From 08330aee8bbe713ae12ea44b426a888ab25b3487 Mon Sep 17 00:00:00 2001 From: Douglas Stebila Date: Sun, 8 Jul 2018 16:10:56 -0400 Subject: [PATCH] Remove KEX_RLWE_BCNS15 --- Makefile.am | 3 - README.md | 4 +- VisualStudio/oqs/oqs.vcxproj | 32 +- VisualStudio/oqs/oqs.vcxproj.filters | 27 -- configure.ac | 2 - docs/Algorithm data sheets/kex_rlwe_bcns15.md | 80 ----- src/kex/kex.c | 5 +- src/kex/kex.h | 1 - src/kex/test_kex.c | 1 - src/kex_lwe_frodo/local.h | 2 +- src/kex_rlwe_bcns15/LICENSE.txt | 32 -- src/kex_rlwe_bcns15/Makefile.am | 9 - src/kex_rlwe_bcns15/fft.c | 243 -------------- src/kex_rlwe_bcns15/kex_rlwe_bcns15.c | 191 ----------- src/kex_rlwe_bcns15/kex_rlwe_bcns15.h | 25 -- src/kex_rlwe_bcns15/local.h | 46 --- src/kex_rlwe_bcns15/rlwe.c | 296 ------------------ src/kex_rlwe_bcns15/rlwe_a.h | 267 ---------------- src/kex_rlwe_bcns15/rlwe_kex.c | 63 ---- src/kex_rlwe_bcns15/rlwe_table.h | 63 ---- 20 files changed, 11 insertions(+), 1381 deletions(-) delete mode 100644 docs/Algorithm data sheets/kex_rlwe_bcns15.md delete mode 100644 src/kex_rlwe_bcns15/LICENSE.txt delete mode 100644 src/kex_rlwe_bcns15/Makefile.am delete mode 100644 src/kex_rlwe_bcns15/fft.c delete mode 100644 src/kex_rlwe_bcns15/kex_rlwe_bcns15.c delete mode 100644 src/kex_rlwe_bcns15/kex_rlwe_bcns15.h delete mode 100644 src/kex_rlwe_bcns15/local.h delete mode 100644 src/kex_rlwe_bcns15/rlwe.c delete mode 100644 src/kex_rlwe_bcns15/rlwe_a.h delete mode 100644 src/kex_rlwe_bcns15/rlwe_kex.c delete mode 100644 src/kex_rlwe_bcns15/rlwe_table.h diff --git a/Makefile.am b/Makefile.am index dd6c176b5..dd0688581 100644 --- a/Makefile.am +++ b/Makefile.am @@ -30,7 +30,6 @@ endif if USE_KEX_NTRU liboqs_la_LIBADD += src/kex_ntru/libntru.la endif -liboqs_la_LIBADD += src/kex_rlwe_bcns15/libbcns15.la if USE_KEX_RLWE_NEWHOPE liboqs_la_LIBADD += src/kex_rlwe_newhope/libnewhope.la endif @@ -65,7 +64,6 @@ installheader_HEADERS=config.h \ src/kex/kex.h \ src/kex_lwe_frodo/kex_lwe_frodo.h \ src/kex_ntru/kex_ntru.h \ - src/kex_rlwe_bcns15/kex_rlwe_bcns15.h \ src/kex_rlwe_newhope/kex_rlwe_newhope.h \ src/kex_sidh_msr/kex_sidh_msr.h \ src/kem/sike/kem_sike.h \ @@ -216,7 +214,6 @@ links: cp -f src/kex/kex.h include/oqs cp -f src/kex_lwe_frodo/kex_lwe_frodo.h include/oqs cp -f src/kex_ntru/kex_ntru.h include/oqs - cp -f src/kex_rlwe_bcns15/kex_rlwe_bcns15.h include/oqs cp -f src/kex_rlwe_newhope/kex_rlwe_newhope.h include/oqs if USE_KEX_RLWE_NEWHOPE_AVX2 bash patches/apply-patch.sh kex_rlwe_newhope_avx2 diff --git a/README.md b/README.md index e193c4e12..e721a2f90 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,6 @@ Contents liboqs currently contains: -- `kex_rlwe_bcns15`: key exchange from the ring learning with errors problem (Bos, Costello, Naehrig, Stebila, *IEEE Symposium on Security & Privacy 2015*, [https://eprint.iacr.org/2014/599](https://eprint.iacr.org/2014/599)) - `kex_rlwe_newhope`: "NewHope": key exchange from the ring learning with errors problem (Alkim, Ducas, Pöppelmann, Schwabe, *USENIX Security 2016*, [https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092)) (using the reference C implementation of NewHope from [https://github.com/tpoeppelmann/newhope](https://github.com/tpoeppelmann/newhope)) - `kex_lwe_frodo`: "Frodo": key exchange from the learning with errors problem (Bos, Costello, Ducas, Mironov, Naehrig, Nikolaenko, Raghunathan, Stebila, *ACM Conference on Computer and Communications Security 2016*, [https://eprint.iacr.org/2016/659](https://eprint.iacr.org/2016/659)) - `kex_sidh_msr`: key exchange from the supersingular isogeny Diffie-Hellman problem (Costello, Naehrig, Longa, *CRYPTO 2016*, [https://eprint.iacr.org/2016/413](https://eprint.iacr.org/2016/413)), using the implementation of Microsoft Research [https://www.microsoft.com/en-us/research/project/sidh-library/](https://www.microsoft.com/en-us/research/project/sidh-library/) @@ -86,7 +85,7 @@ To run benchmark only on some ciphers, run to list the available ciphers and then run e.g. - ./test_kex --bench rlwe_bcns15 rlwe_newhope + ./test_kex --bench rlwe_newhope #### Memory benchmarks @@ -222,7 +221,6 @@ liboqs is licensed under the MIT License; see [LICENSE.txt](https://github.com/o - `src/crypto/rand_urandom_chacha20/external`: public domain - `src/crypto/sha3`: public domain - `src/kex_code_mcbits`: public domain -- `src/kex_rlwe_bcns15`: public domain ([Unlicense](http://unlicense.org)) - `src/kex_rlwe_newhope`: public domain - `src/kex_sidh_msr`: MIT License - `src/sig_picnic`: MIT License diff --git a/VisualStudio/oqs/oqs.vcxproj b/VisualStudio/oqs/oqs.vcxproj index 377c4c41e..19e938e0f 100644 --- a/VisualStudio/oqs/oqs.vcxproj +++ b/VisualStudio/oqs/oqs.vcxproj @@ -49,10 +49,6 @@ - - - - @@ -101,10 +97,6 @@ - - - - @@ -256,7 +248,7 @@ Level3 Disabled - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreadedDebug @@ -276,7 +268,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" @@ -293,7 +284,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\" Level3 Disabled - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreadedDebugDLL @@ -314,7 +305,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" @@ -331,7 +321,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\" Level3 Disabled - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreadedDebug @@ -352,7 +342,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" @@ -374,7 +363,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\" Level3 Disabled - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;_DEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreadedDebugDLL @@ -397,7 +386,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" @@ -419,7 +407,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\" MaxSpeed true true - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreaded @@ -441,7 +429,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" @@ -460,7 +447,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\" MaxSpeed true true - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;MUL_M4RI;REDUCED_LINEAR_LAYER;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;AES_DISABLE_NI;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreadedDLL @@ -483,7 +470,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" @@ -502,7 +488,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\" MaxSpeed true true - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreaded @@ -525,7 +511,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" @@ -549,7 +534,7 @@ copy "$(SolutionDir)..\src\sig_picnic\sig_picnic.h" "$(SolutionDir)include\oqs\" MaxSpeed true true - inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_BCNS15;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions) + inline=__inline;WITH_LOWMC_128_128_20;WITH_LOWMC_192_192_30;WITH_LOWMC_256_256_38;WITH_OPT;WITH_SSE2;WITH_SSE4_1;WITH_AVX2;MUL_M4RI;REDUCED_LINEAR_LAYER;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;DISABLE_NTRU_ON_WINDOWS_BY_DEFAULT;OQS_RAND_DEFAULT_URANDOM_CHACHA20;OQS_KEX_DEFAULT_NEWHOPE;CONSTANT_TIME;NDEBUG;_LIB;%(PreprocessorDefinitions) false $(SolutionDir)include;$(SolutionDir)..\src\sig_picnic\external\;$(SolutionDir)..\src\sig_picnic\external\sha3\;$(SolutionDir)..\src\sig_picnic\external\sha3\opt64\ MultiThreadedDLL @@ -574,7 +559,6 @@ copy "$(SolutionDir)..\src\crypto\rand_urandom_chacha20\rand_urandom_chacha20.h" copy "$(SolutionDir)..\src\crypto\rand_urandom_aesctr\rand_urandom_aesctr.