sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-12-04 00:03:41 -05:00
Code Issues Projects Releases Wiki Activity

Merge pull request #548 from christianpaquin/cp-qtesla-round2

Browse Source 
Updated qTesla with round2 implementation
This commit is contained in:
Douglas Stebila 2019-09-24 16:13:53 -04:00 committed by GitHub
commit 0fd55565c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
45 changed files with 2474 additions and 7939 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -49,7 +49,7 @@ More information on OQS can be found [here](https://openquantumsafe.org/) and in
- **Dilithium**: Dilithium2, Dilithium3, Dilithium4
- **MQDSS**: MQDSS-31-48, MQDSS-31-64
- **Picnic**: Picnic-L1-FS, Picnic-L1-UR, Picnic-L3-FS, Picnic-L3-UR, Picnic-L5-FS, Picnic-L5-UR, Picnic2-L1-FS, Picnic2-L3-FS, Picnic2-L5-FS
- **qTESLA**: qTESLA-I, qTESLA-III-size, qTESLA-III-speed (NIST Round 1 version)
- **qTesla**: qTesla-p-I, qTesla-p-III
- **SPHINCS+-Haraka**: SPHINCS+-Haraka-128f-robust, SPHINCS+-Haraka-128f-simple, SPHINCS+-Haraka-128s-robust, SPHINCS+-Haraka-128s-simple, SPHINCS+-Haraka-192f-robust, SPHINCS+-Haraka-192f-simple, SPHINCS+-Haraka-192s-robust, SPHINCS+-Haraka-192s-simple, SPHINCS+-Haraka-256f-robust, SPHINCS+-Haraka-256f-simple, SPHINCS+-Haraka-256s-robust, SPHINCS+-Haraka-256s-simple
- **SPHINCS+-SHA256**: SPHINCS+-SHA256-128f-robust, SPHINCS+-SHA256-128f-simple, SPHINCS+-SHA256-128s-robust, SPHINCS+-SHA256-128s-simple, SPHINCS+-SHA256-192f-robust, SPHINCS+-SHA256-192f-simple, SPHINCS+-SHA256-192s-robust, SPHINCS+-SHA256-192s-simple, SPHINCS+-SHA256-256f-robust, SPHINCS+-SHA256-256f-simple, SPHINCS+-SHA256-256s-robust, SPHINCS+-SHA256-256s-simple
- **SPHINCS+-SHAKE256**: SPHINCS+-SHAKE256-128f-robust, SPHINCS+-SHAKE256-128f-simple, SPHINCS+-SHAKE256-128s-robust, SPHINCS+-SHAKE256-128s-simple, SPHINCS+-SHAKE256-192f-robust, SPHINCS+-SHAKE256-192f-simple, SPHINCS+-SHAKE256-192s-robust, SPHINCS+-SHAKE256-192s-simple, SPHINCS+-SHAKE256-256f-robust, SPHINCS+-SHAKE256-256f-simple, SPHINCS+-SHAKE256-256s-robust, SPHINCS+-SHAKE256-256s-simple

6
VisualStudio/oqs/dll.def
View File

@ -110,6 +110,12 @@ EXPORTS
OQS_SIG_picnic2_L5_FS_keypair
OQS_SIG_picnic2_L5_FS_sign
OQS_SIG_picnic2_L5_FS_verify
OQS_SIG_qTesla_p_I_keypair
OQS_SIG_qTesla_p_I_sign
OQS_SIG_qTesla_p_I_verify
OQS_SIG_qTesla_p_III_keypair
OQS_SIG_qTesla_p_III_sign
OQS_SIG_qTesla_p_III_verify
OQS_SIG_dilithium_2_keypair
OQS_SIG_dilithium_2_sign
OQS_SIG_dilithium_2_verify

6
VisualStudio/oqs/oqs.vcxproj
View File

@ -101,6 +101,7 @@
<ClInclude Include="..\..\src\sig\picnic\external\sha3\opt64\KeccakP-1600-SnP.h" />
<ClInclude Include="..\..\src\sig\picnic\external\simd.h" />
<ClInclude Include="..\..\src\sig\picnic\sig_picnic.h" />
<ClInclude Include="..\..\src\sig\qtesla\sig_qtesla.h" />
<ClInclude Include="..\..\src\sig\sig.h" />
<ClInclude Include="..\winconfig.h" />
</ItemGroup>
@ -605,6 +606,9 @@
<ClCompile Include="..\..\src\sig\picnic\external\sha3\opt64\KeccakP-1600-opt64.c" />
<ClCompile Include="..\..\src\sig\picnic\external\sha3\opt64\KeccakP-1600-times4-on1.c" />
<ClCompile Include="..\..\src\sig\picnic\sig_picnic.c" />
<ClCompile Include="..\..\src\sig\qtesla\qtesla_p_I.c" />
<ClCompile Include="..\..\src\sig\qtesla\qtesla_p_III.c" />
<ClCompile Include="..\..\src\sig\qtesla\sig_qtesla.c" />
<ClCompile Include="..\..\src\sig\sig.c" />
</ItemGroup>
<ItemGroup>
@ -1120,4 +1124,4 @@ copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
</Project>

17
VisualStudio/oqs/oqs.vcxproj.filters
View File

@ -1512,6 +1512,15 @@
<ClCompile Include="..\..\src\kem\sike\P751\P751_compressed.c">
<Filter>sike</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\qtesla\qtesla_p_I.c">
<Filter>qtesla</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\qtesla\qtesla_p_III.c">
<Filter>qtesla</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\qtesla\sig_qtesla.c">
<Filter>qtesla</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\src\oqs.h" />
@ -1698,6 +1707,9 @@
<ClInclude Include="..\..\src\sig\picnic\external\sha3\opt64\KeccakP-1600-SnP.h">
<Filter>picnic</Filter>
</ClInclude>
<ClInclude Include="..\..\src\sig\qtesla\sig_qtesla.h">
<Filter>qtesla</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<None Include="dll.def" />
@ -1724,6 +1736,9 @@
<Filter Include="sike">
<UniqueIdentifier>{620a9f8e-2013-4cb3-ad37-2ee4348ed893}</UniqueIdentifier>
</Filter>
<Filter Include="qtesla">
<UniqueIdentifier>{7270bf61-720f-485f-8018-c768ea21d907}</UniqueIdentifier>
</Filter>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_FILTER_START -->
<Filter Include="kyber">
<UniqueIdentifier>{8db00bac-a963-4875-b0a1-945bfed08037}</UniqueIdentifier>
@ -1907,4 +1922,4 @@
</Filter>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_FILTER_END -->
</ItemGroup>
</Project>
</Project>

2
VisualStudio/winconfig.h
View File

@ -47,6 +47,8 @@
#define OQS_ENABLE_SIG_picnic2_L1_FS
#define OQS_ENABLE_SIG_picnic2_L3_FS
#define OQS_ENABLE_SIG_picnic2_L5_FS
#define OQS_ENABLE_SIG_qTesla_p_I
#define OQS_ENABLE_SIG_qTesla_p_III
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_SIGS_START
#define OQS_ENABLE_SIG_dilithium_2
#define OQS_ENABLE_SIG_dilithium_3

5
config/features.m4
View File

@ -176,9 +176,8 @@ AC_DEFUN([CONFIG_FEATURES],
])
AM_COND_IF([ENABLE_SIG_QTESLA], [
AC_DEFINE(OQS_ENABLE_SIG_qTESLA_I, 1, "Define to 1 when qTESLA-I enabled")
AC_DEFINE(OQS_ENABLE_SIG_qTESLA_III_size, 1, "Define to 1 when qTESLA-III-size enabled")
AC_DEFINE(OQS_ENABLE_SIG_qTESLA_III_speed, 1, "Define to 1 when qTESLA-III-speed enabled")
AC_DEFINE(OQS_ENABLE_SIG_qTesla_p_I, 1, "Define to 1 when qTesla-p-I enabled")
AC_DEFINE(OQS_ENABLE_SIG_qTesla_p_III, 1, "Define to 1 when qTesla-p-III-size enabled")
])
AM_COND_IF([ENABLE_SIG_PICNIC], [

14
docs/algorithms/sig_qtesla.md
View File

@ -4,7 +4,7 @@ liboqs algorithm datasheet: `sig_qtesla`
Summary
-------
- **Name**: qTESLA
- **Name**: qTesla
- **Algorithm type**: signature
- **Main cryptographic assumption**: decisional Ring Learning With Errors (R-LWE) problem.
- **NIST submission URL**: https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/submissions/qtesla.zip
@ -15,18 +15,16 @@ Summary
Parameter sets
--------------
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|------------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:----------------------:|
| qTESLA_I | EUF-CMA | 1 | 1504 | 2112 | 1376 |
| qTESLA_III_size | EUF-CMA | 3 | 2976 | 4160 | 2720 |
| qTESLA_III_speed | EUF-CMA | 3 | 3104 | 4160 | 2848 |
| Parameter set | Security model | Claimed NIST security level | Public key size (bytes) | Secret key size (bytes) | Signature size (bytes) |
|---------------|:--------------:|:---------------------------:|:-----------------------:|:-----------------------:|:----------------------:|
| qTesla-p-I | EUF-CMA | 1 | 14880 | 5184 | 2592 |
| qTesla-p-III | EUF-CMA | 3 | 38432 | 12352 | 5664 |
Implementation
--------------
- **Source of implementation:** https://github.com/qtesla/qTesla
- **Implementation version:** https://github.com/qtesla/qTesla/commit/5e921da989b9b44aba95f63d9c28927d518f630c
- **Implementation version:** https://github.com/microsoft/qTESLA-Library/commit/dcaabbff1ef2c1e993c4bca7eb9d4821f2f56bd5
- **License:** public domain
- **Language:** C
- **Constant-time:** Yes

1
scripts/arm-cross-compile.sh
View File

@ -27,7 +27,6 @@ hacks=(
gcc_cv_compiler=true # Detecting at this phase isn't good for cross compilation
CFLAGS=-D_ARM_ # Several files aren't using the right define
--disable-sig-picnic # Problems building Picnic using cross compilation
--disable-sig-qtesla # qTesla fails on armhf and armel
)
./configure --disable-shared --enable-static --host="${CHOST}" --build="$CBUILD" CC="${CHOST}-gcc" --with-openssl="${PREFIX}" "${hacks[@]}"

5
scripts/arm-run-tests-qemu.sh
View File

@ -44,8 +44,9 @@ qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_kem SIKE-p503
qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_kem SIKE-p610
qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_kem SIKE-p751
# qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/example_sig
# qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_sig
qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/example_sig
qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_sig qTesla-p-I
qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_sig qTesla-p-III
qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_aes
qemu-arm -cpu cortex-a8 -L /usr/arm-linux-gnueabi tests/test_sha3

21
src/sig/qtesla/Makefile.am
View File

@ -1,6 +1,23 @@
AUTOMAKE_OPTIONS = foreign
noinst_LTLIBRARIES = libqtesla.la
libqtesla_la_SOURCES = sig_qtesla.c external/qTESLA_I.c external/qTESLA_III_size.c external/qTESLA_III_speed.c
libqtesla_la_CFLAGS = $(AM_CFLAGS) -Iexternal
if X86
QTESLA_FLAGS = -D_X86_
else
if X86_64
QTESLA_FLAGS = -D_AMD64_
else
if ARM
QTESLA_FLAGS = -D_ARM_
else
if ARM64
QTESLA_FLAGS = -D_ARM64_
endif # ARM64
endif # ARM
endif # X86_64
endif # X86
libqtesla_la_SOURCES = qtesla_p_I.c qtesla_p_III.c sig_qtesla.c
libqtesla_la_CFLAGS = $(AM_CFLAGS) $(QTESLA_FLAGS) -Iexternal

