mirror of
https://github.com/open-quantum-safe/liboqs.git
synced 2025-10-04 00:02:01 -04:00
Remove KEX_RLWE_BCNS15
This commit is contained in:
Douglas Stebila
parent
38757741fc
commit
08330aee8b
@ -30,7 +30,6 @@ endif
|
||||
if USE_KEX_NTRU
|
||||
liboqs_la_LIBADD += src/kex_ntru/libntru.la
|
||||
endif
|
||||
liboqs_la_LIBADD += src/kex_rlwe_bcns15/libbcns15.la
|
||||
if USE_KEX_RLWE_NEWHOPE
|
||||
liboqs_la_LIBADD += src/kex_rlwe_newhope/libnewhope.la
|
||||
endif
|
||||
@ -65,7 +64,6 @@ installheader_HEADERS=config.h \
|
||||
src/kex/kex.h \
|
||||
src/kex_lwe_frodo/kex_lwe_frodo.h \
|
||||
src/kex_ntru/kex_ntru.h \
|
||||
src/kex_rlwe_bcns15/kex_rlwe_bcns15.h \
|
||||
src/kex_rlwe_newhope/kex_rlwe_newhope.h \
|
||||
src/kex_sidh_msr/kex_sidh_msr.h \
|
||||
src/kem/sike/kem_sike.h \
|
||||
@ -216,7 +214,6 @@ links:
|
||||
cp -f src/kex/kex.h include/oqs
|
||||
cp -f src/kex_lwe_frodo/kex_lwe_frodo.h include/oqs
|
||||
cp -f src/kex_ntru/kex_ntru.h include/oqs
|
||||
cp -f src/kex_rlwe_bcns15/kex_rlwe_bcns15.h include/oqs
|
||||
cp -f src/kex_rlwe_newhope/kex_rlwe_newhope.h include/oqs
|
||||
if USE_KEX_RLWE_NEWHOPE_AVX2
|
||||
bash patches/apply-patch.sh kex_rlwe_newhope_avx2
|
||||
|
||||
@ -23,7 +23,6 @@ Contents
|
||||
|
||||
liboqs currently contains:
|
||||
|
||||
- `kex_rlwe_bcns15`: key exchange from the ring learning with errors problem (Bos, Costello, Naehrig, Stebila, *IEEE Symposium on Security & Privacy 2015*, [https://eprint.iacr.org/2014/599](https://eprint.iacr.org/2014/599))
|
||||
- `kex_rlwe_newhope`: "NewHope": key exchange from the ring learning with errors problem (Alkim, Ducas, Pöppelmann, Schwabe, *USENIX Security 2016*, [https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092)) (using the reference C implementation of NewHope from [https://github.com/tpoeppelmann/newhope](https://github.com/tpoeppelmann/newhope))
|
||||
- `kex_lwe_frodo`: "Frodo": key exchange from the learning with errors problem (Bos, Costello, Ducas, Mironov, Naehrig, Nikolaenko, Raghunathan, Stebila, *ACM Conference on Computer and Communications Security 2016*, [https://eprint.iacr.org/2016/659](https://eprint.iacr.org/2016/659))
|
||||
- `kex_sidh_msr`: key exchange from the supersingular isogeny Diffie-Hellman problem (Costello, Naehrig, Longa, *CRYPTO 2016*, [https://eprint.iacr.org/2016/413](https://eprint.iacr.org/2016/413)), using the implementation of Microsoft Research [https://www.microsoft.com/en-us/research/project/sidh-library/](https://www.microsoft.com/en-us/research/project/sidh-library/)
|
||||
@ -86,7 +85,7 @@ To run benchmark only on some ciphers, run
|
||||
|
||||
to list the available ciphers and then run e.g.
|
||||
|
||||
./test_kex --bench rlwe_bcns15 rlwe_newhope
|
||||
./test_kex --bench rlwe_newhope
|
||||
|
||||
|
||||
#### Memory benchmarks
|
||||
@ -222,7 +221,6 @@ liboqs is licensed under the MIT License; see [LICENSE.txt](https://github.com/o
|
||||
- `src/crypto/rand_urandom_chacha20/external`: public domain
|
||||
- `src/crypto/sha3`: public domain
|
||||
- `src/kex_code_mcbits`: public domain
|
||||
- `src/kex_rlwe_bcns15`: public domain ([Unlicense](http://unlicense.org))
|
||||
- `src/kex_rlwe_newhope`: public domain
|
||||
- `src/kex_sidh_msr`: MIT License
|
||||
- `src/sig_picnic`: MIT License
|
||||
|
||||
@ -49,10 +49,6 @@
|
||||
<ClInclude Include="..\..\src\kex_lwe_frodo\kex_lwe_frodo.h" />
|
||||
<ClInclude Include="..\..\src\kex_lwe_frodo\local.h" />
|
||||
<ClInclude Include="..\..\src\kex_ntru\kex_ntru.h" />
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" />
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\local.h" />
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\rlwe_a.h" />
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\rlwe_table.h" />
|
||||
<ClInclude Include="..\..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" />
|
||||
<ClInclude Include="..\..\src\kex_rlwe_newhope\params.h" />
|
||||
<ClInclude Include="..\..\src\kex_sidh_msr\kex_sidh_msr.h" />
|
||||
@ -101,10 +97,6 @@
|
||||
<ClCompile Include="..\..\src\kex_lwe_frodo\lwe.c" />
|
||||
<ClCompile Include="..\..\src\kex_lwe_frodo\lwe_noise.c" />
|
||||
<ClCompile Include="..\..\src\kex_ntru\kex_ntru.c" />
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\fft.c" />
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.c" />
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\rlwe.c" />
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\rlwe_kex.c" />
|
||||
<ClCompile Include="..\..\src\kex_rlwe_newhope\kex_rlwe_newhope.c" />
|
||||
<ClCompile Include="..\..\src\kex_sidh_msr\kex_sidh_msr.c" />
|
||||
<ClCompile Include="..\..\src\kex_sidh_msr\P503\P503.c" />
|
||||
@ -256,7 +248,7 @@
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
@ -276,7 +268,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
@ -293,7 +284,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
|
||||
@ -314,7 +305,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
@ -331,7 +321,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
@ -352,7 +342,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
@ -374,7 +363,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
|
||||
</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
|
||||
@ -397,7 +386,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
@ -419,7 +407,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
|
||||
<Optimization>MaxSpeed</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
@ -441,7 +429,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
@ -460,7 +447,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
|
||||
<Optimization>MaxSpeed</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
|
||||
@ -483,7 +470,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
@ -502,7 +488,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
|
||||
<Optimization>MaxSpeed</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
@ -525,7 +511,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
@ -549,7 +534,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
|
||||
<Optimization>MaxSpeed</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<PreprocessorDefinitions>inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<SDLCheck>false</SDLCheck>
|
||||
<AdditionalIncludeDirectories>$(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\</AdditionalIncludeDirectories>
|
||||
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
|
||||
@ -574,7 +559,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h"
|
||||
copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\"
|
||||
copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\"
|
||||
|
||||
@ -1,15 +1,9 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\fft.c">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\src\kex_lwe_frodo\kex_lwe_frodo.c">
|
||||
<Filter>KEX_Frodo</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.c">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\src\kex_rlwe_newhope\kex_rlwe_newhope.c">
|
||||
<Filter>KEX_NewHope</Filter>
|
||||
</ClCompile>
|
||||
@ -19,12 +13,6 @@
|
||||
<ClCompile Include="..\..\src\kex_lwe_frodo\lwe_noise.c">
|
||||
<Filter>KEX_Frodo</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\rlwe.c">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\src\kex_rlwe_bcns15\rlwe_kex.c">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\..\src\common\common.c">
|
||||
<Filter>Common</Filter>
|
||||
</ClCompile>
|
||||
@ -138,27 +126,15 @@
|
||||
<ClInclude Include="..\..\src\kex_lwe_frodo\kex_lwe_frodo.h">
|
||||
<Filter>KEX_Frodo</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\kex_rlwe_newhope\kex_rlwe_newhope.h">
|
||||
<Filter>KEX_NewHope</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\local.h">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\kex_lwe_frodo\local.h">
|
||||
<Filter>KEX_Frodo</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\kex_rlwe_newhope\params.h">
|
||||
<Filter>KEX_NewHope</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\rlwe_table.h">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\kex_rlwe_bcns15\rlwe_a.h">
|
||||
<Filter>KEX_BCNS15</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="..\..\src\common\common.h">
|
||||
<Filter>Common</Filter>
|
||||
</ClInclude>
|
||||
@ -297,9 +273,6 @@
|
||||
<Filter Include="KEX">
|
||||
<UniqueIdentifier>{3bb6aa76-f294-47a9-bf22-76245c9cb1d1}</UniqueIdentifier>
|
||||
</Filter>
|
||||
<Filter Include="KEX_BCNS15">
|
||||
<UniqueIdentifier>{ab581356-2a96-4211-99e3-f5cecd92eda3}</UniqueIdentifier>
|
||||
</Filter>
|
||||
<Filter Include="KEX_Frodo">
|
||||
<UniqueIdentifier>{6bfff158-3e78-402f-ba16-e8d315089de8}</UniqueIdentifier>
|
||||
</Filter>
|
||||
|
||||
@ -176,7 +176,6 @@ SRCDIR=${SRCDIR}" src/crypto/aes src/crypto/sha3 src/crypto/rand_urandom_aesctr
|
||||
|
||||
# KEX
|
||||
SRCDIR=${SRCDIR}" src/kex"
|
||||
SRCDIR=${SRCDIR}" src/kex_rlwe_bcns15"
|
||||
|
||||
if test x"$kex_lwe_frodo" = x"true"; then
|
||||
SRCDIR=${SRCDIR}" src/kex_lwe_frodo"
|
||||
@ -271,7 +270,6 @@ AC_CONFIG_FILES([Makefile
|
||||
src/crypto/rand_urandom_chacha20/Makefile
|
||||
src/crypto/rand_urandom_aesctr/Makefile
|
||||
src/crypto/aes/Makefile
|
||||
src/kex_rlwe_bcns15/Makefile
|
||||
src/kex_rlwe_newhope/Makefile
|
||||
src/kex_sidh_msr/Makefile
|
||||
src/kex_code_mcbits/Makefile
|
||||
|
||||
@ -1,80 +0,0 @@
|
||||
Algorithm data sheet: `kex_rlwe_bcns15`
|
||||
=======================================
|
||||
|
||||
Algorithm
|
||||
---------
|
||||
|
||||
**Name:** BCNS15
|
||||
|
||||
**Description:** Key exchange protocol proposed by Bos et al. [BCNS15] based on the ring learning with errors problem. Instantiation of the approximate KEM in public key encryption scheme of Lyubashevsky, Peikert, Regev [LPR10], using reconciliation mechanism of Peikert [Pei14].