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\crypto\sha3\sha3.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex\kex.h" "$(SolutionDir)include\oqs\" -copy "$(SolutionDir)..\src\kex_rlwe_bcns15\kex_rlwe_bcns15.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_rlwe_newhope\kex_rlwe_newhope.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_lwe_frodo\kex_lwe_frodo.h" "$(SolutionDir)include\oqs\" copy "$(SolutionDir)..\src\kex_code_mcbits\kex_code_mcbits.h" "$(SolutionDir)include\oqs\" diff --git a/VisualStudio/oqs/oqs.vcxproj.filters b/VisualStudio/oqs/oqs.vcxproj.filters index 89ebec5f4..90bf97d04 100644 --- a/VisualStudio/oqs/oqs.vcxproj.filters +++ b/VisualStudio/oqs/oqs.vcxproj.filters @@ -1,15 +1,9 @@  - - KEX_BCNS15 - KEX_Frodo - - KEX_BCNS15 - KEX_NewHope @@ -19,12 +13,6 @@ KEX_Frodo - - KEX_BCNS15 - - - KEX_BCNS15 - Common @@ -138,27 +126,15 @@ KEX_Frodo - - KEX_BCNS15 - KEX_NewHope - - KEX_BCNS15 - KEX_Frodo KEX_NewHope - - KEX_BCNS15 - - - KEX_BCNS15 - Common @@ -297,9 +273,6 @@ {3bb6aa76-f294-47a9-bf22-76245c9cb1d1} - - {ab581356-2a96-4211-99e3-f5cecd92eda3} - {6bfff158-3e78-402f-ba16-e8d315089de8} diff --git a/configure.ac b/configure.ac index 6e2679d3a..47c28d8bb 100644 --- a/configure.ac +++ b/configure.ac @@ -176,7 +176,6 @@ SRCDIR=${SRCDIR}" src/crypto/aes src/crypto/sha3 src/crypto/rand_urandom_aesctr # KEX SRCDIR=${SRCDIR}" src/kex" -SRCDIR=${SRCDIR}" src/kex_rlwe_bcns15" if test x"$kex_lwe_frodo" = x"true"; then SRCDIR=${SRCDIR}" src/kex_lwe_frodo" @@ -271,7 +270,6 @@ AC_CONFIG_FILES([Makefile src/crypto/rand_urandom_chacha20/Makefile src/crypto/rand_urandom_aesctr/Makefile src/crypto/aes/Makefile - src/kex_rlwe_bcns15/Makefile src/kex_rlwe_newhope/Makefile src/kex_sidh_msr/Makefile src/kex_code_mcbits/Makefile diff --git a/docs/Algorithm data sheets/kex_rlwe_bcns15.md b/docs/Algorithm data sheets/kex_rlwe_bcns15.md deleted file mode 100644 index 1cf67dac1..000000000 --- a/docs/Algorithm data sheets/kex_rlwe_bcns15.md +++ /dev/null @@ -1,80 +0,0 @@ -Algorithm data sheet: `kex_rlwe_bcns15` -======================================= - -Algorithm ---------- - -**Name:** BCNS15 - -**Description:** Key exchange protocol proposed by Bos et al. [BCNS15] based on the ring learning with errors problem. Instantiation of the approximate KEM in public key encryption scheme of Lyubashevsky, Peikert, Regev [LPR10], using reconciliation mechanism of Peikert [Pei14]. - -**Supporting research:** - -- [BCNS15] Joppe W. Bos, Craig Costello, Michael Naehrig, Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In *IEEE Symposium on Security and Privacy (S&P) 2015*, pp. 553-570. IEEE, May 2015. [https://eprint.iacr.org/2014/599](https://eprint.iacr.org/2014/599) -- [Pei14] Chris Peikert. Lattice cryptography for the Internet. In *PQCrypto 2014*, volume 8772 of LNCS, pages 197–219. Springer, 2014. [https://eprint.iacr.org/2014/070](https://eprint.iacr.org/2014/070) -- [LPR10] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In *EUROCRYPT 2010*, volume 6110 of LNCS, pages 1–23. Springer, May 2010. [https://eprint.iacr.org/2012/230](https://eprint.iacr.org/2012/230) - -Security --------- - -**Security model:** Unauthenticated key exchange / passive (IND-CPA) key encapsulation mechanism - -**Underlying hard problem(s):** Decision ring learning with errors problem - -Parameter set 1 ---------------- - -**Claimed classical security:** - -- 2^163.8 (original paper) -- 2^86 ([https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092)) - -**Claimed quantum security:** - -- ≥ 2^81.9 (original paper) -- 2^78 ([https://eprint.iacr.org/2015/1092](https://eprint.iacr.org/2015/1092)) - -**Communication size:** - -- Alice → Bob: 4,096 bytes -- Bob → Alice: 4,224 bytes -- total: 8,320 bytes - -Implementation --------------- - -**Source of implementation:** Original research paper ([https://github.com/dstebila/rlwekex](https://github.com/dstebila/rlwekex)) - -**License:** Public domain ("Unlicense", [http://unlicense.org](http://unlicense.org)) - -**Language:** C - -**Constant-time:** When preprocessor macro `CONSTANT_TIME` is defined - -**Options:** - -- preprocessor macro `CONSTANT_TIME` to enable constant-time code - -**Testing:** - -- Correctness: covered by test harness `test_kex` -- Statistics of shared secrets: covered by test harness `test_kex` - - statistical distance from uniform over 100 iterations: 0.0561185025 -- Static analysis: - - `scan_build` - -**Runtime:** - -Operation | Iterations | Total time (s) | Time (us): mean | pop. stdev | CPU cycles: mean | pop. stdev ------------------------------- | ----------:| --------------:| ---------------:| ----------:| ----------------:| ----------: -alice 0 | 17664 | 10.000 | 566.145 | 24.189 | 2269004 | 96901 -bob | 10923 | 10.001 | 915.562 | 53.806 | 3669454 | 215632 -alice 1 | 86154 | 10.000 | 116.071 | 13.987 | 465102 | 56014 - -Runtime measurement configuration: - -- CPU: Intel Core i7 (6700K "Skylake") with 4 cores each running at 4.0 GHz; single-threaded runtime measurements -- TurboBoost and hyperthreading (hardware multithreading): disabled -- liboqs version: commit [c5382941aecc85df90b9179458c9fba7a9f45611](https://github.com/open-quantum-safe/liboqs/commit/c5382941aecc85df90b9179458c9fba7a9f45611) -- compiler: gcc-6 (Homebrew gcc 6.2.0) 6.2.0 -- build command: make CC=gcc-6 diff --git a/src/kex/kex.c b/src/kex/kex.c index 23056e3c2..63ee8e0b7 100644 --- a/src/kex/kex.c +++ b/src/kex/kex.c @@ -4,7 +4,6 @@ #include #include -#include #include #include @@ -31,7 +30,7 @@ OQS_KEX *OQS_KEX_new(OQS_RAND *rand, enum OQS_KEX_alg_name alg_name, const uint8 switch (alg_name) { case OQS_KEX_alg_default: - return OQS_KEX_rlwe_bcns15_new(rand); + return OQS_KEX_rlwe_newhope_new(rand); case OQS_KEX_alg_lwe_frodo: #ifdef ENABLE_KEX_LWE_FRODO return OQS_KEX_lwe_frodo_new_recommended(rand, seed, seed_len, named_parameters); @@ -52,8 +51,6 @@ OQS_KEX *OQS_KEX_new(OQS_RAND *rand, enum OQS_KEX_alg_name alg_name, const uint8 assert(0); #endif #endif - case OQS_KEX_alg_rlwe_bcns15: - return OQS_KEX_rlwe_bcns15_new(rand); case OQS_KEX_alg_rlwe_newhope: #ifdef ENABLE_KEX_RLWE_NEWHOPE return OQS_KEX_rlwe_newhope_new(rand); diff --git a/src/kex/kex.h b/src/kex/kex.h index 3be164968..a41d4263b 100644 --- a/src/kex/kex.h +++ b/src/kex/kex.h @@ -20,7 +20,6 @@ enum OQS_KEX_alg_name { OQS_KEX_alg_default, - OQS_KEX_alg_rlwe_bcns15, OQS_KEX_alg_rlwe_newhope, OQS_KEX_alg_lwe_frodo, OQS_KEX_alg_sidh_msr_503, diff --git a/src/kex/test_kex.c b/src/kex/test_kex.c index 665c983f2..0b041c4cd 100644 --- a/src/kex/test_kex.c +++ b/src/kex/test_kex.c @@ -34,7 +34,6 @@ struct kex_testcase kex_testcases[] = { {OQS_KEX_alg_ntru, NULL, 0, NULL, "ntru", 0, 25}, #endif #endif - {OQS_KEX_alg_rlwe_bcns15, NULL, 0, NULL, "rlwe_bcns15", 0, 100}, #ifdef ENABLE_KEX_RLWE_NEWHOPE {OQS_KEX_alg_rlwe_newhope, NULL, 0, NULL, "rlwe_newhope", 0, 100}, #endif diff --git a/src/kex_lwe_frodo/local.h b/src/kex_lwe_frodo/local.h index 1d8afa47f..84d41b4d2 100644 --- a/src/kex_lwe_frodo/local.h +++ b/src/kex_lwe_frodo/local.h @@ -39,4 +39,4 @@ void oqs_kex_lwe_frodo_mul_add_sa_plus_e_on_the_fly_recommended(uint16_t *b, con void oqs_kex_lwe_frodo_mul_add_sb_plus_e_recommended(uint16_t *out, const uint16_t *b, const uint16_t *s, const uint16_t *e); void oqs_kex_lwe_frodo_mul_bs_recommended(uint16_t *out, const uint16_t *b, const uint16_t *s); -#endif /* _OQS_KEX_RLWE_BCNS15_LOCAL_H_ */ +#endif /* _OQS_KEX_LWE_FRODO_LOCAL_H_ */ diff --git a/src/kex_rlwe_bcns15/LICENSE.txt b/src/kex_rlwe_bcns15/LICENSE.txt deleted file mode 100644 index 07f72eb90..000000000 --- a/src/kex_rlwe_bcns15/LICENSE.txt +++ /dev/null @@ -1,32 +0,0 @@ -The files in this directory (except kex_rlwe_bcns15.