244
src/sig/qtesla/external/CDT32.h vendored Normal file
View File

@ -0,0 +1,244 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: CDT constants for the Gaussian sampler
**************************************************************************************/
#ifndef CDTSAMP
#define CDTSAMP
#include <stdint.h>
#include "params.h"
#if defined(_qTESLA_p_I_)
// Sigma = 8.5, 64-bit precision
#define CDT_ROWS 78
#define CDT_COLS 2
static const int32_t cdt_v[CDT_ROWS * CDT_COLS] = {
0x00000000L, 0x00000000L, // 0
0x0601F22AL, 0x280663D4L, // 1
0x11F09FFAL, 0x162FE23DL, // 2
0x1DA089E9L, 0x437226E8L, // 3
0x28EAB25DL, 0x04C51FE2L, // 4
0x33AC2F26L, 0x14FDBA70L, // 5
0x3DC767DCL, 0x4565C960L, // 6
0x4724FC62L, 0x3342C78AL, // 7
0x4FB448F4L, 0x5229D06DL, // 8
0x576B8599L, 0x7423407FL, // 9
0x5E4786DAL, 0x3210BAF7L, // 10
0x644B2C92L, 0x431B3947L, // 11
0x697E90CEL, 0x77C362C4L, // 12
0x6DEE0B96L, 0x2798C9CEL, // 13
0x71A92144L, 0x5765FCE4L, // 14
0x74C16FD5L, 0x1E2A0990L, // 15
0x7749AC92L, 0x0DF36EEBL, // 16
0x7954BFA4L, 0x28079289L, // 17
0x7AF5067AL, 0x2EDC2050L, // 18
0x7C3BC17CL, 0x123D5E7BL, // 19
0x7D38AD76L, 0x2A9381D9L, // 20
0x7DF9C5DFL, 0x0E868CA7L, // 21
0x7E8B2ABAL, 0x18E5C811L, // 22
0x7EF7237CL, 0x00908272L, // 23
0x7F4637C5L, 0x6DBA5126L, // 24
0x7F7F5707L, 0x4A52EDEBL, // 25
0x7FA808CCL, 0x23290599L, // 26
0x7FC4A083L, 0x69BDF2D5L, // 27
0x7FD870CAL, 0x42275558L, // 28
0x7FE5FB5DL, 0x3EF82C1BL, // 29
0x7FEF1BFAL, 0x6C03A362L, // 30
0x7FF52D4EL, 0x316C2C8CL, // 31
0x7FF927BAL, 0x12AE54AFL, // 32
0x7FFBBA43L, 0x749CC0E2L, // 33
0x7FFD5E3DL, 0x4524AD91L, // 34
0x7FFE6664L, 0x535785B5L, // 35
0x7FFF0A41L, 0x0B291681L, // 36
0x7FFF6E81L, 0x132C3D6FL, // 37
0x7FFFAAFEL, 0x4DBC6BEDL, // 38
0x7FFFCEFDL, 0x7A1E2D14L, // 39
0x7FFFE41EL, 0x4C6EC115L, // 40
0x7FFFF059L, 0x319503C8L, // 41
0x7FFFF754L, 0x5DDD0D40L, // 42
0x7FFFFB43L, 0x0B9E9823L, // 43
0x7FFFFD71L, 0x76B81AE1L, // 44
0x7FFFFEA3L, 0x7E66A1ECL, // 45
0x7FFFFF49L, 0x26F6E191L, // 46
0x7FFFFFA1L, 0x2FA31694L, // 47
0x7FFFFFCFL, 0x5247BEC9L, // 48
0x7FFFFFE7L, 0x4F4127C7L, // 49
0x7FFFFFF3L, 0x6FAA69FDL, // 50
0x7FFFFFFAL, 0x0630D073L, // 51
0x7FFFFFFDL, 0x0F2957BBL, // 52
0x7FFFFFFEL, 0x4FD29432L, // 53
0x7FFFFFFFL, 0x2CFAD60DL, // 54
0x7FFFFFFFL, 0x5967A930L, // 55
0x7FFFFFFFL, 0x6E4C9DFFL, // 56
0x7FFFFFFFL, 0x77FDCCC8L, // 57
0x7FFFFFFFL, 0x7C6CE89EL, // 58
0x7FFFFFFFL, 0x7E6D116FL, // 59
0x7FFFFFFFL, 0x7F50FA31L, // 60
0x7FFFFFFFL, 0x7FB50089L, // 61
0x7FFFFFFFL, 0x7FE04C2DL, // 62
0x7FFFFFFFL, 0x7FF2C7C1L, // 63
0x7FFFFFFFL, 0x7FFA8FE3L, // 64
0x7FFFFFFFL, 0x7FFDCB1BL, // 65
0x7FFFFFFFL, 0x7FFF1DE2L, // 66
0x7FFFFFFFL, 0x7FFFA6B7L, // 67
0x7FFFFFFFL, 0x7FFFDD39L, // 68
0x7FFFFFFFL, 0x7FFFF2A3L, // 69
0x7FFFFFFFL, 0x7FFFFAEFL, // 70
0x7FFFFFFFL, 0x7FFFFE1BL, // 71
0x7FFFFFFFL, 0x7FFFFF4DL, // 72
0x7FFFFFFFL, 0x7FFFFFBFL, // 73
0x7FFFFFFFL, 0x7FFFFFE9L, // 74
0x7FFFFFFFL, 0x7FFFFFF8L, // 75
0x7FFFFFFFL, 0x7FFFFFFDL, // 76
0x7FFFFFFFL, 0x7FFFFFFFL, // 77
}; // cdt_v
// memory requirements:
// 2048 samples: 25512 bytes
// 1024 samples: 13224 bytes
// 512 samples: 7080 bytes
// 256 samples: 4008 bytes
// 128 samples: 2472 bytes
// 64 samples: 1704 bytes
// 32 samples: 1320 bytes
// table alone: 624 bytes
#elif defined(_qTESLA_p_III_)
// Sigma = 8.5, 128-bit precision
#define CDT_ROWS 111
#define CDT_COLS 4
static const int32_t cdt_v[CDT_ROWS * CDT_COLS] = {
0x00000000L, 0x00000000L, 0x00000000L, 0x00000000L, // 0
0x0601F22AL, 0x280663D4L, 0x2E1B038CL, 0x1E75FCA7L, // 1
0x11F09FFAL, 0x162FE23DL, 0x403739B4L, 0x3F2AA531L, // 2
0x1DA089E9L, 0x437226E8L, 0x115E99C8L, 0x68C472A6L, // 3
0x28EAB25DL, 0x04C51FE2L, 0x13F63FD0L, 0x1E56BF40L, // 4
0x33AC2F26L, 0x14FDBA70L, 0x6618880FL, 0x792CE93EL, // 5
0x3DC767DCL, 0x4565C95FL, 0x7EAC4790L, 0x163F4D99L, // 6
0x4724FC62L, 0x3342C78AL, 0x390873B2L, 0x13A12ACEL, // 7
0x4FB448F4L, 0x5229D06DL, 0x09A6C84BL, 0x1D13CB0DL, // 8
0x576B8599L, 0x7423407FL, 0x1287EE2FL, 0x7B908556L, // 9
0x5E4786DAL, 0x3210BAF6L, 0x6881795CL, 0x13DF4F59L, // 10
0x644B2C92L, 0x431B3946L, 0x63F188D9L, 0x22AFB6DEL, // 11
0x697E90CEL, 0x77C362C3L, 0x600A627EL, 0x66AEDF96L, // 12
0x6DEE0B96L, 0x2798C9CEL, 0x147A98F9L, 0x27427F24L, // 13
0x71A92144L, 0x5765FCE4L, 0x0FF04C94L, 0x74183C18L, // 14
0x74C16FD5L, 0x1E2A0990L, 0x13EB545FL, 0x1CD9A2ADL, // 15
0x7749AC92L, 0x0DF36EEBL, 0x414629E5L, 0x66610A51L, // 16
0x7954BFA4L, 0x28079289L, 0x29D5B127L, 0x29B69601L, // 17
0x7AF5067AL, 0x2EDC2050L, 0x2B486556L, 0x43BF4664L, // 18
0x7C3BC17CL, 0x123D5E7AL, 0x63D4DD26L, 0x3B1E3755L, // 19
0x7D38AD76L, 0x2A9381D9L, 0x1D20D034L, 0x77C09C55L, // 20
0x7DF9C5DFL, 0x0E868CA7L, 0x23627687L, 0x78864423L, // 21
0x7E8B2ABAL, 0x18E5C810L, 0x7C85B42CL, 0x7AC98BCCL, // 22
0x7EF7237CL, 0x00908272L, 0x3D4B170EL, 0x3CD572E3L, // 23
0x7F4637C5L, 0x6DBA5125L, 0x5B0285ECL, 0x46661EB9L, // 24
0x7F7F5707L, 0x4A52EDEBL, 0x50ECECB1L, 0x7384DC42L, // 25
0x7FA808CCL, 0x23290598L, 0x704F7A4DL, 0x08532154L, // 26
0x7FC4A083L, 0x69BDF2D4L, 0x73B67B27L, 0x3AE237ADL, // 27
0x7FD870CAL, 0x42275557L, 0x6F2AE034L, 0x4E4B0395L, // 28
0x7FE5FB5DL, 0x3EF82C1BL, 0x256E2EB0L, 0x09E42B11L, // 29
0x7FEF1BFAL, 0x6C03A362L, 0x07334BD4L, 0x22B6B15FL, // 30
0x7FF52D4EL, 0x316C2C8CL, 0x1C77A4C3L, 0x1C3A974EL, // 31
0x7FF927BAL, 0x12AE54AEL, 0x6CC24956L, 0x3BA9A3E4L, // 32
0x7FFBBA43L, 0x749CC0E2L, 0x044B3068L, 0x620F14DAL, // 33
0x7FFD5E3DL, 0x4524AD91L, 0x31F84A1FL, 0x4D23AF51L, // 34
0x7FFE6664L, 0x535785B4L, 0x683C9E5EL, 0x2BD857DFL, // 35
0x7FFF0A41L, 0x0B291681L, 0x1CB4CE6FL, 0x32B314B9L, // 36
0x7FFF6E81L, 0x132C3D6FL, 0x4C8771CCL, 0x67421A75L, // 37
0x7FFFAAFEL, 0x4DBC6BEDL, 0x4E8644D2L, 0x5158A208L, // 38
0x7FFFCEFDL, 0x7A1E2D14L, 0x2CF905AAL, 0x79BFABD9L, // 39
0x7FFFE41EL, 0x4C6EC115L, 0x2D648F1AL, 0x4B01BA3EL, // 40
0x7FFFF059L, 0x319503C8L, 0x2CBEB96AL, 0x52FF656EL, // 41
0x7FFFF754L, 0x5DDD0D40L, 0x09D07206L, 0x6BF97EB5L, // 42
0x7FFFFB43L, 0x0B9E9822L, 0x5B584BE0L, 0x4974ED83L, // 43
0x7FFFFD71L, 0x76B81AE1L, 0x3C93755CL, 0x375F857BL, // 44
0x7FFFFEA3L, 0x7E66A1ECL, 0x3E342087L, 0x44ED1696L, // 45
0x7FFFFF49L, 0x26F6E190L, 0x7E3625F9L, 0x2F4F5849L, // 46
0x7FFFFFA1L, 0x2FA31694L, 0x0D53F684L, 0x59931C0DL, // 47
0x7FFFFFCFL, 0x5247BEC8L, 0x5CC20735L, 0x397CE966L, // 48
0x7FFFFFE7L, 0x4F4127C6L, 0x64926788L, 0x01CFEF66L, // 49
0x7FFFFFF3L, 0x6FAA69FDL, 0x26A67DC3L, 0x1FFA2528L, // 50
0x7FFFFFFAL, 0x0630D072L, 0x7AA0C1B7L, 0x7E90AAE6L, // 51
0x7FFFFFFDL, 0x0F2957BBL, 0x3ADCE1E6L, 0x5A311C28L, // 52
0x7FFFFFFEL, 0x4FD29431L, 0x6429F9EDL, 0x04653965L, // 53
0x7FFFFFFFL, 0x2CFAD60DL, 0x52ED82D1L, 0x26455881L, // 54
0x7FFFFFFFL, 0x5967A92FL, 0x5C85AB2DL, 0x188033BEL, // 55
0x7FFFFFFFL, 0x6E4C9DFEL, 0x76798EAFL, 0x0DC0BA65L, // 56
0x7FFFFFFFL, 0x77FDCCC8L, 0x194FF9ACL, 0x2C3FA855L, // 57
0x7FFFFFFFL, 0x7C6CE89EL, 0x01FA1A72L, 0x6C3DC40BL, // 58
0x7FFFFFFFL, 0x7E6D116EL, 0x5F82B352L, 0x57B67FCEL, // 59
0x7FFFFFFFL, 0x7F50FA31L, 0x31856599L, 0x579DC24BL, // 60
0x7FFFFFFFL, 0x7FB50089L, 0x43E64BB5L, 0x7F498E42L, // 61
0x7FFFFFFFL, 0x7FE04C2CL, 0x56CBFAEFL, 0x7FC9C15FL, // 62
0x7FFFFFFFL, 0x7FF2C7C0L, 0x5D509634L, 0x41DCA82BL, // 63
0x7FFFFFFFL, 0x7FFA8FE3L, 0x24F6020DL, 0x7B594401L, // 64
0x7FFFFFFFL, 0x7FFDCB1BL, 0x2D294BB3L, 0x1D1631BFL, // 65
0x7FFFFFFFL, 0x7FFF1DE1L, 0x5D75B704L, 0x323B12FEL, // 66
0x7FFFFFFFL, 0x7FFFA6B6L, 0x7E983E86L, 0x23392636L, // 67
0x7FFFFFFFL, 0x7FFFDD39L, 0x029CCA2CL, 0x035F7017L, // 68
0x7FFFFFFFL, 0x7FFFF2A3L, 0x205DBF7BL, 0x173D7F90L, // 69
0x7FFFFFFFL, 0x7FFFFAEFL, 0x3F79145BL, 0x642F005DL, // 70
0x7FFFFFFFL, 0x7FFFFE1BL, 0x23B2C7E4L, 0x6CA216CFL, // 71
0x7FFFFFFFL, 0x7FFFFF4DL, 0x1E959E3FL, 0x4A29BB03L, // 72
0x7FFFFFFFL, 0x7FFFFFBEL, 0x7C23D3D9L, 0x71DC92E4L, // 73
0x7FFFFFFFL, 0x7FFFFFE8L, 0x55110485L, 0x0E1813E2L, // 74
0x7FFFFFFFL, 0x7FFFFFF7L, 0x5EBC7B7BL, 0x2DFEE922L, // 75
0x7FFFFFFFL, 0x7FFFFFFDL, 0x0EDB0975L, 0x0C9F1639L, // 76
0x7FFFFFFFL, 0x7FFFFFFFL, 0x00DDA1A1L, 0x6DE86AA0L, // 77
0x7FFFFFFFL, 0x7FFFFFFFL, 0x54CF6D87L, 0x023F1F47L, // 78
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7186FF6AL, 0x5B71BF8CL, // 79
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7B375EBCL, 0x767A89DCL, // 80
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7E70BA89L, 0x44EBCEAAL, // 81
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7F7F98B5L, 0x44C8E44AL, // 82
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FD744C2L, 0x448EE5A4L, // 83
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FF34165L, 0x008855D0L, // 84
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFC1110L, 0x754A60B6L, // 85
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFECD77L, 0x44BE6D4AL, // 86
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFA3F4L, 0x7400A73EL, // 87
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFE4BDL, 0x1143830BL, // 88
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFF809L, 0x1A385059L, // 89
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFDB4L, 0x41CA0794L, // 90
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFF59L, 0x02FFB605L, // 91
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFD1L, 0x18360E8DL, // 92
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFF3L, 0x072A0E9AL, // 93
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFCL, 0x3C1BFEB0L, // 94
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x066EBCDDL, // 95
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x5FBE171AL, // 96
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x778EB81FL, // 97
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7DD211FEL, // 98
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7F71F071L, // 99
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FDC528FL, // 100
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FF7298CL, // 101
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFDD739L, // 102
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFF7ACAL, // 103
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFE056L, // 104
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFF893L, // 105
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFE48L, // 106
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFF9CL, // 107
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFE9L, // 108
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFBL, // 109
0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, 0x7FFFFFFFL, // 110
}; // cdt_v
// memory requirements:
// 2048 samples: 43180 bytes
// 1024 samples: 22700 bytes
// 512 samples: 12460 bytes
// 256 samples: 7340 bytes
// 128 samples: 4780 bytes
// 64 samples: 3500 bytes
// 32 samples: 2860 bytes
// table alone: 1776 bytes
#endif
#endif

246
src/sig/qtesla/external/CDT64.h vendored Normal file
View File

@ -0,0 +1,246 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: CDT constants for the Gaussian sampler
**************************************************************************************/
#ifndef CDTSAMP
#define CDTSAMP
#include <stdint.h>
#include "params.h"
#if defined(_qTESLA_p_I_)
// Sigma = 8.5, 64-bit precision
#define CDT_ROWS 79
#define CDT_COLS 1
static const int64_t cdt_v[CDT_ROWS * CDT_COLS] = {
0x0000000000000000LL, // 0
0x0601F22A500CC7A8LL, // 1
0x11F09FFA2C5FC47BLL, // 2
0x1DA089E986E44DD0LL, // 3
0x28EAB25D098A3FC4LL, // 4
0x33AC2F2629FB74E1LL, // 5
0x3DC767DC8ACB92C0LL, // 6
0x4724FC6266858F15LL, // 7
0x4FB448F4A453A0DALL, // 8
0x576B8599E84680FELL, // 9
0x5E4786DA642175EDLL, // 10
0x644B2C928636728DLL, // 11
0x697E90CEEF86C587LL, // 12
0x6DEE0B964F31939CLL, // 13
0x71A92144AECBF9C8LL, // 14
0x74C16FD53C541320LL, // 15
0x7749AC921BE6DDD7LL, // 16
0x7954BFA4500F2512LL, // 17
0x7AF5067A5DB840A0LL, // 18
0x7C3BC17C247ABCF5LL, // 19
0x7D38AD76552703B2LL, // 20
0x7DF9C5DF1D0D194ELL, // 21
0x7E8B2ABA31CB9022LL, // 22
0x7EF7237C012104E5LL, // 23
0x7F4637C5DB74A24BLL, // 24
0x7F7F570794A5DBD7LL, // 25
0x7FA808CC46520B31LL, // 26
0x7FC4A083D37BE5AALL, // 27
0x7FD870CA844EAAAFLL, // 28
0x7FE5FB5D7DF05836LL, // 29
0x7FEF1BFAD80746C4LL, // 30
0x7FF52D4E62D85918LL, // 31
0x7FF927BA255CA95DLL, // 32
0x7FFBBA43E93981C4LL, // 33
0x7FFD5E3D8A495B23LL, // 34
0x7FFE6664A6AF0B69LL, // 35
0x7FFF0A4116522D02LL, // 36
0x7FFF6E8126587ADFLL, // 37
0x7FFFAAFE9B78D7DBLL, // 38
0x7FFFCEFDF43C5A28LL, // 39
0x7FFFE41E98DD822ALL, // 40
0x7FFFF059632A0790LL, // 41
0x7FFFF754BBBA1A80LL, // 42
0x7FFFFB43173D3045LL, // 43
0x7FFFFD71ED7035C3LL, // 44
0x7FFFFEA3FCCD43D9LL, // 45
0x7FFFFF494DEDC322LL, // 46
0x7FFFFFA15F462D28LL, // 47
0x7FFFFFCFA48F7D91LL, // 48
0x7FFFFFE79E824F8DLL, // 49
0x7FFFFFF3DF54D3FALL, // 50
0x7FFFFFFA0C61A0E6LL, // 51
0x7FFFFFFD1E52AF77LL, // 52
0x7FFFFFFE9FA52863LL, // 53
0x7FFFFFFF59F5AC1BLL, // 54
0x7FFFFFFFB2CF525FLL, // 55
0x7FFFFFFFDC993BFELL, // 56
0x7FFFFFFFEFFB9990LL, // 57
0x7FFFFFFFF8D9D13CLL, // 58
0x7FFFFFFFFCDA22DDLL, // 59
0x7FFFFFFFFEA1F462LL, // 60
0x7FFFFFFFFF6A0113LL, // 61
0x7FFFFFFFFFC09859LL, // 62
0x7FFFFFFFFFE58F81LL, // 63
0x7FFFFFFFFFF51FC6LL, // 64
0x7FFFFFFFFFFB9636LL, // 65
0x7FFFFFFFFFFE3BC3LL, // 66
0x7FFFFFFFFFFF4D6ELL, // 67
0x7FFFFFFFFFFFBA72LL, // 68
0x7FFFFFFFFFFFE546LL, // 69
0x7FFFFFFFFFFFF5DFLL, // 70
0x7FFFFFFFFFFFFC36LL, // 71
0x7FFFFFFFFFFFFE9ALL, // 72
0x7FFFFFFFFFFFFF7ELL, // 73
0x7FFFFFFFFFFFFFD1LL, // 74
0x7FFFFFFFFFFFFFEFLL, // 75
0x7FFFFFFFFFFFFFFALL, // 76
0x7FFFFFFFFFFFFFFELL, // 77
0x7FFFFFFFFFFFFFFFLL, // 78
}; // cdt_v
// memory requirements:
// 2048 samples: 25524 bytes
// 1024 samples: 13236 bytes
// 512 samples: 7092 bytes
// 256 samples: 4020 bytes
// 128 samples: 2484 bytes
// 64 samples: 1716 bytes
// 32 samples: 1332 bytes
// table alone: 632 bytes
#elif defined(_qTESLA_p_III_)
// Sigma = 8.5, 128-bit precision
#define CDT_ROWS 112
#define CDT_COLS 2
static const int64_t cdt_v[CDT_ROWS * CDT_COLS] = {
0x0000000000000000LL, 0x0000000000000000LL, // 0
0x0601F22A500CC7A8LL, 0x5C36071879D7F29CLL, // 1
0x11F09FFA2C5FC47BLL, 0x006E7368FCAA94C5LL, // 2
0x1DA089E986E44DD0LL, 0x22BD3391A311CA98LL, // 3
0x28EAB25D098A3FC4LL, 0x27EC7FA0795AFD02LL, // 4
0x33AC2F2629FB74E1LL, 0x4C31101FE4B3A4FBLL, // 5
0x3DC767DC8ACB92BFLL, 0x7D588F2058FD3666LL, // 6
0x4724FC6266858F14LL, 0x7210E7644E84AB38LL, // 7
0x4FB448F4A453A0DALL, 0x134D9096744F2C35LL, // 8
0x576B8599E84680FELL, 0x250FDC5FEE421559LL, // 9
0x5E4786DA642175EDLL, 0x5102F2B84F7D3D64LL, // 10
0x644B2C928636728DLL, 0x47E311B28ABEDB79LL, // 11
0x697E90CEEF86C587LL, 0x4014C4FD9ABB7E58LL, // 12
0x6DEE0B964F31939CLL, 0x28F531F29D09FC92LL, // 13
0x71A92144AECBF9C8LL, 0x1FE09929D060F060LL, // 14
0x74C16FD53C541320LL, 0x27D6A8BE73668AB5LL, // 15
0x7749AC921BE6DDD7LL, 0x028C53CB99842943LL, // 16
0x7954BFA4500F2512LL, 0x53AB624EA6DA5806LL, // 17
0x7AF5067A5DB840A0LL, 0x5690CAAD0EFD198FLL, // 18
0x7C3BC17C247ABCF5LL, 0x47A9BA4CEC78DD56LL, // 19
0x7D38AD76552703B2LL, 0x3A41A069DF027154LL, // 20
0x7DF9C5DF1D0D194ELL, 0x46C4ED0FE219108ELL, // 21
0x7E8B2ABA31CB9021LL, 0x790B6859EB262F32LL, // 22
0x7EF7237C012104E4LL, 0x7A962E1CF355CB8DLL, // 23
0x7F4637C5DB74A24BLL, 0x36050BD919987AE3LL, // 24
0x7F7F570794A5DBD7LL, 0x21D9D963CE13710BLL, // 25
0x7FA808CC46520B31LL, 0x609EF49A214C8550LL, // 26
0x7FC4A083D37BE5A9LL, 0x676CF64EEB88DEB5LL, // 27
0x7FD870CA844EAAAFLL, 0x5E55C069392C0E55LL, // 28
0x7FE5FB5D7DF05836LL, 0x4ADC5D602790AC45LL, // 29
0x7FEF1BFAD80746C4LL, 0x0E6697A88ADAC57DLL, // 30
0x7FF52D4E62D85918LL, 0x38EF498670EA5D39LL, // 31
0x7FF927BA255CA95DLL, 0x598492ACEEA68F93LL, // 32
0x7FFBBA43E93981C4LL, 0x089660D1883C536ALL, // 33
0x7FFD5E3D8A495B22LL, 0x63F0943F348EBD44LL, // 34
0x7FFE6664A6AF0B69LL, 0x50793CBCAF615F7ELL, // 35
0x7FFF0A4116522D02LL, 0x39699CDECACC52E6LL, // 36
0x7FFF6E8126587ADFLL, 0x190EE3999D0869D3LL, // 37
0x7FFFAAFE9B78D7DBLL, 0x1D0C89A545628820LL, // 38
0x7FFFCEFDF43C5A28LL, 0x59F20B55E6FEAF66LL, // 39
0x7FFFE41E98DD822ALL, 0x5AC91E352C06E8F8LL, // 40
0x7FFFF059632A0790LL, 0x597D72D54BFD95B8LL, // 41
0x7FFFF754BBBA1A80LL, 0x13A0E40DAFE5FAD5LL, // 42
0x7FFFFB43173D3045LL, 0x36B097C125D3B60BLL, // 43
0x7FFFFD71ED7035C2LL, 0x7926EAB8DD7E15ECLL, // 44
0x7FFFFEA3FCCD43D8LL, 0x7C68410F13B45A57LL, // 45
0x7FFFFF494DEDC321LL, 0x7C6C4BF2BD3D6126LL, // 46
0x7FFFFFA15F462D28LL, 0x1AA7ED09664C7034LL, // 47
0x7FFFFFCFA48F7D91LL, 0x39840E6AE5F3A59ALL, // 48
0x7FFFFFE79E824F8DLL, 0x4924CF10073FBD97LL, // 49
0x7FFFFFF3DF54D3FALL, 0x4D4CFB867FE894A0LL, // 50
0x7FFFFFFA0C61A0E5LL, 0x7541836FFA42AB98LL, // 51
0x7FFFFFFD1E52AF76LL, 0x75B9C3CD68C470A1LL, // 52
0x7FFFFFFE9FA52863LL, 0x4853F3DA1194E593LL, // 53
0x7FFFFFFF59F5AC1BLL, 0x25DB05A299156204LL, // 54
0x7FFFFFFFB2CF525FLL, 0x390B565A6200CEF9LL, // 55
0x7FFFFFFFDC993BFDLL, 0x6CF31D5E3702E993LL, // 56
0x7FFFFFFFEFFB9990LL, 0x329FF358B0FEA157LL, // 57
0x7FFFFFFFF8D9D13CLL, 0x03F434E5B0F7102CLL, // 58
0x7FFFFFFFFCDA22DDLL, 0x3F0566A55ED9FF39LL, // 59
0x7FFFFFFFFEA1F462LL, 0x630ACB335E77092CLL, // 60
0x7FFFFFFFFF6A0113LL, 0x07CC976BFD26390ALL, // 61
0x7FFFFFFFFFC09859LL, 0x2D97F5DFFF27057FLL, // 62
0x7FFFFFFFFFE58F81LL, 0x3AA12C690772A0ADLL, // 63
0x7FFFFFFFFFF51FC6LL, 0x49EC041BED651006LL, // 64
0x7FFFFFFFFFFB9636LL, 0x5A5297667458C6FDLL, // 65
0x7FFFFFFFFFFE3BC3LL, 0x3AEB6E08C8EC4BFALL, // 66
0x7FFFFFFFFFFF4D6DLL, 0x7D307D0C8CE498DALL, // 67
0x7FFFFFFFFFFFBA72LL, 0x053994580D7DC05DLL, // 68
0x7FFFFFFFFFFFE546LL, 0x40BB7EF65CF5FE3FLL, // 69
0x7FFFFFFFFFFFF5DELL, 0x7EF228B790BC0177LL, // 70
0x7FFFFFFFFFFFFC36LL, 0x47658FC9B2885B3DLL, // 71
0x7FFFFFFFFFFFFE9ALL, 0x3D2B3C7F28A6EC0ELL, // 72
0x7FFFFFFFFFFFFF7DLL, 0x7847A7B3C7724B90LL, // 73
0x7FFFFFFFFFFFFFD1LL, 0x2A22090A38604F8BLL, // 74
0x7FFFFFFFFFFFFFEFLL, 0x3D78F6F6B7FBA48ALL, // 75
0x7FFFFFFFFFFFFFFALL, 0x1DB612EA327C58E5LL, // 76
0x7FFFFFFFFFFFFFFELL, 0x01BB4343B7A1AA7FLL, // 77
0x7FFFFFFFFFFFFFFFLL, 0x299EDB0E08FC7D1CLL, // 78
0x7FFFFFFFFFFFFFFFLL, 0x630DFED56DC6FE2FLL, // 79
0x7FFFFFFFFFFFFFFFLL, 0x766EBD79D9EA2772LL, // 80
0x7FFFFFFFFFFFFFFFLL, 0x7CE1751313AF3AAALL, // 81
0x7FFFFFFFFFFFFFFFLL, 0x7EFF316B13239128LL, // 82
0x7FFFFFFFFFFFFFFFLL, 0x7FAE8985123B968FLL, // 83
0x7FFFFFFFFFFFFFFFLL, 0x7FE682CA0221573FLL, // 84
0x7FFFFFFFFFFFFFFFLL, 0x7FF82221D52982D9LL, // 85
0x7FFFFFFFFFFFFFFFLL, 0x7FFD9AEF12F9B52BLL, // 86
0x7FFFFFFFFFFFFFFFLL, 0x7FFF47E9D0029CF9LL, // 87
0x7FFFFFFFFFFFFFFFLL, 0x7FFFC97A450E0C2BLL, // 88
0x7FFFFFFFFFFFFFFFLL, 0x7FFFF01268E14164LL, // 89
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFB6907281E51LL, // 90
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFEB20BFED814LL, // 91
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFA260D83A35LL, // 92
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFE61CA83A68LL, // 93
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFF8F06FFAC3LL, // 94
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFE19BAF376LL, // 95
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFF7EF85C68LL, // 96
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFDE3AE07CLL, // 97
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFF74847F9LL, // 98
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFDC7C1C4LL, // 99
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFF714A3DLL, // 100
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFDCA631LL, // 101
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFF75CE6LL, // 102
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFDEB28LL, // 103
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFF8159LL, // 104
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFFE24ELL, // 105
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFFF922LL, // 106
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFFFE6FLL, // 107
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFFFFA6LL, // 108
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFFFFECLL, // 109
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFFFFFBLL, // 110
0x7FFFFFFFFFFFFFFFLL, 0x7FFFFFFFFFFFFFFFLL, // 111
}; // cdt_v
// memory requirements:
// 2048 samples: 43200 bytes
// 1024 samples: 22720 bytes
// 512 samples: 12480 bytes
// 256 samples: 7360 bytes
// 128 samples: 4800 bytes
// 64 samples: 3520 bytes
// 32 samples: 2880 bytes
// table alone: 1792 bytes
#endif
#endif