|
||||
|
||||
**Supporting research:**
|
||||
|
||||
- [BCNS15] Joppe W. Bos, Craig Costello, Michael Naehrig, Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In *IEEE Symposium on Security and Privacy (S&P) 2015*, pp. 553-570. IEEE, May 2015. [https://eprint.iacr.org/2014/599](https://eprint.iacr.org/2014/599)
|
||||
- [Pei14] Chris Peikert. Lattice cryptography for the Internet. In *PQCrypto 2014*, volume 8772 of LNCS, pages 197–219. Springer, 2014. [https://eprint.iacr.org/2014/070](https://eprint.iacr.org/2014/070)
|
||||
- [LPR10] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In *EUROCRYPT 2010*, volume 6110 of LNCS, pages 1–23. Springer, May 2010. [https://eprint.iacr.org/2012/230](https://eprint.iacr.org/2012/230)
|
||||
|
||||
Security
|
||||
--------
|
||||
|
||||
**Security model:** Unauthenticated key exchange / passive (IND-CPA) key encapsulation mechanism
|
||||
|
||||
**Underlying hard problem(s):** Decision ring learning with errors problem
|
||||
|
||||
Parameter set 1
|
||||
---------------
|
||||
|
||||
**Claimed classical security:**
|
||||
|
||||
- 2^163.8 (original paper)
|
||||
- 2^86 ([https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092))
|
||||
|
||||
**Claimed quantum security:**
|
||||
|
||||
- ≥ 2^81.9 (original paper)
|
||||
- 2^78 ([https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092))
|
||||
|
||||
**Communication size:**
|
||||
|
||||
- Alice → Bob: 4,096 bytes
|
||||
- Bob → Alice: 4,224 bytes
|
||||
- total: 8,320 bytes
|
||||
|
||||
Implementation
|
||||
--------------
|
||||
|
||||
**Source of implementation:** Original research paper ([https://github.com/dstebila/rlwekex](https://github.com/dstebila/rlwekex))
|
||||
|
||||
**License:** Public domain ("Unlicense", [http://unlicense.org](http://unlicense.org))
|
||||
|
||||
**Language:** C
|
||||
|
||||
**Constant-time:** When preprocessor macro `CONSTANT_TIME` is defined
|
||||
|
||||
**Options:**
|
||||
|
||||
- preprocessor macro `CONSTANT_TIME` to enable constant-time code
|
||||
|
||||
**Testing:**
|
||||
|
||||
- Correctness: covered by test harness `test_kex`
|
||||
- Statistics of shared secrets: covered by test harness `test_kex`
|
||||
- statistical distance from uniform over 100 iterations: 0.0561185025
|
||||
- Static analysis:
|
||||
- `scan_build`
|
||||
|
||||
**Runtime:**
|
||||
|
||||
Operation | Iterations | Total time (s) | Time (us): mean | pop. stdev | CPU cycles: mean | pop. stdev
|
||||
------------------------------ | ----------:| --------------:| ---------------:| ----------:| ----------------:| ----------:
|
||||
alice 0 | 17664 | 10.000 | 566.145 | 24.189 | 2269004 | 96901
|
||||
bob | 10923 | 10.001 | 915.562 | 53.806 | 3669454 | 215632
|
||||
alice 1 | 86154 | 10.000 | 116.071 | 13.987 | 465102 | 56014
|
||||
|
||||
Runtime measurement configuration:
|
||||
|
||||
- CPU: Intel Core i7 (6700K "Skylake") with 4 cores each running at 4.0 GHz; single-threaded runtime measurements
|
||||
- TurboBoost and hyperthreading (hardware multithreading): disabled
|
||||
- liboqs version: commit [c5382941aecc85df90b9179458c9fba7a9f45611](https://github.com/open-quantum-safe/liboqs/commit/c5382941aecc85df90b9179458c9fba7a9f45611)
|
||||
- compiler: gcc-6 (Homebrew gcc 6.2.0) 6.2.0
|
||||
- build command: make CC=gcc-6
|
||||
@ -4,7 +4,6 @@
|
||||
|
||||
#include <oqs/kex_lwe_frodo.h>
|
||||
#include <oqs/kex_ntru.h>
|
||||
#include <oqs/kex_rlwe_bcns15.h>
|
||||
#include <oqs/kex_rlwe_newhope.h>
|
||||
#include <oqs/kex_sidh_msr.h>
|
||||
|
||||
@ -31,7 +30,7 @@ OQS_KEX *OQS_KEX_new(OQS_RAND *rand, enum OQS_KEX_alg_name alg_name, const uint8
|
||||
|
||||
switch (alg_name) {
|
||||
case OQS_KEX_alg_default:
|
||||
return OQS_KEX_rlwe_bcns15_new(rand);
|
||||
return OQS_KEX_rlwe_newhope_new(rand);
|
||||
case OQS_KEX_alg_lwe_frodo:
|
||||
#ifdef ENABLE_KEX_LWE_FRODO
|
||||
return OQS_KEX_lwe_frodo_new_recommended(rand, seed, seed_len, named_parameters);
|
||||
@ -52,8 +51,6 @@ OQS_KEX *OQS_KEX_new(OQS_RAND *rand, enum OQS_KEX_alg_name alg_name, const uint8
|
||||
assert(0);
|
||||
#endif
|
||||
#endif
|
||||
case OQS_KEX_alg_rlwe_bcns15:
|
||||
return OQS_KEX_rlwe_bcns15_new(rand);
|
||||
case OQS_KEX_alg_rlwe_newhope:
|
||||
#ifdef ENABLE_KEX_RLWE_NEWHOPE
|
||||
return OQS_KEX_rlwe_newhope_new(rand);
|
||||
|
||||
@ -20,7 +20,6 @@
|
||||
|
||||
enum OQS_KEX_alg_name {
|
||||
OQS_KEX_alg_default,
|
||||
OQS_KEX_alg_rlwe_bcns15,
|
||||
OQS_KEX_alg_rlwe_newhope,
|
||||
OQS_KEX_alg_lwe_frodo,
|
||||
OQS_KEX_alg_sidh_msr_503,
|
||||
|
||||
@ -34,7 +34,6 @@ struct kex_testcase kex_testcases[] = {
|
||||
{OQS_KEX_alg_ntru, NULL, 0, NULL, "ntru", 0, 25},
|
||||
#endif
|
||||
#endif
|
||||
{OQS_KEX_alg_rlwe_bcns15, NULL, 0, NULL, "rlwe_bcns15", 0, 100},
|
||||
#ifdef ENABLE_KEX_RLWE_NEWHOPE
|
||||
{OQS_KEX_alg_rlwe_newhope, NULL, 0, NULL, "rlwe_newhope", 0, 100},
|
||||
#endif
|
||||
|
||||
@ -39,4 +39,4 @@ void oqs_kex_lwe_frodo_mul_add_sa_plus_e_on_the_fly_recommended(uint16_t *b, con
|
||||
void oqs_kex_lwe_frodo_mul_add_sb_plus_e_recommended(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e);
|
||||
void oqs_kex_lwe_frodo_mul_bs_recommended(uint16_t *out, const uint16_t *b, const uint16_t *s);
|
||||
|
||||
#endif /* _OQS_KEX_RLWE_BCNS15_LOCAL_H_ */
|
||||
#endif /* _OQS_KEX_LWE_FRODO_LOCAL_H_ */
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
The files in this directory (except kex_rlwe_bcns15.*) were originally written
|
||||
by Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila
|
||||
(https://github.com/dstebila/rlwekex).
|
||||
|
||||
|
||||
The following license applies to all files in the src/kex_rlwe_bcns15 directory.
|
||||
|
||||
|
||||
This is free and unencumbered software released into the public domain.
|
||||
|
||||
Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
distribute this software, either in source code form or as a compiled
|
||||
binary, for any purpose, commercial or non-commercial, and by any
|
||||
means.
|
||||
|
||||
In jurisdictions that recognize copyright laws, the author or authors
|
||||
of this software dedicate any and all copyright interest in the
|
||||
software to the public domain. We make this dedication for the benefit
|
||||
of the public at large and to the detriment of our heirs and
|
||||
successors. We intend this dedication to be an overt act of
|
||||
relinquishment in perpetuity of all present and future rights to this
|
||||
software under copyright law.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
|
||||
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
||||
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||
OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
For more information, please refer to <http://unlicense.org>
|
||||
@ -1,9 +0,0 @@
|
||||
AUTOMAKE_OPTIONS = foreign
|
||||
noinst_LTLIBRARIES = libbcns15.la
|
||||
|
||||
|
||||
libbcns15_la_SOURCES = fft.c kex_rlwe_bcns15.c rlwe.c rlwe_kex.c
|
||||
|
||||
libbcns15_la_CPPFLAGS = -I../../include
|
||||
libbcns15_la_CPPFLAGS += $(AM_CPPFLAGS)
|
||||
|
||||
@ -1,243 +0,0 @@
|
||||
/* This is free and unencumbered software released into the public domain.
|
||||
*
|
||||
* Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
* distribute this software, either in source code form or as a compiled
|
||||
* binary, for any purpose, commercial or non-commercial, and by any
|
||||
* means.
|
||||
*
|
||||
* See LICENSE for complete information.
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "local.h"
|
||||
|
||||
static void *(*volatile rlwe_memset_volatile)(void *, int, size_t) = memset;
|
||||
|
||||
/* Reduction modulo p = 2^32 - 1.
|
||||
* This is not a prime since 2^32-1 = (2^1+1)*(2^2+1)*(2^4+1)*(2^8+1)*(2^16+1).
|
||||
* But since 2 is a unit in Z/pZ we can use it for computing FFTs in
|
||||
* Z/pZ[X]/(X^(2^7)+1)
|
||||
*/
|
||||
|
||||
/* Caution:
|
||||
* We use a redundant representation where the integer 0 is represented both
|
||||
* by 0 and 2^32-1.
|
||||
* This approach follows the description from the paper:
|
||||
* Joppe W. Bos, Craig Costello, Huseyin Hisil, and Kristin Lauter: Fast Cryptography in Genus 2
|
||||
* EUROCRYPT 2013, Lecture Notes in Computer Science 7881, pp. 194-210, Springer, 2013.
|
||||
* More specifically see: Section 3 related to Modular Addition/Subtraction.
|
||||
*/
|
||||
|
||||
/* Compute: c = (a+b) mod (2^32-1)
|
||||
* Let, t = a+b = t_1*2^32 + t0, where 0 <= t_1 <= 1, 0 <= t_0 < 2^32.
|
||||
* Then t mod (2^32-1) = t0 + t1 */
|
||||
|
||||
/* NOTE:
|
||||
* Implementing this arithmetic in asm might significantly
|
||||
* increase performance.
