128/clean/fft.c

@@ -335,10 +335,10 @@ void PQCLEAN_HQCRMRS128_CLEAN_fft_retrieve_error_poly(uint8_t *error, const uint
     error[0] ^= 1 ^ ((uint16_t) - w[k] >> 15);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS128_CLEAN_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         error[index] ^= 1 ^ ((uint16_t) - w[i] >> 15);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS128_CLEAN_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         error[index] ^= 1 ^ ((uint16_t) - w[k + i] >> 15);
     }
 }

crypto_kem/hqc-rmrs-128/clean/gf.c

@@ -7,21 +7,8 @@
  */
 
 
-
-
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^PARAM_M).
- * @returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
- * Multiplies nonzero element 'a' by element 'b'.
+ * @brief Multiplies nonzero element a by element b
  * @returns the product a*b
  * @param[in] a First element of GF(2^PARAM_M) to multiply (cannot be zero)
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
@@ -30,37 +17,37 @@ uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b) {
     uint16_t mask;
     mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
     mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
-    return mask & exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(log[a] + log[b])];
+    return mask & gf_exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(gf_log[a] + gf_log[b])];
 }
 
 
 
 /**
- * Squares an element of GF(2^PARAM_M).
+ * @brief Squares an element of GF(2^PARAM_M)
  * @returns a^2
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a) {
     int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
-    return mask & exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(2 * log[a])];
+    return mask & gf_exp[PQCLEAN_HQCRMRS128_CLEAN_gf_mod(2 * gf_log[a])];
 }
 
 
 
 /**
- * Computes the inverse of an element of GF(2^PARAM_M).
+ * @brief Computes the inverse of an element of GF(2^PARAM_M)
  * @returns the inverse of a
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_inverse(uint16_t a) {
     int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
-    return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
+    return mask & gf_exp[PARAM_GF_MUL_ORDER - gf_log[a]];
 }
 
 
 
 /**
- * Returns i modulo 2^PARAM_M-1.
+ * @brief Returns i modulo 2^PARAM_M-1
  * i must be less than 2*(2^PARAM_M-1).
  * Therefore, the return value is either i or i-2^PARAM_M+1.
  * @returns i mod (2^PARAM_M-1)

crypto_kem/hqc-rmrs-128/clean/gf.h

@@ -18,7 +18,7 @@
  * The last two elements are needed by the PQCLEAN_HQCRMRS128_CLEAN_gf_mul function
  * (for example if both elements to multiply are zero).
  */
-static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
+static const uint16_t gf_exp[258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
 
 
 
@@ -26,11 +26,9 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
  * Logarithm of elements of GF(2^8) to the base alpha (root of 1 + x^2 + x^3 + x^4 + x^8).
  * The logarithm of 0 is set to 0 by convention.
  */
-static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
+static const uint16_t gf_log[256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_log(uint16_t elt);
-
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS128_CLEAN_gf_square(uint16_t a);

crypto_kem/hqc-rmrs-128/clean/reed_solomon.c

@@ -231,7 +231,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
         uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
         for (uint16_t j = 0; j < PARAM_DELTA; j++) {
             uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
-            beta_j[j] += indexmask & valuemask & exp[i];
+            beta_j[j] += indexmask & valuemask & gf_exp[i];
             found += indexmask & valuemask & 1;
         }
         delta_counter += found;

crypto_kem/hqc-rmrs-192/avx2/fft.c

@@ -335,10 +335,10 @@ void PQCLEAN_HQCRMRS192_AVX2_fft_retrieve_error_poly(uint8_t *error, const uint1
     error[0] ^= 1 ^ ((uint16_t) - w[k] >> 15);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS192_AVX2_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         error[index] ^= 1 ^ ((uint16_t) - w[i] >> 15);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS192_AVX2_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         error[index] ^= 1 ^ ((uint16_t) - w[k + i] >> 15);
     }
 }

crypto_kem/hqc-rmrs-192/avx2/gf.c

@@ -12,16 +12,6 @@
 static uint16_t gf_reduce(uint64_t x, size_t deg_x);
 
 
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^GF_M).
- *@returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
 
 /**
  * Reduces polynomial x modulo primitive polynomial GF_POLY.

crypto_kem/hqc-rmrs-192/avx2/gf.h

@@ -18,7 +18,7 @@
  * The last two elements are needed by the PQCLEAN_HQCRMRS192_AVX2_gf_mul function
  * (for example if both elements to multiply are zero).
  */
-static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
+static const uint16_t gf_exp[258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
 
 
 