*) were originally written -by Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila -(https://github.com/dstebila/rlwekex). - - -The following license applies to all files in the src/kex_rlwe_bcns15 directory. - - -This is free and unencumbered software released into the public domain. - -Anyone is free to copy, modify, publish, use, compile, sell, or -distribute this software, either in source code form or as a compiled -binary, for any purpose, commercial or non-commercial, and by any -means. - -In jurisdictions that recognize copyright laws, the author or authors -of this software dedicate any and all copyright interest in the -software to the public domain. We make this dedication for the benefit -of the public at large and to the detriment of our heirs and -successors. We intend this dedication to be an overt act of -relinquishment in perpetuity of all present and future rights to this -software under copyright law. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR -OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, -ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -OTHER DEALINGS IN THE SOFTWARE. - -For more information, please refer to diff --git a/src/kex_rlwe_bcns15/Makefile.am b/src/kex_rlwe_bcns15/Makefile.am deleted file mode 100644 index d2d0eff9a..000000000 --- a/src/kex_rlwe_bcns15/Makefile.am +++ /dev/null @@ -1,9 +0,0 @@ -AUTOMAKE_OPTIONS = foreign -noinst_LTLIBRARIES = libbcns15.la - - -libbcns15_la_SOURCES = fft.c kex_rlwe_bcns15.c rlwe.c rlwe_kex.c - -libbcns15_la_CPPFLAGS = -I../../include -libbcns15_la_CPPFLAGS += $(AM_CPPFLAGS) - diff --git a/src/kex_rlwe_bcns15/fft.c b/src/kex_rlwe_bcns15/fft.c deleted file mode 100644 index 751520917..000000000 --- a/src/kex_rlwe_bcns15/fft.c +++ /dev/null @@ -1,243 +0,0 @@ -/* This is free and unencumbered software released into the public domain. - * - * Anyone is free to copy, modify, publish, use, compile, sell, or - * distribute this software, either in source code form or as a compiled - * binary, for any purpose, commercial or non-commercial, and by any - * means. - * - * See LICENSE for complete information. - */ - -#include -#include -#include - -#include "local.h" - -static void *(*volatile rlwe_memset_volatile)(void *, int, size_t) = memset; - -/* Reduction modulo p = 2^32 - 1. - * This is not a prime since 2^32-1 = (2^1+1)*(2^2+1)*(2^4+1)*(2^8+1)*(2^16+1). - * But since 2 is a unit in Z/pZ we can use it for computing FFTs in - * Z/pZ[X]/(X^(2^7)+1) - */ - -/* Caution: - * We use a redundant representation where the integer 0 is represented both - * by 0 and 2^32-1. - * This approach follows the description from the paper: - * Joppe W. Bos, Craig Costello, Huseyin Hisil, and Kristin Lauter: Fast Cryptography in Genus 2 - * EUROCRYPT 2013, Lecture Notes in Computer Science 7881, pp. 194-210, Springer, 2013. - * More specifically see: Section 3 related to Modular Addition/Subtraction. - */ - -/* Compute: c = (a+b) mod (2^32-1) - * Let, t = a+b = t_1*2^32 + t0, where 0 <= t_1 <= 1, 0 <= t_0 < 2^32. - * Then t mod (2^32-1) = t0 + t1 */ - -/* NOTE: - * Implementing this arithmetic in asm might significantly - * increase performance. - */ - -#define modadd(c, a, b) \ - do { \ - uint32_t _t = a + b; \ - c = _t + (_t < a); \ - } while (0) - -#define modsub(c, a, b) c = (a - b) - (b > a) - -#define modmul(c, a, b) \ - do { \ - uint64_t _T = (uint64_t) a * (uint64_t) b; \ - modadd(c, ((uint32_t) _T), ((uint32_t)((uint64_t) _T >> (uint64_t) 32))); \ - } while (0) - -#define modmuladd(c, a, b) \ - do { \ - uint64_t _T = (uint64_t) a * (uint64_t) b + c; \ - modadd(c, ((uint32_t) _T), ((uint32_t)((uint64_t) _T >> (uint64_t) 32))); \ - } while (0) - -#define div2(c, a) c = (uint32_t)(((uint64_t)(a) + (uint64_t)((uint32_t)(0 - ((a) &1)) & 0xFFFFFFFF)) >> 1) -#define normalize(c, a) c = (a) + ((a) == 0xFFFFFFFF) - -/* Define the basic building blocks for the FFT. */ -#define SET_ZERO(x) (x) = 0 -#define add(c, a, b) modadd(c, a, b) -#define sub(c, a, b) modsub(c, a, b) -#define mul(c, a, b) modmul(c, a, b) -#define moddiv2(c, a) \ - normalize(c, a); \ - div2(c, c) -#define neg(c, a) \ - (c) = 0xFFFFFFFF - (a); \ - normalize(c, c) -#define squ(c, a) mul(c, a, a) -#define set(c, a) (c) = (a) - -/* Reverse the bits, approach from "Bit Twiddling Hacks" - * See: https://graphics.stanford.edu/~seander/bithacks.html - */ -static uint32_t reverse(uint32_t x) { - x = (((x & 0xaaaaaaaa) >> 1) | ((x & 0x55555555) << 1)); - x = (((x & 0xcccccccc) >> 2) | ((x & 0x33333333) << 2)); - x = (((x & 0xf0f0f0f0) >> 4) | ((x & 0x0f0f0f0f) << 4)); - x = (((x & 0xff00ff00) >> 8) | ((x & 0x00ff00ff) << 8)); - return ((x >> 16) | (x << 16)); -} - -/* Nussbaumer approach, see: - * H. J. Nussbaumer. Fast polynomial transform algorithms for digital convolution. Acoustics, Speech and - * Signal Processing, IEEE Transactions on, 28(2):205{215, 1980 - * We followed the description from Knuth: - * D. E. Knuth. Seminumerical Algorithms. The Art of Computer Programming. Addison-Wesley, Reading, - * Massachusetts, USA, 3rd edition, 1997 - * Exercise Exercise 4.6.4.59. - */ - -static void naive(uint32_t *z, const uint32_t *x, const uint32_t *y, unsigned int n) { - unsigned int i, j, k; - uint32_t A, B; - - for (i = 0; i < n; i++) { - SET_ZERO(B); - - mul(A, x[0], y[i]); - - for (j = 1; j <= i; j++) { - modmuladd(A, x[j], y[i - j]); - } - - for (k = 1; j < n; j++, k++) { - modmuladd(B, x[j], y[n - k]); - } - sub(z[i], A, B); - } -} - -static void nussbaumer_fft(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) { - uint32_t(*X1)[64] = ctx->x1; - uint32_t(*Y1)[64] = ctx->y1; - uint32_t(*Z1)[64] = ctx->z1; - uint32_t *T1 = ctx->t1; - unsigned int i; - int j; - - for (i = 0; i < 32; i++) { - for (j = 0; j < 32; j++) { - set(X1[i][j], x[32 * j + i]); - set(X1[i + 32][j], x[32 * j + i]); - - set(Y1[i][j], y[32 * j + i]); - set(Y1[i + 32][j], y[32 * j + i]); - } - } - - for (j = 4; j >= 0; j--) { - for (i = 0; i < (1U << (5 - j)); i++) { - unsigned int t, ssr = reverse(i); - for (t = 0; t < (1U << j); t++) { - unsigned int s, sr, I, L, a; - s = i; - sr = (ssr >> (32 - 5 + j)); - sr <<= j; - s <<= (j + 1); - - // X_i(w) = X_i(w) + w^kX_l(w) can be computed as - // X_ij = X_ij - X_l(j-k+r) for 0 <= j < k - // X_ij = X_ij + X_l(j-k) for k <= j < r - I = s + t, L = s + t + (1 << j); - - for (a = sr; a < 32; a++) { - set(T1[a], X1[L][a - sr]); - } - for (a = 0; a < sr; a++) { - neg(T1[a], X1[L][32 + a - sr]); - } - - for (a = 0; a < 32; a++) { - sub(X1[L][a], X1[I][a], T1[a]); - add(X1[I][a], X1[I][a], T1[a]); - } - - for (a = sr; a < 32; a++) { - set(T1[a], Y1[L][a - sr]); - } - for (a = 0; a < sr; a++) { - neg(T1[a], Y1[L][32 + a - sr]); - } - - for (a = 0; a < 32; a++) { - sub(Y1[L][a], Y1[I][a], T1[a]); - add(Y1[I][a], Y1[I][a], T1[a]); - } - } - } - } - - for (i = 0; i < 2 * 32; i++) { - naive(Z1[i], X1[i], Y1[i], 32); - } - - for (j = 0; j <= (int) 5; j++) { - for (i = 0; i < (1U << (5 - j)); i++) { - unsigned int t, ssr = reverse(i); - for (t = 0; t < (1U << j); t++) { - unsigned int s, sr, A, B, a; - s = i; - sr = (ssr >> (32 - 5 + j)); - sr <<= j; - s <<= (j + 1); - - A = s + t; - B = s + t + (1 << j); - for (a = 