|
||||
*/
|
||||
|
||||
#define modadd(c, a, b) \
|
||||
do { \
|
||||
uint32_t _t = a + b; \
|
||||
c = _t + (_t < a); \
|
||||
} while (0)
|
||||
|
||||
#define modsub(c, a, b) c = (a - b) - (b > a)
|
||||
|
||||
#define modmul(c, a, b) \
|
||||
do { \
|
||||
uint64_t _T = (uint64_t) a * (uint64_t) b; \
|
||||
modadd(c, ((uint32_t) _T), ((uint32_t)((uint64_t) _T >> (uint64_t) 32))); \
|
||||
} while (0)
|
||||
|
||||
#define modmuladd(c, a, b) \
|
||||
do { \
|
||||
uint64_t _T = (uint64_t) a * (uint64_t) b + c; \
|
||||
modadd(c, ((uint32_t) _T), ((uint32_t)((uint64_t) _T >> (uint64_t) 32))); \
|
||||
} while (0)
|
||||
|
||||
#define div2(c, a) c = (uint32_t)(((uint64_t)(a) + (uint64_t)((uint32_t)(0 - ((a) &1)) & 0xFFFFFFFF)) >> 1)
|
||||
#define normalize(c, a) c = (a) + ((a) == 0xFFFFFFFF)
|
||||
|
||||
/* Define the basic building blocks for the FFT. */
|
||||
#define SET_ZERO(x) (x) = 0
|
||||
#define add(c, a, b) modadd(c, a, b)
|
||||
#define sub(c, a, b) modsub(c, a, b)
|
||||
#define mul(c, a, b) modmul(c, a, b)
|
||||
#define moddiv2(c, a) \
|
||||
normalize(c, a); \
|
||||
div2(c, c)
|
||||
#define neg(c, a) \
|
||||
(c) = 0xFFFFFFFF - (a); \
|
||||
normalize(c, c)
|
||||
#define squ(c, a) mul(c, a, a)
|
||||
#define set(c, a) (c) = (a)
|
||||
|
||||
/* Reverse the bits, approach from "Bit Twiddling Hacks"
|
||||
* See: https://graphics.stanford.edu/~seander/bithacks.html
|
||||
*/
|
||||
static uint32_t reverse(uint32_t x) {
|
||||
x = (((x & 0xaaaaaaaa) >> 1) | ((x & 0x55555555) << 1));
|
||||
x = (((x & 0xcccccccc) >> 2) | ((x & 0x33333333) << 2));
|
||||
x = (((x & 0xf0f0f0f0) >> 4) | ((x & 0x0f0f0f0f) << 4));
|
||||
x = (((x & 0xff00ff00) >> 8) | ((x & 0x00ff00ff) << 8));
|
||||
return ((x >> 16) | (x << 16));
|
||||
}
|
||||
|
||||
/* Nussbaumer approach, see:
|
||||
* H. J. Nussbaumer. Fast polynomial transform algorithms for digital convolution. Acoustics, Speech and
|
||||
* Signal Processing, IEEE Transactions on, 28(2):205{215, 1980
|
||||
* We followed the description from Knuth:
|
||||
* D. E. Knuth. Seminumerical Algorithms. The Art of Computer Programming. Addison-Wesley, Reading,
|
||||
* Massachusetts, USA, 3rd edition, 1997
|
||||
* Exercise Exercise 4.6.4.59.
|
||||
*/
|
||||
|
||||
static void naive(uint32_t *z, const uint32_t *x, const uint32_t *y, unsigned int n) {
|
||||
unsigned int i, j, k;
|
||||
uint32_t A, B;
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
SET_ZERO(B);
|
||||
|
||||
mul(A, x[0], y[i]);
|
||||
|
||||
for (j = 1; j <= i; j++) {
|
||||
modmuladd(A, x[j], y[i - j]);
|
||||
}
|
||||
|
||||
for (k = 1; j < n; j++, k++) {
|
||||
modmuladd(B, x[j], y[n - k]);
|
||||
}
|
||||
sub(z[i], A, B);
|
||||
}
|
||||
}
|
||||
|
||||
static void nussbaumer_fft(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) {
|
||||
uint32_t(*X1)[64] = ctx->x1;
|
||||
uint32_t(*Y1)[64] = ctx->y1;
|
||||
uint32_t(*Z1)[64] = ctx->z1;
|
||||
uint32_t *T1 = ctx->t1;
|
||||
unsigned int i;
|
||||
int j;
|
||||
|
||||
for (i = 0; i < 32; i++) {
|
||||
for (j = 0; j < 32; j++) {
|
||||
set(X1[i][j], x[32 * j + i]);
|
||||
set(X1[i + 32][j], x[32 * j + i]);
|
||||
|
||||
set(Y1[i][j], y[32 * j + i]);
|
||||
set(Y1[i + 32][j], y[32 * j + i]);
|
||||
}
|
||||
}
|
||||
|
||||
for (j = 4; j >= 0; j--) {
|
||||
for (i = 0; i < (1U << (5 - j)); i++) {
|
||||
unsigned int t, ssr = reverse(i);
|
||||
for (t = 0; t < (1U << j); t++) {
|
||||
unsigned int s, sr, I, L, a;
|
||||
s = i;
|
||||
sr = (ssr >> (32 - 5 + j));
|
||||
sr <<= j;
|
||||
s <<= (j + 1);
|
||||
|
||||
// X_i(w) = X_i(w) + w^kX_l(w) can be computed as
|
||||
// X_ij = X_ij - X_l(j-k+r) for 0 <= j < k
|
||||
// X_ij = X_ij + X_l(j-k) for k <= j < r
|
||||
I = s + t, L = s + t + (1 << j);
|
||||
|
||||
for (a = sr; a < 32; a++) {
|
||||
set(T1[a], X1[L][a - sr]);
|
||||
}
|
||||
for (a = 0; a < sr; a++) {
|
||||
neg(T1[a], X1[L][32 + a - sr]);
|
||||
}
|
||||
|
||||
for (a = 0; a < 32; a++) {
|
||||
sub(X1[L][a], X1[I][a], T1[a]);
|
||||
add(X1[I][a], X1[I][a], T1[a]);
|
||||
}
|
||||
|
||||
for (a = sr; a < 32; a++) {
|
||||
set(T1[a], Y1[L][a - sr]);
|
||||
}
|
||||
for (a = 0; a < sr; a++) {
|
||||
neg(T1[a], Y1[L][32 + a - sr]);
|
||||
}
|
||||
|
||||
for (a = 0; a < 32; a++) {
|
||||
sub(Y1[L][a], Y1[I][a], T1[a]);
|
||||
add(Y1[I][a], Y1[I][a], T1[a]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < 2 * 32; i++) {
|
||||
naive(Z1[i], X1[i], Y1[i], 32);
|
||||
}
|
||||
|
||||
for (j = 0; j <= (int) 5; j++) {
|
||||
for (i = 0; i < (1U << (5 - j)); i++) {
|
||||
unsigned int t, ssr = reverse(i);
|
||||
for (t = 0; t < (1U << j); t++) {
|
||||
unsigned int s, sr, A, B, a;
|
||||
s = i;
|
||||
sr = (ssr >> (32 - 5 + j));
|
||||
sr <<= j;
|
||||
s <<= (j + 1);
|
||||
|
||||
A = s + t;
|
||||
B = s + t + (1 << j);
|
||||
for (a = 0; a < 32; a++) {
|
||||
sub(T1[a], Z1[A][a], Z1[B][a]);
|
||||
moddiv2(T1[a], T1[a]);
|
||||
add(Z1[A][a], Z1[A][a], Z1[B][a]);
|
||||
moddiv2(Z1[A][a], Z1[A][a]);
|
||||
}
|
||||
|
||||
// w^{-(r/m)s'} (Z_{s+t}(w)-Z_{s+t+2^j}(w))
|
||||
for (a = 0; a < 32 - sr; a++) {
|
||||
set(Z1[B][a], T1[a + sr]);
|
||||
}
|
||||
for (a = 32 - sr; a < 32; a++) {
|
||||
neg(Z1[B][a], T1[a - (32 - sr)]);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < 32; i++) {
|
||||
sub(z[i], Z1[i][0], Z1[32 + i][32 - 1]);
|
||||
for (j = 1; j < 32; j++) {
|
||||
add(z[32 * j + i], Z1[i][j], Z1[32 + i][j - 1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_fft_mul(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) {
|
||||
nussbaumer_fft(z, x, y, ctx);
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_fft_add(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024]) {
|
||||
int i;
|
||||
for (i = 0; i < 1024; i++) {
|
||||
add(z[i], x[i], y[i]);
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_fft_ctx_clear(struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) {
|
||||
if (ctx == NULL) {
|
||||
return;
|
||||
}
|
||||
for (int i = 0; i < 64; i++) {
|
||||
rlwe_memset_volatile(ctx->x1[i], 0, 64 * sizeof(uint32_t));
|
||||
rlwe_memset_volatile(ctx->y1[i], 0, 64 * sizeof(uint32_t));
|
||||
rlwe_memset_volatile(ctx->z1[i], 0, 64 * sizeof(uint32_t));
|
||||
}
|
||||
rlwe_memset_volatile(ctx->t1, 0, 64 * sizeof(uint32_t));
|
||||
}
|
||||
@ -1,191 +0,0 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#if !defined(_WIN32)
|
||||
#include <strings.h>
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
|
||||
#include <oqs/common.h>
|
||||
#include <oqs/kex.h>
|
||||
#include <oqs/rand.h>
|
||||
|
||||
#include "kex_rlwe_bcns15.h"
|
||||
#include "local.h"
|
||||
|
||||
#include "rlwe_a.h"
|
||||
|
||||
#if defined(_WIN32)
|
||||
#define strdup _strdup // for strdup deprecation warning
|
||||
#endif
|
||||
|
||||
OQS_KEX *OQS_KEX_rlwe_bcns15_new(OQS_RAND *rand) {
|
||||
|
||||
OQS_KEX *k = malloc(sizeof(OQS_KEX));
|
||||
if (k == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
k->ctx = malloc(sizeof(struct oqs_kex_rlwe_bcns15_fft_ctx));
|
||||
if (k->ctx == NULL) {
|
||||
free(k);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
k->method_name = strdup("RLWE BCNS15");
|
||||
k->estimated_classical_security = 163;
|
||||
k->estimated_quantum_security = 76;
|
||||
k->seed = NULL;
|
||||
k->seed_len = 0;
|
||||
k->named_parameters = NULL;
|
||||
k->rand = rand;
|
||||
k->params = NULL;
|
||||
k->alice_0 = &OQS_KEX_rlwe_bcns15_alice_0;
|
||||
k->bob = &OQS_KEX_rlwe_bcns15_bob;
|
||||
k->alice_1 = &OQS_KEX_rlwe_bcns15_alice_1;
|
||||
k->alice_priv_free = &OQS_KEX_rlwe_bcns15_alice_priv_free;
|
||||
k->free = &OQS_KEX_rlwe_bcns15_free;
|
||||
|
||||
return k;
|
||||
}
|
||||
|
||||
OQS_STATUS OQS_KEX_rlwe_bcns15_alice_0(OQS_KEX *k, void **alice_priv, uint8_t **alice_msg, size_t *alice_msg_len) {
|
||||
|
||||
OQS_STATUS ret;
|
||||
uint32_t *alice_msg_32 = NULL;
|
||||
|
||||
*alice_priv = NULL;
|
||||
*alice_msg = NULL;
|
||||
|
||||
/* allocate public/private key pair */
|
||||
alice_msg_32 = malloc(1024 * sizeof(uint32_t));
|
||||
if (alice_msg_32 == NULL) {
|
||||
goto err;
|
||||
}
|
||||
*alice_priv = malloc(1024 * sizeof(uint32_t));
|
||||
if (*alice_priv == NULL) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* generate public/private key pair */
|
||||
oqs_kex_rlwe_bcns15_generate_keypair(oqs_kex_rlwe_bcns15_a, (uint32_t *) *alice_priv, alice_msg_32, k->ctx, k->rand);
|
||||
*alice_msg = (uint8_t *) alice_msg_32;
|
||||
*alice_msg_len = 1024 * sizeof(uint32_t);
|
||||
|
||||
ret = OQS_SUCCESS;
|
||||
goto cleanup;
|
||||
|
||||
err:
|
||||
ret = OQS_ERROR;
|
||||
free(alice_msg_32);
|
||||
OQS_MEM_secure_free(*alice_priv, 1024 * sizeof(uint32_t));
|
||||
*alice_priv = NULL;
|
||||
|
||||
cleanup:
|
||||
return ret;
|
||||
}
|
||||
|
||||
OQS_STATUS OQS_KEX_rlwe_bcns15_bob(OQS_KEX *k, const uint8_t *alice_msg, const size_t alice_msg_len, uint8_t **bob_msg, size_t *bob_msg_len, uint8_t **key, size_t *key_len) {
|
||||
|
||||
OQS_STATUS ret;
|
||||
|
||||
uint32_t *bob_priv = NULL;
|
||||
uint64_t *key_64 = NULL;
|
||||
|
||||
*bob_msg = NULL;
|
||||
*key = NULL;
|
||||
|
||||
if (alice_msg_len != 1024 * sizeof(uint32_t)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
bob_priv = malloc(1024 * sizeof(uint32_t));
|
||||
if (bob_priv == NULL) {
|
||||
goto err;
|
||||
}
|
||||
/* allocate message and session key */
|
||||