40
src/sig/qtesla/external/api.h vendored Normal file
View File

@ -0,0 +1,40 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: API header file
**************************************************************************************/
#include "params.h"
#include <stdint.h>
#if defined(_qTESLA_p_I_)
#define CRYPTO_ALGNAME "qTesla-p-I"
#elif defined(_qTESLA_p_III_)
#define CRYPTO_ALGNAME "qTesla-p-III"
#endif
#define CRYPTO_RANDOMBYTES 32
#define CRYPTO_SEEDBYTES 32
#define CRYPTO_C_BYTES 32
#define HM_BYTES 64
// Contains signature (z,c). z is a polynomial bounded by B, c is the output of a hashed string
#define CRYPTO_BYTES ((PARAM_N * (PARAM_B_BITS + 1) + 7) / 8 + CRYPTO_C_BYTES)
// Contains polynomial s and e, and seeds seed_a and seed_y
#define CRYPTO_SECRETKEYBYTES (sizeof(int8_t) * PARAM_N + sizeof(int8_t) * PARAM_N * PARAM_K + 2 * CRYPTO_SEEDBYTES)
// Contains seed_a and polynomials t
#define CRYPTO_PUBLICKEYBYTES ((PARAM_Q_LOG * PARAM_N * PARAM_K + 7) / 8 + CRYPTO_SEEDBYTES)
static int crypto_sign_keypair(
unsigned char *,
unsigned char *);
static int crypto_sign(
unsigned char *, unsigned long long *,
const unsigned char *, unsigned long long,
const unsigned char *);
static int crypto_sign_open(
unsigned char *, unsigned long long /* * */,
const unsigned char *, unsigned long long,
const unsigned char *);

62
src/sig/qtesla/external/config.h vendored Normal file
View File

@ -0,0 +1,62 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: configuration file
**************************************************************************************/
#ifndef __QTESLA_CONFIG_H__
#define __QTESLA_CONFIG_H__
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
// Definition of operating system
#define OS_WIN 1
#define OS_LINUX 2
#if defined(_WIN32) // Microsoft Windows OS
#define OS_TARGET OS_WIN
#else
#define OS_TARGET OS_LINUX // default to Linux
#endif
// Definition of compiler (removed in OQS)
// Definition of the targeted architecture and basic data types
#define TARGET_AMD64 1
#define TARGET_x86 2
#define TARGET_ARM 3
#define TARGET_ARM64 4
#if defined(_AMD64_)
#define TARGET TARGET_AMD64
#define RADIX 64
#define RADIX32 32
typedef uint64_t digit_t; // Unsigned 64-bit digit
typedef int64_t sdigit_t; // Signed 64-bit digit
#elif defined(_X86_)
#define TARGET TARGET_x86
#define RADIX 32
#define RADIX32 32
typedef uint32_t digit_t; // Unsigned 32-bit digit
typedef int32_t sdigit_t; // Signed 32-bit digit
#elif defined(_ARM_)
#define TARGET TARGET_ARM
#define RADIX 32
#define RADIX32 32
typedef uint32_t digit_t; // Unsigned 32-bit digit
typedef int32_t sdigit_t; // Signed 32-bit digit
#elif defined(_ARM64_)
#define TARGET TARGET_ARM64
#define RADIX 64
#define RADIX32 32
typedef uint64_t digit_t; // Unsigned 64-bit digit
typedef int64_t sdigit_t; // Signed 64-bit digit
#else
#error-- "Unsupported ARCHITECTURE"
#endif
#endif