@@ -26,11 +26,9 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
  * Logarithm of elements of GF(2^8) to the base alpha (root of 1 + x^2 + x^3 + x^4 + x^8).
  * The logarithm of 0 is set to 0 by convention.
  */
-static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
+static const uint16_t gf_log[256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_log(uint16_t elt);
-
 uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS192_AVX2_gf_square(uint16_t a);

crypto_kem/hqc-rmrs-192/avx2/reed_solomon.c

@@ -231,7 +231,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
         int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
         for (size_t j = 0; j < PARAM_DELTA; j++) {
             int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
-            beta_j[j] += indexmask & valuemask & exp[i];
+            beta_j[j] += indexmask & valuemask & gf_exp[i];
             found += indexmask & valuemask & 1;
         }
         delta_counter += found;

crypto_kem/hqc-rmrs-192/clean/fft.c

@@ -335,10 +335,10 @@ void PQCLEAN_HQCRMRS192_CLEAN_fft_retrieve_error_poly(uint8_t *error, const uint
     error[0] ^= 1 ^ ((uint16_t) - w[k] >> 15);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS192_CLEAN_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         error[index] ^= 1 ^ ((uint16_t) - w[i] >> 15);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS192_CLEAN_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         error[index] ^= 1 ^ ((uint16_t) - w[k + i] >> 15);
     }
 }

crypto_kem/hqc-rmrs-192/clean/gf.c

@@ -7,21 +7,8 @@
  */
 
 
-
-
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^PARAM_M).
- * @returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
- * Multiplies nonzero element 'a' by element 'b'.
+ * @brief Multiplies nonzero element a by element b
  * @returns the product a*b
  * @param[in] a First element of GF(2^PARAM_M) to multiply (cannot be zero)
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
@@ -30,37 +17,37 @@ uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b) {
     uint16_t mask;
     mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
     mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
-    return mask & exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(log[a] + log[b])];
+    return mask & gf_exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(gf_log[a] + gf_log[b])];
 }
 
 
 
 /**
- * Squares an element of GF(2^PARAM_M).
+ * @brief Squares an element of GF(2^PARAM_M)
  * @returns a^2
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a) {
     int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
-    return mask & exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(2 * log[a])];
+    return mask & gf_exp[PQCLEAN_HQCRMRS192_CLEAN_gf_mod(2 * gf_log[a])];
 }
 
 
 
 /**
- * Computes the inverse of an element of GF(2^PARAM_M).
+ * @brief Computes the inverse of an element of GF(2^PARAM_M)
  * @returns the inverse of a
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_inverse(uint16_t a) {
     int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
-    return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
+    return mask & gf_exp[PARAM_GF_MUL_ORDER - gf_log[a]];
 }
 
 
 
 /**
- * Returns i modulo 2^PARAM_M-1.
+ * @brief Returns i modulo 2^PARAM_M-1
  * i must be less than 2*(2^PARAM_M-1).
  * Therefore, the return value is either i or i-2^PARAM_M+1.
  * @returns i mod (2^PARAM_M-1)

crypto_kem/hqc-rmrs-192/clean/gf.h

@@ -18,7 +18,7 @@
  * The last two elements are needed by the PQCLEAN_HQCRMRS192_CLEAN_gf_mul function
  * (for example if both elements to multiply are zero).
  */
-static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
+static const uint16_t gf_exp[258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
 
 
 
@@ -26,11 +26,9 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
  * Logarithm of elements of GF(2^8) to the base alpha (root of 1 + x^2 + x^3 + x^4 + x^8).
  * The logarithm of 0 is set to 0 by convention.
  */
-static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
+static const uint16_t gf_log[256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_log(uint16_t elt);
-
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS192_CLEAN_gf_square(uint16_t a);

crypto_kem/hqc-rmrs-192/clean/reed_solomon.c

@@ -231,7 +231,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
         uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
         for (uint16_t j = 0; j < PARAM_DELTA; j++) {
             uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
-            beta_j[j] += indexmask & valuemask & exp[i];
+            beta_j[j] += indexmask & valuemask & gf_exp[i];
             found += indexmask & valuemask & 1;
         }
         delta_counter += found;

crypto_kem/hqc-rmrs-256/avx2/fft.c

@@ -335,10 +335,10 @@ void PQCLEAN_HQCRMRS256_AVX2_fft_retrieve_error_poly(uint8_t *error, const uint1
     error[0] ^= 1 ^ ((uint16_t) - w[k] >> 15);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS256_AVX2_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         error[index] ^= 1 ^ ((uint16_t) - w[i] >> 15);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS256_AVX2_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         error[index] ^= 1 ^ ((uint16_t) - w[k + i] >> 15);
     }
 }

crypto_kem/hqc-rmrs-256/avx2/gf.c

@@ -12,16 +12,6 @@
 static uint16_t gf_reduce(uint64_t x, size_t deg_x);
 