0; a < 32; a++) { - sub(T1[a], Z1[A][a], Z1[B][a]); - moddiv2(T1[a], T1[a]); - add(Z1[A][a], Z1[A][a], Z1[B][a]); - moddiv2(Z1[A][a], Z1[A][a]); - } - - // w^{-(r/m)s'} (Z_{s+t}(w)-Z_{s+t+2^j}(w)) - for (a = 0; a < 32 - sr; a++) { - set(Z1[B][a], T1[a + sr]); - } - for (a = 32 - sr; a < 32; a++) { - neg(Z1[B][a], T1[a - (32 - sr)]); - } - } - } - } - - for (i = 0; i < 32; i++) { - sub(z[i], Z1[i][0], Z1[32 + i][32 - 1]); - for (j = 1; j < 32; j++) { - add(z[32 * j + i], Z1[i][j], Z1[32 + i][j - 1]); - } - } -} - -void oqs_kex_rlwe_bcns15_fft_mul(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) { - nussbaumer_fft(z, x, y, ctx); -} - -void oqs_kex_rlwe_bcns15_fft_add(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024]) { - int i; - for (i = 0; i < 1024; i++) { - add(z[i], x[i], y[i]); - } -} - -void oqs_kex_rlwe_bcns15_fft_ctx_clear(struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) { - if (ctx == NULL) { - return; - } - for (int i = 0; i < 64; i++) { - rlwe_memset_volatile(ctx->x1[i], 0, 64 * sizeof(uint32_t)); - rlwe_memset_volatile(ctx->y1[i], 0, 64 * sizeof(uint32_t)); - rlwe_memset_volatile(ctx->z1[i], 0, 64 * sizeof(uint32_t)); - } - rlwe_memset_volatile(ctx->t1, 0, 64 * sizeof(uint32_t)); -} diff --git a/src/kex_rlwe_bcns15/kex_rlwe_bcns15.c b/src/kex_rlwe_bcns15/kex_rlwe_bcns15.c deleted file mode 100644 index 18b828801..000000000 --- a/src/kex_rlwe_bcns15/kex_rlwe_bcns15.c +++ /dev/null @@ -1,191 +0,0 @@ -#include -#include -#if !defined(_WIN32) -#include -#include -#endif - -#include -#include -#include - -#include "kex_rlwe_bcns15.h" -#include "local.h" - -#include "rlwe_a.h" - -#if defined(_WIN32) -#define strdup _strdup // for strdup deprecation warning -#endif - -OQS_KEX *OQS_KEX_rlwe_bcns15_new(OQS_RAND *rand) { - - OQS_KEX *k = malloc(sizeof(OQS_KEX)); - if (k == NULL) { - return NULL; - } - - k->ctx = malloc(sizeof(struct oqs_kex_rlwe_bcns15_fft_ctx)); - if (k->ctx == NULL) { - free(k); - return NULL; - } - - k->method_name = strdup("RLWE BCNS15"); - k->estimated_classical_security = 163; - k->estimated_quantum_security = 76; - k->seed = NULL; - k->seed_len = 0; - k->named_parameters = NULL; - k->rand = rand; - k->params = NULL; - k->alice_0 = &OQS_KEX_rlwe_bcns15_alice_0; - k->bob = &OQS_KEX_rlwe_bcns15_bob; - k->alice_1 = &OQS_KEX_rlwe_bcns15_alice_1; - k->alice_priv_free = &OQS_KEX_rlwe_bcns15_alice_priv_free; - k->free = &OQS_KEX_rlwe_bcns15_free; - - return k; -} - -OQS_STATUS OQS_KEX_rlwe_bcns15_alice_0(OQS_KEX *k, void **alice_priv, uint8_t **alice_msg, size_t *alice_msg_len) { - - OQS_STATUS ret; - uint32_t *alice_msg_32 = NULL; - - *alice_priv = NULL; - *alice_msg = NULL; - - /* allocate public/private key pair */ - alice_msg_32 = malloc(1024 * sizeof(uint32_t)); - if (alice_msg_32 == NULL) { - goto err; - } - *alice_priv = malloc(1024 * sizeof(uint32_t)); - if (*alice_priv == NULL) { - goto err; - } - - /* generate public/private key pair */ - oqs_kex_rlwe_bcns15_generate_keypair(oqs_kex_rlwe_bcns15_a, (uint32_t *) *alice_priv, alice_msg_32, k->ctx, k->rand); - *alice_msg = (uint8_t *) alice_msg_32; - *alice_msg_len = 1024 * sizeof(uint32_t); - - ret = OQS_SUCCESS; - goto cleanup; - -err: - ret = OQS_ERROR; - free(alice_msg_32); - OQS_MEM_secure_free(*alice_priv, 1024 * sizeof(uint32_t)); - *alice_priv = NULL; - -cleanup: - return ret; -} - -OQS_STATUS OQS_KEX_rlwe_bcns15_bob(OQS_KEX *k, const uint8_t *alice_msg, const size_t alice_msg_len, uint8_t **bob_msg, size_t *bob_msg_len, uint8_t **key, size_t *key_len) { - - OQS_STATUS ret; - - uint32_t *bob_priv = NULL; - uint64_t *key_64 = NULL; - - *bob_msg = NULL; - *key = NULL; - - if (alice_msg_len != 1024 * sizeof(uint32_t)) { - goto err; - } - - bob_priv = malloc(1024 * sizeof(uint32_t)); - if (bob_priv == NULL) { - goto err; - } - /* allocate message and session key */ - *bob_msg = malloc(1024 * sizeof(uint32_t) + 16 * sizeof(uint64_t)); - if (*bob_msg == NULL) { - goto err; - } - key_64 = malloc(16 * sizeof(uint64_t)); - if (key_64 == NULL) { - goto err; - } - - /* generate public/private key pair */ - oqs_kex_rlwe_bcns15_generate_keypair(oqs_kex_rlwe_bcns15_a, bob_priv, (uint32_t *) *bob_msg, k->ctx, k->rand); - - /* generate Bob's response */ - uint8_t *bob_rec = *bob_msg + 1024 * sizeof(uint32_t); - oqs_kex_rlwe_bcns15_compute_key_bob((uint32_t *) alice_msg, bob_priv, (uint64_t *) bob_rec, key_64, k->ctx, k->rand); - *bob_msg_len = 1024 * sizeof(uint32_t) + 16 * sizeof(uint64_t); - *key = (uint8_t *) key_64; - *key_len = 16 * sizeof(uint64_t); - - ret = OQS_SUCCESS; - goto cleanup; - -err: - ret = OQS_ERROR; - free(*bob_msg); - *bob_msg = NULL; - OQS_MEM_secure_free(key_64, 16 * sizeof(uint64_t)); - -cleanup: - OQS_MEM_secure_free(bob_priv, 1024 * sizeof(uint32_t)); - - return ret; -} - -OQS_STATUS OQS_KEX_rlwe_bcns15_alice_1(OQS_KEX *k, const void *alice_priv, const uint8_t *bob_msg, const size_t bob_msg_len, uint8_t **key, size_t *key_len) { - - OQS_STATUS ret; - - uint64_t *key_64 = NULL; - - *key = NULL; - - if (bob_msg_len != 1024 * sizeof(uint32_t) + 16 * sizeof(uint64_t)) { - goto err; - } - - /* allocate session key */ - key_64 = malloc(16 * sizeof(uint64_t)); - if (key_64 == NULL) { - goto err; - } - - /* generate Alice's session key */ - const uint8_t *bob_rec = bob_msg + 1024 * sizeof(uint32_t); - oqs_kex_rlwe_bcns15_compute_key_alice((uint32_t *) bob_msg, (uint32_t *) alice_priv, (uint64_t *) bob_rec, key_64, k->ctx); - *key = (uint8_t *) key_64; - *key_len = 16 * sizeof(uint64_t); - - ret = OQS_SUCCESS; - goto cleanup; - -err: - ret = OQS_ERROR; - OQS_MEM_secure_free(key_64, 16 * sizeof(uint64_t)); - -cleanup: - - return ret; -} - -void OQS_KEX_rlwe_bcns15_alice_priv_free(UNUSED OQS_KEX *k, void *alice_priv) { - if (alice_priv) { - free(alice_priv); - } -} - -void OQS_KEX_rlwe_bcns15_free(OQS_KEX *k) { - if (!k) { - return; - } - free(k->method_name); - k->method_name = NULL; - free(k->ctx); - k->ctx = NULL; - free(k); -} diff --git a/src/kex_rlwe_bcns15/kex_rlwe_bcns15.h b/src/kex_rlwe_bcns15/kex_rlwe_bcns15.h deleted file mode 100644 index ba9e70c1b..000000000 --- a/src/kex_rlwe_bcns15/kex_rlwe_bcns15.h +++ /dev/null @@ -1,25 +0,0 @@ -/** - * \file kex_rlwe_bcns15.h - * \brief Header for ring-LWE key exchange protocol BCNS15 - */ - -#ifndef __OQS_KEX_RLWE_BCNS15_H -#define __OQS_KEX_RLWE_BCNS15_H - -#include -#include - -#include -#include -#include - -OQS_KEX *OQS_KEX_rlwe_bcns15_new(OQS_RAND *rand); - -OQS_STATUS OQS_KEX_rlwe_bcns15_alice_0(OQS_KEX *k, void **alice_priv, uint8_t **alice_msg, size_t *alice_msg_len); -OQS_STATUS OQS_KEX_rlwe_bcns15_bob(OQS_KEX *k, const uint8_t *alice_msg, const size_t alice_msg_len, uint8_t **bob_msg, size_t *bob_msg_len, uint8_t **key, size_t *key_len); -OQS_STATUS OQS_KEX_rlwe_bcns15_alice_1(OQS_KEX *k, const void *alice_priv, const uint8_t *bob_msg, const size_t bob_msg_len, uint8_t **key, size_t *key_len); - -void OQS_KEX_rlwe_bcns15_alice_priv_free(OQS_KEX *k, void *alice_priv); -void OQS_KEX_rlwe_bcns15_free(OQS_KEX *k); - -#endif diff --git a/src/kex_rlwe_bcns15/local.h b/src/kex_rlwe_bcns15/local.h deleted file mode 100644 index ac07fe173..000000000 --- a/src/kex_rlwe_bcns15/local.h +++ /dev/null @@ -1,46 +0,0 @@ -/* This is free and unencumbered software released into the public domain. - * - * Anyone is free to copy, modify, publish, use, compile, sell, or - * distribute this software, either in source code form or as a compiled - * binary, for any