415
src/sig/qtesla/external/consts.c vendored Normal file
View File

@ -0,0 +1,415 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: constants for the NTT
**************************************************************************************/
#include <stdint.h>
#include "params.h"
#include "poly.h"
#if defined(_qTESLA_p_I_)
static poly zeta = {
184007114, 341297933, 172127038, 306069179, 260374244, 269720605, 20436325, 2157599, 36206659, 61987110, 112759694, 92762708, 278504038, 139026960, 183642748, 298230187,
37043356, 230730845, 107820937, 97015745, 156688276, 38891102, 170244636, 259345227, 170077366, 141586883, 100118513, 328793523, 289946488, 263574185, 132014089, 14516260,
87424978, 192691578, 190961717, 262687761, 333967048, 12957952, 326574509, 273585413, 151922543, 195893203, 261889302, 120488377, 169571794, 44896463, 128576039, 68257019,
20594664, 44164717, 36060712, 256009818, 172063915, 211967562, 135533785, 104908181, 203788155, 52968398, 123297488, 44711423, 329131026, 245797804, 220629853, 200431766,
92905498, 215466666, 227373088, 120513729, 274875394, 236766448, 84216704, 97363940, 224003799, 167341181, 333540791, 225846253, 290150331, 137934911, 101127339, 95054535,
7072757, 58600117, 264117725, 207480694, 268253444, 292044590, 166300682, 256585624, 133577520, 119707476, 58169614, 188489502, 184778640, 156039906, 286669262, 112658784,
89254003, 266568758, 290599527, 80715937, 180664712, 225980378, 103512701, 304604206, 327443646, 92082345, 296093912, 144843084, 309484036, 329737605, 141656867, 264967053,
227847682, 328674715, 208663554, 309005608, 315790590, 182996330, 333212133, 203436199, 13052895, 23858345, 173478900, 97132319, 57066271, 70747422, 202106993, 309870606,
56390934, 336126437, 189147643, 219236223, 293351741, 305570320, 18378834, 336914091, 59506067, 277923611, 217306643, 129369847, 308113789, 56954705, 190254906, 199465001,
119331054, 143640880, 17590914, 309468163, 172483421, 153376031, 58864560, 70957183, 237697179, 116097341, 62196815, 80692520, 310642530, 328595292, 12121494, 71200620,
200016287, 235006678, 21821056, 102505389, 183332133, 59734849, 283127491, 313646880, 30359439, 163176989, 50717815, 100183661, 322975554, 92821217, 283119421, 34453836,
303758926, 89460722, 147514506, 175603941, 76494101, 220775631, 304963431, 38821441, 217317485, 301302769, 328727631, 101476595, 270750726, 253708871, 176201368, 324059659,
114780906, 304156831, 273708648, 144095014, 263545324, 179240984, 187811389, 244886526, 202581571, 209325648, 117231636, 182195945, 217965216, 252295904, 332003328, 46153749,
334740528, 62618402, 301165510, 283016648, 212224416, 234984074, 107363471, 125430881, 172821269, 270409387, 156316970, 311644197, 50537885, 248376507, 154072039, 331539029,
48454192, 267029920, 225963915, 16753350, 76840946, 226444843, 108106635, 154887261, 326283837, 101291223, 204194230, 54014060, 104099734, 104245071, 260949411, 333985274,
291682234, 328313139, 29607387, 106291750, 162553334, 275058303, 64179189, 263147140, 15599810, 325103190, 137254480, 66787068, 4755224, 308520011, 181897417, 325162685,
221099032, 131741505, 147534370, 131533267, 144073688, 166398146, 155829711, 252509898, 251605008, 323547097, 216038649, 232629333, 95137254, 287931575, 235583527, 32386598,
76722491, 60825791, 138354268, 400761, 51907675, 197369064, 319840588, 98618414, 84343982, 108113946, 314679670, 134518178, 64988900, 4333172, 295712261, 200707216,
147647414, 318013383, 77682006, 92518996, 42154619, 87464521, 285037574, 332936592, 62635246, 5534097, 308862707, 91097989, 269726589, 273280832, 251670430, 95492698,
21676891, 182964692, 177187742, 294825274, 85128609, 273594538, 93115857, 116308166, 312212122, 18665807, 32192823, 313249299, 98777368, 273984239, 312125377, 205655336,
264861277, 178920022, 341054719, 232663249, 173564046, 176591124, 157537342, 305058098, 277279130, 170028356, 228573747, 31628995, 175280663, 37304323, 122111670, 210658936,
175704183, 314649282, 325535066, 266783938, 301319742, 327923297, 279787306, 304633001, 304153402, 292839078, 147442886, 94150133, 40461238, 221384781, 269671052, 265445273,
208370149, 160863546, 287765159, 339146643, 129600429, 96192870, 113146118, 95879915, 216708053, 285201955, 67756451, 79028039, 309141895, 138447809, 212246614, 12641916,
243544995, 33459809, 76979779, 71155723, 152521243, 200750888, 36425947, 339074467, 319204591, 188312744, 266105966, 280016981, 183723313, 238915015, 23277613, 160934729,
200611286, 163282810, 297928823, 226921588, 86839172, 145317111, 202226936, 51887320, 318474782, 282270658, 221219795, 207597867, 132089009, 334627662, 163952597, 67529059,
173759630, 234865017, 255217646, 277806158, 61964704, 216678166, 96126463, 39218331, 70028373, 4899005, 238135514, 242700690, 284680271, 81041980, 332906491, 463527,
299280916, 204600651, 149654879, 222229829, 26825157, 81825189, 127990873, 200962599, 16149163, 108812393, 217708971, 152638110, 28735779, 5272794, 19720409, 231726324,
49854178, 118319174, 185669526, 223407181, 243138094, 259020958, 308825615, 164156486, 341391280, 192526841, 97036052, 279986894, 20263748, 32228956, 43816679, 343421811,
124320208, 3484106, 31711063, 147679160, 195369505, 54243678, 279088595, 149119313, 301997352, 244557309, 19700779, 138872683, 230523717, 113507709, 135291486, 313025300,
254384479, 219815764, 253574481, 220646316, 124744817, 123915741, 325760383, 123516396, 138140410, 154060994, 314730104, 57286356, 222353426, 76630003, 145380041, 52039855,
229881219, 332902036, 152308429, 95071889, 124799350, 270141530, 47897266, 119620601, 133269057, 138561303, 341820265, 66049665, 273409631, 304306012, 212490958, 210388603,
277413768, 280793261, 223131872, 162407285, 44911970, 316685837, 298709373, 252812339, 230786851, 230319350, 56863422, 341141914, 177295413, 248222411, 215148650, 97970603,
291678055, 161911155, 339645428, 206445182, 31895080, 279676698, 78257775, 268845232, 92545841, 336725589, 47384597, 62216335, 82290365, 89893410, 266117967, 791867,
28042243, 110563426, 183316855, 281174508, 166338432, 86326996, 261473803, 164647535, 84749290, 157518777, 214336587, 72257047, 13358702, 229010735, 204196474, 179927635,
21786785, 330554989, 164559635, 144505300, 280425045, 324057501, 268227440, 323362437, 26891539, 228523003, 166709094, 61174973, 13532911, 42168701, 133044957, 158219357,
220115616, 15174468, 281706353, 283813987, 263212325, 289818392, 247170937, 276072317, 197581495, 33713097, 181695825, 96829354, 32991226, 228583784, 4040287, 65188717,
258204083, 96366799, 176298395, 341574369, 306098123, 218746932, 29191888, 311810435, 305844323, 31614267, 28130094, 72716426, 38568041, 197579396, 14876445, 228525674,
294569685, 2451649, 165929882, 112195415, 204786047, 138216235, 3438132, 126150615, 59754608, 158965324, 268160978, 266231264, 244422459, 306155336, 218178824, 301806695,
208837335, 212153467, 209725081, 269355286, 295716530, 13980580, 264284060, 301901789, 275319045, 107139083, 4006959, 143908623, 139848274, 25357089, 21607040, 340818603,
91260932, 198869267, 45119941, 224113252, 269556513, 42857483, 268925602, 188501450, 235382337, 324688793, 113056679, 177232352, 98280013, 117743899, 87369665, 330110286,
310895756, 268425063, 27568325, 266303142, 181405304, 65876631, 246283438, 127636847, 16153922, 210256884, 9257227, 147272724, 235571791, 340876897, 31558760, 224463520,
229909008, 40943950, 263351999, 14865952, 27279162, 51980445, 99553161, 108121152, 145230283, 217402431, 84060866, 190168688, 46894008, 205718237, 296935065, 331646198,
59709076, 265829428, 214503586, 310273189, 86051634, 247210969, 275872780, 55395653, 302717617, 155583500, 207999042, 293597246, 305796948, 139332832, 198434142, 104197059,
320317582, 101819543, 70813687, 43594385, 241913829, 210308279, 298735610, 151599086, 92093482, 24654121, 52528801, 134711941, 324580593, 293101038, 121757877, 323940193,
276114751, 33522997, 218880483, 46953248, 33126382, 294367143, 161595040, 208968904, 129221110, 323693686, 234366848, 50155901, 123936119, 72127416, 34243899, 171824126,
26019236, 93997235, 28452989, 24219933, 188331672, 181161011, 146526219, 186502916, 258266311, 207146754, 206589869, 189836867, 107762500, 129011227, 222324073, 331319091,
36618753, 141615400, 273319528, 246222615, 156139193, 290104141, 154851520, 310226922, 60187406, 73704819, 225899604, 87931539, 142487643, 152682959, 45891249, 212048348,
148547910, 207745063, 4405848, 179269204, 216233362, 230307487, 303352796, 41616117, 47140231, 13452075, 94626849, 48892822, 78453712, 214721933, 300785835, 1512599,
173577933, 163255132, 239883248, 205714288, 306118903, 106953300, 150085654, 77068348, 246390345, 199698311, 280165539, 256497526, 194381508, 78125966, 168327358, 180735395,
145983352, 243342736, 198463602, 83165996, 286431792, 22885329, 271516106, 66137359, 243561376, 324886778, 149497212, 24531379, 32857894, 62778029, 56960216, 224996784,
129315394, 81068505, 277744916, 215817366, 117205172, 195090165, 287841567, 57750901, 162987791, 259309908, 135370005, 194853269, 236792732, 219249166, 42349628, 27805769,
186263338, 310699018, 6491000, 228545163, 315890485, 22219119, 144392189, 15505150, 87848372, 155973124, 20446561, 177725890, 226669021, 205315635, 269580641, 133696452,
189388357, 314652032, 317225560, 304194584, 157633737, 298144493, 185785271, 337434647, 559796, 4438732, 249110619, 184824722, 221490126, 205632858, 172362641, 176702767,
276712118, 296075254, 111221225, 259809961, 15438443, 198021462, 134378223, 162261445, 170746654, 256890644, 125206341, 307078324, 279553989, 170124925, 296845387, 188226544,
295437875, 315053523, 172025817, 279046062, 189967278, 158662482, 192989875, 326540363, 135446089, 98631439, 257379933, 325004289, 26554274, 62190249, 228828648, 274361329,
18518762, 184854759, 210189061, 186836398, 230859454, 206912014, 201250021, 276332768, 119984643, 91358832, 325377399, 69085488, 307352479, 308876137, 208756649, 32865966,
152976045, 207821125, 66426662, 67585526, 118828370, 3107192, 322037257, 146029104, 106553806, 266958791, 89567376, 153815988, 90786397, 271042585, 203781777, 169087756,
315867500, 306916544, 7528726, 327732739, 227901532, 2263402, 14357894, 269740764, 322090105, 59838559, 298337502, 292797139, 337635349, 66476915, 75612762, 328089387,
155232910, 87069405, 36163560, 273715413, 321325749, 218096743, 308178877, 21861281, 180676741, 135208372, 119891712, 122406065, 267537516, 341350322, 87789083, 196340943,
217070591, 83564209, 159382818, 253921239, 184673854, 213569600, 194031064, 35973794, 18071215, 250854127, 115090766, 147707843, 330337973, 266187164, 27853295, 296801215,
254949704, 43331190, 73930201, 35703461, 119780800, 216998106, 12687572, 250863345, 243908221, 330555990, 296216993, 202100577, 111307303, 151049872, 103451600, 237710099,
78658022, 121490075, 134292528, 88277916, 177315676, 186629690, 77848818, 211822377, 145696683, 289190386, 274721999, 328391282, 218772820, 91324151, 321725584, 277577004,
65732866, 275538085, 144429136, 204062923, 177280727, 214204692, 264758257, 169151951, 335535576, 334002493, 281131703, 305997258, 310527888, 136973519, 216764406, 235954329,
254049694, 285174861, 264316834, 11792643, 149333889, 214699018, 261331547, 317320791, 24527858, 118790777, 264146824, 174296812, 332779737, 94199786, 288227027, 172048372,
};
static poly zetainv = {
55349550, 249376791, 10796840, 169279765, 79429753, 224785800, 319048719, 26255786, 82245030, 128877559, 194242688, 331783934, 79259743, 58401716, 89526883, 107622248,
126812171, 206603058, 33048689, 37579319, 62444874, 9574084, 8041001, 174424626, 78818320, 129371885, 166295850, 139513654, 199147441, 68038492, 277843711, 65999573,
21850993, 252252426, 124803757, 15185295, 68854578, 54386191, 197879894, 131754200, 265727759, 156946887, 166260901, 255298661, 209284049, 222086502, 264918555, 105866478,
240124977, 192526705, 232269274, 141476000, 47359584, 13020587, 99668356, 92713232, 330889005, 126578471, 223795777, 307873116, 269646376, 300245387, 88626873, 46775362,
315723282, 77389413, 13238604, 195868734, 228485811, 92722450, 325505362, 307602783, 149545513, 130006977, 158902723, 89655338, 184193759, 260012368, 126505986, 147235634,
255787494, 2226255, 76039061, 221170512, 223684865, 208368205, 162899836, 321715296, 35397700, 125479834, 22250828, 69861164, 307413017, 256507172, 188343667, 15487190,
267963815, 277099662, 5941228, 50779438, 45239075, 283738018, 21486472, 73835813, 329218683, 341313175, 115675045, 15843838, 336047851, 36660033, 27709077, 174488821,
139794800, 72533992, 252790180, 189760589, 254009201, 76617786, 237022771, 197547473, 21539320, 340469385, 224748207, 275991051, 277149915, 135755452, 190600532, 310710611,
134819928, 34700440, 36224098, 274491089, 18199178, 252217745, 223591934, 67243809, 142326556, 136664563, 112717123, 156740179, 133387516, 158721818, 325057815, 69215248,
114747929, 281386328, 317022303, 18572288, 86196644, 244945138, 208130488, 17036214, 150586702, 184914095, 153609299, 64530515, 171550760, 28523054, 48138702, 155350033,
46731190, 173451652, 64022588, 36498253, 218370236, 86685933, 172829923, 181315132, 209198354, 145555115, 328138134, 83766616, 232355352, 47501323, 66864459, 166873810,
171213936, 137943719, 122086451, 158751855, 94465958, 339137845, 343016781, 6141930, 157791306, 45432084, 185942840, 39381993, 26351017, 28924545, 154188220, 209880125,
73995936, 138260942, 116907556, 165850687, 323130016, 187603453, 255728205, 328071427, 199184388, 321357458, 27686092, 115031414, 337085577, 32877559, 157313239, 315770808,
301226949, 124327411, 106783845, 148723308, 208206572, 84266669, 180588786, 285825676, 55735010, 148486412, 226371405, 127759211, 65831661, 262508072, 214261183, 118579793,
286616361, 280798548, 310718683, 319045198, 194079365, 18689799, 100015201, 277439218, 72060471, 320691248, 57144785, 260410581, 145112975, 100233841, 197593225, 162841182,
175249219, 265450611, 149195069, 87079051, 63411038, 143878266, 97186232, 266508229, 193490923, 236623277, 37457674, 137862289, 103693329, 180321445, 169998644, 342063978,
42790742, 128854644, 265122865, 294683755, 248949728, 330124502, 296436346, 301960460, 40223781, 113269090, 127343215, 164307373, 339170729, 135831514, 195028667, 131528229,
297685328, 190893618, 201088934, 255645038, 117676973, 269871758, 283389171, 33349655, 188725057, 53472436, 187437384, 97353962, 70257049, 201961177, 306957824, 12257486,
121252504, 214565350, 235814077, 153739710, 136986708, 136429823, 85310266, 157073661, 197050358, 162415566, 155244905, 319356644, 315123588, 249579342, 317557341, 171752451,
309332678, 271449161, 219640458, 293420676, 109209729, 19882891, 214355467, 134607673, 181981537, 49209434, 310450195, 296623329, 124696094, 310053580, 67461826, 19636384,
221818700, 50475539, 18995984, 208864636, 291047776, 318922456, 251483095, 191977491, 44840967, 133268298, 101662748, 299982192, 272762890, 241757034, 23258995, 239379518,
145142435, 204243745, 37779629, 49979331, 135577535, 187993077, 40858960, 288180924, 67703797, 96365608, 257524943, 33303388, 129072991, 77747149, 283867501, 11930379,
46641512, 137858340, 296682569, 153407889, 259515711, 126174146, 198346294, 235455425, 244023416, 291596132, 316297415, 328710625, 80224578, 302632627, 113667569, 119113057,
312017817, 2699680, 108004786, 196303853, 334319350, 133319693, 327422655, 215939730, 97293139, 277699946, 162171273, 77273435, 316008252, 75151514, 32680821, 13466291,
256206912, 225832678, 245296564, 166344225, 230519898, 18887784, 108194240, 155075127, 74650975, 300719094, 74020064, 119463325, 298456636, 144707310, 252315645, 2757974,
321969537, 318219488, 203728303, 199667954, 339569618, 236437494, 68257532, 41674788, 79292517, 329595997, 47860047, 74221291, 133851496, 131423110, 134739242, 41769882,
125397753, 37421241, 99154118, 77345313, 75415599, 184611253, 283821969, 217425962, 340138445, 205360342, 138790530, 231381162, 177646695, 341124928, 49006892, 115050903,
328700132, 145997181, 305008536, 270860151, 315446483, 311962310, 37732254, 31766142, 314384689, 124829645, 37478454, 2002208, 167278182, 247209778, 85372494, 278387860,
339536290, 114992793, 310585351, 246747223, 161880752, 309863480, 145995082, 67504260, 96405640, 53758185, 80364252, 59762590, 61870224, 328402109, 123460961, 185357220,
210531620, 301407876, 330043666, 282401604, 176867483, 115053574, 316685038, 20214140, 75349137, 19519076, 63151532, 199071277, 179016942, 13021588, 321789792, 163648942,
139380103, 114565842, 330217875, 271319530, 129239990, 186057800, 258827287, 178929042, 82102774, 257249581, 177238145, 62402069, 160259722, 233013151, 315534334, 342784710,
77458610, 253683167, 261286212, 281360242, 296191980, 6850988, 251030736, 74731345, 265318802, 63899879, 311681497, 137131395, 3931149, 181665422, 51898522, 245605974,
128427927, 95354166, 166281164, 2434663, 286713155, 113257227, 112789726, 90764238, 44867204, 26890740, 298664607, 181169292, 120444705, 62783316, 66162809, 133187974,
131085619, 39270565, 70166946, 277526912, 1756312, 205015274, 210307520, 223955976, 295679311, 73435047, 218777227, 248504688, 191268148, 10674541, 113695358, 291536722,
198196536, 266946574, 121223151, 286290221, 28846473, 189515583, 205436167, 220060181, 17816194, 219660836, 218831760, 122930261, 90002096, 123760813, 89192098, 30551277,
208285091, 230068868, 113052860, 204703894, 323875798, 99019268, 41579225, 194457264, 64487982, 289332899, 148207072, 195897417, 311865514, 340092471, 219256369, 154766,
299759898, 311347621, 323312829, 63589683, 246540525, 151049736, 2185297, 179420091, 34750962, 84555619, 100438483, 120169396, 157907051, 225257403, 293722399, 111850253,
323856168, 338303783, 314840798, 190938467, 125867606, 234764184, 327427414, 142613978, 215585704, 261751388, 316751420, 121346748, 193921698, 138975926, 44295661, 343113050,
10670086, 262534597, 58896306, 100875887, 105441063, 338677572, 273548204, 304358246, 247450114, 126898411, 281611873, 65770419, 88358931, 108711560, 169816947, 276047518,
179623980, 8948915, 211487568, 135978710, 122356782, 61305919, 25101795, 291689257, 141349641, 198259466, 256737405, 116654989, 45647754, 180293767, 142965291, 182641848,
320298964, 104661562, 159853264, 63559596, 77470611, 155263833, 24371986, 4502110, 307150630, 142825689, 191055334, 272420854, 266596798, 310116768, 100031582, 330934661,
131329963, 205128768, 34434682, 264548538, 275820126, 58374622, 126868524, 247696662, 230430459, 247383707, 213976148, 4429934, 55811418, 182713031, 135206428, 78131304,
73905525, 122191796, 303115339, 249426444, 196133691, 50737499, 39423175, 38943576, 63789271, 15653280, 42256835, 76792639, 18041511, 28927295, 167872394, 132917641,
221464907, 306272254, 168295914, 311947582, 115002830, 173548221, 66297447, 38518479, 186039235, 166985453, 170012531, 110913328, 2521858, 164656555, 78715300, 137921241,
31451200, 69592338, 244799209, 30327278, 311383754, 324910770, 31364455, 227268411, 250460720, 69982039, 258447968, 48751303, 166388835, 160611885, 321899686, 248083879,
91906147, 70295745, 73849988, 252478588, 34713870, 338042480, 280941331, 10639985, 58539003, 256112056, 301421958, 251057581, 265894571, 25563194, 195929163, 142869361,
47864316, 339243405, 278587677, 209058399, 28896907, 235462631, 259232595, 244958163, 23735989, 146207513, 291668902, 343175816, 205222309, 282750786, 266854086, 311189979,
107993050, 55645002, 248439323, 110947244, 127537928, 20029480, 91971569, 91066679, 187746866, 177178431, 199502889, 212043310, 196042207, 211835072, 122477545, 18413892,
161679160, 35056566, 338821353, 276789509, 206322097, 18473387, 327976767, 80429437, 279397388, 68518274, 181023243, 237284827, 313969190, 15263438, 51894343, 9591303,
82627166, 239331506, 239476843, 289562517, 139382347, 242285354, 17292740, 188689316, 235469942, 117131734, 266735631, 326823227, 117612662, 76546657, 295122385, 12037548,
189504538, 95200070, 293038692, 31932380, 187259607, 73167190, 170755308, 218145696, 236213106, 108592503, 131352161, 60559929, 42411067, 280958175, 8836049, 297422828,
11573249, 91280673, 125611361, 161380632, 226344941, 134250929, 140995006, 98690051, 155765188, 164335593, 80031253, 199481563, 69867929, 39419746, 228795671, 19516918,
167375209, 89867706, 72825851, 242099982, 14848946, 42273808, 126259092, 304755136, 38613146, 122800946, 267082476, 167972636, 196062071, 254115855, 39817651, 309122741,
60457156, 250755360, 20601023, 243392916, 292858762, 180399588, 313217138, 29929697, 60449086, 283841728, 160244444, 241071188, 321755521, 108569899, 143560290, 272375957,
331455083, 14981285, 32934047, 262884057, 281379762, 227479236, 105879398, 272619394, 284712017, 190200546, 171093156, 34108414, 325985663, 199935697, 224245523, 144111576,
153321671, 286621872, 35462788, 214206730, 126269934, 65652966, 284070510, 6662486, 325197743, 38006257, 50224836, 124340354, 154428934, 7450140, 287185643, 33705971,
141469584, 272829155, 286510306, 246444258, 170097677, 319718232, 330523682, 140140378, 10364444, 160580247, 27785987, 34570969, 134913023, 14901862, 115728895, 78609524,
201919710, 13838972, 34092541, 198733493, 47482665, 251494232, 16132931, 38972371, 240063876, 117596199, 162911865, 262860640, 52977050, 77007819, 254322574, 230917793,
56907315, 187536671, 158797937, 155087075, 285406963, 223869101, 209999057, 86990953, 177275895, 51531987, 75323133, 136095883, 79458852, 284976460, 336503820, 248522042,
242449238, 205641666, 53426246, 117730324, 10035786, 176235396, 119572778, 246212637, 259359873, 106810129, 68701183, 223062848, 116203489, 128109911, 250671079, 143144811,
122946724, 97778773, 14445551, 298865154, 220279089, 290608179, 139788422, 238668396, 208042792, 131609015, 171512662, 87566759, 307515865, 299411860, 322981913, 275319558,
215000538, 298680114, 174004783, 223088200, 81687275, 147683374, 191654034, 69991164, 17002068, 330618625, 9609529, 80888816, 152614860, 150884999, 256151599, 329060317,
211562488, 80002392, 53630089, 14783054, 243458064, 201989694, 173499211, 84231350, 173331941, 304685475, 186888301, 246560832, 235755640, 112845732, 306533221, 45346390,
159933829, 204549617, 65072539, 250813869, 230816883, 281589467, 307369918, 341418978, 323140252, 73855972, 83202333, 37507398, 171449539, 2278644, 159569463, 171528205,
};
#elif defined(_qTESLA_p_III_)
