kris
/
sike_ifma
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
1 Commit
1 Branche
116 KiB
Branche: master
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'master'
${ noResults }
sike_ifma/sidh_ref/sike.c

sike.c 4.0 KiB
Brut Lien permanent Vue normale Historique

works on amazon
il y a 4 ans
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. /********************************************************************************************

  2. * Supersingular Isogeny Key Encapsulation Library

  3. *

  4. * Abstract: supersingular isogeny key encapsulation (SIKE) protocol

  5. *********************************************************************************************/ 

  6. 

  7. #include <string.h>

  8. #include "P751_internal.h"

  9. #include "sha3/fips202.h"

  10. 

  11. 

  12. int crypto_kem_keypair(unsigned char *pk, unsigned char *sk)

  13. { // SIKE's key generation

  14.   // Outputs: secret key sk (CRYPTO_SECRETKEYBYTES = MSG_BYTES + SECRETKEY_B_BYTES + CRYPTO_PUBLICKEYBYTES bytes)

  15.   //          public key pk (CRYPTO_PUBLICKEYBYTES bytes) 

  16. 

  17.     // Generate lower portion of secret key sk <- s||SK

  18.     randombytes(sk, MSG_BYTES);

  19.     random_mod_order_B(sk + MSG_BYTES);

  20. 

  21.     // Generate public key pk

  22.     EphemeralKeyGeneration_B(sk + MSG_BYTES, pk);

  23. 

  24.     // Append public key pk to secret key sk

  25.     memcpy(&sk[MSG_BYTES + SECRETKEY_B_BYTES], pk, CRYPTO_PUBLICKEYBYTES);

  26. 

  27.     return 0;

  28. }

  29. 

  30. 

  31. int crypto_kem_enc(unsigned char *ct, unsigned char *ss, const unsigned char *pk)

  32. { // SIKE's encapsulation

  33.   // Input:   public key pk         (CRYPTO_PUBLICKEYBYTES bytes)

  34.   // Outputs: shared secret ss      (CRYPTO_BYTES bytes)

  35.   //          ciphertext message ct (CRYPTO_CIPHERTEXTBYTES = CRYPTO_PUBLICKEYBYTES + MSG_BYTES bytes) 

  36.     const uint16_t G = 0;

  37.     const uint16_t H = 1;

  38.     const uint16_t P = 2;

  39.     unsigned char ephemeralsk[SECRETKEY_A_BYTES];

  40.     unsigned char jinvariant[FP2_ENCODED_BYTES];

  41.     unsigned char h[MSG_BYTES];

  42.     unsigned char temp[CRYPTO_CIPHERTEXTBYTES+MSG_BYTES];

  43.     unsigned int i;

  44. 

  45.     // Generate ephemeralsk <- G(m||pk) mod oA 

  46.     randombytes(temp, MSG_BYTES);

  47.     memcpy(&temp[MSG_BYTES], pk, CRYPTO_PUBLICKEYBYTES);

  48.     cshake256_simple(ephemeralsk, SECRETKEY_A_BYTES, G, temp, CRYPTO_PUBLICKEYBYTES+MSG_BYTES);

  49.     ephemeralsk[SECRETKEY_A_BYTES - 1] &= MASK_ALICE;

  50. 

  51.     // Encrypt

  52.     EphemeralKeyGeneration_A(ephemeralsk, ct);

  53.     EphemeralSecretAgreement_A(ephemeralsk, pk, jinvariant);

  54.     cshake256_simple(h, MSG_BYTES, P, jinvariant, FP2_ENCODED_BYTES);

  55.     for (i = 0; i < MSG_BYTES; i++) ct[i + CRYPTO_PUBLICKEYBYTES] = temp[i] ^ h[i];

  56. 

  57.     // Generate shared secret ss <- H(m||ct)

  58.     memcpy(&temp[MSG_BYTES], ct, CRYPTO_CIPHERTEXTBYTES);

  59.     cshake256_simple(ss, CRYPTO_BYTES, H, temp, CRYPTO_CIPHERTEXTBYTES+MSG_BYTES);

  60. 

  61.     return 0;

  62. }

  63. 

  64. 

  65. int crypto_kem_dec(unsigned char *ss, const unsigned char *ct, const unsigned char *sk)

  66. { // SIKE's decapsulation

  67.   // Input:   secret key sk         (CRYPTO_SECRETKEYBYTES = MSG_BYTES + SECRETKEY_B_BYTES + CRYPTO_PUBLICKEYBYTES bytes)

  68.   //          ciphertext message ct (CRYPTO_CIPHERTEXTBYTES = CRYPTO_PUBLICKEYBYTES + MSG_BYTES bytes) 

  69.   // Outputs: shared secret ss      (CRYPTO_BYTES bytes)

  70.     const uint16_t G = 0;

  71.     const uint16_t H = 1;

  72.     const uint16_t P = 2;

  73.     unsigned char ephemeralsk_[SECRETKEY_A_BYTES];

  74.     unsigned char jinvariant_[FP2_ENCODED_BYTES];

  75.     unsigned char h_[MSG_BYTES];

  76.     unsigned char c0_[CRYPTO_PUBLICKEYBYTES];

  77.     unsigned char temp[CRYPTO_CIPHERTEXTBYTES+MSG_BYTES];

  78.     unsigned int i;

  79. 

  80.     // Decrypt

  81.     EphemeralSecretAgreement_B(sk + MSG_BYTES, ct, jinvariant_);

  82.     cshake256_simple(h_, MSG_BYTES, P, jinvariant_, FP2_ENCODED_BYTES);

  83.     for (i = 0; i < MSG_BYTES; i++) temp[i] = ct[i + CRYPTO_PUBLICKEYBYTES] ^ h_[i];

  84. 

  85.     // Generate ephemeralsk_ <- G(m||pk) mod oA

  86.     memcpy(&temp[MSG_BYTES], &sk[MSG_BYTES + SECRETKEY_B_BYTES], CRYPTO_PUBLICKEYBYTES);

  87.     cshake256_simple(ephemeralsk_, SECRETKEY_A_BYTES, G, temp, CRYPTO_PUBLICKEYBYTES+MSG_BYTES);

  88.     ephemeralsk_[SECRETKEY_A_BYTES - 1] &= MASK_ALICE;

  89.     

  90.     // Generate shared secret ss <- H(m||ct) or output ss <- H(s||ct)

  91.     EphemeralKeyGeneration_A(ephemeralsk_, c0_);

  92.     if (memcmp(c0_, ct, CRYPTO_PUBLICKEYBYTES) != 0) {

  93.         memcpy(temp, sk, MSG_BYTES);

  94.     }

  95.     memcpy(&temp[MSG_BYTES], ct, CRYPTO_CIPHERTEXTBYTES);

  96.     cshake256_simple(ss, CRYPTO_BYTES, H, temp, CRYPTO_CIPHERTEXTBYTES+MSG_BYTES);

  97. 

  98.     return 0;

  99. }