kris
/
sidh-torture
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
Takes 2 SIKE/SIDH implementations and runs them against each other until something goes wrong
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
10 Commits
3 Ramas
190 KiB
 
 
 
 
Árbol: 48059bd908
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '48059bd908'
${ noResults }
sidh-torture/sidh/msr/include/P503_api.h

107 líneas
6.3 KiB
Original Blame Histórico 

  1. /********************************************************************************************

  2. * SIDH: an efficient supersingular isogeny cryptography library

  3. *

  4. * Abstract: API header file for P503

  5. *********************************************************************************************/  

  6. 

  7. #ifndef __P503_API_H__

  8. #define __P503_API_H__

  9.     

  10. 

  11. /*********************** Key encapsulation mechanism API ***********************/

  12. 

  13. #define CRYPTO_SECRETKEYBYTES     434    // MSG_BYTES + SECRETKEY_B_BYTES + CRYPTO_PUBLICKEYBYTES bytes

  14. #define CRYPTO_PUBLICKEYBYTES     378

  15. #define CRYPTO_BYTES               16

  16. #define CRYPTO_CIPHERTEXTBYTES    402    // CRYPTO_PUBLICKEYBYTES + MSG_BYTES bytes  

  17. 

  18. // Algorithm name

  19. #define CRYPTO_ALGNAME "SIKEp503"  

  20. 

  21. // SIKE's key generation

  22. // It produces a private key sk and computes the public key pk.

  23. // Outputs: secret key sk (CRYPTO_SECRETKEYBYTES = 434 bytes)

  24. //          public key pk (CRYPTO_PUBLICKEYBYTES = 378 bytes) 

  25. int crypto_kem_keypair_SIKEp503(unsigned char *pk, unsigned char *sk);

  26. 

  27. // SIKE's encapsulation

  28. // Input:   public key pk         (CRYPTO_PUBLICKEYBYTES = 378 bytes)

  29. // Outputs: shared secret ss      (CRYPTO_BYTES = 16 bytes)

  30. //          ciphertext message ct (CRYPTO_CIPHERTEXTBYTES = 402 bytes)

  31. int crypto_kem_enc_SIKEp503(unsigned char *ct, unsigned char *ss, const unsigned char *pk);

  32. 

  33. // SIKE's decapsulation

  34. // Input:   secret key sk         (CRYPTO_SECRETKEYBYTES = 434 bytes)

  35. //          ciphertext message ct (CRYPTO_CIPHERTEXTBYTES = 402 bytes) 

  36. // Outputs: shared secret ss      (CRYPTO_BYTES = 16 bytes)

  37. int crypto_kem_dec_SIKEp503(unsigned char *ss, const unsigned char *ct, const unsigned char *sk);

  38. 

  39. 

  40. // Encoding of keys for KEM-based isogeny system "SIKEp503" (wire format):

  41. // ----------------------------------------------------------------------

  42. // Elements over GF(p503) are encoded in 63 octets in little endian format (i.e., the least significant octet is located in the lowest memory address). 

  43. // Elements (a+b*i) over GF(p503^2), where a and b are defined over GF(p503), are encoded as {a, b}, with a in the lowest memory portion.

  44. //

  45. // Private keys sk consist of the concatenation of a 24-byte random value, a value in the range [0, 2^252-1] and the public key pk. In the SIKE API, 

  46. // private keys are encoded in 434 octets in little endian format. 

  47. // Public keys pk consist of 3 elements in GF(p503^2). In the SIKE API, pk is encoded in 378 octets. 

  48. // Ciphertexts ct consist of the concatenation of a public key value and a 24-byte value. In the SIKE API, ct is encoded in 378 + 24 = 402 octets.  

  49. // Shared keys ss consist of a value of 16 octets.

  50. 

  51. 

  52. /*********************** Ephemeral key exchange API ***********************/

  53. 

  54. #define SIDH_SECRETKEYBYTES      32

  55. #define SIDH_PUBLICKEYBYTES     378

  56. #define SIDH_BYTES              126

  57. 

  58. // SECURITY NOTE: SIDH supports ephemeral Diffie-Hellman key exchange. It is NOT secure to use it with static keys.