static poly zeta = {
147314272, 762289503, 284789571, 461457674, 723990704, 123382358, 685457283, 458774590, 644795450, 723622678, 441493948, 676062368, 648739792, 214990524, 261899220, 138474554,
205277234, 788000393, 541334956, 769530525, 786231394, 812002793, 251385069, 152717354, 674883688, 458756880, 323745289, 823881240, 686340396, 716163820, 107735873, 144028791,
586327243, 71257244, 739303131, 487030542, 313626215, 396596783, 664640087, 728258996, 854656117, 567834989, 2315110, 210792230, 795895843, 433034260, 432732757, 480454055,
750130006, 47628047, 2271301, 98590211, 729637734, 683553815, 476917424, 121851414, 296210757, 820475433, 403416438, 605633242, 804828963, 435181077, 781182803, 276684653,
329135201, 697859430, 248472020, 396579594, 109340098, 97605675, 755271019, 565755143, 534799496, 378374148, 85686225, 298978496, 650100484, 712463562, 818417023, 283716467,
269132585, 153024538, 223768950, 331863760, 761523727, 586019306, 805044248, 810909760, 77905343, 401203343, 162625701, 616243024, 659789238, 385270982, 720521140, 545633566,
688663167, 740046782, 257189758, 115795491, 101106443, 409863172, 622399622, 405606434, 498832246, 730567206, 350755879, 41236295, 561547732, 525723591, 18655497, 3396399,
289694332, 221478904, 738940554, 769726362, 32128402, 693016435, 275431006, 65292213, 601823865, 469363520, 480544944, 607230206, 473150754, 267072604, 463615065, 412972775,
197544577, 770873783, 189036815, 407973558, 110878446, 442760341, 667560342, 756992079, 663708407, 585601880, 763637579, 660019224, 424935088, 249313490, 844593983, 664952705,
274981537, 40233161, 655530034, 742724096, 8926394, 67709207, 616610795, 539664358, 306118645, 741629065, 283521858, 621397947, 369041534, 162477412, 258256937, 269480966,
75469364, 815614830, 724060729, 510819743, 489239410, 265607303, 103024793, 434961090, 474838542, 234701483, 505818866, 450427360, 188113529, 650423376, 599263141, 720479782,
755079140, 469798456, 745591660, 432033717, 530128582, 94480771, 722477467, 169342233, 35413255, 89769525, 424389771, 240236288, 360665614, 66702784, 76128663, 565345206,
605031892, 393503210, 249841967, 485930917, 45880284, 746120091, 684031522, 537926896, 408749937, 608644803, 692593939, 515424474, 748771159, 155377700, 347101257, 393516280,
708186062, 809233270, 562547654, 768251664, 651110951, 574473323, 588028067, 352359235, 646902518, 410726541, 134129459, 460099853, 829152883, 819102028, 7270760, 562515302,
419641762, 347973450, 161011009, 401974733, 619807719, 559105457, 276126568, 165473862, 380215069, 356617900, 347744328, 615885981, 824819772, 811367929, 6451967, 515345658,
648239021, 56427040, 709160497, 71545092, 390921213, 17177139, 194174898, 825533429, 497469884, 88988508, 64227614, 641021859, 159258883, 529265733, 823190295, 567280997,
414094239, 238392498, 695610059, 416342151, 90807038, 206865379, 568337348, 168011486, 844375038, 777332780, 147582038, 199025846, 396231915, 151630666, 466807217, 12672521,
570774644, 764098787, 283719496, 779154504, 383628791, 851035387, 395488461, 291115871, 52707730, 776449280, 479801706, 73403989, 402014636, 255214342, 56904698, 446531030,
639487570, 848061696, 202732901, 739018922, 653983847, 453022791, 391722680, 584290855, 270911670, 390838431, 653070075, 535876472, 83207555, 131151682, 505677504, 778583044,
472363568, 734419459, 768500943, 321131696, 371745445, 751887879, 51797676, 157604159, 838805925, 358099697, 763440819, 776721566, 719570904, 304610785, 656838485, 239522278,
796234199, 659506535, 825373307, 674901303, 250484891, 54612517, 410236408, 111976920, 728940855, 720463104, 559960962, 514189554, 637176165, 436151981, 485801800, 802811374,
549456481, 808832355, 112672706, 199163132, 807410080, 645955491, 365378122, 222316474, 381896744, 693909930, 402130292, 199856804, 277639257, 6848838, 648262319, 601521139,
108516632, 392382841, 563420106, 475932203, 249861415, 99274558, 152886431, 744977783, 269184267, 562674804, 760959275, 733098096, 771348891, 674288361, 631521272, 513632066,
476339117, 621937967, 206834230, 507101607, 420341698, 528715580, 853092790, 580174958, 278044321, 432350205, 603769437, 144426940, 733518338, 365468467, 848983278, 385382826,
846062026, 593903051, 216589699, 219997638, 350708517, 733669279, 624754239, 499821820, 772548008, 199677439, 287505007, 144199205, 215073292, 825467700, 101591831, 571728784,
841898341, 420897808, 61323616, 823475752, 72494861, 89946011, 236594097, 379582577, 539401967, 221244669, 479250487, 100726882, 263096036, 647161225, 491060387, 419890898,
816149055, 546441322, 690509770, 215789647, 5870948, 821456387, 294091098, 783700004, 278643020, 520754327, 813718894, 123610053, 157045201, 265331664, 807174256, 258134244,
703519669, 300265991, 41892125, 662173055, 439638698, 494124024, 700655120, 535348417, 37146186, 379568907, 644973451, 554904963, 594757858, 477812802, 266085643, 46337543,
454847754, 496027901, 701947604, 5722633, 790588605, 233501932, 728956461, 462020148, 214013660, 155806979, 159935426, 423504958, 638889309, 602641304, 277759403, 71654804,
710920410, 108337831, 641924564, 252946326, 463082282, 23277660, 142056200, 263317553, 9044238, 367816044, 349695658, 291597086, 230031083, 385106216, 281069679, 644033142,
134221740, 212497862, 686686078, 787489098, 781698667, 748299513, 774414792, 380836293, 114027649, 766161763, 10536612, 707355910, 100516219, 637517297, 21478533, 769067854,
668364559, 410803198, 64949715, 643421522, 525590993, 585289785, 423839840, 554109325, 450599860, 295350132, 435789550, 306634115, 611298620, 777817576, 553655202, 804525538,
794474290, 138542076, 780958763, 62228371, 738032107, 684994110, 661486955, 67099069, 68865906, 32413094, 358393763, 205008770, 849715545, 289798348, 384767209, 787328590,
823677120, 47455925, 706001331, 612392717, 487804928, 731804935, 520572665, 442307581, 351275150, 726042356, 667657829, 254929787, 459520026, 625393223, 319307882, 77267096,
815224795, 335964550, 408353208, 604252110, 574953308, 563501897, 515015302, 313600371, 178773384, 417549087, 510834475, 167049599, 488791556, 664276219, 82933775, 822541833,
17111190, 409659978, 96304098, 500484311, 269766378, 327037310, 584926256, 538611363, 404132255, 170931824, 744460626, 154011192, 322194096, 215888234, 258344560, 702851111,
192046250, 738511820, 530780560, 57197515, 335425579, 410968369, 830078545, 448351649, 208921555, 356653676, 718038774, 424362596, 158929491, 420096666, 387056270, 797383293,
381201911, 466480709, 373815662, 84912008, 4969808, 524614597, 93448903, 559481007, 400813998, 665223025, 601707338, 466022707, 192709574, 615503265, 822863744, 639854175,
158713505, 12757666, 389196370, 823105438, 682974863, 468401586, 93508626, 402414043, 806357152, 180544963, 27876186, 321527031, 329857607, 669501423, 829809824, 333202822,
106923493, 368991112, 282317903, 790323774, 517381333, 548329656, 236147848, 700119793, 404187488, 343578810, 798813301, 497964535, 656188346, 678161787, 736817175, 518031339,
716647183, 674797219, 308643560, 714308544, 516103468, 605229646, 564549717, 47650358, 706404486, 494887760, 152496104, 54954356, 271435602, 76951527, 136123931, 601823638,
329273401, 252710411, 754980731, 351648254, 49239731, 837833233, 88830509, 598216539, 155534490, 669603727, 418388693, 79322074, 636251444, 703683994, 796989459, 126497707,
644863316, 730359063, 265213001, 64483814, 552208981, 8135537, 782474322, 780853310, 733976806, 395661138, 128188419, 266691358, 407092046, 447349747, 526245954, 119272088,
359659635, 812410956, 669835517, 565139408, 248981831, 139910745, 685462294, 406991131, 709944045, 589819925, 714299787, 72923680, 648836181, 145321778, 392775383, 243093077,
412955839, 174619485, 310936394, 699727061, 421087619, 745421519, 539546394, 29471558, 116471631, 852650639, 443777703, 773131303, 81618669, 756719012, 702785073, 847088653,
851830586, 300908692, 430974543, 463215976, 668971423, 414271988, 108350516, 345933325, 716417649, 174980945, 679092437, 384030489, 814050910, 506580116, 249434097, 178438885,
146797119, 10369463, 296359082, 215645133, 149545847, 483689845, 322009569, 308978588, 38531178, 328571637, 815396967, 709744233, 765487128, 645413104, 564779557, 213794315,
280607549, 124792697, 423470554, 631348430, 21223627, 220718413, 598791979, 47797633, 734556299, 590321944, 168292920, 484802055, 340999812, 769601438, 42675060, 116026587,
227462622, 543574607, 444066479, 467277895, 278798674, 597413704, 350168725, 301936652, 82885511, 656047519, 765110538, 52228202, 533005731, 621989298, 148235931, 317833915,
118463894, 522391939, 451332724, 548031654, 73854149, 527786213, 583308898, 840663438, 275278054, 362931963, 587861579, 830807449, 431695707, 178004048, 75513216, 60681147,
638603143, 470791469, 490903319, 527370962, 102981857, 224220555, 756514239, 293859807, 797926303, 620196520, 466126507, 646136763, 265504163, 213257337, 92270416, 398713724,
91810366, 724247342, 855386762, 631553083, 376095634, 833728623, 636218061, 510719408, 378530670, 737821436, 127781731, 3443282, 770116208, 769633348, 430675947, 40370755,
52361322, 844601468, 442556599, 128290354, 494328514, 405616679, 651440882, 421541290, 171560170, 386143493, 284277254, 450756213, 248305939, 526718005, 300780198, 714218239,
68021827, 527353904, 236472015, 309320156, 683815803, 527980097, 598849444, 779607597, 339852811, 845420163, 96001931, 326760873, 609319751, 520803868, 140143851, 766988701,
844896794, 532008178, 388459130, 574799295, 760406065, 773758517, 453271555, 134636434, 155747417, 105505251, 796987277, 399016325, 71156680, 709579308, 274279004, 96962867,
476741915, 585319990, 709143538, 721328791, 293159344, 640577897, 138404614, 572892015, 394460832, 465897068, 325895331, 413861636, 447337182, 376950267, 721061932, 181671909,
272138750, 247768905, 634973622, 280653872, 165108426, 134241779, 15142090, 153256717, 783424845, 773227607, 172477802, 504458250, 349868083, 461422806, 487725644, 586146740,
561546455, 815406759, 468110471, 126476456, 285774551, 522013234, 801943660, 79684345, 654558548, 188038414, 249923934, 551812615, 562560206, 407120348, 384535446, 176837117,
433155458, 82591339, 459412819, 435604627, 312211805, 98158590, 752137480, 446017293, 666480139, 60261988, 275386848, 642778031, 8582401, 677484160, 819506256, 333441964,
25465219, 190315429, 91529631, 754681170, 563660271, 167135649, 20270015, 115773732, 658954441, 132923202, 844102455, 453432758, 250487209, 423813160, 632223296, 537494486,
158265753, 327949044, 494109748, 659672289, 67984726, 422358258, 345141182, 164372996, 338500924, 41400311, 207638305, 832074651, 50853458, 228267776, 621895888, 635834787,
484972544, 181125024, 558134871, 282159878, 788157855, 145576343, 194837894, 501440949, 63641414, 252098681, 835930645, 662856247, 456140980, 206147937, 565198503, 449503819,
684013129, 494002381, 793836418, 649296754, 444313288, 136544068, 540002286, 355912945, 613175147, 134541429, 843111781, 672612536, 541098995, 734996181, 211869705, 620777828,
756152791, 242128346, 795442420, 73925532, 735232214, 738668090, 530800757, 266183732, 97165934, 803231879, 10057267, 175942047, 181460965, 320684297, 637472526, 213840116,
182671953, 152704513, 388004388, 597349323, 473851493, 445333546, 679315863, 267078568, 46538491, 530171754, 698082287, 75308587, 266467406, 96440883, 759196579, 470119952,
381731475, 428392158, 10628712, 173921356, 116809433, 323843928, 812172630, 403459283, 655501128, 261944441, 774418023, 790520709, 589149480, 264133112, 806274256, 752372117,
66236193, 713859568, 90804933, 551864345, 843839891, 600244073, 719230074, 803646506, 254956426, 138935723, 738829647, 109576220, 105819621, 249706947, 110623114, 10002331,
795710911, 547062229, 721440199, 820747461, 397666160, 685179945, 463869301, 470338753, 641244231, 652990696, 698429485, 41147155, 638072709, 515832968, 241130026, 314161759,
526815813, 529167244, 53391331, 782008115, 822962086, 337706389, 648197286, 209496506, 760818531, 781900302, 717270807, 709143641, 740503641, 734328409, 514061476, 844010670,
67993787, 712083588, 319801387, 338260400, 48758556, 304195768, 478833380, 841413917, 710197685, 196321647, 777595184, 775983866, 147506314, 620961439, 399972264, 398715644,
684489092, 659918078, 664075287, 723890579, 643103903, 508525962, 375409248, 501237729, 740609783, 639854810, 510797913, 521151016, 421045341, 193698327, 800266392, 93518128,
443879633, 699245445, 194001794, 123905867, 75572337, 242620749, 463111940, 755239011, 31718790, 162155292, 386689240, 381413538, 745322913, 367897558, 343088005, 31706107,
10842029, 404961623, 537521191, 281624684, 372852160, 55286017, 534907560, 264398082, 667644310, 486871690, 716964533, 734731419, 143593638, 293949413, 760014789, 594443755,
147804127, 537704286, 460110740, 596458323, 577775570, 333025386, 260094086, 711487611, 359384182, 323339045, 716675075, 248179763, 525311626, 76326208, 559009987, 548139736,
541721430, 31450329, 653923741, 676193285, 295171241, 558845563, 387079118, 403184480, 807941436, 501042343, 284608894, 705710380, 82388415, 763336555, 126077422, 438548854,
606252517, 144569238, 126964439, 809559381, 263253751, 547929033, 236704198, 377978058, 59501955, 749500335, 254242336, 605755194, 408388953, 116242711, 116340056, 691021496,
48100285, 371076069, 638156108, 211570763, 185945242, 653505761, 667569173, 335131755, 736662207, 572078378, 755939949, 840393623, 322934679, 520522390, 252068808, 491370519,
200565770, 552637112, 182345569, 394747039, 822229467, 817698102, 644484388, 156591766, 729600982, 695826242, 509682463, 785132583, 746139100, 188369785, 628995003, 406654440,
650660075, 676485042, 540766742, 493428142, 753346328, 82608613, 670846442, 145894970, 770907988, 621807160, 14676199, 793865193, 36579515, 619741404, 303691972, 794920577,
134684826, 190038753, 538889970, 836657477, 643017556, 316870164, 464572481, 305395359, 446406992, 587814221, 423552502, 122802120, 146043780, 173756097, 130720237, 445515559,
109884833, 133119099, 804139234, 834841519, 458514524, 74213698, 490363622, 119287122, 165016718, 351506713, 433750226, 439149867, 348281119, 319795826, 320785867, 446561207,
705678831, 714536161, 172299381, 552925586, 635421942, 851853231, 208071525, 142303096, 93164236, 207534795, 655906672, 558127940, 98870558, 388322132, 87475979, 835970665,
61996500, 298060757, 256194194, 563529863, 249184704, 451295997, 73892211, 559049908, 44006160, 832886345, 720732161, 255948582, 827295342, 629663637, 323103159, 155698755,
598913314, 586685341, 761273875, 135225209, 324099714, 391112815, 493469140, 796490769, 667498514, 148390126, 721802249, 781884558, 309264043, 603401759, 503111668, 563611748,
363342598, 383209405, 108340736, 758017880, 145907493, 312330194, 608895549, 45540348, 143092704, 772401556, 806068040, 853177536, 662120004, 463347842, 495085709, 560431884,
274002454, 76985308, 519320299, 253092838, 727478114, 593752634, 490277266, 206283832, 701277908, 504787112, 816832531, 730997507, 27807749, 58254704, 584933136, 515463756,
241104222, 251881934, 566567573, 592887586, 528932268, 88111104, 523103099, 448331392, 351083975, 157811347, 758866581, 802151021, 843579185, 481417280, 507414106, 462708367,
461501222, 790988186, 462220673, 727683888, 159759683, 59757110, 310746434, 326369241, 305829588, 457718309, 529317279, 503631310, 661769334, 343160359, 472216278, 740498212,
11312284, 760170115, 513391009, 538224236, 710934956, 491998229, 539829044, 610387964, 86624968, 72542777, 493966272, 132327984, 371526334, 182549152, 51622114, 173997077,
550633787, 205437301, 435219235, 406409162, 414751325, 33371226, 40899348, 77245052, 763383124, 817701136, 598256078, 357440859, 468418959, 353612800, 721601331, 262567156,
521577430, 232027892, 75986872, 443113391, 107360999, 482079354, 563502258, 782475535, 402866161, 515580626, 742688144, 677398836, 425899303, 42066550, 537192943, 430672016,
115368023, 64053241, 92008456, 74327791, 572607165, 681138002, 378104858, 695786430, 844827190, 436817825, 751393351, 142965259, 81300919, 688342617, 433082724, 221191094,
712003270, 301076404, 747091407, 514191589, 814985450, 260951422, 187161058, 22316970, 806106670, 759397054, 158423624, 419813636, 462241316, 438231460, 108466764, 212745115,
386264342, 176072326, 767127195, 399981627, 762991681, 173125691, 464627163, 770046798, 179369718, 829917528, 693004603, 178596003, 422852852, 182684967, 662425026, 713404098,
766206683, 130088738, 321282752, 134898541, 86701214, 120555423, 464987852, 82865891, 758340585, 138256323, 308997895, 659614345, 510091933, 822699180, 464631718, 819896232,
120792059, 160708255, 462868879, 72974246, 260451492, 120601343, 228097712, 369436704, 155304088, 74380537, 732305166, 203294189, 307421597, 96510570, 634243454, 486539430,
16204477, 241987531, 317824421, 510180366, 794475492, 262770124, 441034891, 741864347, 205569410, 684844547, 340863522, 440616421, 454438375, 26285496, 141886125, 648947081,
3791510, 529746935, 317826713, 411458050, 661690316, 45696331, 679684665, 184597094, 829228068, 375683582, 591739456, 855242340, 628594662, 30968619, 363932244, 103091463,
614269714, 465960778, 791477766, 332731888, 853151007, 266045534, 132189407, 435008168, 65667470, 669304246, 760035868, 481409581, 36650645, 523634336, 702968013, 351902214,
284360680, 34261165, 593134528, 337534074, 239112910, 710342799, 163287447, 20209506, 780785984, 480727309, 125776519, 691236193, 603228570, 48261672, 183120677, 73638683,
3430616, 568026489, 808739797, 298585898, 64471573, 724550960, 568093636, 187449517, 655699449, 672689645, 829049456, 263525899, 612969883, 621652807, 186362075, 731851539,
377104257, 39335761, 210768226, 253965025, 201921517, 715681274, 369453531, 18897741, 612559390, 660723864, 476963596, 585483298, 318614839, 227626072, 298891387, 110505944,
814885802, 177563961, 443724544, 374856237, 577963338, 617516835, 475669105, 633353115, 12579943, 796644307, 569746680, 22381253, 343603333, 724567543, 845363898, 4023795,
801359177, 347489967, 214644600, 78674056, 131782857, 284041623, 660502381, 161470286, 668158595, 765738294, 715872268, 678418089, 280458288, 758715787, 9311288, 490771912,
757112000, 253990619, 698573830, 390611635, 52593584, 421202448, 494394112, 386893540, 29349323, 533111491, 774401558, 108660117, 405990553, 143728136, 852741683, 354532633,
440222591, 663461253, 593338391, 298882952, 758170600, 660294062, 332348846, 541714172, 77716403, 169377728, 71932929, 110210904, 776771173, 645222398, 162195941, 792388932,
502165627, 146897021, 243625970, 139123400, 462352793, 409369440, 247509680, 270865496, 539140627, 16949766, 245869282, 637926655, 37386603, 383033875, 316560876, 707909555,
367315004, 173821041, 529529257, 227507318, 831716891, 830055847, 228911074, 205127100, 178872273, 819938491, 129875615, 764680417, 97028082, 560682982, 433649390, 727508847,
494848582, 81279272, 435186566, 174468080, 69172161, 241860102, 692179355, 333985572, 788895276, 469576414, 594155471, 157828532, 182105752, 310394758, 673085082, 695719789,
39004854, 251000641, 98748282, 744318650, 815050298, 622456803, 240419561, 403871914, 202214044, 627433637, 649505808, 668918393, 334630440, 386856024, 352649543, 135139523,
216499252, 736376783, 269223150, 468318208, 801808348, 180378366, 640086372, 672618369, 291378195, 732195369, 805632553, 518515631, 603280165, 629836417, 59712833, 531020081,
708771168, 539819295, 179149444, 552251927, 458994127, 584987693, 238644928, 640603619, 46728500, 843989005, 688747457, 236924093, 261539965, 705411056, 765907765, 38095657,
382461698, 146650814, 351462947, 749417520, 628887925, 800857475, 790554154, 695483946, 160495923, 40896482, 471385785, 535516195, 197056285, 622795937, 368016917, 696525353,
377315918, 58087122, 246518254, 431338589, 795949654, 611141265, 406307405, 365750089, 396243561, 843849531, 33802729, 573076974, 557841126, 411725124, 109489622, 370935707,
372610558, 769825999, 367932152, 231499145, 240819898, 22648665, 418344529, 142438794, 552806180, 669450690, 614608056, 784369586, 258710636, 474742428, 166021530, 805595815,
603578176, 686703780, 412868426, 26588048, 379895115, 77550061, 751188758, 294447541, 433574579, 234362222, 821492181, 23912038, 681093196, 483584545, 404339808, 396405029,
744756742, 702481685, 413127074, 204115019, 187381271, 633523978, 433629465, 628184183, 783160918, 268799033, 646479372, 160458176, 602612912, 644506365, 391554011, 676966578,
386430153, 98736426, 412745127, 296141927, 685909285, 355152260, 361415843, 127323093, 586337666, 1734791, 368678692, 155431915, 597290023, 109507713, 291804866, 135016081,
144077689, 35054937, 16808265, 431962815, 534195521, 629326143, 309352001, 319948849, 443083246, 336744161, 100845182, 314804947, 476736581, 468528479, 416978018, 35141019,
43314058, 384847955, 665126798, 295857628, 768013680, 741182796, 157855570, 695547618, 145251639, 818473396, 708640763, 87460130, 736400748, 465173936, 376720282, 437268868,
137236663, 693860377, 247960644, 402124416, 656418852, 231401654, 248187016, 628418583, 224261112, 120581342, 49749199, 588812480, 309599954, 111357387, 14507354, 754564049,
513444423, 816496110, 509193085, 361635970, 190608265, 697367838, 230953561, 140447357, 27745100, 163340427, 607823059, 325305463, 383028479, 269707244, 475022415, 708990989,
738971809, 797646021, 126610937, 589310701, 191123172, 819715815, 337443183, 432224976, 337343783, 257301390, 172631141, 560659319, 646332329, 55110483, 467212803, 442977895,
311159578, 569890333, 669396086, 536323022, 542648615, 366162176, 88951009, 408335586, 276237497, 384733042, 525960156, 74199534, 338209206, 676233089, 264342641, 241682204,
226505461, 165013960, 129858819, 664852498, 432090291, 165700308, 382150900, 537002255, 368893910, 61006155, 238726881, 92317627, 632392147, 404715651, 802622348, 126100061,
306024238, 397891265, 214661020, 211132870, 783722518, 149847645, 665379914, 624725195, 85864665, 496272723, 304811252, 29995710, 410500887, 756406394, 31206753, 647154006,
596539568, 783214792, 286381882, 24560691, 681500270, 774933112, 506538708, 850347997, 611696036, 512607061, 251719669, 367108021, 456442965, 636694730, 399940257, 73870039,
85190759, 264953709, 238854238, 395048514, 612738126, 27417876, 652695826, 188238483, 324168828, 736238139, 789061724, 529275445, 382304068, 176318391, 709989466, 14237691,
};