*bob_msg = malloc(1024 * sizeof(uint32_t) + 16 * sizeof(uint64_t));
|
||||
if (*bob_msg == NULL) {
|
||||
goto err;
|
||||
}
|
||||
key_64 = malloc(16 * sizeof(uint64_t));
|
||||
if (key_64 == NULL) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* generate public/private key pair */
|
||||
oqs_kex_rlwe_bcns15_generate_keypair(oqs_kex_rlwe_bcns15_a, bob_priv, (uint32_t *) *bob_msg, k->ctx, k->rand);
|
||||
|
||||
/* generate Bob's response */
|
||||
uint8_t *bob_rec = *bob_msg + 1024 * sizeof(uint32_t);
|
||||
oqs_kex_rlwe_bcns15_compute_key_bob((uint32_t *) alice_msg, bob_priv, (uint64_t *) bob_rec, key_64, k->ctx, k->rand);
|
||||
*bob_msg_len = 1024 * sizeof(uint32_t) + 16 * sizeof(uint64_t);
|
||||
*key = (uint8_t *) key_64;
|
||||
*key_len = 16 * sizeof(uint64_t);
|
||||
|
||||
ret = OQS_SUCCESS;
|
||||
goto cleanup;
|
||||
|
||||
err:
|
||||
ret = OQS_ERROR;
|
||||
free(*bob_msg);
|
||||
*bob_msg = NULL;
|
||||
OQS_MEM_secure_free(key_64, 16 * sizeof(uint64_t));
|
||||
|
||||
cleanup:
|
||||
OQS_MEM_secure_free(bob_priv, 1024 * sizeof(uint32_t));
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
OQS_STATUS OQS_KEX_rlwe_bcns15_alice_1(OQS_KEX *k, const void *alice_priv, const uint8_t *bob_msg, const size_t bob_msg_len, uint8_t **key, size_t *key_len) {
|
||||
|
||||
OQS_STATUS ret;
|
||||
|
||||
uint64_t *key_64 = NULL;
|
||||
|
||||
*key = NULL;
|
||||
|
||||
if (bob_msg_len != 1024 * sizeof(uint32_t) + 16 * sizeof(uint64_t)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* allocate session key */
|
||||
key_64 = malloc(16 * sizeof(uint64_t));
|
||||
if (key_64 == NULL) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* generate Alice's session key */
|
||||
const uint8_t *bob_rec = bob_msg + 1024 * sizeof(uint32_t);
|
||||
oqs_kex_rlwe_bcns15_compute_key_alice((uint32_t *) bob_msg, (uint32_t *) alice_priv, (uint64_t *) bob_rec, key_64, k->ctx);
|
||||
*key = (uint8_t *) key_64;
|
||||
*key_len = 16 * sizeof(uint64_t);
|
||||
|
||||
ret = OQS_SUCCESS;
|
||||
goto cleanup;
|
||||
|
||||
err:
|
||||
ret = OQS_ERROR;
|
||||
OQS_MEM_secure_free(key_64, 16 * sizeof(uint64_t));
|
||||
|
||||
cleanup:
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void OQS_KEX_rlwe_bcns15_alice_priv_free(UNUSED OQS_KEX *k, void *alice_priv) {
|
||||
if (alice_priv) {
|
||||
free(alice_priv);
|
||||
}
|
||||
}
|
||||
|
||||
void OQS_KEX_rlwe_bcns15_free(OQS_KEX *k) {
|
||||
if (!k) {
|
||||
return;
|
||||
}
|
||||
free(k->method_name);
|
||||
k->method_name = NULL;
|
||||
free(k->ctx);
|
||||
k->ctx = NULL;
|
||||
free(k);
|
||||
}
|
||||
@ -1,25 +0,0 @@
|
||||
/**
|
||||
* \file kex_rlwe_bcns15.h
|
||||
* \brief Header for ring-LWE key exchange protocol BCNS15
|
||||
*/
|
||||
|
||||
#ifndef __OQS_KEX_RLWE_BCNS15_H
|
||||
#define __OQS_KEX_RLWE_BCNS15_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include <oqs/common.h>
|
||||
#include <oqs/kex.h>
|
||||
#include <oqs/rand.h>
|
||||
|
||||
OQS_KEX *OQS_KEX_rlwe_bcns15_new(OQS_RAND *rand);
|
||||
|
||||
OQS_STATUS OQS_KEX_rlwe_bcns15_alice_0(OQS_KEX *k, void **alice_priv, uint8_t **alice_msg, size_t *alice_msg_len);
|
||||
OQS_STATUS OQS_KEX_rlwe_bcns15_bob(OQS_KEX *k, const uint8_t *alice_msg, const size_t alice_msg_len, uint8_t **bob_msg, size_t *bob_msg_len, uint8_t **key, size_t *key_len);
|
||||
OQS_STATUS OQS_KEX_rlwe_bcns15_alice_1(OQS_KEX *k, const void *alice_priv, const uint8_t *bob_msg, const size_t bob_msg_len, uint8_t **key, size_t *key_len);
|
||||
|
||||
void OQS_KEX_rlwe_bcns15_alice_priv_free(OQS_KEX *k, void *alice_priv);
|
||||
void OQS_KEX_rlwe_bcns15_free(OQS_KEX *k);
|
||||
|
||||
#endif
|
||||
@ -1,46 +0,0 @@
|
||||
/* This is free and unencumbered software released into the public domain.
|
||||
*
|
||||
* Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
* distribute this software, either in source code form or as a compiled
|
||||
* binary, for any purpose, commercial or non-commercial, and by any
|
||||
* means.
|
||||
*
|
||||
* See LICENSE for complete information.
|
||||
*/
|
||||
|
||||
#ifndef _OQS_KEX_RLWE_BCNS15_LOCAL_H_
|
||||
#define _OQS_KEX_RLWE_BCNS15_LOCAL_H_
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#include <oqs/rand.h>
|
||||
|
||||
struct oqs_kex_rlwe_bcns15_fft_ctx {
|
||||
uint32_t x1[64][64];
|
||||
uint32_t y1[64][64];
|
||||
uint32_t z1[64][64];
|
||||
uint32_t t1[64];
|
||||
};
|
||||
|
||||
void oqs_kex_rlwe_bcns15_fft_mul(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx);
|
||||
void oqs_kex_rlwe_bcns15_fft_add(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024]);
|
||||
|
||||
void oqs_kex_rlwe_bcns15_fft_ctx_clear(struct oqs_kex_rlwe_bcns15_fft_ctx *ctx);
|
||||
|
||||
void oqs_kex_rlwe_bcns15_sample_ct(uint32_t s[1024], OQS_RAND *rand);
|
||||
void oqs_kex_rlwe_bcns15_round2_ct(uint64_t out[16], const uint32_t in[1024]);
|
||||
void oqs_kex_rlwe_bcns15_crossround2_ct(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand);
|
||||
void oqs_kex_rlwe_bcns15_rec_ct(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]);
|
||||
|
||||
void oqs_kex_rlwe_bcns15_sample(uint32_t s[1024], OQS_RAND *rand);
|
||||
void oqs_kex_rlwe_bcns15_round2(uint64_t out[16], const uint32_t in[1024]);
|
||||
void oqs_kex_rlwe_bcns15_crossround2(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand);
|
||||
void oqs_kex_rlwe_bcns15_rec(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]);
|
||||
|
||||
void oqs_kex_rlwe_bcns15_a_times_s_plus_e(uint32_t out[1024], const uint32_t a[1024], const uint32_t s[1024], const uint32_t e[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *fft_ctx);
|
||||
|
||||
void oqs_kex_rlwe_bcns15_generate_keypair(const uint32_t *a, uint32_t s[1024], uint32_t b[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand);
|
||||
void oqs_kex_rlwe_bcns15_compute_key_alice(const uint32_t b[1024], const uint32_t s[1024], const uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx);
|
||||
void oqs_kex_rlwe_bcns15_compute_key_bob(const uint32_t b[1024], const uint32_t s[1024], uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand);
|
||||
|
||||
#endif /* _OQS_KEX_RLWE_BCNS15_LOCAL_H_ */
|
||||
@ -1,296 +0,0 @@
|
||||
/* This is free and unencumbered software released into the public domain.
|
||||
*
|
||||
* Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
* distribute this software, either in source code form or as a compiled
|
||||
* binary, for any purpose, commercial or non-commercial, and by any
|
||||
* means.
|
||||
*
|
||||
* See LICENSE for complete information.
|
||||
*/
|
||||
|
||||
#if defined(_WIN32)
|
||||
#pragma warning(disable : 4146 4244 4267)
|
||||
#endif
|
||||
|
||||
#include <inttypes.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <oqs/rand.h>
|
||||
|
||||
#include "local.h"
|
||||
|
||||
#include "rlwe_table.h"
|
||||
|
||||
#define setbit(a, x) ((a)[(x) / 64] |= (((uint64_t) 1) << (uint64_t)((x) % 64)))
|
||||
#define getbit(a, x) (((a)[(x) / 64] >> (uint64_t)((x) % 64)) & 1)
|
||||
#define clearbit(a, x) ((a)[(x) / 64] &= ((~((uint64_t) 0)) - (((uint64_t) 1) << (uint64_t)((x) % 64))))
|
||||
|
||||
/* Auxiliary functions for constant-time comparison */
|
||||
|
||||
/*
|
||||
* Returns 1 if x != 0
|
||||
* Returns 0 if x == 0
|
||||
* x and y are arbitrary unsigned 64-bit integers
|
||||
*/
|
||||
static uint64_t ct_isnonzero_u64(uint64_t x) {
|
||||
return (x | -x) >> 63;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns 1 if x != y
|
||||
* Returns 0 if x == y
|
||||
* x and y are arbitrary unsigned 64-bit integers
|
||||
*/
|
||||
static uint64_t ct_ne_u64(uint64_t x, uint64_t y) {
|
||||
return ((x - y) | (y - x)) >> 63;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns 1 if x == y
|
||||
* Returns 0 if x != y
|
||||
* x and y are arbitrary unsigned 64-bit integers
|
||||
*/
|
||||
static uint64_t ct_eq_u64(uint64_t x, uint64_t y) {
|
||||
return 1 ^ ct_ne_u64(x, y);
|
||||
}
|
||||
|
||||
/* Returns 1 if x < y
|
||||
* Returns 0 if x >= y
|
||||
* x and y are arbitrary unsigned 64-bit integers
|
||||
*/
|
||||
static uint64_t ct_lt_u64(uint64_t x, uint64_t y) {
|
||||
return (x ^ ((x ^ y) | ((x - y) ^ y))) >> 63;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns 1 if x > y
|
||||
* Returns 0 if x <= y
|
||||
* x and y are arbitrary unsigned 64-bit integers
|
||||
*/
|
||||
static uint64_t ct_gt_u64(uint64_t x, uint64_t y) {
|
||||
return ct_lt_u64(y, x);
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns 1 if x <= y
|
||||
* Returns 0 if x > y
|
||||
* x and y are arbitrary unsigned 64-bit integers
|
||||
*/
|
||||
static uint64_t ct_le_u64(uint64_t x, uint64_t y) {
|
||||
return 1 ^ ct_gt_u64(x, y);
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns 1 if x >= y
|
||||
* Returns 0 if x < y
|
||||
* x and y are arbitrary unsigned 64-bit integers
|
||||
*/
|
||||
static uint64_t ct_ge_u64(uint64_t x, uint64_t y) {
|
||||
return 1 ^ ct_lt_u64(x, y);
|
||||
}
|
||||
|
||||
/* Returns 0xFFFF..FFFF if bit != 0
|
||||
* Returns 0 if bit == 0
|
||||
*/
|
||||
static uint64_t ct_mask_u64(uint64_t bit) {
|
||||
return 0 - (uint64_t) ct_isnonzero_u64(bit);
|
||||
}
|
||||
|
||||
/* Conditionally return x or y depending on whether bit is set
|
||||
* Equivalent to: return bit ? x : y
|
||||
* x and y are arbitrary 64-bit unsigned integers
|
||||
* bit must be either 0 or 1.