purpose, commercial or non-commercial, and by any - * means. - * - * See LICENSE for complete information. - */ - -#ifndef _OQS_KEX_RLWE_BCNS15_LOCAL_H_ -#define _OQS_KEX_RLWE_BCNS15_LOCAL_H_ - -#include - -#include - -struct oqs_kex_rlwe_bcns15_fft_ctx { - uint32_t x1[64][64]; - uint32_t y1[64][64]; - uint32_t z1[64][64]; - uint32_t t1[64]; -}; - -void oqs_kex_rlwe_bcns15_fft_mul(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx); -void oqs_kex_rlwe_bcns15_fft_add(uint32_t z[1024], const uint32_t x[1024], const uint32_t y[1024]); - -void oqs_kex_rlwe_bcns15_fft_ctx_clear(struct oqs_kex_rlwe_bcns15_fft_ctx *ctx); - -void oqs_kex_rlwe_bcns15_sample_ct(uint32_t s[1024], OQS_RAND *rand); -void oqs_kex_rlwe_bcns15_round2_ct(uint64_t out[16], const uint32_t in[1024]); -void oqs_kex_rlwe_bcns15_crossround2_ct(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand); -void oqs_kex_rlwe_bcns15_rec_ct(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]); - -void oqs_kex_rlwe_bcns15_sample(uint32_t s[1024], OQS_RAND *rand); -void oqs_kex_rlwe_bcns15_round2(uint64_t out[16], const uint32_t in[1024]); -void oqs_kex_rlwe_bcns15_crossround2(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand); -void oqs_kex_rlwe_bcns15_rec(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]); - -void oqs_kex_rlwe_bcns15_a_times_s_plus_e(uint32_t out[1024], const uint32_t a[1024], const uint32_t s[1024], const uint32_t e[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *fft_ctx); - -void oqs_kex_rlwe_bcns15_generate_keypair(const uint32_t *a, uint32_t s[1024], uint32_t b[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand); -void oqs_kex_rlwe_bcns15_compute_key_alice(const uint32_t b[1024], const uint32_t s[1024], const uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx); -void oqs_kex_rlwe_bcns15_compute_key_bob(const uint32_t b[1024], const uint32_t s[1024], uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand); - -#endif /* _OQS_KEX_RLWE_BCNS15_LOCAL_H_ */ diff --git a/src/kex_rlwe_bcns15/rlwe.c b/src/kex_rlwe_bcns15/rlwe.c deleted file mode 100644 index 51970207c..000000000 --- a/src/kex_rlwe_bcns15/rlwe.c +++ /dev/null @@ -1,296 +0,0 @@ -/* This is free and unencumbered software released into the public domain. - * - * Anyone is free to copy, modify, publish, use, compile, sell, or - * distribute this software, either in source code form or as a compiled - * binary, for any purpose, commercial or non-commercial, and by any - * means. - * - * See LICENSE for complete information. - */ - -#if defined(_WIN32) -#pragma warning(disable : 4146 4244 4267) -#endif - -#include -#include -#include -#include -#include - -#include - -#include "local.h" - -#include "rlwe_table.h" - -#define setbit(a, x) ((a)[(x) / 64] |= (((uint64_t) 1) << (uint64_t)((x) % 64))) -#define getbit(a, x) (((a)[(x) / 64] >> (uint64_t)((x) % 64)) & 1) -#define clearbit(a, x) ((a)[(x) / 64] &= ((~((uint64_t) 0)) - (((uint64_t) 1) << (uint64_t)((x) % 64)))) - -/* Auxiliary functions for constant-time comparison */ - -/* - * Returns 1 if x != 0 - * Returns 0 if x == 0 - * x and y are arbitrary unsigned 64-bit integers - */ -static uint64_t ct_isnonzero_u64(uint64_t x) { - return (x | -x) >> 63; -} - -/* - * Returns 1 if x != y - * Returns 0 if x == y - * x and y are arbitrary unsigned 64-bit integers - */ -static uint64_t ct_ne_u64(uint64_t x, uint64_t y) { - return ((x - y) | (y - x)) >> 63; -} - -/* - * Returns 1 if x == y - * Returns 0 if x != y - * x and y are arbitrary unsigned 64-bit integers - */ -static uint64_t ct_eq_u64(uint64_t x, uint64_t y) { - return 1 ^ ct_ne_u64(x, y); -} - -/* Returns 1 if x < y - * Returns 0 if x >= y - * x and y are arbitrary unsigned 64-bit integers - */ -static uint64_t ct_lt_u64(uint64_t x, uint64_t y) { - return (x ^ ((x ^ y) | ((x - y) ^ y))) >> 63; -} - -/* - * Returns 1 if x > y - * Returns 0 if x <= y - * x and y are arbitrary unsigned 64-bit integers - */ -static uint64_t ct_gt_u64(uint64_t x, uint64_t y) { - return ct_lt_u64(y, x); -} - -/* - * Returns 1 if x <= y - * Returns 0 if x > y - * x and y are arbitrary unsigned 64-bit integers - */ -static uint64_t ct_le_u64(uint64_t x, uint64_t y) { - return 1 ^ ct_gt_u64(x, y); -} - -/* - * Returns 1 if x >= y - * Returns 0 if x < y - * x and y are arbitrary unsigned 64-bit integers - */ -static uint64_t ct_ge_u64(uint64_t x, uint64_t y) { - return 1 ^ ct_lt_u64(x, y); -} - -/* Returns 0xFFFF..FFFF if bit != 0 - * Returns 0 if bit == 0 - */ -static uint64_t ct_mask_u64(uint64_t bit) { - return 0 - (uint64_t) ct_isnonzero_u64(bit); -} - -/* Conditionally return x or y depending on whether bit is set - * Equivalent to: return bit ? x : y - * x and y are arbitrary 64-bit unsigned integers - * bit must be either 0 or 1. - */ -static uint64_t ct_select_u64(uint64_t x, uint64_t y, uint64_t bit) { - uint64_t m = ct_mask_u64(bit); - return (x & m) | (y & ~m); -} - -/* Returns 0 if a >= b - * Returns 1 if a < b - * Where a and b are both 3-limb 64-bit integers. - * This function runs in constant time. - */ -static int cmplt_ct(uint64_t *a, uint64_t *b) { - uint64_t r = 0; /* result */ - uint64_t m = 0; /* mask */ - int i; - for (i = 2; i >= 0; --i) { - r |= ct_lt_u64(a[i], b[i]) & ~m; - m |= ct_mask_u64(ct_ne_u64(a[i], b[i])); /* stop when a[i] != b[i] */ - } - return r & 1; -} - -static uint32_t single_sample(uint64_t *in) { - size_t i = 0; - - while (cmplt_ct(rlwe_table[i], in)) { // ~3.5 comparisons in expectation - i++; - } - - return i; -} - -/* We assume that e contains two random bits in the two - * least significant positions. */ -static uint64_t dbl(const uint32_t in, int32_t e) { - // sample uniformly from [-1, 0, 0, 1] - // Hence, 0 is sampled with twice the probability of 1 - e = (((e >> 1) & 1) - ((int32_t)(e & 1))); - return (uint64_t)((((uint64_t) in) << (uint64_t) 1) - e); -} - -/* Constant time version. */ -static uint32_t single_sample_ct(uint64_t *in) { - uint32_t index = 0, i; - for (i = 0; i < 52; i++) { - index = ct_select_u64(index, i + 1, cmplt_ct(in, rlwe_table[i])); - } - return index; -} - -void oqs_kex_rlwe_bcns15_sample_ct(uint32_t s[1024], OQS_RAND *rand) { - int i, j; - for (i = 0; i < 16; i++) { - uint64_t r = rand->rand_64(rand); - for (j = 0; j < 64; j++) { - uint64_t rnd[3]; - uint32_t m; - uint32_t t; - rnd[0] = rand->rand_64(rand); - rnd[1] = rand->rand_64(rand); - rnd[2] = rand->rand_64(rand); - m = (r & 1); - r >>= 1; - // use the constant time version single_sample - s[i * 64 + j] = single_sample_ct(rnd); - t = (uint32_t) -s[i * 64 + j]; - s[i * 64 + j] = ct_select_u64(t, s[i * 64 + j], ct_eq_u64(m, 0)); - } - } -} - -void oqs_kex_rlwe_bcns15_round2_ct(uint64_t out[16], const uint32_t in[1024]) { - int i; - memset(out, 0, 128); - for (i = 0; i < 1024; i++) { - uint64_t b = ct_ge_u64(in[i], 1073741824ULL) & - ct_le_u64(in[i], 3221225471ULL); - out[i / 64] |= b << (uint64_t)(i % 64); - } -} - -void oqs_kex_rlwe_bcns15_crossround2_ct(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand) { - int i, j; - memset(out, 0, 128); - for (i = 0; i < 64; i++) { - uint32_t e = rand->rand_32(rand); - for (j = 0; j < 16; j++) { - uint64_t dd; - uint64_t b; - dd = dbl(in[i * 16 + j], (int32_t) e); - e >>= 2; - b = (ct_ge_u64(dd, 2147483648ULL) & ct_le_u64(dd, 4294967295ULL)) | - (ct_ge_u64(dd, 6442450942ULL) & ct_le_u64(dd, 8589934590ULL)); - out[(i * 16 + j) / 64] |= (b << (uint64_t)((i * 16 + j) % 64)); - } - } -} - -void