static poly zetainv = {
146156455, 679827530, 473841853, 326870476, 67084197, 119907782, 531977093, 667907438, 203450095, 828728045, 243407795, 461097407, 617291683, 591192212, 770955162, 782275882,
456205664, 219451191, 399702956, 489037900, 604426252, 343538860, 244449885, 5797924, 349607213, 81212809, 174645651, 831585230, 569764039, 72931129, 259606353, 208991915,
824939168, 99739527, 445645034, 826150211, 551334669, 359873198, 770281256, 231420726, 190766007, 706298276, 72423403, 645013051, 641484901, 458254656, 550121683, 730045860,
53523573, 451430270, 223753774, 763828294, 617419040, 795139766, 487252011, 319143666, 473995021, 690445613, 424055630, 191293423, 726287102, 691131961, 629640460, 614463717,
591803280, 179912832, 517936715, 781946387, 330185765, 471412879, 579908424, 447810335, 767194912, 489983745, 313497306, 319822899, 186749835, 286255588, 544986343, 413168026,
388933118, 801035438, 209813592, 295486602, 683514780, 598844531, 518802138, 423920945, 518702738, 36430106, 665022749, 266835220, 729534984, 58499900, 117174112, 147154932,
381123506, 586438677, 473117442, 530840458, 248322862, 692805494, 828400821, 715698564, 625192360, 158778083, 665537656, 494509951, 346952836, 39649811, 342701498, 101581872,
841638567, 744788534, 546545967, 267333441, 806396722, 735564579, 631884809, 227727338, 607958905, 624744267, 199727069, 454021505, 608185277, 162285544, 718909258, 418877053,
479425639, 390971985, 119745173, 768685791, 147505158, 37672525, 710894282, 160598303, 698290351, 114963125, 88132241, 560288293, 191019123, 471297966, 812831863, 821004902,
439167903, 387617442, 379409340, 541340974, 755300739, 519401760, 413062675, 536197072, 546793920, 226819778, 321950400, 424183106, 839337656, 821090984, 712068232, 721129840,
564341055, 746638208, 258855898, 700714006, 487467229, 854411130, 269808255, 728822828, 494730078, 500993661, 170236636, 560003994, 443400794, 757409495, 469715768, 179179343,
464591910, 211639556, 253533009, 695687745, 209666549, 587346888, 72985003, 227961738, 422516456, 222621943, 668764650, 652030902, 443018847, 153664236, 111389179, 459740892,
451806113, 372561376, 175052725, 832233883, 34653740, 621783699, 422571342, 561698380, 104957163, 778595860, 476250806, 829557873, 443277495, 169442141, 252567745, 50550106,
690124391, 381403493, 597435285, 71776335, 241537865, 186695231, 303339741, 713707127, 437801392, 833497256, 615326023, 624646776, 488213769, 86319922, 483535363, 485210214,
746656299, 444420797, 298304795, 283068947, 822343192, 12296390, 459902360, 490395832, 449838516, 245004656, 60196267, 424807332, 609627667, 798058799, 478830003, 159620568,
488129004, 233349984, 659089636, 320629726, 384760136, 815249439, 695649998, 160661975, 65591767, 55288446, 227257996, 106728401, 504682974, 709495107, 473684223, 818050264,
90238156, 150734865, 594605956, 619221828, 167398464, 12156916, 809417421, 215542302, 617500993, 271158228, 397151794, 303893994, 676996477, 316326626, 147374753, 325125840,
796433088, 226309504, 252865756, 337630290, 50513368, 123950552, 564767726, 183527552, 216059549, 675767555, 54337573, 387827713, 586922771, 119769138, 639646669, 721006398,
503496378, 469289897, 521515481, 187227528, 206640113, 228712284, 653931877, 452274007, 615726360, 233689118, 41095623, 111827271, 757397639, 605145280, 817141067, 160426132,
183060839, 545751163, 674040169, 698317389, 261990450, 386569507, 67250645, 522160349, 163966566, 614285819, 786973760, 681677841, 420959355, 774866649, 361297339, 128637074,
422496531, 295462939, 759117839, 91465504, 726270306, 36207430, 677273648, 651018821, 627234847, 26090074, 24429030, 628638603, 326616664, 682324880, 488830917, 148236366,
539585045, 473112046, 818759318, 218219266, 610276639, 839196155, 317005294, 585280425, 608636241, 446776481, 393793128, 717022521, 612519951, 709248900, 353980294, 63756989,
693949980, 210923523, 79374748, 745935017, 784212992, 686768193, 778429518, 314431749, 523797075, 195851859, 97975321, 557262969, 262807530, 192684668, 415923330, 501613288,
3404238, 712417785, 450155368, 747485804, 81744363, 323034430, 826796598, 469252381, 361751809, 434943473, 803552337, 465534286, 157572091, 602155302, 99033921, 365374009,
846834633, 97430134, 575687633, 177727832, 140273653, 90407627, 187987326, 694675635, 195643540, 572104298, 724363064, 777471865, 641501321, 508655954, 54786744, 852122126,
10782023, 131578378, 512542588, 833764668, 286399241, 59501614, 843565978, 222792806, 380476816, 238629086, 278182583, 481289684, 412421377, 678581960, 41260119, 745639977,
557254534, 628519849, 537531082, 270662623, 379182325, 195422057, 243586531, 837248180, 486692390, 140464647, 654224404, 602180896, 645377695, 816810160, 479041664, 124294382,
669783846, 234493114, 243176038, 592620022, 27096465, 183456276, 200446472, 668696404, 288052285, 131594961, 791674348, 557560023, 47406124, 288119432, 852715305, 782507238,
673025244, 807884249, 252917351, 164909728, 730369402, 375418612, 75359937, 835936415, 692858474, 145803122, 617033011, 518611847, 263011393, 821884756, 571785241, 504243707,
153177908, 332511585, 819495276, 374736340, 96110053, 186841675, 790478451, 421137753, 723956514, 590100387, 2994914, 523414033, 64668155, 390185143, 241876207, 753054458,
492213677, 825177302, 227551259, 903581, 264406465, 480462339, 26917853, 671548827, 176461256, 810449590, 194455605, 444687871, 538319208, 326398986, 852354411, 207198840,
714259796, 829860425, 401707546, 415529500, 515282399, 171301374, 650576511, 114281574, 415111030, 593375797, 61670429, 345965555, 538321500, 614158390, 839941444, 369606491,
221902467, 759635351, 548724324, 652851732, 123840755, 781765384, 700841833, 486709217, 628048209, 735544578, 595694429, 783171675, 393277042, 695437666, 735353862, 36249689,
391514203, 33446741, 346053988, 196531576, 547148026, 717889598, 97805336, 773280030, 391158069, 735590498, 769444707, 721247380, 534863169, 726057183, 89939238, 142741823,
193720895, 673460954, 433293069, 677549918, 163141318, 26228393, 676776203, 86099123, 391518758, 683020230, 93154240, 456164294, 89018726, 680073595, 469881579, 643400806,
747679157, 417914461, 393904605, 436332285, 697722297, 96748867, 50039251, 833828951, 668984863, 595194499, 41160471, 341954332, 109054514, 555069517, 144142651, 634954827,
423063197, 167803304, 774845002, 713180662, 104752570, 419328096, 11318731, 160359491, 478041063, 175007919, 283538756, 781818130, 764137465, 792092680, 740777898, 425473905,
318952978, 814079371, 430246618, 178747085, 113457777, 340565295, 453279760, 73670386, 292643663, 374066567, 748784922, 413032530, 780159049, 624118029, 334568491, 593578765,
134544590, 502533121, 387726962, 498705062, 257889843, 38444785, 92762797, 778900869, 815246573, 822774695, 441394596, 449736759, 420926686, 650708620, 305512134, 682148844,
804523807, 673596769, 484619587, 723817937, 362179649, 783603144, 769520953, 245757957, 316316877, 364147692, 145210965, 317921685, 342754912, 95975806, 844833637, 115647709,
383929643, 512985562, 194376587, 352514611, 326828642, 398427612, 550316333, 529776680, 545399487, 796388811, 696386238, 128462033, 393925248, 65157735, 394644699, 393437554,
348731815, 374728641, 12566736, 53994900, 97279340, 698334574, 505061946, 407814529, 333042822, 768034817, 327213653, 263258335, 289578348, 604263987, 615041699, 340682165,
271212785, 797891217, 828338172, 125148414, 39313390, 351358809, 154868013, 649862089, 365868655, 262393287, 128667807, 603053083, 336825622, 779160613, 582143467, 295714037,
361060212, 392798079, 194025917, 2968385, 50077881, 83744365, 713053217, 810605573, 247250372, 543815727, 710238428, 98128041, 747805185, 472936516, 492803323, 292534173,
353034253, 252744162, 546881878, 74261363, 134343672, 707755795, 188647407, 59655152, 362676781, 465033106, 532046207, 720920712, 94872046, 269460580, 257232607, 700447166,
533042762, 226482284, 28850579, 600197339, 135413760, 23259576, 812139761, 297096013, 782253710, 404849924, 606961217, 292616058, 599951727, 558085164, 794149421, 20175256,
768669942, 467823789, 757275363, 298017981, 200239249, 648611126, 762981685, 713842825, 648074396, 4292690, 220723979, 303220335, 683846540, 141609760, 150467090, 409584714,
535360054, 536350095, 507864802, 416996054, 422395695, 504639208, 691129203, 736858799, 365782299, 781932223, 397631397, 21304402, 52006687, 723026822, 746261088, 410630362,
725425684, 682389824, 710102141, 733343801, 432593419, 268331700, 409738929, 550750562, 391573440, 539275757, 213128365, 19488444, 317255951, 666107168, 721461095, 61225344,
552453949, 236404517, 819566406, 62280728, 841469722, 234338761, 85237933, 710250951, 185299479, 773537308, 102799593, 362717779, 315379179, 179660879, 205485846, 449491481,
227150918, 667776136, 110006821, 71013338, 346463458, 160319679, 126544939, 699554155, 211661533, 38447819, 33916454, 461398882, 673800352, 303508809, 655580151, 364775402,
604077113, 335623531, 533211242, 15752298, 100205972, 284067543, 119483714, 521014166, 188576748, 202640160, 670200679, 644575158, 217989813, 485069852, 808045636, 165124425,
739805865, 739903210, 447756968, 250390727, 601903585, 106645586, 796643966, 478167863, 619441723, 308216888, 592892170, 46586540, 729181482, 711576683, 249893404, 417597067,
730068499, 92809366, 773757506, 150435541, 571537027, 355103578, 48204485, 452961441, 469066803, 297300358, 560974680, 179952636, 202222180, 824695592, 314424491, 308006185,
297135934, 779819713, 330834295, 607966158, 139470846, 532806876, 496761739, 144658310, 596051835, 523120535, 278370351, 259687598, 396035181, 318441635, 708341794, 261702166,
96131132, 562196508, 712552283, 121414502, 139181388, 369274231, 188501611, 591747839, 321238361, 800859904, 483293761, 574521237, 318624730, 451184298, 845303892, 824439814,
513057916, 488248363, 110823008, 474732383, 469456681, 693990629, 824427131, 100906910, 393033981, 613525172, 780573584, 732240054, 662144127, 156900476, 412266288, 762627793,
55879529, 662447594, 435100580, 334994905, 345348008, 216291111, 115536138, 354908192, 480736673, 347619959, 213042018, 132255342, 192070634, 196227843, 171656829, 457430277,
456173657, 235184482, 708639607, 80162055, 78550737, 659824274, 145948236, 14732004, 377312541, 551950153, 807387365, 517885521, 536344534, 144062333, 788152134, 12135251,
342084445, 121817512, 115642280, 147002280, 138875114, 74245619, 95327390, 646649415, 207948635, 518439532, 33183835, 74137806, 802754590, 326978677, 329330108, 541984162,
615015895, 340312953, 218073212, 814998766, 157716436, 203155225, 214901690, 385807168, 392276620, 170965976, 458479761, 35398460, 134705722, 309083692, 60435010, 846143590,
745522807, 606438974, 750326300, 746569701, 117316274, 717210198, 601189495, 52499415, 136915847, 255901848, 12306030, 304281576, 765340988, 142286353, 789909728, 103773804,
49871665, 592012809, 266996441, 65625212, 81727898, 594201480, 200644793, 452686638, 43973291, 532301993, 739336488, 682224565, 845517209, 427753763, 474414446, 386025969,
96949342, 759705038, 589678515, 780837334, 158063634, 325974167, 809607430, 589067353, 176830058, 410812375, 382294428, 258796598, 468141533, 703441408, 673473968, 642305805,
218673395, 535461624, 674684956, 680203874, 846088654, 52914042, 758979987, 589962189, 325345164, 117477831, 120913707, 782220389, 60703501, 614017575, 99993130, 235368093,
644276216, 121149740, 315046926, 183533385, 13034140, 721604492, 242970774, 500232976, 316143635, 719601853, 411832633, 206849167, 62309503, 362143540, 172132792, 406642102,
290947418, 649997984, 400004941, 193289674, 20215276, 604047240, 792504507, 354704972, 661308027, 710569578, 67988066, 573986043, 298011050, 675020897, 371173377, 220311134,
234250033, 627878145, 805292463, 24071270, 648507616, 814745610, 517644997, 691772925, 511004739, 433787663, 788161195, 196473632, 362036173, 528196877, 697880168, 318651435,
223922625, 432332761, 605658712, 402713163, 12043466, 723222719, 197191480, 740372189, 835875906, 689010272, 292485650, 101464751, 764616290, 665830492, 830680702, 522703957,
36639665, 178661761, 847563520, 213367890, 580759073, 795883933, 189665782, 410128628, 104008441, 757987331, 543934116, 420541294, 396733102, 773554582, 422990463, 679308804,
471610475, 449025573, 293585715, 304333306, 606221987, 668107507, 201587373, 776461576, 54202261, 334132687, 570371370, 729669465, 388035450, 40739162, 294599466, 269999181,
368420277, 394723115, 506277838, 351687671, 683668119, 82918314, 72721076, 702889204, 841003831, 721904142, 691037495, 575492049, 221172299, 608377016, 584007171, 674474012,
135083989, 479195654, 408808739, 442284285, 530250590, 390248853, 461685089, 283253906, 717741307, 215568024, 562986577, 134817130, 147002383, 270825931, 379404006, 759183054,
581866917, 146566613, 784989241, 457129596, 59158644, 750640670, 700398504, 721509487, 402874366, 82387404, 95739856, 281346626, 467686791, 324137743, 11249127, 89157220,
716002070, 335342053, 246826170, 529385048, 760143990, 10725758, 516293110, 76538324, 257296477, 328165824, 172330118, 546825765, 619673906, 328792017, 788124094, 141927682,
555365723, 329427916, 607839982, 405389708, 571868667, 470002428, 684585751, 434604631, 204705039, 450529242, 361817407, 727855567, 413589322, 11544453, 803784599, 815775166,
425469974, 86512573, 86029713, 852702639, 728364190, 118324485, 477615251, 345426513, 219927860, 22417298, 480050287, 224592838, 759159, 131898579, 764335555, 457432197,
763875505, 642888584, 590641758, 210009158, 390019414, 235949401, 58219618, 562286114, 99631682, 631925366, 753164064, 328774959, 365242602, 385354452, 217542778, 795464774,
780632705, 678141873, 424450214, 25338472, 268284342, 493213958, 580867867, 15482483, 272837023, 328359708, 782291772, 308114267, 404813197, 333753982, 737682027, 538312006,
707909990, 234156623, 323140190, 803917719, 91035383, 200098402, 773260410, 554209269, 505977196, 258732217, 577347247, 388868026, 412079442, 312571314, 628683299, 740119334,
813470861, 86544483, 515146109, 371343866, 687853001, 265823977, 121589622, 808348288, 257353942, 635427508, 834922294, 224797491, 432675367, 731353224, 575538372, 642351606,
291366364, 210732817, 90658793, 146401688, 40748954, 527574284, 817614743, 547167333, 534136352, 372456076, 706600074, 640500788, 559786839, 845776458, 709348802, 677707036,
606711824, 349565805, 42095011, 472115432, 177053484, 681164976, 139728272, 510212596, 747795405, 441873933, 187174498, 392929945, 425171378, 555237229, 4315335, 9057268,
153360848, 99426909, 774527252, 83014618, 412368218, 3495282, 739674290, 826674363, 316599527, 110724402, 435058302, 156418860, 545209527, 681526436, 443190082, 613052844,
463370538, 710824143, 207309740, 783222241, 141846134, 266325996, 146201876, 449154790, 170683627, 716235176, 607164090, 291006513, 186310404, 43734965, 496486286, 736873833,
329899967, 408796174, 449053875, 589454563, 727957502, 460484783, 122169115, 75292611, 73671599, 848010384, 303936940, 791662107, 590932920, 125786858, 211282605, 729648214,
59156462, 152461927, 219894477, 776823847, 437757228, 186542194, 700611431, 257929382, 767315412, 18312688, 806906190, 504497667, 101165190, 603435510, 526872520, 254322283,
720021990, 779194394, 584710319, 801191565, 703649817, 361258161, 149741435, 808495563, 291596204, 250916275, 340042453, 141837377, 547502361, 181348702, 139498738, 338114582,
119328746, 177984134, 199957575, 358181386, 57332620, 512567111, 451958433, 156026128, 619998073, 307816265, 338764588, 65822147, 573828018, 487154809, 749222428, 522943099,
26336097, 186644498, 526288314, 534618890, 828269735, 675600958, 49788769, 453731878, 762637295, 387744335, 173171058, 33040483, 466949551, 843388255, 697432416, 216291746,
33282177, 240642656, 663436347, 390123214, 254438583, 190922896, 455331923, 296664914, 762697018, 331531324, 851176113, 771233913, 482330259, 389665212, 474944010, 58762628,
469089651, 436049255, 697216430, 431783325, 138107147, 499492245, 647224366, 407794272, 26067376, 445177552, 520720342, 798948406, 325365361, 117634101, 664099671, 153294810,
597801361, 640257687, 533951825, 702134729, 111685295, 685214097, 452013666, 317534558, 271219665, 529108611, 586379543, 355661610, 759841823, 446485943, 839034731, 33604088,
773212146, 191869702, 367354365, 689096322, 345311446, 438596834, 677372537, 542545550, 341130619, 292644024, 281192613, 251893811, 447792713, 520181371, 40921126, 778878825,
536838039, 230752698, 396625895, 601216134, 188488092, 130103565, 504870771, 413838340, 335573256, 124340986, 368340993, 243753204, 150144590, 808689996, 32468801, 68817331,
471378712, 566347573, 6430376, 651137151, 497752158, 823732827, 787280015, 789046852, 194658966, 171151811, 118113814, 793917550, 75187158, 717603845, 61671631, 51620383,
302490719, 78328345, 244847301, 549511806, 420356371, 560795789, 405546061, 302036596, 432306081, 270856136, 330554928, 212724399, 791196206, 445342723, 187781362, 87078067,
834667388, 218628624, 755629702, 148790011, 845609309, 89984158, 742118272, 475309628, 81731129, 107846408, 74447254, 68656823, 169459843, 643648059, 721924181, 212112779,
575076242, 471039705, 626114838, 564548835, 506450263, 488329877, 847101683, 592828368, 714089721, 832868261, 393063639, 603199595, 214221357, 747808090, 145225511, 784491117,
578386518, 253504617, 217256612, 432640963, 696210495, 700338942, 642132261, 394125773, 127189460, 622643989, 65557316, 850423288, 154198317, 360118020, 401298167, 809808378,
590060278, 378333119, 261388063, 301240958, 211172470, 476577014, 818999735, 320797504, 155490801, 362021897, 416507223, 193972866, 814253796, 555879930, 152626252, 598011677,
48971665, 590814257, 699100720, 732535868, 42427027, 335391594, 577502901, 72445917, 562054823, 34689534, 850274973, 640356274, 165636151, 309704599, 39996866, 436255023,
365085534, 208984696, 593049885, 755419039, 376895434, 634901252, 316743954, 476563344, 619551824, 766199910, 783651060, 32670169, 794822305, 435248113, 14247580, 284417137,
754554090, 30678221, 641072629, 711946716, 568640914, 656468482, 83597913, 356324101, 231391682, 122476642, 505437404, 636148283, 639556222, 262242870, 10083895, 470763095,
7162643, 490677454, 122627583, 711718981, 252376484, 423795716, 578101600, 275970963, 3053131, 327430341, 435804223, 349044314, 649311691, 234207954, 379806804, 342513855,
224624649, 181857560, 84797030, 123047825, 95186646, 293471117, 586961654, 111168138, 703259490, 756871363, 606284506, 380213718, 292725815, 463763080, 747629289, 254624782,
207883602, 849297083, 578506664, 656289117, 454015629, 162235991, 474249177, 633829447, 490767799, 210190430, 48735841, 656982789, 743473215, 47313566, 306689440, 53334547,
370344121, 419993940, 218969756, 341956367, 296184959, 135682817, 127205066, 744169001, 445909513, 801533404, 605661030, 181244618, 30772614, 196639386, 59911722, 616623643,
199307436, 551535136, 136575017, 79424355, 92705102, 498046224, 17339996, 698541762, 804348245, 104258042, 484400476, 535014225, 87644978, 121726462, 383782353, 77562877,
350468417, 724994239, 772938366, 320269449, 203075846, 465307490, 585234251, 271855066, 464423241, 403123130, 202162074, 117126999, 653413020, 8084225, 216658351, 409614891,
799241223, 600931579, 454131285, 782741932, 376344215, 79696641, 803438191, 565030050, 460657460, 5110534, 472517130, 76991417, 572426425, 92047134, 285371277, 843473400,
389338704, 704515255, 459914006, 657120075, 708563883, 78813141, 11770883, 688134435, 287808573, 649280542, 765338883, 439803770, 160535862, 617753423, 442051682, 288864924,
32955626, 326880188, 696887038, 215124062, 791918307, 767157413, 358676037, 30612492, 661971023, 838968782, 465224708, 784600829, 146985424, 799718881, 207906900, 340800263,
849693954, 44777992, 31326149, 240259940, 508401593, 499528021, 475930852, 690672059, 580019353, 297040464, 236338202, 454171188, 695134912, 508172471, 436504159, 293630619,
848875161, 37043893, 26993038, 396046068, 722016462, 445419380, 209243403, 503786686, 268117854, 281672598, 205034970, 87894257, 293598267, 46912651, 147959859, 462629641,
509044664, 700768221, 107374762, 340721447, 163551982, 247501118, 447395984, 318219025, 172114399, 110025830, 810265637, 370215004, 606303954, 462642711, 251114029, 290800715,
780017258, 789443137, 495480307, 615909633, 431756150, 766376396, 820732666, 686803688, 133668454, 761665150, 326017339, 424112204, 110554261, 386347465, 101066781, 135666139,
256882780, 205722545, 668032392, 405718561, 350327055, 621444438, 381307379, 421184831, 753121128, 590538618, 366906511, 345326178, 132085192, 40531091, 780676557, 586664955,
597888984, 693668509, 487104387, 234747974, 572624063, 114516856, 550027276, 316481563, 239535126, 788436714, 847219527, 113421825, 200615887, 815912760, 581164384, 191193216,
11551938, 606832431, 431210833, 196126697, 92508342, 270544041, 192437514, 99153842, 188585579, 413385580, 745267475, 448172363, 667109106, 85272138, 658601344, 443173146,
392530856, 589073317, 382995167, 248915715, 375600977, 386782401, 254322056, 790853708, 580714915, 163129486, 824017519, 86419559, 117205367, 634667017, 566451589, 852749522,
837490424, 330422330, 294598189, 814909626, 505390042, 125578715, 357313675, 450539487, 233746299, 446282749, 755039478, 740350430, 598956163, 116099139, 167482754, 310512355,
135624781, 470874939, 196356683, 239902897, 693520220, 454942578, 778240578, 45236161, 51101673, 270126615, 94622194, 524282161, 632376971, 703121383, 587013336, 572429454,
37728898, 143682359, 206045437, 557167425, 770459696, 477771773, 321346425, 290390778, 100874902, 758540246, 746805823, 459566327, 607673901, 158286491, 527010720, 579461268,
74963118, 420964844, 51316958, 250512679, 452729483, 35670488, 559935164, 734294507, 379228497, 172592106, 126508187, 757555710, 853874620, 808517874, 106015915, 375691866,
423413164, 423111661, 60250078, 645353691, 853830811, 288310932, 1489804, 127886925, 191505834, 459549138, 542519706, 369115379, 116842790, 784888677, 269818678, 712117130,
748410048, 139982101, 169805525, 32264681, 532400632, 397389041, 181262233, 703428567, 604760852, 44143128, 69914527, 86615396, 314810965, 68145528, 650868687, 717671367,
594246701, 641155397, 207406129, 180083553, 414651973, 132523243, 211350471, 397371331, 170688638, 732763563, 132155217, 394688247, 571356350, 93856418, 708831649, 841908230,
};
#endif