|
||||
*/
|
||||
static uint64_t ct_select_u64(uint64_t x, uint64_t y, uint64_t bit) {
|
||||
uint64_t m = ct_mask_u64(bit);
|
||||
return (x & m) | (y & ~m);
|
||||
}
|
||||
|
||||
/* Returns 0 if a >= b
|
||||
* Returns 1 if a < b
|
||||
* Where a and b are both 3-limb 64-bit integers.
|
||||
* This function runs in constant time.
|
||||
*/
|
||||
static int cmplt_ct(uint64_t *a, uint64_t *b) {
|
||||
uint64_t r = 0; /* result */
|
||||
uint64_t m = 0; /* mask */
|
||||
int i;
|
||||
for (i = 2; i >= 0; --i) {
|
||||
r |= ct_lt_u64(a[i], b[i]) & ~m;
|
||||
m |= ct_mask_u64(ct_ne_u64(a[i], b[i])); /* stop when a[i] != b[i] */
|
||||
}
|
||||
return r & 1;
|
||||
}
|
||||
|
||||
static uint32_t single_sample(uint64_t *in) {
|
||||
size_t i = 0;
|
||||
|
||||
while (cmplt_ct(rlwe_table[i], in)) { // ~3.5 comparisons in expectation
|
||||
i++;
|
||||
}
|
||||
|
||||
return i;
|
||||
}
|
||||
|
||||
/* We assume that e contains two random bits in the two
|
||||
* least significant positions. */
|
||||
static uint64_t dbl(const uint32_t in, int32_t e) {
|
||||
// sample uniformly from [-1, 0, 0, 1]
|
||||
// Hence, 0 is sampled with twice the probability of 1
|
||||
e = (((e >> 1) & 1) - ((int32_t)(e & 1)));
|
||||
return (uint64_t)((((uint64_t) in) << (uint64_t) 1) - e);
|
||||
}
|
||||
|
||||
/* Constant time version. */
|
||||
static uint32_t single_sample_ct(uint64_t *in) {
|
||||
uint32_t index = 0, i;
|
||||
for (i = 0; i < 52; i++) {
|
||||
index = ct_select_u64(index, i + 1, cmplt_ct(in, rlwe_table[i]));
|
||||
}
|
||||
return index;
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_sample_ct(uint32_t s[1024], OQS_RAND *rand) {
|
||||
int i, j;
|
||||
for (i = 0; i < 16; i++) {
|
||||
uint64_t r = rand->rand_64(rand);
|
||||
for (j = 0; j < 64; j++) {
|
||||
uint64_t rnd[3];
|
||||
uint32_t m;
|
||||
uint32_t t;
|
||||
rnd[0] = rand->rand_64(rand);
|
||||
rnd[1] = rand->rand_64(rand);
|
||||
rnd[2] = rand->rand_64(rand);
|
||||
m = (r & 1);
|
||||
r >>= 1;
|
||||
// use the constant time version single_sample
|
||||
s[i * 64 + j] = single_sample_ct(rnd);
|
||||
t = (uint32_t) -s[i * 64 + j];
|
||||
s[i * 64 + j] = ct_select_u64(t, s[i * 64 + j], ct_eq_u64(m, 0));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_round2_ct(uint64_t out[16], const uint32_t in[1024]) {
|
||||
int i;
|
||||
memset(out, 0, 128);
|
||||
for (i = 0; i < 1024; i++) {
|
||||
uint64_t b = ct_ge_u64(in[i], 1073741824ULL) &
|
||||
ct_le_u64(in[i], 3221225471ULL);
|
||||
out[i / 64] |= b << (uint64_t)(i % 64);
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_crossround2_ct(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand) {
|
||||
int i, j;
|
||||
memset(out, 0, 128);
|
||||
for (i = 0; i < 64; i++) {
|
||||
uint32_t e = rand->rand_32(rand);
|
||||
for (j = 0; j < 16; j++) {
|
||||
uint64_t dd;
|
||||
uint64_t b;
|
||||
dd = dbl(in[i * 16 + j], (int32_t) e);
|
||||
e >>= 2;
|
||||
b = (ct_ge_u64(dd, 2147483648ULL) & ct_le_u64(dd, 4294967295ULL)) |
|
||||
(ct_ge_u64(dd, 6442450942ULL) & ct_le_u64(dd, 8589934590ULL));
|
||||
out[(i * 16 + j) / 64] |= (b << (uint64_t)((i * 16 + j) % 64));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_rec_ct(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]) {
|
||||
int i;
|
||||
memset(out, 0, 128);
|
||||
for (i = 0; i < 1024; i++) {
|
||||
uint64_t coswi;
|
||||
uint64_t B;
|
||||
coswi = (((uint64_t) w[i]) << (uint64_t) 1);
|
||||
B = (ct_eq_u64(getbit(b, i), 0) & ct_ge_u64(coswi, 3221225472ULL) &
|
||||
ct_le_u64(coswi, 7516192766ULL)) |
|
||||
(ct_eq_u64(getbit(b, i), 1) & ct_ge_u64(coswi, 1073741824ULL) &
|
||||
ct_le_u64(coswi, 5368709118ULL));
|
||||
out[i / 64] |= (B << (uint64_t)(i % 64));
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_sample(uint32_t s[1024], OQS_RAND *rand) {
|
||||
int i, j;
|
||||
for (i = 0; i < 16; i++) {
|
||||
uint64_t r = rand->rand_64(rand);
|
||||
for (j = 0; j < 64; j++) {
|
||||
uint64_t rnd[3];
|
||||
int32_t m;
|
||||
rnd[0] = rand->rand_64(rand);
|
||||
rnd[1] = rand->rand_64(rand);
|
||||
rnd[2] = rand->rand_64(rand);
|
||||
m = (r & 1);
|
||||
r >>= 1;
|
||||
s[i * 64 + j] = single_sample(rnd);
|
||||
if (m) {
|
||||
s[i * 64 + j] = (uint32_t) -s[i * 64 + j];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_round2(uint64_t out[16], const uint32_t in[1024]) {
|
||||
int i;
|
||||
|
||||
// out should have enough space for 1024-bits
|
||||
memset(out, 0, 128);
|
||||
|
||||
//q/4 and 3*q/4
|
||||
for (i = 0; i < 1024; i++) {
|
||||
if (in[i] >= 1073741824 && in[i] <= 3221225471) {
|
||||
setbit(out, i);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_crossround2(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand) {
|
||||
int i, j;
|
||||
// out should have enough space for 1024-bits
|
||||
memset(out, 0, 128);
|
||||
|
||||
for (i = 0; i < 64; i++) {
|
||||
uint32_t e = rand->rand_32(rand);
|
||||
for (j = 0; j < 16; j++) {
|
||||
uint64_t dd = dbl(in[i * 16 + j], (int32_t) e);
|
||||
e >>= 2;
|
||||
//q/2 to q and 3*q/2 to 2*q
|
||||
if ((dd >= (uint64_t) 2147483648 && dd <= (uint64_t) 4294967295) || (dd >= (uint64_t) 6442450942 && dd <= (uint64_t) 8589934590)) {
|
||||
setbit(out, (i * 16 + j));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_rec(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]) {
|
||||
int i;
|
||||
|
||||
// out should have enough space for 1024 bits
|
||||
memset(out, 0, 128);
|
||||
|
||||
for (i = 0; i < 1024; i++) {
|
||||
uint64_t coswi = (((uint64_t) w[i]) << (uint64_t) 1);
|
||||
if (getbit(b, i) == 0) {
|
||||
//Ceiling(2*3*q/8)..Floor(2*7*q/8)
|
||||
if (coswi >= (uint64_t) 3221225472 && coswi <= (uint64_t) 7516192766) {
|
||||
setbit(out, i);
|
||||
}
|
||||
} else {
|
||||
// Ceiling(2*q/8)..Floor(2*5*q/8)
|
||||
if (coswi >= (uint64_t) 1073741824 && coswi <= (uint64_t) 5368709118) {
|
||||
setbit(out, i);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_a_times_s_plus_e(uint32_t out[1024], const uint32_t a[1024], const uint32_t s[1024], const uint32_t e[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) {
|
||||
oqs_kex_rlwe_bcns15_fft_mul(out, a, s, ctx);
|
||||
oqs_kex_rlwe_bcns15_fft_add(out, out, e);
|
||||
}
|
||||
@ -1,267 +0,0 @@
|
||||
/* This is free and unencumbered software released into the public domain.
|
||||
*
|
||||
* Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
* distribute this software, either in source code form or as a compiled
|
||||
* binary, for any purpose, commercial or non-commercial, and by any
|
||||
* means.
|
||||
*
|
||||
* See LICENSE for complete information.