 
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^GF_M).
- *@returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
 
 /**
  * Reduces polynomial x modulo primitive polynomial GF_POLY.

crypto_kem/hqc-rmrs-256/avx2/gf.h

@@ -18,7 +18,7 @@
  * The last two elements are needed by the PQCLEAN_HQCRMRS256_AVX2_gf_mul function
  * (for example if both elements to multiply are zero).
  */
-static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
+static const uint16_t gf_exp[258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
 
 
 
@@ -26,11 +26,9 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
  * Logarithm of elements of GF(2^8) to the base alpha (root of 1 + x^2 + x^3 + x^4 + x^8).
  * The logarithm of 0 is set to 0 by convention.
  */
-static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
+static const uint16_t gf_log[256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_log(uint16_t elt);
-
 uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS256_AVX2_gf_square(uint16_t a);

crypto_kem/hqc-rmrs-256/avx2/reed_solomon.c

@@ -231,7 +231,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
         int16_t valuemask = ((int16_t) - (error[i] != 0)) >> 15;
         for (size_t j = 0; j < PARAM_DELTA; j++) {
             int16_t indexmask = ((int16_t) - (j == delta_counter)) >> 15;
-            beta_j[j] += indexmask & valuemask & exp[i];
+            beta_j[j] += indexmask & valuemask & gf_exp[i];
             found += indexmask & valuemask & 1;
         }
         delta_counter += found;

crypto_kem/hqc-rmrs-256/clean/fft.c

@@ -335,10 +335,10 @@ void PQCLEAN_HQCRMRS256_CLEAN_fft_retrieve_error_poly(uint8_t *error, const uint
     error[0] ^= 1 ^ ((uint16_t) - w[k] >> 15);
 
     for (i = 1; i < k; ++i) {
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS256_CLEAN_gf_log(gammas_sums[i]);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i]];
         error[index] ^= 1 ^ ((uint16_t) - w[i] >> 15);
 
-        index = PARAM_GF_MUL_ORDER - PQCLEAN_HQCRMRS256_CLEAN_gf_log(gammas_sums[i] ^ 1);
+        index = PARAM_GF_MUL_ORDER - gf_log[gammas_sums[i] ^ 1];
         error[index] ^= 1 ^ ((uint16_t) - w[k + i] >> 15);
     }
 }

crypto_kem/hqc-rmrs-256/clean/gf.c

@@ -7,21 +7,8 @@
  */
 
 
-
-
-/**
- * Returns the integer i such that elt = a^i
- * where a is the primitive element of GF(2^PARAM_M).
- * @returns the logarithm of the given element
- */
-uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_log(uint16_t elt) {
-    return log[elt];
-}
-
-
-
 /**
- * Multiplies nonzero element 'a' by element 'b'.
+ * @brief Multiplies nonzero element a by element b
  * @returns the product a*b
  * @param[in] a First element of GF(2^PARAM_M) to multiply (cannot be zero)
  * @param[in] b Second element of GF(2^PARAM_M) to multiply (cannot be zero)
@@ -30,37 +17,37 @@ uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b) {
     uint16_t mask;
     mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
     mask &= (uint16_t) (-((int32_t) b) >> 31); // b != 0
-    return mask & exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(log[a] + log[b])];
+    return mask & gf_exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(gf_log[a] + gf_log[b])];
 }
 
 
 
 /**
- * Squares an element of GF(2^PARAM_M).
+ * @brief Squares an element of GF(2^PARAM_M)
  * @returns a^2
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a) {
     int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
-    return mask & exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(2 * log[a])];
+    return mask & gf_exp[PQCLEAN_HQCRMRS256_CLEAN_gf_mod(2 * gf_log[a])];
 }
 
 
 
 /**
- * Computes the inverse of an element of GF(2^PARAM_M).
+ * @brief Computes the inverse of an element of GF(2^PARAM_M)
  * @returns the inverse of a
  * @param[in] a Element of GF(2^PARAM_M)
  */
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_inverse(uint16_t a) {
     int16_t mask = (uint16_t) (-((int32_t) a) >> 31); // a != 0
-    return mask & exp[PARAM_GF_MUL_ORDER - log[a]];
+    return mask & gf_exp[PARAM_GF_MUL_ORDER - gf_log[a]];
 }
 