248
src/sig/qtesla/external/gauss.c vendored Normal file
View File

@ -0,0 +1,248 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: portable, constant-time Gaussian sampler
**************************************************************************************/
#include <string.h>
#include "api.h"
#include <oqs/sha3.h>
#include "gauss.h"
#define CDT_simple // Select simple CDT-based sampler
#if defined(CDT_Batcher) // Using CDT sampler based on Batcher's algorithm
#if (RADIX == 32)
#include "CDT32.h"
#elif (RADIX == 64)
#include "CDT64.h"
#endif
#define DFIELD ((sdigit_t)(~(digit_t) 0 >> 1))
#define PRODIFF(diff, a_u, a_v, k) \
{ \
diff = (diff + (a_v[k] & DFIELD) - (a_u[k] & DFIELD)) >> (RADIX - 1); \
}
#define PROSWAP(swap, diff, a_u, a_v, k) \
{ \
swap = (a_u[k] ^ a_v[k]) & diff; \
a_u[k] ^= swap; \
a_v[k] ^= swap; \
}
#define PROSWAPG(swap, diff, g_u, g_v) \
{ \
swap = (g_u ^ g_v) & (int32_t) diff; \
g_u ^= swap; \
g_v ^= swap; \
}
#define MINMAX0(swap, diff, a_u, a_v) \
{ \
PRODIFF(diff, a_u, a_v, 0); \
PROSWAP(swap, diff, a_u, a_v, 0); \
}
#if CDT_COLS > 1
#define MINMAX1(swap, diff, a_u, a_v) \
{ \
PRODIFF(diff, a_u, a_v, 1); \
MINMAX0(swap, diff, a_u, a_v); \
PROSWAP(swap, diff, a_u, a_v, 1); \
}
#else
#define MINMAX1(swap, diff, a_u, a_v) MINMAX0(swap, diff, a_u, a_v)
#endif
#if CDT_COLS > 2
#define MINMAX2(swap, diff, a_u, a_v) \
{ \
PRODIFF(diff, a_u, a_v, 2); \
MINMAX1(swap, diff, a_u, a_v); \
PROSWAP(swap, diff, a_u, a_v, 2); \
}
#else
#define MINMAX2(swap, diff, a_u, a_v) MINMAX1(swap, diff, a_u, a_v)
#endif
#if CDT_COLS > 3
#define MINMAX3(swap, diff, a_u, a_v) \
{ \
PRODIFF(diff, a_u, a_v, 3); \
MINMAX2(swap, diff, a_u, a_v); \
PROSWAP(swap, diff, a_u, a_v, 3); \
}
#else
#define MINMAX3(swap, diff, a_u, a_v) MINMAX2(swap, diff, a_u, a_v)
#endif
#if CDT_COLS > 4
#define MINMAX4(swap, diff, a_u, a_v) \
{ \
PRODIFF(diff, a_u, a_v, 4); \
MINMAX3(swap, diff, a_u, a_v); \
PROSWAP(swap, diff, a_u, a_v, 4); \
}
#else
#define MINMAX4(swap, diff, a_u, a_v) MINMAX3(swap, diff, a_u, a_v)
#endif
#if CDT_COLS <= 5
// TODO: improve MINIMAX performance:
#define MINIMAX(a_u, a_v, g_u, g_v) \
{ \
sdigit_t diff = 0, swapa; \
int32_t swapg; \
MINMAX4(swapa, diff, a_u, a_v); \
PROSWAPG(swapg, diff, g_u, g_v); \
}
#else
#error "Unsupported precision"
#endif
/**
* Sort the key-ord array using Knuth's iterative merge-exchange sorting.
*
* @param a the sampling key array to sort in-place.
* @param g the accompanying sampling order array to sort together.
* @param n the array size.
*/
static void knuthMergeExchangeKG(sdigit_t a[/*n*CDT_COLS*/], int32_t g[/*n*/], size_t n) {
size_t t = 1;
while (t < n - t) {
t += t;
}
for (size_t p = t; p > 0; p >>= 1) {
sdigit_t *ap = a + p * CDT_COLS;
sdigit_t *a_i = a, *ap_i = ap;
int32_t *gp = g + p;
for (size_t i = 0; i < n - p; i++, a_i += CDT_COLS, ap_i += CDT_COLS) {
if (!(i & p)) {
MINIMAX(a_i, ap_i, g[i], gp[i]);
}
}
for (size_t q = t; q > p; q >>= 1) {
sdigit_t *ap_i = ap, *aq_i = a + q * CDT_COLS;
int32_t *gq = g + q;
for (size_t i = 0; i < n - q; i++, ap_i += CDT_COLS, aq_i += CDT_COLS) {
if (!(i & p)) {
MINIMAX(ap_i, aq_i, gp[i], gq[i]);
}
}
}
}
}
#define MINMAXG(a_u, a_v) \
{ \
int32_t diff = ((a_v & 0x7FFFFFFFL) - (a_u & 0x7FFFFFFFL)) >> (RADIX32 - 1); \
int32_t swap = (a_u ^ a_v) & diff; \
a_u ^= swap; \
a_v ^= swap; \
}
/*
* Sort the sampling order array using Knuth's iterative merge-exchange sorting.
*
* @param a the sampling order array to sort in-place.
* @param n the array size.
*/
static void knuthMergeExchangeG(int32_t a[/*n*/], size_t n) {
size_t t = 1;
while (t < n - t) {
t += t;
}
for (size_t p = t; p > 0; p >>= 1) {
int32_t *ap = a + p;
for (size_t i = 0; i < n - p; i++) {
if (!(i & p)) {
MINMAXG(a[i], ap[i]);
}
}
for (size_t q = t; q > p; q >>= 1) {
int32_t *aq = a + q;
for (size_t i = 0; i < n - q; i++) {
if (!(i & p)) {
MINMAXG(ap[i], aq[i]);
}
}
}
}
}
static void kmxGauss(int64_t z[/*CHUNK_SIZE*/], const unsigned char *seed, int nonce) { // Generate CHUNK_SIZE samples from the normal distribution in constant-time
sdigit_t sampk[(CHUNK_SIZE + CDT_ROWS) * CDT_COLS];
int32_t sampg[CHUNK_SIZE + CDT_ROWS];
// Fill each entry's sorting key with uniformly random data, and append the CDT values
cSHAKE((uint8_t *) sampk, CHUNK_SIZE * CDT_COLS * sizeof(sdigit_t), (int16_t) nonce, seed, CRYPTO_RANDOMBYTES);
memcpy(sampk + CHUNK_SIZE * CDT_COLS, cdt_v, CDT_ROWS * CDT_COLS * sizeof(sdigit_t));
// Keep track each entry's sampling order
for (int32_t i = 0; i < CHUNK_SIZE; i++)
sampg[i] = i << 16;
// Append the CDT Gaussian indices (prefixed with a sentinel)
for (int32_t i = 0; i < CDT_ROWS; i++)
sampg[CHUNK_SIZE + i] = 0xFFFF0000L ^ i;
// Constant-time sorting according to the uniformly random sorting key
knuthMergeExchangeKG(sampk, sampg, CHUNK_SIZE + CDT_ROWS);
// Set each entry's Gaussian index
int32_t prev_inx = 0;
for (int i = 0; i < CHUNK_SIZE + CDT_ROWS; i++) {
int32_t curr_inx = sampg[i] & 0xFFFFL;
// prev_inx < curr_inx => prev_inx - curr_inx < 0 => (prev_inx - curr_inx) >> 31 = 0xF...F else 0x0...0
prev_inx ^= (curr_inx ^ prev_inx) & ((prev_inx - curr_inx) >> (RADIX32 - 1));
int32_t neg = (int32_t)(sampk[i * CDT_COLS] >> (RADIX - 1)); // Only the (so far unused) msb of the leading word
sampg[i] |= ((neg & -prev_inx) ^ (~neg & prev_inx)) & 0xFFFFL;
}
// Sort all index entries according to their sampling order as sorting key
knuthMergeExchangeG(sampg, CHUNK_SIZE + CDT_ROWS);
// Discard the trailing entries (corresponding to the CDT) and sample the signs
for (int i = 0; i < CHUNK_SIZE; i++) {
z[i] = (int64_t)((sampg[i] << (RADIX32 - 16)) >> (RADIX32 - 16));
}
}
static void sample_gauss_poly(poly z, const unsigned char *seed, int nonce) { // Gaussian sampler
int dmsp = nonce << 8;
for (int chunk = 0; chunk < PARAM_N; chunk += CHUNK_SIZE) {
kmxGauss(z + chunk, seed, dmsp++);
}
}
#elif defined(CDT_simple) // Using simple CDT-based sampler
#include "CDT32.h"
static void sample_gauss_poly(poly z, const unsigned char *seed, int nonce) {
int dmsp = nonce << 8;
int32_t samp[CHUNK_SIZE * CDT_COLS], c[CDT_COLS], borrow, sign;
const int32_t mask = (int32_t)((uint32_t)(-1) >> 1);
for (int chunk = 0; chunk < PARAM_N; chunk += CHUNK_SIZE) {
cSHAKE((uint8_t *) samp, CHUNK_SIZE * CDT_COLS * sizeof(int32_t), (int16_t) dmsp++, seed, CRYPTO_RANDOMBYTES);
for (int i = 0; i < CHUNK_SIZE; i++) {
z[chunk + i] = 0;
for (int j = 1; j < CDT_ROWS; j++) {
borrow = 0;
for (int k = CDT_COLS - 1; k >= 0; k--) {
c[k] = (samp[i * CDT_COLS + k] & mask) - (cdt_v[j * CDT_COLS + k] + borrow);
borrow = c[k] >> (RADIX32 - 1);
}
z[chunk + i] += ~borrow & 1;
}
sign = samp[i * CDT_COLS] >> (RADIX32 - 1);
z[chunk + i] = (sign & -z[chunk + i]) | (~sign & z[chunk + i]);
}
}
}
#endif