|
||||
*/
|
||||
|
||||
uint32_t oqs_kex_rlwe_bcns15_a[1024] = {
|
||||
0x29FE0191, 0xDD1A457D, 0x3534EE4B, 0x6450ED74,
|
||||
0xBBFE9F64, 0x92BF0F31, 0x8DCF8995, 0x4C5E30D0,
|
||||
0x9E2ED04D, 0x8C18FE0B, 0x1A70F2E7, 0x2625CD93,
|
||||
0x0065DA14, 0x6E009722, 0xE6A70E8B, 0xAEF6EF56,
|
||||
0x8C6C06AF, 0x9E59E953, 0x4995F67B, 0xE918EE9D,
|
||||
0x8B4F41A7, 0x0D811041, 0xF5FE6458, 0x3C02B584,
|
||||
0xCBCFC8FD, 0x5A01F116, 0x73408361, 0x44D3A098,
|
||||
0xBBDEECF6, 0x90E09082, 0xF8538BA4, 0xF9600091,
|
||||
0xD8D30FEF, 0x56201487, 0xACB2159D, 0x38F47F77,
|
||||
0xED7A864F, 0x8FC785CA, 0x7CBD6108, 0x3CA577DE,
|
||||
0xFF44CCC2, 0xA1385A79, 0x5C88E3AD, 0x177C46A9,
|
||||
0xDA4A4DD8, 0x2AA3594F, 0xA4A5E629, 0x47CA6F6E,
|
||||
0xB2DF1BC6, 0x6841B78E, 0x0823F5A8, 0xA18C7D52,
|
||||
0x7634A0D1, 0xDA1751BA, 0x18B9D25D, 0x5B2643BC,
|
||||
0xACC6975D, 0x48E786F4, 0x05E3ED4E, 0x4DC86568,
|
||||
0x3F5C5F99, 0x585DBFD7, 0xEF6E0715, 0x7D36B823,
|
||||
0x12D872CD, 0xD7B78F27, 0xDD672BF5, 0x2DC7C7EB,
|
||||
0xA3033801, 0x50E48348, 0x9162A260, 0x0BE8F15B,
|
||||
0xABB563EC, 0x06624C5A, 0x812BF7BC, 0x8637AC35,
|
||||
0xF44504F3, 0xFF8577AB, 0x4A0161B0, 0x000AEB0E,
|
||||
0x311204AF, 0x2A76831B, 0x4D903F3A, 0x97204FA9,
|
||||
0x9EB524E3, 0x1757AFAC, 0xBA369FEC, 0xCD8F198D,
|
||||
0x6B33C246, 0x51C13FCE, 0xB58ACC4E, 0x39ACF8DA,
|
||||
0x7BB7EBF7, 0xEDC1449D, 0xC7B47FDB, 0x9C39148D,
|
||||
0x4E688D7B, 0xFAD0C2C2, 0x296CE85C, 0x6045C89C,
|
||||
0x6441C0C6, 0x50C7C83A, 0xC11764DD, 0x58D7EEA2,
|
||||
0xE57B9D0E, 0x4E142770, 0xB8BFBB59, 0xE143EBAA,
|
||||
0xFF60C855, 0x238727F0, 0xE35B4A5B, 0x8F96940B,
|
||||
0x4498A6BA, 0x5911093A, 0x394DD002, 0x521B00D2,
|
||||
0x140BDAF9, 0xEAB67207, 0x21E631A6, 0xA04AADA9,
|
||||
0xA96A9843, 0x4B44CC9B, 0xE4D24C33, 0xC7E7AE78,
|
||||
0xE45A6C72, 0xCBE61D3C, 0xCE5A4869, 0x10442A52,
|
||||
0xDB11F194, 0x39FC415D, 0x7E7BDB76, 0xAE9EFA22,
|
||||
0x25F4F262, 0x472DD0A7, 0x42EBD7A0, 0xE8038ECE,
|
||||
0xD3DB002A, 0x8416D2EC, 0xDF88C989, 0x7FEA22D5,
|
||||
0xC7A3F6FE, 0x37409982, 0xF45B75E2, 0x9A4AC289,
|
||||
0x90406FD6, 0xEA1C74A5, 0x5777B39F, 0xD07F1FA3,
|
||||
0xCE6EDA0D, 0xD150ECFB, 0xBEFF71BA, 0x50129EFC,
|
||||
0x51CE65B9, 0xB9FB0AB8, 0x770C59CB, 0x11F2354F,
|
||||
0x8623D4BB, 0xD6FCAFD6, 0xB2B1697C, 0x0D7067E2,
|
||||
0x2BA5AFB9, 0xD369C585, 0x5B5E156C, 0xD8C81E6E,
|
||||
0x80CFDF16, 0xF6F441EB, 0xC173BAF5, 0x78099E3A,
|
||||
0xD38F027B, 0x4AC8D518, 0x8D0108A1, 0xE442B0F1,
|
||||
0x56F9EA3C, 0xD0D6BBCA, 0x4E17DCB4, 0x69BF743B,
|
||||
0x0CCE779F, 0xD5E59851, 0x63861EA2, 0xB1CB22C1,
|
||||
0xBBFD2ACE, 0xDDA390D1, 0xEDF1059F, 0x04F80F89,
|
||||
0xB13AF849, 0x58C66009, 0xE0D781C0, 0x588DC348,
|
||||
0xA305669D, 0x0D7AF67F, 0x32BC3C38, 0xD725EFBA,
|
||||
0xDC3D9434, 0x22BD7ED8, 0x2DFD2926, 0x4BDEAD3A,
|
||||
0xB2D5ECE6, 0x16B05C99, 0xFEEC7104, 0xF6CAC918,
|
||||
0x0944C774, 0xCE00633B, 0xC59DA01A, 0x41E8E924,
|
||||
0x335DF501, 0x3049E8EE, 0x5B4B8AAC, 0xC962FC91,
|
||||
0xD6BB22B3, 0x0AC870EB, 0xC3D99400, 0xA0CEAC28,
|
||||
0xAF07DE1E, 0x831C2824, 0x258C5DDC, 0x779417E6,
|
||||
0x41CB33D0, 0x4E51076A, 0xD1DB6038, 0x9E0B1C41,
|
||||
0xA9A1F90D, 0xF27E7705, 0x75892711, 0x5D9F1175,
|
||||
0x85CC508B, 0x5CA415BE, 0x1858C792, 0xFB18632F,
|
||||
0xC94111EB, 0x937C0D28, 0xC2A09970, 0x386209D9,
|
||||
0xBBDD9787, 0x2473F53A, 0xEF7E7637, 0xCFC8630B,
|
||||
0x2BA3B7F8, 0x3C0047AD, 0x10D76FF7, 0xB1D9414D,
|
||||
0xCEB7B902, 0xA5B543F5, 0x2E484905, 0xE0233C10,
|
||||
0xD061A1F8, 0xCED0A901, 0xAC373CAC, 0x04281F37,
|
||||
0x3609797F, 0xDB80964D, 0x7B49A74F, 0x7699656F,
|
||||
0x0DCEC4BC, 0x0EC49C2D, 0xF1573A4E, 0xA3708464,
|
||||
0x9A1E89F0, 0x6B26DEB6, 0x2329FA10, 0xCA4F2BFF,
|
||||
0x9E012C8E, 0x788C1DFD, 0x2C758156, 0x2774C544,
|
||||
0x150A1F7D, 0x50156D6E, 0x7B675DE1, 0x5D634703,
|
||||
0xA7CEB801, 0x92733DAB, 0xB213C00B, 0x304A65B1,
|
||||
0x8856CF8E, 0x7FF7DD67, 0xD0912293, 0x30064297,
|
||||
0x663D051D, 0x01BC31B4, 0x2B1700BD, 0x39D7D18F,
|
||||
0x1EAD5C95, 0x6FB9CD8B, 0xA09993A6, 0xB42071C0,
|
||||
0x3C1F2195, 0x7FDF4CF8, 0xC7565A7E, 0x64703D34,
|
||||
0x14B250EF, 0x2FA338D2, 0xAEE576DC, 0x6CCED41D,
|
||||
0x612D0913, 0xD0680733, 0x8B4DBE8A, 0x6FFEA3D0,
|
||||
0x46197CA2, 0xA77F916F, 0xFA5D7BD6, 0x01E22AEB,
|
||||
0x18E462DD, 0x4EC9B937, 0xDE753212, 0x05113C94,
|
||||
0x7786FBD4, 0xFB379F71, 0x756CF595, 0xEAADCFAB,
|
||||
0xBBD74C2E, 0x1F234AC9, 0x85E28AEB, 0x329F7878,
|
||||
0xD48FDE09, 0x47A60D0A, 0xAE95163F, 0x72E70995,
|
||||
0x27F9FCBF, 0xBDCFCC41, 0x334BC498, 0xEE7931A1,
|
||||
0xDFA6AEF4, 0x1EC5E1BF, 0x6221870F, 0xCD54AE13,
|
||||
0x7B56EF58, 0x4847B490, 0x31640CD3, 0x10940E14,
|
||||
0x556CC334, 0xC9E9B521, 0x499611FF, 0xBEC8D592,
|
||||
0x44A7DCB7, 0x4AC2EABD, 0x7D387357, 0x1B76D4B6,
|
||||
0x2EACE8C9, 0x52B2D2A4, 0x0C1F2A64, 0x50EF2B9A,
|
||||
0x3B23F4F4, 0x8DDE415E, 0xF6B92D2D, 0x9DB0F840,
|
||||
0xE18F309D, 0x737B7733, 0xF9F563C5, 0x3C5D4AEE,
|
||||
0x8136B0AF, 0xC5AC5550, 0x6E93DEF9, 0x946BCCEC,
|
||||
0x5163A273, 0xB5C72175, 0x4919EFBD, 0x222E9B68,
|
||||
0x6E43D8EE, 0xAA039B23, 0x913FD80D, 0x42206F18,
|
||||
0x5552C01F, 0x35B1136D, 0xFDC18279, 0x5946202B,
|
||||
0xFAAE3A37, 0x4C764C88, 0x78075D9B, 0x844C8BA0,
|
||||
0xCC33419E, 0x4B0832F6, 0x10D15E89, 0xEE0DD05A,
|
||||
0x27432AF3, 0xE12CECA6, 0x60A231B3, 0xF81F258E,
|
||||
0xE0BA44D7, 0x144F471B, 0xB4C8451E, 0x3705395C,
|
||||
0xE8A69794, 0x3C23F27E, 0x186D2FBA, 0x3DAED36B,
|
||||
0xF04DEFF1, 0x0CFA7BDD, 0xFEE45A4F, 0x5E9A4684,
|
||||
0x98438C69, 0x5F1D921B, 0x7E43FD86, 0xBD0CF049,
|
||||
0x28F47D38, 0x7DF38246, 0x8EED8923, 0xE524E7FC,
|
||||
0x089BEC03, 0x15E3DE77, 0x78E8AE28, 0xCB79A298,
|
||||
0x9F604E2B, 0x3C6428F7, 0xDCDEABF3, 0x33BAF60A,
|
||||
0xBF801273, 0x247B0C3E, 0xE74A8192, 0xB45AC81D,
|
||||
0xFC0D2ABE, 0xF17E99F5, 0x412BD1C1, 0x75DF4247,
|
||||
0xA90FC3C0, 0xB2A99C0E, 0x0D3999D7, 0xD04543BA,
|
||||
0x0FBC28A1, 0xEF68C7EF, 0x64327F30, 0xF11ECDBE,
|
||||
0x4DBD312C, 0xD71CE03A, 0xAEFDAD34, 0xE1CC7315,
|
||||
0x797A865C, 0xB9F1B1EB, 0xF7E68DFA, 0x816685B4,
|
||||
0x9F38D44B, 0x366911C8, 0x756A7336, 0x696B8261,
|
||||
0xC2FA21D2, 0x75085BF3, 0x2E5402B4, 0x75E6E744,
|
||||
0xEAD80B0C, 0x4E689F68, 0x7A9452C6, 0xA5E1958A,
|
||||
0x4B2B0A24, 0x97E0165E, 0xA4539B68, 0xF87A3096,
|
||||
0x6543CA9D, 0x92A8D398, 0xA7D7FDB4, 0x1EA966B3,
|
||||
0x75B50372, 0x4C63A778, 0x34E8E033, 0x87C60F82,
|
||||
0xFC47303B, 0x8469AB86, 0x2DAADA50, 0xCFBB663F,
|
||||
0x711C9C41, 0xE6C1C423, 0x8751BAA9, 0x861EC777,
|
||||
0x31BCCCE1, 0xC1333271, 0x06864BEE, 0x41B50595,
|
||||
0xD2267D30, 0x878BA5C5, 0x65267F56, 0x2118FB18,
|
||||
0xA6DDD3DE, 0x8D309B98, 0x68928CB2, 0xFAE967DC,
|
||||
0x3CEC52D0, 0x9CA8404B, 0xAADD68A8, 0x3AC6B1DF,
|
||||
0xD53D67EA, 0x95C8D163, 0xB5F03F1D, 0x3A4C28A7,
|
||||
0xE3C4B709, 0xB8EB7C65, 0xE76B42A3, 0x25E5A217,
|
||||
0x6B6DD2B4, 0xBEFC5DF4, 0x9ACA5758, 0xC17F14D3,
|
||||
0xB224A9D3, 0xDE1A7C8F, 0x1382911B, 0x627A2FB9,
|
||||
0xC66AE36E, 0x02CC60EF, 0xC6800B20, 0x7A583C77,
|
||||
0xE1CECEE8, 0xCA0001B4, 0x6A14CF16, 0xEF45DD21,
|
||||
0x64CAA7D5, 0xFF3F1D95, 0xD328C67E, 0xC85868B1,
|
||||
0x7FBF3FEB, 0x13D68388, 0x25373DD9, 0x8DE47EFB,
|
||||
0x47912F26, 0x65515942, 0xC5ED711D, 0x6A368929,
|
||||