oqs_kex_rlwe_bcns15_rec_ct(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]) { - int i; - memset(out, 0, 128); - for (i = 0; i < 1024; i++) { - uint64_t coswi; - uint64_t B; - coswi = (((uint64_t) w[i]) << (uint64_t) 1); - B = (ct_eq_u64(getbit(b, i), 0) & ct_ge_u64(coswi, 3221225472ULL) & - ct_le_u64(coswi, 7516192766ULL)) | - (ct_eq_u64(getbit(b, i), 1) & ct_ge_u64(coswi, 1073741824ULL) & - ct_le_u64(coswi, 5368709118ULL)); - out[i / 64] |= (B << (uint64_t)(i % 64)); - } -} - -void oqs_kex_rlwe_bcns15_sample(uint32_t s[1024], OQS_RAND *rand) { - int i, j; - for (i = 0; i < 16; i++) { - uint64_t r = rand->rand_64(rand); - for (j = 0; j < 64; j++) { - uint64_t rnd[3]; - int32_t m; - rnd[0] = rand->rand_64(rand); - rnd[1] = rand->rand_64(rand); - rnd[2] = rand->rand_64(rand); - m = (r & 1); - r >>= 1; - s[i * 64 + j] = single_sample(rnd); - if (m) { - s[i * 64 + j] = (uint32_t) -s[i * 64 + j]; - } - } - } -} - -void oqs_kex_rlwe_bcns15_round2(uint64_t out[16], const uint32_t in[1024]) { - int i; - - // out should have enough space for 1024-bits - memset(out, 0, 128); - - //q/4 and 3*q/4 - for (i = 0; i < 1024; i++) { - if (in[i] >= 1073741824 && in[i] <= 3221225471) { - setbit(out, i); - } - } -} - -void oqs_kex_rlwe_bcns15_crossround2(uint64_t out[16], const uint32_t in[1024], OQS_RAND *rand) { - int i, j; - // out should have enough space for 1024-bits - memset(out, 0, 128); - - for (i = 0; i < 64; i++) { - uint32_t e = rand->rand_32(rand); - for (j = 0; j < 16; j++) { - uint64_t dd = dbl(in[i * 16 + j], (int32_t) e); - e >>= 2; - //q/2 to q and 3*q/2 to 2*q - if ((dd >= (uint64_t) 2147483648 && dd <= (uint64_t) 4294967295) || (dd >= (uint64_t) 6442450942 && dd <= (uint64_t) 8589934590)) { - setbit(out, (i * 16 + j)); - } - } - } -} - -void oqs_kex_rlwe_bcns15_rec(uint64_t out[16], const uint32_t w[1024], const uint64_t b[16]) { - int i; - - // out should have enough space for 1024 bits - memset(out, 0, 128); - - for (i = 0; i < 1024; i++) { - uint64_t coswi = (((uint64_t) w[i]) << (uint64_t) 1); - if (getbit(b, i) == 0) { - //Ceiling(2*3*q/8)..Floor(2*7*q/8) - if (coswi >= (uint64_t) 3221225472 && coswi <= (uint64_t) 7516192766) { - setbit(out, i); - } - } else { - // Ceiling(2*q/8)..Floor(2*5*q/8) - if (coswi >= (uint64_t) 1073741824 && coswi <= (uint64_t) 5368709118) { - setbit(out, i); - } - } - } -} - -void oqs_kex_rlwe_bcns15_a_times_s_plus_e(uint32_t out[1024], const uint32_t a[1024], const uint32_t s[1024], const uint32_t e[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) { - oqs_kex_rlwe_bcns15_fft_mul(out, a, s, ctx); - oqs_kex_rlwe_bcns15_fft_add(out, out, e); -} diff --git a/src/kex_rlwe_bcns15/rlwe_a.h b/src/kex_rlwe_bcns15/rlwe_a.h deleted file mode 100644 index aa5eb8ebb..000000000 --- a/src/kex_rlwe_bcns15/rlwe_a.h +++ /dev/null @@ -1,267 +0,0 @@ -/* This is free and unencumbered software released into the public domain. - * - * Anyone is free to copy, modify, publish, use, compile, sell, or - * distribute this software, either in source code form or as a compiled - * binary, for any purpose, commercial or non-commercial, and by any - * means. - * - * See LICENSE for complete information. - */ - -uint32_t oqs_kex_rlwe_bcns15_a[1024] = { - 0x29FE0191, 0xDD1A457D, 0x3534EE4B, 0x6450ED74, - 0xBBFE9F64, 0x92BF0F31, 0x8DCF8995, 0x4C5E30D0, - 0x9E2ED04D, 0x8C18FE0B, 0x1A70F2E7, 0x2625CD93, - 0x0065DA14, 0x6E009722, 0xE6A70E8B, 0xAEF6EF56, - 0x8C6C06AF, 0x9E59E953, 0x4995F67B, 0xE918EE9D, - 0x8B4F41A7, 0x0D811041, 0xF5FE6458, 0x3C02B584, - 0xCBCFC8FD, 0x5A01F116, 0x73408361, 0x44D3A098, - 0xBBDEECF6, 0x90E09082, 0xF8538BA4, 0xF9600091, - 0xD8D30FEF, 0x56201487, 0xACB2159D, 0x38F47F77, - 0xED7A864F, 0x8FC785CA, 0x7CBD6108, 0x3CA577DE, - 0xFF44CCC2, 0xA1385A79, 0x5C88E3AD, 0x177C46A9, - 0xDA4A4DD8, 0x2AA3594F, 0xA4A5E629, 0x47CA6F6E, - 0xB2DF1BC6, 0x6841B78E, 0x0823F5A8, 0xA18C7D52, - 0x7634A0D1, 0xDA1751BA, 0x18B9D25D, 0x5B2643BC, - 0xACC6975D, 0x48E786F4, 0x05E3ED4E, 0x4DC86568, - 0x3F5C5F99, 0x585DBFD7, 0xEF6E0715, 0x7D36B823, - 0x12D872CD, 0xD7B78F27, 0xDD672BF5, 0x2DC7C7EB, - 0xA3033801, 0x50E48348, 0x9162A260, 0x0BE8F15B, - 0xABB563EC, 0x06624C5A, 0x812BF7BC, 0x8637AC35, - 0xF44504F3, 0xFF8577AB, 0x4A0161B0, 0x000AEB0E, - 0x311204AF, 0x2A76831B, 0x4D903F3A, 0x97204FA9, - 0x9EB524E3, 0x1757AFAC, 0xBA369FEC, 0xCD8F198D, - 0x6B33C246, 0x51C13FCE, 0xB58ACC4E, 0x39ACF8DA, - 0x7BB7EBF7, 0xEDC1449D, 0xC7B47FDB, 0x9C39148D, - 0x4E688D7B, 0xFAD0C2C2, 0x296CE85C, 0x6045C89C, - 0x6441C0C6, 0x50C7C83A, 0xC11764DD, 0x58D7EEA2, - 0xE57B9D0E, 0x4E142770, 0xB8BFBB59, 0xE143EBAA, - 0xFF60C855, 0x238727F0, 0xE35B4A5B, 0x8F96940B, - 0x4498A6BA, 0x5911093A, 0x394DD002, 0x521B00D2, - 0x140BDAF9, 0xEAB67207, 0x21E631A6, 0xA04AADA9, - 0xA96A9843, 0x4B44CC9B, 0xE4D24C33, 0xC7E7AE78, - 0xE45A6C72, 0xCBE61D3C, 0xCE5A4869, 0x10442A52, - 0xDB11F194, 0x39FC415D, 0x7E7BDB76, 0xAE9EFA22, - 0x25F4F262, 0x472DD0A7, 0x42EBD7A0, 0xE8038ECE, - 0xD3DB002A, 0x8416D2EC, 0xDF88C989, 0x7FEA22D5, - 0xC7A3F6FE, 0x37409982, 0xF45B75E2, 0x9A4AC289, - 0x90406FD6, 0xEA1C74A5, 0x5777B39F, 0xD07F1FA3, - 0xCE6EDA0D, 0xD150ECFB, 0xBEFF71BA, 0x50129EFC, - 0x51CE65B9, 0xB9FB0AB8, 0x770C59CB, 0x11F2354F, - 0x8623D4BB, 0xD6FCAFD6, 0xB2B1697C, 0x0D7067E2, - 0x2BA5AFB9, 0xD369C585, 0x5B5E156C, 0xD8C81E6E, - 0x80CFDF16, 0xF6F441EB, 0xC173BAF5, 0x78099E3A, - 0xD38F027B, 0x4AC8D518, 0x8D0108A1, 0xE442B0F1, - 0x56F9EA3C, 0xD0D6BBCA, 0x4E17DCB4, 0x69BF743B, - 0x0CCE779F, 0xD5E59851, 0x63861EA2, 0xB1CB22C1, - 0xBBFD2ACE, 0xDDA390D1, 0xEDF1059F, 0x04F80F89, - 0xB13AF849, 0x58C66009, 0xE0D781C0, 0x588DC348, - 0xA305669D, 0x0D7AF67F, 0x32BC3C38, 0xD725EFBA, - 0xDC3D9434, 0x22BD7ED8, 0x2DFD2926, 0x4BDEAD3A, - 0xB2D5ECE6, 0x16B05C99, 0xFEEC7104, 0xF6CAC918, - 0x0944C774, 0xCE00633B, 0xC59DA01A, 0x41E8E924, - 0x335DF501, 0x3049E8EE, 0x5B4B8AAC, 0xC962FC91, - 0xD6BB22B3, 0x0AC870EB, 0xC3D99400, 0xA0CEAC28, - 0xAF07DE1E, 0x831C2824, 0x258C5DDC, 0x779417E6, - 0x41CB33D0, 0x4E51076A, 0xD1DB6038, 0x9E0B1C41, - 0xA9A1F90D, 0xF27E7705, 0x75892711, 0x5D9F1175, - 0x85CC508B, 0x5CA415BE, 0x1858C792, 0xFB18632F, - 0xC94111EB, 0x937C0D28, 0xC2A09970, 0x386209D9, - 0xBBDD9787, 0x2473F53A, 0xEF7E7637, 0xCFC8630B, - 0x2BA3B7F8, 0x3C0047AD, 0x10D76FF7, 0xB1D9414D, - 0xCEB7B902, 0xA5B543F5, 0x2E484905, 0xE0233C10, - 0xD061A1F8, 0xCED0A901, 0xAC373CAC, 0x04281F37, - 0x3609797F, 0xDB80964D, 0x7B49A74F, 0x7699656F, - 0x0DCEC4BC, 0x0EC49C2D, 0xF1573A4E, 0xA3708464, - 0x9A1E89F0, 0x6B26DEB6, 0x2329FA10, 0xCA4F2BFF, - 0x9E012C8E, 0x788C1DFD, 0x2C758156, 0x2774C544, - 0x150A1F7D, 0x50156D6E, 0x7B675DE1, 0x5D634703, - 0xA7CEB801, 0x92733DAB, 0xB213C00B, 0x304A65B1, - 0x8856CF8E, 0x7FF7DD67, 0xD0912293, 0x30064297, - 0x663D051D, 0x01BC31B4, 0x2B1700BD, 0x39D7D18F, - 0x1EAD5C95, 0x6FB9CD8B, 0xA09993A6, 0xB42071C0, - 0x3C1F2195, 0x7FDF4CF8, 0xC7565A7E, 0x64703D34, - 0x14B250EF, 0x2FA338D2, 0xAEE576DC, 0x6CCED41D, - 0x612D0913, 0xD0680733, 0x8B4DBE8A, 0x6FFEA3D0, - 0x46197CA2, 0xA77F916F, 0xFA5D7BD6, 0x01E22AEB, - 0x18E462DD, 0x4EC9B937, 0xDE753212, 0x05113C94, - 0x7786FBD4, 0xFB379F71, 0x756CF595, 0xEAADCFAB, - 0xBBD74C2E, 0x1F234AC9, 0x85E28AEB, 0x329F7878, - 0xD48FDE09, 0x47A60D0A, 0xAE95163F, 0x72E70995, - 0x27F9FCBF, 0xBDCFCC41, 0x334BC498, 0xEE7931A1, - 0xDFA6AEF4, 0x1EC5E1BF, 0x6221870F, 0xCD54AE13, - 0x7B56EF58, 0x4847B490, 0x31640CD3, 0x10940E14, - 0x556CC334, 0xC9E9B521, 0x499611FF, 0xBEC8D592, - 0x44A7DCB7, 0x4AC2EABD, 0x7D387357, 0x1B76D4B6, - 0x2EACE8C9, 0x52B2D2A4, 