 
 
 /**
- * Returns i modulo 2^PARAM_M-1.
+ * @brief Returns i modulo 2^PARAM_M-1
  * i must be less than 2*(2^PARAM_M-1).
  * Therefore, the return value is either i or i-2^PARAM_M+1.
  * @returns i mod (2^PARAM_M-1)

crypto_kem/hqc-rmrs-256/clean/gf.h

@@ -18,7 +18,7 @@
  * The last two elements are needed by the PQCLEAN_HQCRMRS256_CLEAN_gf_mul function
  * (for example if both elements to multiply are zero).
  */
-static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
+static const uint16_t gf_exp[258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 1, 2, 4 };
 
 
 
@@ -26,11 +26,9 @@ static const uint16_t exp [258] = { 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 23
  * Logarithm of elements of GF(2^8) to the base alpha (root of 1 + x^2 + x^3 + x^4 + x^8).
  * The logarithm of 0 is set to 0 by convention.
  */
-static const uint16_t log [256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
+static const uint16_t gf_log[256] = { 0, 0, 1, 25, 2, 50, 26, 198, 3, 223, 51, 238, 27, 104, 199, 75, 4, 100, 224, 14, 52, 141, 239, 129, 28, 193, 105, 248, 200, 8, 76, 113, 5, 138, 101, 47, 225, 36, 15, 33, 53, 147, 142, 218, 240, 18, 130, 69, 29, 181, 194, 125, 106, 39, 249, 185, 201, 154, 9, 120, 77, 228, 114, 166, 6, 191, 139, 98, 102, 221, 48, 253, 226, 152, 37, 179, 16, 145, 34, 136, 54, 208, 148, 206, 143, 150, 219, 189, 241, 210, 19, 92, 131, 56, 70, 64, 30, 66, 182, 163, 195, 72, 126, 110, 107, 58, 40, 84, 250, 133, 186, 61, 202, 94, 155, 159, 10, 21, 121, 43, 78, 212, 229, 172, 115, 243, 167, 87, 7, 112, 192, 247, 140, 128, 99, 13, 103, 74, 222, 237, 49, 197, 254, 24, 227, 165, 153, 119, 38, 184, 180, 124, 17, 68, 146, 217, 35, 32, 137, 46, 55, 63, 209, 91, 149, 188, 207, 205, 144, 135, 151, 178, 220, 252, 190, 97, 242, 86, 211, 171, 20, 42, 93, 158, 132, 60, 57, 83, 71, 109, 65, 162, 31, 45, 67, 216, 183, 123, 164, 118, 196, 23, 73, 236, 127, 12, 111, 246, 108, 161, 59, 82, 41, 157, 85, 170, 251, 96, 134, 177, 187, 204, 62, 90, 203, 89, 95, 176, 156, 169, 160, 81, 11, 245, 22, 235, 122, 117, 44, 215, 79, 174, 213, 233, 230, 231, 173, 232, 116, 214, 244, 234, 168, 80, 88, 175 };
 
 
-uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_log(uint16_t elt);
-
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_mul(uint16_t a, uint16_t b);
 
 uint16_t PQCLEAN_HQCRMRS256_CLEAN_gf_square(uint16_t a);

crypto_kem/hqc-rmrs-256/clean/reed_solomon.c

@@ -231,7 +231,7 @@ static void compute_error_values(uint16_t *error_values, const uint16_t *z, cons
         uint16_t valuemask = (uint16_t) (-((int32_t)error[i]) >> 31); // error[i] != 0
         for (uint16_t j = 0; j < PARAM_DELTA; j++) {
             uint16_t indexmask = ~((uint16_t) (-((int32_t) j ^ delta_counter) >> 31)); // j == delta_counter
-            beta_j[j] += indexmask & valuemask & exp[i];
+            beta_j[j] += indexmask & valuemask & gf_exp[i];
             found += indexmask & valuemask & 1;
         }
         delta_counter += found;

test/duplicate_consistency/hqc-128_clean.yml

@@ -68,6 +68,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c
@@ -87,6 +88,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c
@@ -106,6 +108,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c

test/duplicate_consistency/hqc-192_clean.yml

@@ -44,6 +44,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c
@@ -64,6 +65,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c
@@ -84,6 +86,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c

test/duplicate_consistency/hqc-256_clean.yml

@@ -16,6 +16,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c
@@ -36,6 +37,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c
@@ -56,6 +58,7 @@ consistency_checks:
       - parsing.h
       - vector.h
       - gf2x.c
+      - gf.c
       - hqc.c
       - kem.c
       - parsing.c