  59. // See "On the Security of Supersingular Isogeny Cryptosystems", S.D. Galbraith, C. Petit, B. Shani and Y.B. Ti, in ASIACRYPT 2016, 2016.

  60. // Extended version available at: http://eprint.iacr.org/2016/859  

  61. 

  62. // Generation of Alice's secret key 

  63. // Outputs random value in [0, 2^250 - 1] to be used as Alice's private key

  64. void random_mod_order_A_SIDHp503(unsigned char* random_digits);

  65. 

  66. // Generation of Bob's secret key 

  67. // Outputs random value in [0, 2^Floor(Log(2,3^159)) - 1] to be used as Bob's private key

  68. void random_mod_order_B_SIDHp503(unsigned char* random_digits);

  69. 

  70. // Alice's ephemeral public key generation

  71. // Input:  a private key PrivateKeyA in the range [0, 2^250 - 1], stored in 32 bytes. 

  72. // Output: the public key PublicKeyA consisting of 3 GF(p503^2) elements encoded in 378 bytes.

  73. int EphemeralKeyGeneration_A_SIDHp503(const unsigned char* PrivateKeyA, unsigned char* PublicKeyA);

  74. 

  75. // Bob's ephemeral key-pair generation

  76. // It produces a private key PrivateKeyB and computes the public key PublicKeyB.

  77. // The private key is an integer in the range [0, 2^Floor(Log(2,3^159)) - 1], stored in 32 bytes. 

  78. // The public key consists of 3 GF(p503^2) elements encoded in 378 bytes.

  79. int EphemeralKeyGeneration_B_SIDHp503(const unsigned char* PrivateKeyB, unsigned char* PublicKeyB);

  80. 

  81. // Alice's ephemeral shared secret computation

  82. // It produces a shared secret key SharedSecretA using her secret key PrivateKeyA and Bob's public key PublicKeyB

  83. // Inputs: Alice's PrivateKeyA is an integer in the range [0, 2^250 - 1], stored in 32 bytes. 

  84. //         Bob's PublicKeyB consists of 3 GF(p503^2) elements encoded in 378 bytes.

  85. // Output: a shared secret SharedSecretA that consists of one element in GF(p503^2) encoded in 126 bytes.

  86. int EphemeralSecretAgreement_A_SIDHp503(const unsigned char* PrivateKeyA, const unsigned char* PublicKeyB, unsigned char* SharedSecretA);

  87. 

  88. // Bob's ephemeral shared secret computation

  89. // It produces a shared secret key SharedSecretB using his secret key PrivateKeyB and Alice's public key PublicKeyA

  90. // Inputs: Bob's PrivateKeyB is an integer in the range [0, 2^Floor(Log(2,3^159)) - 1], stored in 32 bytes. 

  91. //         Alice's PublicKeyA consists of 3 GF(p503^2) elements encoded in 378 bytes.

  92. // Output: a shared secret SharedSecretB that consists of one element in GF(p503^2) encoded in 126 bytes.

  93. int EphemeralSecretAgreement_B_SIDHp503(const unsigned char* PrivateKeyB, const unsigned char* PublicKeyA, unsigned char* SharedSecretB);

  94. 

  95. 

  96. // Encoding of keys for KEX-based isogeny system "SIDHp503" (wire format):

  97. // ----------------------------------------------------------------------

  98. // Elements over GF(p503) are encoded in 63 octets in little endian format (i.e., the least significant octet is located in the lowest memory address). 

  99. // Elements (a+b*i) over GF(p503^2), where a and b are defined over GF(p503), are encoded as {a, b}, with a in the lowest memory portion.

  100. //

  101. // Private keys PrivateKeyA and PrivateKeyB can have values in the range [0, 2^250-1] and [0, 2^252-1], resp. In the SIDH API, private keys are encoded 

  102. // in 32 octets in little endian format. 

  103. // Public keys PublicKeyA and PublicKeyB consist of 3 elements in GF(p503^2). In the SIDH API, they are encoded in 378 octets. 

  104. // Shared keys SharedSecretA and SharedSecretB consist of one element in GF(p503^2). In the SIDH API, they are encoded in 126 octets.

  105. 

  106. 

  107. #endif