0x0C1F2A64, 0x50EF2B9A, - 0x3B23F4F4, 0x8DDE415E, 0xF6B92D2D, 0x9DB0F840, - 0xE18F309D, 0x737B7733, 0xF9F563C5, 0x3C5D4AEE, - 0x8136B0AF, 0xC5AC5550, 0x6E93DEF9, 0x946BCCEC, - 0x5163A273, 0xB5C72175, 0x4919EFBD, 0x222E9B68, - 0x6E43D8EE, 0xAA039B23, 0x913FD80D, 0x42206F18, - 0x5552C01F, 0x35B1136D, 0xFDC18279, 0x5946202B, - 0xFAAE3A37, 0x4C764C88, 0x78075D9B, 0x844C8BA0, - 0xCC33419E, 0x4B0832F6, 0x10D15E89, 0xEE0DD05A, - 0x27432AF3, 0xE12CECA6, 0x60A231B3, 0xF81F258E, - 0xE0BA44D7, 0x144F471B, 0xB4C8451E, 0x3705395C, - 0xE8A69794, 0x3C23F27E, 0x186D2FBA, 0x3DAED36B, - 0xF04DEFF1, 0x0CFA7BDD, 0xFEE45A4F, 0x5E9A4684, - 0x98438C69, 0x5F1D921B, 0x7E43FD86, 0xBD0CF049, - 0x28F47D38, 0x7DF38246, 0x8EED8923, 0xE524E7FC, - 0x089BEC03, 0x15E3DE77, 0x78E8AE28, 0xCB79A298, - 0x9F604E2B, 0x3C6428F7, 0xDCDEABF3, 0x33BAF60A, - 0xBF801273, 0x247B0C3E, 0xE74A8192, 0xB45AC81D, - 0xFC0D2ABE, 0xF17E99F5, 0x412BD1C1, 0x75DF4247, - 0xA90FC3C0, 0xB2A99C0E, 0x0D3999D7, 0xD04543BA, - 0x0FBC28A1, 0xEF68C7EF, 0x64327F30, 0xF11ECDBE, - 0x4DBD312C, 0xD71CE03A, 0xAEFDAD34, 0xE1CC7315, - 0x797A865C, 0xB9F1B1EB, 0xF7E68DFA, 0x816685B4, - 0x9F38D44B, 0x366911C8, 0x756A7336, 0x696B8261, - 0xC2FA21D2, 0x75085BF3, 0x2E5402B4, 0x75E6E744, - 0xEAD80B0C, 0x4E689F68, 0x7A9452C6, 0xA5E1958A, - 0x4B2B0A24, 0x97E0165E, 0xA4539B68, 0xF87A3096, - 0x6543CA9D, 0x92A8D398, 0xA7D7FDB4, 0x1EA966B3, - 0x75B50372, 0x4C63A778, 0x34E8E033, 0x87C60F82, - 0xFC47303B, 0x8469AB86, 0x2DAADA50, 0xCFBB663F, - 0x711C9C41, 0xE6C1C423, 0x8751BAA9, 0x861EC777, - 0x31BCCCE1, 0xC1333271, 0x06864BEE, 0x41B50595, - 0xD2267D30, 0x878BA5C5, 0x65267F56, 0x2118FB18, - 0xA6DDD3DE, 0x8D309B98, 0x68928CB2, 0xFAE967DC, - 0x3CEC52D0, 0x9CA8404B, 0xAADD68A8, 0x3AC6B1DF, - 0xD53D67EA, 0x95C8D163, 0xB5F03F1D, 0x3A4C28A7, - 0xE3C4B709, 0xB8EB7C65, 0xE76B42A3, 0x25E5A217, - 0x6B6DD2B4, 0xBEFC5DF4, 0x9ACA5758, 0xC17F14D3, - 0xB224A9D3, 0xDE1A7C8F, 0x1382911B, 0x627A2FB9, - 0xC66AE36E, 0x02CC60EF, 0xC6800B20, 0x7A583C77, - 0xE1CECEE8, 0xCA0001B4, 0x6A14CF16, 0xEF45DD21, - 0x64CAA7D5, 0xFF3F1D95, 0xD328C67E, 0xC85868B1, - 0x7FBF3FEB, 0x13D68388, 0x25373DD9, 0x8DE47EFB, - 0x47912F26, 0x65515942, 0xC5ED711D, 0x6A368929, - 0xA2405C50, 0xFFA9D6EB, 0xED39A0D4, 0xE456B8B5, - 0x53283330, 0x7837FD52, 0x6EE46629, 0xCAFC9D63, - 0xB781B08F, 0xDD61D834, 0xFB9ACF09, 0xEDA4444A, - 0xBB6AA57F, 0xAED2385C, 0x22C9474D, 0x36E90167, - 0xE6DF6150, 0xF1B0DA3B, 0xC3F6800E, 0x966302E0, - 0x7DB1F627, 0xF9632186, 0xB4933075, 0x81C5C817, - 0x878CA140, 0x4EDE8FED, 0x1AF347C1, 0xFDEB72BA, - 0x2DA7FF9A, 0xB9BA3638, 0x2BB883F1, 0x474D1417, - 0xC2F474A4, 0x1E2CF9F3, 0x231CB6B0, 0x7E574B53, - 0xEDA8E1DA, 0xE1ACB7BB, 0xD1E354A6, 0x7C32B431, - 0x8189991B, 0x25F9376A, 0x3FFA8782, 0xCD9038F1, - 0x119EDBD1, 0x5C571840, 0x3DCA350F, 0x83923909, - 0x9DC3CF55, 0x94D79DD0, 0xD683DE2B, 0xECF4316A, - 0x0FFF48D4, 0x5D8076ED, 0x12B42C97, 0x2284CDB4, - 0xCB245554, 0x3025B4D9, 0xB0075F35, 0x43A3802E, - 0x18332B4D, 0x056C4467, 0xC597E3F7, 0x3F0EAF9D, - 0xF48EBB9F, 0x92F62731, 0xBDB76296, 0x516D4466, - 0x226102B3, 0x15E38046, 0xA683C4E0, 0x6C0D1962, - 0xE20CB6CA, 0xC90C1D70, 0xD0FF8692, 0xD1419690, - 0x2D6F1081, 0x34782E5E, 0xAE092CD5, 0x90C99193, - 0xE97C0405, 0xEAE201DA, 0x631FB5AC, 0x279A2821, - 0xDF47BA5B, 0xFBE587E2, 0x6810AD2D, 0xC63E94BD, - 0x9AF36B42, 0xF14F0855, 0x946CE350, 0x7E3320E0, - 0x34130DFF, 0x8C57C413, 0xAB0723B2, 0xF514C743, - 0x63694BA3, 0x5665D23D, 0x6292C0B5, 0x9D768323, - 0x2F8E447C, 0xB99A00FB, 0x6F8E5970, 0x69B3BB45, - 0x59253E02, 0x1C518A02, 0xDD7C1232, 0xC6416C38, - 0x77E10340, 0xCF6BEB9A, 0x006F9239, 0x0E99B50F, - 0x863AD247, 0x75F0451A, 0x096E9094, 0xE0C2B357, - 0x7CC81E15, 0x222759D4, 0xEE5BCFD0, 0x050F829B, - 0x723B8FA9, 0x76143C55, 0x3B455EAF, 0xC2683EFD, - 0xEE7874B4, 0x9BCE92F7, 0x6EED7461, 0x8E93898F, - 0xA4EBE1D0, 0xFA4F019F, 0x1B0AD6DA, 0xA39CDE2F, - 0x27002B33, 0x830D478D, 0x3EEA937E, 0x572E7DA3, - 0x4BFFA4D1, 0x5E53DB0B, 0x708D21EE, 0xB003E23B, - 0x12ED0756, 0x53CA0412, 0x73237D35, 0x438EC16B, - 0x295177B8, 0xC85F4EE6, 0xB67FD3B4, 0x5221BC81, - 0xD84E3094, 0x18C84200, 0x855E0795, 0x37BEC004, - 0xDF9FAFC9, 0x60BEB6CD, 0x8645F0C5, 0xB1D2F1C3, - 0xECDC4AE3, 0x424D17F1, 0x8429238C, 0x6155EAAB, - 0xA17BEE21, 0x218D3637, 0x88A462CC, 0x8A1A031E, - 0x3F671EA5, 0x9FA08639, 0xFF4A0F8E, 0x34167A7D, - 0x1A817F54, 0x3215F21E, 0x412DD498, 0x57B633E7, - 0xE8A2431F, 0x397BD699, 0x5A155288, 0xBB3538E8, - 0xA49806D2, 0x49438A07, 0x24963568, 0x40414C26, - 0xE45C08D4, 0x61D2435B, 0x2F36AEDE, 0x6580370C, - 0x02A56A5E, 0x53B18017, 0xAF2C83FC, 0xF4C83871, - 0xD9E5DDC3, 0x17B90B01, 0xED4A0904, 0xFA6DA26B, - 0x35D9840D, 0xA0C505E4, 0x3396D0B5, 0xEC66B509, - 0xC190E41C, 0x2F0CE5CF, 0x419C3E94, 0x220D42CA, - 0x2F611F4F, 0x47906734, 0x8C2CDB17, 0xD8658F1C, - 0x2F6745CD, 0x543D0D4F, 0x818F0469, 0x380FFDAE, - 0xF5DD91E2, 0xAD25E46A, 0xE7039205, 0xA9F47165, - 0xB2114C12, 0xCF7F626F, 0x54D2C9FF, 0xE4736A36, - 0x16DB09FC, 0xE2B787BB, 0x9631709A, 0x72629F66, - 0x819EBA08, 0x7F5D73F3, 0xA0B0B91C, 0xFEDFBA71, - 0x252F14EE, 0xF26F8FA2, 0x92805F94, 0x43650F7F, - 0x3051124F, 0x72CA8EAD, 0x21973E34, 0xA5B70509, - 0xB36A41CC, 0xC52EDE5F, 0xF706A24E, 0x8AAF9F92, - 0xADF6D99A, 0x23746D73, 0x1DA39F70, 0x9660FC8F, - 0xA0A8CFEB, 0x83D5EFCA, 0x0AA4A72F, 0xEEF1B2DE, - 0x00CFCC66, 0x8A145369, 0x6376CEDA, 0xA3262E2E, - 0x3367BBA8, 0x01488C32, 0x5561A2AD, 0x40821BF2, - 0xF0C89F61, 0xC4FAA6B3, 0xD843377A, 0x67A76555, - 0xE8D9F1CE, 0x943034FF, 0x2BD468BD, 0xA514D935, - 0x50CDB19D, 0xA09C7E9E, 0x6FEBEC30, 0xB1B36CF7, - 0xCD7A30BC, 0x36C6FE0A, 0x2DF52C45, 0x45C9957F, - 0x65076A79, 0xBF783DEE, 0x718D37F0, 0x098F9117, - 0x9A70C430, 0x80EB1A53, 0x9F2505B1, 0x48D10D98, - 0xB8D781E9, 0xF2376133, 0xECF25B98, 0x5A3B0E18, - 0x2F623537, 0x9F0E34A4, 0xF1027EB6, 0xF9B16022, - 0xBA3FEC59, 0xEF7226FD, 0x9F3058AA, 0xBB51DE0E, - 0xD5435EA0, 0x8A6479D5, 0x077708B8, 0x9634876A, - 0x069A260A, 0x168D9E6A, 0x9FD18E94, 0x8A7ACD53, - 0x8E5A5869, 0x1B6F35FD, 0xA968913B, 0xC72F076B, - 0x7DDA354C, 0x25B0297C, 0xD07219D5, 0xA66862BA, - 0x87E8EE67, 0xFA28809B, 0x55762443, 0x31EF4956, - 0xF4F4A511, 0x9A9378CB, 0x42ABDBDE, 0x7AA484B7, - 0xE8EC22ED, 0xCADDEF61, 0x9D18538A, 0xA81B923E, - 0x9C32F92A, 0x6D278E58, 0x4CDFC716, 0xAB64814F, - 0xF832BF1A, 0xE2C1A36B, 0x20675610, 0xE78D855A, - 0x38332C3D, 0x5AE0EAD9, 0x2E23F22D, 0x3C8683C5, - 0xA351AF89, 0x54720D3B, 0xABC6E51F, 0x89330C8E, - 0x600D5650, 0x197EA0C6, 0x7D502A5D, 0x3A536EA7, - 0x7DF71F32, 0x456FE645, 0x3EF5E7A2, 0x6664BCAF, - 0xA9D074C2, 0xE9D9E478, 0x1AE9AB77, 0xFECE7160, - 0xC618EEEC, 0x771B0026, 0x2B54F43C, 0x145DA102, - 0x1B3D7949, 0xBB6E2D9D, 0xDB8FDC4A, 0x25397EBA, - 0x9228A6E9, 0x56B4C69D, 0x337B943C, 0xE35B716C, - 0xF7FE89A1, 0x023AC20D, 0x033165C8, 0x9F13B130, - 0xC1BAFB1D, 0xA2C42C8C, 0x58E4D431, 0xE10741E6, - 0x2547589A, 0x8D9EF7BD, 0x7E322280, 0xF49FDDC2, - 0xBE21A094, 0xA061178A, 0x34D9F13B, 0x694D652F, - 0x05084A2A, 0x2767B991, 0xE8536AB4, 0xEBFADF6F, - 0xF4C8DFAC, 0xD9967CCA, 0xE04BCF3F, 0x232B3460, - 0x9FF6E88A, 0x6DF3A2B0, 0x0FE10E99, 0x7B059283, - 0x067BFB57, 0x8DDA26B0, 0xB7D6652F, 0x85705248, - 0x0826240C, 0x5DF7F52E, 0x47973463, 0xB9C22D37, - 0x9BEB265D, 0x493AB6FD, 0x10C0FB07, 0x947C102A, - 0x5FEC0608, 0x140E07AE, 0x8B330F43, 0x9364A649, - 0xC9AD63EF, 0xBE4B2475, 0x1A09AC77, 0x9E40A4B0, - 0xBA9C23E7, 0x7F4A798D, 0xE2C52D66, 0xA26EE9E0, - 0x8C79DCE7, 0xDD7F1C3D, 0x6AE83B20, 0x073DBA03, - 0xB1844D97, 0x16D7ED6E, 0x5E0DE0B1, 0xA497D717, - 0xFA507AA2, 0xC332649B, 0x21419E15, 0x384D9CCC, - 0x8B915A8B, 0xBA328FD5, 