0xA2405C50, 0xFFA9D6EB, 0xED39A0D4, 0xE456B8B5,
|
||||
0x53283330, 0x7837FD52, 0x6EE46629, 0xCAFC9D63,
|
||||
0xB781B08F, 0xDD61D834, 0xFB9ACF09, 0xEDA4444A,
|
||||
0xBB6AA57F, 0xAED2385C, 0x22C9474D, 0x36E90167,
|
||||
0xE6DF6150, 0xF1B0DA3B, 0xC3F6800E, 0x966302E0,
|
||||
0x7DB1F627, 0xF9632186, 0xB4933075, 0x81C5C817,
|
||||
0x878CA140, 0x4EDE8FED, 0x1AF347C1, 0xFDEB72BA,
|
||||
0x2DA7FF9A, 0xB9BA3638, 0x2BB883F1, 0x474D1417,
|
||||
0xC2F474A4, 0x1E2CF9F3, 0x231CB6B0, 0x7E574B53,
|
||||
0xEDA8E1DA, 0xE1ACB7BB, 0xD1E354A6, 0x7C32B431,
|
||||
0x8189991B, 0x25F9376A, 0x3FFA8782, 0xCD9038F1,
|
||||
0x119EDBD1, 0x5C571840, 0x3DCA350F, 0x83923909,
|
||||
0x9DC3CF55, 0x94D79DD0, 0xD683DE2B, 0xECF4316A,
|
||||
0x0FFF48D4, 0x5D8076ED, 0x12B42C97, 0x2284CDB4,
|
||||
0xCB245554, 0x3025B4D9, 0xB0075F35, 0x43A3802E,
|
||||
0x18332B4D, 0x056C4467, 0xC597E3F7, 0x3F0EAF9D,
|
||||
0xF48EBB9F, 0x92F62731, 0xBDB76296, 0x516D4466,
|
||||
0x226102B3, 0x15E38046, 0xA683C4E0, 0x6C0D1962,
|
||||
0xE20CB6CA, 0xC90C1D70, 0xD0FF8692, 0xD1419690,
|
||||
0x2D6F1081, 0x34782E5E, 0xAE092CD5, 0x90C99193,
|
||||
0xE97C0405, 0xEAE201DA, 0x631FB5AC, 0x279A2821,
|
||||
0xDF47BA5B, 0xFBE587E2, 0x6810AD2D, 0xC63E94BD,
|
||||
0x9AF36B42, 0xF14F0855, 0x946CE350, 0x7E3320E0,
|
||||
0x34130DFF, 0x8C57C413, 0xAB0723B2, 0xF514C743,
|
||||
0x63694BA3, 0x5665D23D, 0x6292C0B5, 0x9D768323,
|
||||
0x2F8E447C, 0xB99A00FB, 0x6F8E5970, 0x69B3BB45,
|
||||
0x59253E02, 0x1C518A02, 0xDD7C1232, 0xC6416C38,
|
||||
0x77E10340, 0xCF6BEB9A, 0x006F9239, 0x0E99B50F,
|
||||
0x863AD247, 0x75F0451A, 0x096E9094, 0xE0C2B357,
|
||||
0x7CC81E15, 0x222759D4, 0xEE5BCFD0, 0x050F829B,
|
||||
0x723B8FA9, 0x76143C55, 0x3B455EAF, 0xC2683EFD,
|
||||
0xEE7874B4, 0x9BCE92F7, 0x6EED7461, 0x8E93898F,
|
||||
0xA4EBE1D0, 0xFA4F019F, 0x1B0AD6DA, 0xA39CDE2F,
|
||||
0x27002B33, 0x830D478D, 0x3EEA937E, 0x572E7DA3,
|
||||
0x4BFFA4D1, 0x5E53DB0B, 0x708D21EE, 0xB003E23B,
|
||||
0x12ED0756, 0x53CA0412, 0x73237D35, 0x438EC16B,
|
||||
0x295177B8, 0xC85F4EE6, 0xB67FD3B4, 0x5221BC81,
|
||||
0xD84E3094, 0x18C84200, 0x855E0795, 0x37BEC004,
|
||||
0xDF9FAFC9, 0x60BEB6CD, 0x8645F0C5, 0xB1D2F1C3,
|
||||
0xECDC4AE3, 0x424D17F1, 0x8429238C, 0x6155EAAB,
|
||||
0xA17BEE21, 0x218D3637, 0x88A462CC, 0x8A1A031E,
|
||||
0x3F671EA5, 0x9FA08639, 0xFF4A0F8E, 0x34167A7D,
|
||||
0x1A817F54, 0x3215F21E, 0x412DD498, 0x57B633E7,
|
||||
0xE8A2431F, 0x397BD699, 0x5A155288, 0xBB3538E8,
|
||||
0xA49806D2, 0x49438A07, 0x24963568, 0x40414C26,
|
||||
0xE45C08D4, 0x61D2435B, 0x2F36AEDE, 0x6580370C,
|
||||
0x02A56A5E, 0x53B18017, 0xAF2C83FC, 0xF4C83871,
|
||||
0xD9E5DDC3, 0x17B90B01, 0xED4A0904, 0xFA6DA26B,
|
||||
0x35D9840D, 0xA0C505E4, 0x3396D0B5, 0xEC66B509,
|
||||
0xC190E41C, 0x2F0CE5CF, 0x419C3E94, 0x220D42CA,
|
||||
0x2F611F4F, 0x47906734, 0x8C2CDB17, 0xD8658F1C,
|
||||
0x2F6745CD, 0x543D0D4F, 0x818F0469, 0x380FFDAE,
|
||||
0xF5DD91E2, 0xAD25E46A, 0xE7039205, 0xA9F47165,
|
||||
0xB2114C12, 0xCF7F626F, 0x54D2C9FF, 0xE4736A36,
|
||||
0x16DB09FC, 0xE2B787BB, 0x9631709A, 0x72629F66,
|
||||
0x819EBA08, 0x7F5D73F3, 0xA0B0B91C, 0xFEDFBA71,
|
||||
0x252F14EE, 0xF26F8FA2, 0x92805F94, 0x43650F7F,
|
||||
0x3051124F, 0x72CA8EAD, 0x21973E34, 0xA5B70509,
|
||||
0xB36A41CC, 0xC52EDE5F, 0xF706A24E, 0x8AAF9F92,
|
||||
0xADF6D99A, 0x23746D73, 0x1DA39F70, 0x9660FC8F,
|
||||
0xA0A8CFEB, 0x83D5EFCA, 0x0AA4A72F, 0xEEF1B2DE,
|
||||
0x00CFCC66, 0x8A145369, 0x6376CEDA, 0xA3262E2E,
|
||||
0x3367BBA8, 0x01488C32, 0x5561A2AD, 0x40821BF2,
|
||||
0xF0C89F61, 0xC4FAA6B3, 0xD843377A, 0x67A76555,
|
||||
0xE8D9F1CE, 0x943034FF, 0x2BD468BD, 0xA514D935,
|
||||
0x50CDB19D, 0xA09C7E9E, 0x6FEBEC30, 0xB1B36CF7,
|
||||
0xCD7A30BC, 0x36C6FE0A, 0x2DF52C45, 0x45C9957F,
|
||||
0x65076A79, 0xBF783DEE, 0x718D37F0, 0x098F9117,
|
||||
0x9A70C430, 0x80EB1A53, 0x9F2505B1, 0x48D10D98,
|
||||
0xB8D781E9, 0xF2376133, 0xECF25B98, 0x5A3B0E18,
|
||||
0x2F623537, 0x9F0E34A4, 0xF1027EB6, 0xF9B16022,
|
||||
0xBA3FEC59, 0xEF7226FD, 0x9F3058AA, 0xBB51DE0E,
|
||||
0xD5435EA0, 0x8A6479D5, 0x077708B8, 0x9634876A,
|
||||
0x069A260A, 0x168D9E6A, 0x9FD18E94, 0x8A7ACD53,
|
||||
0x8E5A5869, 0x1B6F35FD, 0xA968913B, 0xC72F076B,
|
||||
0x7DDA354C, 0x25B0297C, 0xD07219D5, 0xA66862BA,
|
||||
0x87E8EE67, 0xFA28809B, 0x55762443, 0x31EF4956,
|
||||
0xF4F4A511, 0x9A9378CB, 0x42ABDBDE, 0x7AA484B7,
|
||||
0xE8EC22ED, 0xCADDEF61, 0x9D18538A, 0xA81B923E,
|
||||
0x9C32F92A, 0x6D278E58, 0x4CDFC716, 0xAB64814F,
|
||||
0xF832BF1A, 0xE2C1A36B, 0x20675610, 0xE78D855A,
|
||||
0x38332C3D, 0x5AE0EAD9, 0x2E23F22D, 0x3C8683C5,
|
||||
0xA351AF89, 0x54720D3B, 0xABC6E51F, 0x89330C8E,
|
||||
0x600D5650, 0x197EA0C6, 0x7D502A5D, 0x3A536EA7,
|
||||
0x7DF71F32, 0x456FE645, 0x3EF5E7A2, 0x6664BCAF,
|
||||
0xA9D074C2, 0xE9D9E478, 0x1AE9AB77, 0xFECE7160,
|
||||
0xC618EEEC, 0x771B0026, 0x2B54F43C, 0x145DA102,
|
||||
0x1B3D7949, 0xBB6E2D9D, 0xDB8FDC4A, 0x25397EBA,
|
||||
0x9228A6E9, 0x56B4C69D, 0x337B943C, 0xE35B716C,
|
||||
0xF7FE89A1, 0x023AC20D, 0x033165C8, 0x9F13B130,
|
||||
0xC1BAFB1D, 0xA2C42C8C, 0x58E4D431, 0xE10741E6,
|
||||
0x2547589A, 0x8D9EF7BD, 0x7E322280, 0xF49FDDC2,
|
||||
0xBE21A094, 0xA061178A, 0x34D9F13B, 0x694D652F,
|
||||
0x05084A2A, 0x2767B991, 0xE8536AB4, 0xEBFADF6F,
|
||||
0xF4C8DFAC, 0xD9967CCA, 0xE04BCF3F, 0x232B3460,
|
||||
0x9FF6E88A, 0x6DF3A2B0, 0x0FE10E99, 0x7B059283,
|
||||
0x067BFB57, 0x8DDA26B0, 0xB7D6652F, 0x85705248,
|
||||
0x0826240C, 0x5DF7F52E, 0x47973463, 0xB9C22D37,
|
||||
0x9BEB265D, 0x493AB6FD, 0x10C0FB07, 0x947C102A,
|
||||
0x5FEC0608, 0x140E07AE, 0x8B330F43, 0x9364A649,
|
||||
0xC9AD63EF, 0xBE4B2475, 0x1A09AC77, 0x9E40A4B0,
|
||||
0xBA9C23E7, 0x7F4A798D, 0xE2C52D66, 0xA26EE9E0,
|
||||
0x8C79DCE7, 0xDD7F1C3D, 0x6AE83B20, 0x073DBA03,
|
||||
0xB1844D97, 0x16D7ED6E, 0x5E0DE0B1, 0xA497D717,
|
||||
0xFA507AA2, 0xC332649B, 0x21419E15, 0x384D9CCC,
|
||||
0x8B915A8B, 0xBA328FD5, 0xF99E8016, 0x545725EC,
|
||||
0xED9840ED, 0x71E5D78A, 0x21862496, 0x6F858B6C,
|
||||
0xF3736AE2, 0x8979FC2B, 0x5C8122D0, 0x0A20EB5A,
|
||||
0x2278AA6E, 0x55275E74, 0x22D57650, 0xE5FFDC96,
|
||||
0x6BA86E10, 0x4EC5BFCC, 0x05AFA305, 0xFB7FD007,
|
||||
0x726EA097, 0xF6A349C4, 0xCB2F71E4, 0x08DD80BA,
|
||||
0x892D0E23, 0xBD2E0A55, 0x40AC0CD3, 0xBFAF5688,
|
||||
0x6E40A6A5, 0x6DA1BBE0, 0x969557A9, 0xFB88629B,
|
||||
0x11F845C4, 0x5FC91C6F, 0x1B0C7E79, 0xD6946953,
|
||||
0x27A164A0, 0x55D20869, 0x29A2182D, 0x406AA963,
|
||||
0x74F40C59, 0x56A90570, 0x535AC9C6, 0x9521EF76,
|
||||
0xBA38759B, 0xCD6EF76E, 0xF2181DB9, 0x7BE78DA6,
|
||||
0xF88E4115, 0xABA7E166, 0xF60DC9B3, 0xFECA1EF3,
|
||||
0x43DF196A, 0xCC4FC9DD, 0x428A8961, 0xCF6B4560,
|
||||
0x87B30B57, 0x20E7BAC5, 0xBFBDCCDF, 0xF7D3F6BB,
|
||||
0x7FC311C8, 0x2C7835B5, 0xA24F6821, 0x6A38454C,
|
||||
0x460E42FD, 0x2B6BA832, 0xC7068C72, 0x28CDCE59,
|
||||
0xAE82A0B4, 0x25F39572, 0x9B6C7758, 0xE0FE9EBA,
|
||||
0xA8F03EE1, 0xD70B928E, 0x95E529D7, 0xDD91DB86,
|
||||
0xF912BA8C, 0x7F478A6A, 0x1F017850, 0x5A717E10,
|
||||
0xDAC243F9, 0xD235F314, 0x4F80AAE6, 0xA46364D8,
|
||||
0xA1E3A9E9, 0x495FEFB1, 0xB9058508, 0x23A20999,
|
||||
0x73D18118, 0xCA3EEE2A, 0x34E1C7E2, 0xAADBADBD};
|
||||
@ -1,63 +0,0 @@
|
||||
/* This is free and unencumbered software released into the public domain.