0xF99E8016, 0x545725EC, - 0xED9840ED, 0x71E5D78A, 0x21862496, 0x6F858B6C, - 0xF3736AE2, 0x8979FC2B, 0x5C8122D0, 0x0A20EB5A, - 0x2278AA6E, 0x55275E74, 0x22D57650, 0xE5FFDC96, - 0x6BA86E10, 0x4EC5BFCC, 0x05AFA305, 0xFB7FD007, - 0x726EA097, 0xF6A349C4, 0xCB2F71E4, 0x08DD80BA, - 0x892D0E23, 0xBD2E0A55, 0x40AC0CD3, 0xBFAF5688, - 0x6E40A6A5, 0x6DA1BBE0, 0x969557A9, 0xFB88629B, - 0x11F845C4, 0x5FC91C6F, 0x1B0C7E79, 0xD6946953, - 0x27A164A0, 0x55D20869, 0x29A2182D, 0x406AA963, - 0x74F40C59, 0x56A90570, 0x535AC9C6, 0x9521EF76, - 0xBA38759B, 0xCD6EF76E, 0xF2181DB9, 0x7BE78DA6, - 0xF88E4115, 0xABA7E166, 0xF60DC9B3, 0xFECA1EF3, - 0x43DF196A, 0xCC4FC9DD, 0x428A8961, 0xCF6B4560, - 0x87B30B57, 0x20E7BAC5, 0xBFBDCCDF, 0xF7D3F6BB, - 0x7FC311C8, 0x2C7835B5, 0xA24F6821, 0x6A38454C, - 0x460E42FD, 0x2B6BA832, 0xC7068C72, 0x28CDCE59, - 0xAE82A0B4, 0x25F39572, 0x9B6C7758, 0xE0FE9EBA, - 0xA8F03EE1, 0xD70B928E, 0x95E529D7, 0xDD91DB86, - 0xF912BA8C, 0x7F478A6A, 0x1F017850, 0x5A717E10, - 0xDAC243F9, 0xD235F314, 0x4F80AAE6, 0xA46364D8, - 0xA1E3A9E9, 0x495FEFB1, 0xB9058508, 0x23A20999, - 0x73D18118, 0xCA3EEE2A, 0x34E1C7E2, 0xAADBADBD}; diff --git a/src/kex_rlwe_bcns15/rlwe_kex.c b/src/kex_rlwe_bcns15/rlwe_kex.c deleted file mode 100644 index 7bf28e38d..000000000 --- a/src/kex_rlwe_bcns15/rlwe_kex.c +++ /dev/null @@ -1,63 +0,0 @@ -/* This is free and unencumbered software released into the public domain. - * - * Anyone is free to copy, modify, publish, use, compile, sell, or - * distribute this software, either in source code form or as a compiled - * binary, for any purpose, commercial or non-commercial, and by any - * means. - * - * See LICENSE for complete information. - */ - -#include -#include -#include - -#include - -#include "local.h" - -static void *(*volatile rlwe_memset_volatile)(void *, int, size_t) = memset; - -void oqs_kex_rlwe_bcns15_generate_keypair(const uint32_t *a, uint32_t s[1024], uint32_t b[1024], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand) { - uint32_t e[1024]; -#if CONSTANT_TIME - oqs_kex_rlwe_bcns15_sample_ct(s, rand); - oqs_kex_rlwe_bcns15_sample_ct(e, rand); -#else - oqs_kex_rlwe_bcns15_sample(s, rand); - oqs_kex_rlwe_bcns15_sample(e, rand); -#endif - oqs_kex_rlwe_bcns15_a_times_s_plus_e(b, a, s, e, ctx); - rlwe_memset_volatile(e, 0, 1024 * sizeof(uint32_t)); -} - -void oqs_kex_rlwe_bcns15_compute_key_alice(const uint32_t b[1024], const uint32_t s[1024], const uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx) { - uint32_t w[1024]; - oqs_kex_rlwe_bcns15_fft_mul(w, b, s, ctx); -#if CONSTANT_TIME - oqs_kex_rlwe_bcns15_rec_ct(k, w, c); -#else - oqs_kex_rlwe_bcns15_rec(k, w, c); -#endif - rlwe_memset_volatile(w, 0, 1024 * sizeof(uint32_t)); -} - -void oqs_kex_rlwe_bcns15_compute_key_bob(const uint32_t b[1024], const uint32_t s[1024], uint64_t c[16], uint64_t k[16], struct oqs_kex_rlwe_bcns15_fft_ctx *ctx, OQS_RAND *rand) { - uint32_t v[1024]; - uint32_t eprimeprime[1024]; -#if CONSTANT_TIME - oqs_kex_rlwe_bcns15_sample_ct(eprimeprime, rand); -#else - oqs_kex_rlwe_bcns15_sample(eprimeprime, rand); -#endif - oqs_kex_rlwe_bcns15_a_times_s_plus_e(v, b, s, eprimeprime, ctx); -#if CONSTANT_TIME - oqs_kex_rlwe_bcns15_crossround2_ct(c, v, rand); - oqs_kex_rlwe_bcns15_round2_ct(k, v); -#else - oqs_kex_rlwe_bcns15_crossround2(c, v, rand); - oqs_kex_rlwe_bcns15_round2(k, v); -#endif - rlwe_memset_volatile(v, 0, 1024 * sizeof(uint32_t)); - rlwe_memset_volatile(eprimeprime, 0, 1024 * sizeof(uint32_t)); -} diff --git a/src/kex_rlwe_bcns15/rlwe_table.h b/src/kex_rlwe_bcns15/rlwe_table.h deleted file mode 100644 index 402e4fd8b..000000000 --- a/src/kex_rlwe_bcns15/rlwe_table.h +++ /dev/null @@ -1,63 +0,0 @@ -/* This is free and unencumbered software released into the public domain. - * - * Anyone is free to copy, modify, publish, use, compile, sell, or - * distribute this software, either in source code form or as a compiled - * binary, for any purpose, commercial or non-commercial, and by any - * means. - * - * See LICENSE for complete information. - */ - -static uint64_t rlwe_table[52][3] = { - {0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0x1FFFFFFFFFFFFFFF}, - {0xE0C81DA0D6A8BD22, 0x161ABD186DA13542, 0x5CEF2C248806C827}, - {0x8D026C4E14BC7408, 0x4344C125B3533F22, 0x9186506BCC065F20}, - {0x10AC7CEC7D7E2A3B, 0x5D62CE65E6217813, 0xBAAB5F82BCDB43B3}, - {0x709C92996E94D801, 0x1411F551608E4D22, 0xD7D9769FAD23BCB1}, - {0x6287D827008404B7, 0x7E1526D618902F20, 0xEA9BE2F4D6DDB5ED}, - {0x34CBDC118C15F40E, 0xE7D2A13787E94674, 0xF58A99474919B8C9}, - {0xD521F7EBBBE8C3A2, 0xE8A773D9A1EA0AAB, 0xFB5117812753B7B8}, - {0xC3D9E58131089A6A, 0x148CB49FF716491B, 0xFE151BD0928596D3}, - {0x2E060C4A842A27F6, 0x07E44D009ADB0049, 0xFF487508BA9F7208}, - {0xFCEDEFCFAA887582, 0x1A5409BF5D4B039E, 0xFFC16686270CFC82}, - {0x4FE22E5DF9FAAC20, 0xFDC99BFE0F991958, 0xFFEC8AC3C159431B}, - {0xA36605F81B14FEDF, 0xA6FCD4C13F4AFCE0, 0xFFFA7DF4B6E92C28}, - {0x9D1FDCFF97BBC957, 0x4B869C6286ED0BB5, 0xFFFE94BB4554B5AC}, - {0x6B3EEBA74AAD104B, 0xEC72329E974D63C7, 0xFFFFAADE1B1CAA95}, - {0x48C8DA4009C10760, 0x337F6316C1FF0A59, 0xFFFFEDDC1C6436DC}, - {0x84480A71312F35E7, 0xD95E7B2CD6933C97, 0xFFFFFC7C9DC2569A}, - {0x23C01DAC1513FA0F, 0x8E0B132AE72F729F, 0xFFFFFF61BC337FED}, - {0x90C89D6570165907, 0x05B9D725AAEA5CAD, 0xFFFFFFE6B3CF05F7}, - {0x692E2A94C500EC7D, 0x99E8F72C370F27A6, 0xFFFFFFFC53EA610E}, - {0x28C2998CEAE37CC8, 0xC6E2F0D7CAFA9AB8, 0xFFFFFFFF841943DE}, - {0xC515CF4CB0130256, 0x4745913CB4F9E4DD, 0xFFFFFFFFF12D07EC}, - {0x39F0ECEA047D6E3A, 0xEE62D42142AC6544, 0xFFFFFFFFFE63E348}, - {0xDF11BB25B50462D6, 0x064A0C6CC136E943, 0xFFFFFFFFFFD762C7}, - {0xCDBA0DD69FD2EA0F, 0xC672F3A74DB0F175, 0xFFFFFFFFFFFC5E37}, - {0xFDB966A75F3604D9, 0x6ABEF8B144723D83, 0xFFFFFFFFFFFFB48F}, - {0x3C4FECBB600740D1, 0x697598CEADD71A15, 0xFFFFFFFFFFFFFA72}, - {0x1574CC916D60E673, 0x12F5A30DD99D7051, 0xFFFFFFFFFFFFFFA1}, - {0xDD3DCD1B9CB7321D, 0x4016ED3E05883572, 0xFFFFFFFFFFFFFFFA}, - {0xB4A4E8CF3DF79A7A, 0xAF22D9AFAD5A73CF, 0xFFFFFFFFFFFFFFFF}, - {0x91056A8196F74466, 0xFBF88681905332BA, 0xFFFFFFFFFFFFFFFF}, - {0x965B9ED9BD366C04, 0xFFD16385AF29A51F, 0xFFFFFFFFFFFFFFFF}, - {0xF05F75D38F2D28A3, 0xFFFE16FF8EA2B60C, 0xFFFFFFFFFFFFFFFF}, - {0x77E35C8980421EE8, 0xFFFFEDD3C9DDC7E8, 0xFFFFFFFFFFFFFFFF}, - {0x92783617956F140A, 0xFFFFFF63392B6E8F, 0xFFFFFFFFFFFFFFFF}, - {0xA536DC994639AD78, 0xFFFFFFFB3592B3D1, 0xFFFFFFFFFFFFFFFF}, - {0x8F3A871874DD9FD5, 0xFFFFFFFFDE04A5BB, 0xFFFFFFFFFFFFFFFF}, - {0x310DE3650170B717, 0xFFFFFFFFFF257152, 0xFFFFFFFFFFFFFFFF}, - {0x1F21A853A422F8CC, 0xFFFFFFFFFFFB057B, 0xFFFFFFFFFFFFFFFF}, - {0x3CA9D5C6DB4EE2BA, 0xFFFFFFFFFFFFE5AD, 0xFFFFFFFFFFFFFFFF}, - {0xCFD9CE958E59869C, 0xFFFFFFFFFFFFFF81, 0xFFFFFFFFFFFFFFFF}, - {0xDB8E1F91D955C452, 0xFFFFFFFFFFFFFFFD, 0xFFFFFFFFFFFFFFFF}, - {0xF78EE3A8E99E08C3, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFE1D7858BABDA25, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFF9E52E32CAB4A, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFFFEE13217574F, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFFFFFD04888041, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFFFFFFF8CD8A56, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFFFFFFFFF04111, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFFFFFFFFFFE0C5, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFFFFFFFFFFFFC7, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}, - {0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF}};