|
||||
*
|
||||
* Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
* distribute this software, either in source code form or as a compiled
|
||||
* binary, for any purpose, commercial or non-commercial, and by any
|
||||
* means.
|
||||
*
|
||||
* See LICENSE for complete information.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <oqs/rand.h>
|
||||
|
||||
#include "local.h"
|
||||
|
||||
static void *(*volatile rlwe_memset_volatile)(void *, int, size_t) = memset;
|
||||
|
||||
void oqs_kex_rlwe_bcns15_generate_keypair(const uint32_t *a, uint32_t s[1024], uint32_t b[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand) {
|
||||
uint32_t e[1024];
|
||||
#if CONSTANT_TIME
|
||||
oqs_kex_rlwe_bcns15_sample_ct(s, rand);
|
||||
oqs_kex_rlwe_bcns15_sample_ct(e, rand);
|
||||
#else
|
||||
oqs_kex_rlwe_bcns15_sample(s, rand);
|
||||
oqs_kex_rlwe_bcns15_sample(e, rand);
|
||||
#endif
|
||||
oqs_kex_rlwe_bcns15_a_times_s_plus_e(b, a, s, e, ctx);
|
||||
rlwe_memset_volatile(e, 0, 1024 * sizeof(uint32_t));
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_compute_key_alice(const uint32_t b[1024], const uint32_t s[1024], const uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) {
|
||||
uint32_t w[1024];
|
||||
oqs_kex_rlwe_bcns15_fft_mul(w, b, s, ctx);
|
||||
#if CONSTANT_TIME
|
||||
oqs_kex_rlwe_bcns15_rec_ct(k, w, c);
|
||||
#else
|
||||
oqs_kex_rlwe_bcns15_rec(k, w, c);
|
||||
#endif
|
||||
rlwe_memset_volatile(w, 0, 1024 * sizeof(uint32_t));
|
||||
}
|
||||
|
||||
void oqs_kex_rlwe_bcns15_compute_key_bob(const uint32_t b[1024], const uint32_t s[1024], uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand) {
|
||||
uint32_t v[1024];
|
||||
uint32_t eprimeprime[1024];
|
||||
#if CONSTANT_TIME
|
||||
oqs_kex_rlwe_bcns15_sample_ct(eprimeprime, rand);
|
||||
#else
|
||||
oqs_kex_rlwe_bcns15_sample(eprimeprime, rand);
|
||||
#endif
|
||||
oqs_kex_rlwe_bcns15_a_times_s_plus_e(v, b, s, eprimeprime, ctx);
|
||||
#if CONSTANT_TIME
|
||||
oqs_kex_rlwe_bcns15_crossround2_ct(c, v, rand);
|
||||
oqs_kex_rlwe_bcns15_round2_ct(k, v);
|
||||
#else
|
||||
oqs_kex_rlwe_bcns15_crossround2(c, v, rand);
|
||||
oqs_kex_rlwe_bcns15_round2(k, v);
|
||||
#endif
|
||||
rlwe_memset_volatile(v, 0, 1024 * sizeof(uint32_t));
|
||||
rlwe_memset_volatile(eprimeprime, 0, 1024 * sizeof(uint32_t));
|
||||
}
|
||||
@ -1,63 +0,0 @@
|
||||
/* This is free and unencumbered software released into the public domain.
|
||||
*
|
||||
* Anyone is free to copy, modify, publish, use, compile, sell, or
|
||||
* distribute this software, either in source code form or as a compiled
|
||||
* binary, for any purpose, commercial or non-commercial, and by any
|
||||
* means.
|
||||
*
|
||||
* See LICENSE for complete information.
|
||||
*/
|
||||
|
||||
static uint64_t rlwe_table[52][3] = {
|
||||
{0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0x1FFFFFFFFFFFFFFF},
|
||||
{0xE0C81DA0D6A8BD22, 0x161ABD186DA13542, 0x5CEF2C248806C827},
|
||||
{0x8D026C4E14BC7408, 0x4344C125B3533F22, 0x9186506BCC065F20},
|
||||
{0x10AC7CEC7D7E2A3B, 0x5D62CE65E6217813, 0xBAAB5F82BCDB43B3},
|
||||
{0x709C92996E94D801, 0x1411F551608E4D22, 0xD7D9769FAD23BCB1},
|
||||
{0x6287D827008404B7, 0x7E1526D618902F20, 0xEA9BE2F4D6DDB5ED},
|
||||
{0x34CBDC118C15F40E, 0xE7D2A13787E94674, 0xF58A99474919B8C9},
|
||||
{0xD521F7EBBBE8C3A2, 0xE8A773D9A1EA0AAB, 0xFB5117812753B7B8},
|
||||
{0xC3D9E58131089A6A, 0x148CB49FF716491B, 0xFE151BD0928596D3},
|
||||
{0x2E060C4A842A27F6, 0x07E44D009ADB0049, 0xFF487508BA9F7208},
|
||||
{0xFCEDEFCFAA887582, 0x1A5409BF5D4B039E, 0xFFC16686270CFC82},
|
||||
{0x4FE22E5DF9FAAC20, 0xFDC99BFE0F991958, 0xFFEC8AC3C159431B},
|
||||
{0xA36605F81B14FEDF, 0xA6FCD4C13F4AFCE0, 0xFFFA7DF4B6E92C28},
|
||||
{0x9D1FDCFF97BBC957, 0x4B869C6286ED0BB5, 0xFFFE94BB4554B5AC},
|
||||
{0x6B3EEBA74AAD104B, 0xEC72329E974D63C7, 0xFFFFAADE1B1CAA95},
|
||||
{0x48C8DA4009C10760, 0x337F6316C1FF0A59, 0xFFFFEDDC1C6436DC},
|
||||
{0x84480A71312F35E7, 0xD95E7B2CD6933C97, 0xFFFFFC7C9DC2569A},
|
||||
{0x23C01DAC1513FA0F, 0x8E0B132AE72F729F, 0xFFFFFF61BC337FED},
|
||||
{0x90C89D6570165907, 0x05B9D725AAEA5CAD, 0xFFFFFFE6B3CF05F7},
|
||||
{0x692E2A94C500EC7D, 0x99E8F72C370F27A6, 0xFFFFFFFC53EA610E},
|
||||
{0x28C2998CEAE37CC8, 0xC6E2F0D7CAFA9AB8, 0xFFFFFFFF841943DE},
|
||||
{0xC515CF4CB0130256, 0x4745913CB4F9E4DD, 0xFFFFFFFFF12D07EC},
|
||||
{0x39F0ECEA047D6E3A, 0xEE62D42142AC6544, 0xFFFFFFFFFE63E348},
|
||||
{0xDF11BB25B50462D6, 0x064A0C6CC136E943, 0xFFFFFFFFFFD762C7},
|
||||
{0xCDBA0DD69FD2EA0F, 0xC672F3A74DB0F175, 0xFFFFFFFFFFFC5E37},
|
||||
{0xFDB966A75F3604D9, 0x6ABEF8B144723D83, 0xFFFFFFFFFFFFB48F},
|
||||
{0x3C4FECBB600740D1, 0x697598CEADD71A15, 0xFFFFFFFFFFFFFA72},
|
||||
{0x1574CC916D60E673, 0x12F5A30DD99D7051, 0xFFFFFFFFFFFFFFA1},
|
||||
{0xDD3DCD1B9CB7321D, 0x4016ED3E05883572, 0xFFFFFFFFFFFFFFFA},
|
||||
{0xB4A4E8CF3DF79A7A, 0xAF22D9AFAD5A73CF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x91056A8196F74466, 0xFBF88681905332BA, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x965B9ED9BD366C04, 0xFFD16385AF29A51F, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xF05F75D38F2D28A3, 0xFFFE16FF8EA2B60C, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x77E35C8980421EE8, 0xFFFFEDD3C9DDC7E8, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x92783617956F140A, 0xFFFFFF63392B6E8F, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xA536DC994639AD78, 0xFFFFFFFB3592B3D1, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x8F3A871874DD9FD5, 0xFFFFFFFFDE04A5BB, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x310DE3650170B717, 0xFFFFFFFFFF257152, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x1F21A853A422F8CC, 0xFFFFFFFFFFFB057B, 0xFFFFFFFFFFFFFFFF},
|
||||
{0x3CA9D5C6DB4EE2BA, 0xFFFFFFFFFFFFE5AD, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xCFD9CE958E59869C, 0xFFFFFFFFFFFFFF81, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xDB8E1F91D955C452, 0xFFFFFFFFFFFFFFFD, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xF78EE3A8E99E08C3, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFE1D7858BABDA25, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFF9E52E32CAB4A, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFFFEE13217574F, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFFFFFD04888041, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFFFFFFF8CD8A56, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFFFFFFFFF04111, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFFFFFFFFFFE0C5, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFFFFFFFFFFFFC7, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF},
|
||||
{0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}};
|
||||
Loading…
x
Reference in New Issue
Block a user