13
src/sig/qtesla/external/gauss.h vendored Normal file
View File

@ -0,0 +1,13 @@
#ifndef __GAUSS_H
#define __GAUSS_H
#include <stdint.h>
#include "params.h"
#include "config.h"
#include "poly.h"
#define CHUNK_SIZE 512 // Fix chunk size for sampling
static void sample_gauss_poly(poly z, const unsigned char *seed, int nonce);
#endif

263
src/sig/qtesla/external/pack.c vendored Normal file
View File

@ -0,0 +1,263 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: packing functions
**************************************************************************************/
#include <string.h>
#include "api.h"
#include "params.h"
#include "poly.h"
static void pack_sk(unsigned char *sk, poly s, poly_k e, unsigned char *seeds) { // Pack secret key sk
unsigned int i, k;
for (i = 0; i < PARAM_N; i++)
sk[i] = (unsigned char) s[i];
sk += PARAM_N;
for (k = 0; k < PARAM_K; k++)
for (i = 0; i < PARAM_N; i++)
sk[k * PARAM_N + i] = (unsigned char) e[k * PARAM_N + i];
memcpy(&sk[PARAM_K * PARAM_N], seeds, 2 * CRYPTO_SEEDBYTES);
}
#if defined(_qTESLA_p_I_)
static void encode_pk(unsigned char *pk, const poly_k t, const unsigned char *seedA) { // Encode public key pk
unsigned int i, j = 0;
uint32_t *pt = (uint32_t *) pk;
for (i = 0; i < (PARAM_N * PARAM_K * PARAM_Q_LOG / 32); i += PARAM_Q_LOG) {
pt[i] = (uint32_t)(t[j] | (t[j + 1] << 29));
pt[i + 1] = (uint32_t)((t[j + 1] >> 3) | (t[j + 2] << 26));
pt[i + 2] = (uint32_t)((t[j + 2] >> 6) | (t[j + 3] << 23));
pt[i + 3] = (uint32_t)((t[j + 3] >> 9) | (t[j + 4] << 20));
pt[i + 4] = (uint32_t)((t[j + 4] >> 12) | (t[j + 5] << 17));
pt[i + 5] = (uint32_t)((t[j + 5] >> 15) | (t[j + 6] << 14));
pt[i + 6] = (uint32_t)((t[j + 6] >> 18) | (t[j + 7] << 11));
pt[i + 7] = (uint32_t)((t[j + 7] >> 21) | (t[j + 8] << 8));
pt[i + 8] = (uint32_t)((t[j + 8] >> 24) | (t[j + 9] << 5));
pt[i + 9] = (uint32_t)((t[j + 9] >> 27) | (t[j + 10] << 2) | (t[j + 11] << 31));
pt[i + 10] = (uint32_t)((t[j + 11] >> 1) | (t[j + 12] << 28));
pt[i + 11] = (uint32_t)((t[j + 12] >> 4) | (t[j + 13] << 25));
pt[i + 12] = (uint32_t)((t[j + 13] >> 7) | (t[j + 14] << 22));
pt[i + 13] = (uint32_t)((t[j + 14] >> 10) | (t[j + 15] << 19));
pt[i + 14] = (uint32_t)((t[j + 15] >> 13) | (t[j + 16] << 16));
pt[i + 15] = (uint32_t)((t[j + 16] >> 16) | (t[j + 17] << 13));
pt[i + 16] = (uint32_t)((t[j + 17] >> 19) | (t[j + 18] << 10));
pt[i + 17] = (uint32_t)((t[j + 18] >> 22) | (t[j + 19] << 7));
pt[i + 18] = (uint32_t)((t[j + 19] >> 25) | (t[j + 20] << 4));
pt[i + 19] = (uint32_t)((t[j + 20] >> 28) | (t[j + 21] << 1) | (t[j + 22] << 30));
pt[i + 20] = (uint32_t)((t[j + 22] >> 2) | (t[j + 23] << 27));
pt[i + 21] = (uint32_t)((t[j + 23] >> 5) | (t[j + 24] << 24));
pt[i + 22] = (uint32_t)((t[j + 24] >> 8) | (t[j + 25] << 21));
pt[i + 23] = (uint32_t)((t[j + 25] >> 11) | (t[j + 26] << 18));
pt[i + 24] = (uint32_t)((t[j + 26] >> 14) | (t[j + 27] << 15));
pt[i + 25] = (uint32_t)((t[j + 27] >> 17) | (t[j + 28] << 12));
pt[i + 26] = (uint32_t)((t[j + 28] >> 20) | (t[j + 29] << 9));
pt[i + 27] = (uint32_t)((t[j + 29] >> 23) | (t[j + 30] << 6));
pt[i + 28] = (uint32_t)((t[j + 30] >> 26) | (t[j + 31] << 3));
j += 32;
}
memcpy(&pk[PARAM_N * PARAM_K * PARAM_Q_LOG / 8], seedA, CRYPTO_SEEDBYTES);
}
static void decode_pk(int32_t *pk, unsigned char *seedA, const unsigned char *pk_in) { // Decode public key pk
unsigned int i, j = 0;
uint32_t *pt = (uint32_t *) pk_in, *pp = (uint32_t *) pk, mask29 = (1 << PARAM_Q_LOG) - 1;
for (i = 0; i < PARAM_N * PARAM_K; i += 32) {
pp[i] = pt[j] & mask29;
pp[i + 1] = ((pt[j + 0] >> 29) | (pt[j + 1] << 3)) & mask29;
pp[i + 2] = ((pt[j + 1] >> 26) | (pt[j + 2] << 6)) & mask29;
pp[i + 3] = ((pt[j + 2] >> 23) | (pt[j + 3] << 9)) & mask29;
pp[i + 4] = ((pt[j + 3] >> 20) | (pt[j + 4] << 12)) & mask29;
pp[i + 5] = ((pt[j + 4] >> 17) | (pt[j + 5] << 15)) & mask29;
pp[i + 6] = ((pt[j + 5] >> 14) | (pt[j + 6] << 18)) & mask29;
pp[i + 7] = ((pt[j + 6] >> 11) | (pt[j + 7] << 21)) & mask29;
pp[i + 8] = ((pt[j + 7] >> 8) | (pt[j + 8] << 24)) & mask29;
pp[i + 9] = ((pt[j + 8] >> 5) | (pt[j + 9] << 27)) & mask29;
pp[i + 10] = (pt[j + 9] >> 2) & mask29;
pp[i + 11] = ((pt[j + 9] >> 31) | (pt[j + 10] << 1)) & mask29;
pp[i + 12] = ((pt[j + 10] >> 28) | (pt[j + 11] << 4)) & mask29;
pp[i + 13] = ((pt[j + 11] >> 25) | (pt[j + 12] << 7)) & mask29;
pp[i + 14] = ((pt[j + 12] >> 22) | (pt[j + 13] << 10)) & mask29;
pp[i + 15] = ((pt[j + 13] >> 19) | (pt[j + 14] << 13)) & mask29;
pp[i + 16] = ((pt[j + 14] >> 16) | (pt[j + 15] << 16)) & mask29;
pp[i + 17] = ((pt[j + 15] >> 13) | (pt[j + 16] << 19)) & mask29;
pp[i + 18] = ((pt[j + 16] >> 10) | (pt[j + 17] << 22)) & mask29;
pp[i + 19] = ((pt[j + 17] >> 7) | (pt[j + 18] << 25)) & mask29;
pp[i + 20] = ((pt[j + 18] >> 4) | (pt[j + 19] << 28)) & mask29;
pp[i + 21] = (pt[j + 19] >> 1) & mask29;
pp[i + 22] = ((pt[j + 19] >> 30) | (pt[j + 20] << 2)) & mask29;
pp[i + 23] = ((pt[j + 20] >> 27) | (pt[j + 21] << 5)) & mask29;
pp[i + 24] = ((pt[j + 21] >> 24) | (pt[j + 22] << 8)) & mask29;
pp[i + 25] = ((pt[j + 22] >> 21) | (pt[j + 23] << 11)) & mask29;
pp[i + 26] = ((pt[j + 23] >> 18) | (pt[j + 24] << 14)) & mask29;
pp[i + 27] = ((pt[j + 24] >> 15) | (pt[j + 25] << 17)) & mask29;
pp[i + 28] = ((pt[j + 25] >> 12) | (pt[j + 26] << 20)) & mask29;
pp[i + 29] = ((pt[j + 26] >> 9) | (pt[j + 27] << 23)) & mask29;
pp[i + 30] = ((pt[j + 27] >> 6) | (pt[j + 28] << 26)) & mask29;
pp[i + 31] = pt[j + 28] >> 3;
j += 29;
}
memcpy(seedA, &pk_in[PARAM_N * PARAM_K * PARAM_Q_LOG / 8], CRYPTO_SEEDBYTES);
}
#define maskb1 ((1 << (PARAM_B_BITS + 1)) - 1)
static void encode_sig(unsigned char *sm, unsigned char *c, poly z) { // Encode signature sm
unsigned int i, j = 0;
uint64_t *t = (uint64_t *) z;
uint32_t *pt = (uint32_t *) sm;
for (i = 0; i < (PARAM_N * (PARAM_B_BITS + 1) / 32); i += 10) {
pt[i] = (uint32_t)((t[j] & ((1 << 20) - 1)) | (t[j + 1] << 20));
pt[i + 1] = (uint32_t)(((t[j + 1] >> 12) & ((1 << 8) - 1)) | ((t[j + 2] & maskb1) << 8) | (t[j + 3] << 28));
pt[i + 2] = (uint32_t)(((t[j + 3] >> 4) & ((1 << 16) - 1)) | (t[j + 4] << 16));
pt[i + 3] = (uint32_t)(((t[j + 4] >> 16) & ((1 << 4) - 1)) | ((t[j + 5] & maskb1) << 4) | (t[j + 6] << 24));
pt[i + 4] = (uint32_t)(((t[j + 6] >> 8) & ((1 << 12) - 1)) | (t[j + 7] << 12));
pt[i + 5] = (uint32_t)((t[j + 8] & ((1 << 20) - 1)) | (t[j + 9] << 20));
pt[i + 6] = (uint32_t)(((t[j + 9] >> 12) & ((1 << 8) - 1)) | ((t[j + 10] & maskb1) << 8) | (t[j + 11] << 28));
pt[i + 7] = (uint32_t)(((t[j + 11] >> 4) & ((1 << 16) - 1)) | (t[j + 12] << 16));
pt[i + 8] = (uint32_t)(((t[j + 12] >> 16) & ((1 << 4) - 1)) | ((t[j + 13] & maskb1) << 4) | (t[j + 14] << 24));
pt[i + 9] = (uint32_t)(((t[j + 14] >> 8) & ((1 << 12) - 1)) | (t[j + 15] << 12));
j += 16;
}
memcpy(&sm[PARAM_N * (PARAM_B_BITS + 1) / 8], c, CRYPTO_C_BYTES);
}
static void decode_sig(unsigned char *c, poly z, const unsigned char *sm) { // Decode signature sm
unsigned int i, j = 0;
uint32_t *pt = (uint32_t *) sm;
for (i = 0; i < PARAM_N; i += 16) {
z[i] = ((int32_t) pt[j + 0] << 12) >> 12;
z[i + 1] = (int32_t)(pt[j + 0] >> 20) | ((int32_t)(pt[j + 1] << 24) >> 12);
z[i + 2] = ((int32_t) pt[j + 1] << 4) >> 12;
z[i + 3] = (int32_t)(pt[j + 1] >> 28) | ((int32_t)(pt[j + 2] << 16) >> 12);
z[i + 4] = (int32_t)(pt[j + 2] >> 16) | ((int32_t)(pt[j + 3] << 28) >> 12);
z[i + 5] = ((int32_t) pt[j + 3] << 8) >> 12;
z[i + 6] = (int32_t)(pt[j + 3] >> 24) | ((int32_t)(pt[j + 4] << 20) >> 12);
z[i + 7] = (int32_t) pt[j + 4] >> 12;
z[i + 8] = ((int32_t) pt[j + 5] << 12) >> 12;
z[i + 9] = (int32_t)(pt[j + 5] >> 20) | ((int32_t)(pt[j + 6] << 24) >> 12);
z[i + 10] = ((int32_t) pt[j + 6] << 4) >> 12;
z[i + 11] = (int32_t)(pt[j + 6] >> 28) | ((int32_t)(pt[j + 7] << 16) >> 12);
z[i + 12] = (int32_t)(pt[j + 7] >> 16) | ((int32_t)(pt[j + 8] << 28) >> 12);
z[i + 13] = ((int32_t) pt[j + 8] << 8) >> 12;
z[i + 14] = (int32_t)(pt[j + 8] >> 24) | ((int32_t)(pt[j + 9] << 20) >> 12);
z[i + 15] = (int32_t) pt[j + 9] >> 12;
j += 10;
}
memcpy(c, &sm[PARAM_N * (PARAM_B_BITS + 1) / 8], CRYPTO_C_BYTES);
}
#elif defined(_qTESLA_p_III_)
static void encode_pk(unsigned char *pk, const poly_k t, const unsigned char *seedA) { // Encode public key pk
unsigned int i, j = 0;
uint32_t *pt = (uint32_t *) pk;
for (i = 0; i < (PARAM_N * PARAM_K * PARAM_Q_LOG / 32); i += 15) {
pt[i + 0] = (uint32_t)(t[j + 0] | (t[j + 1] << 30));
pt[i + 1] = (uint32_t)((t[j + 1] >> 2) | (t[j + 2] << 28));
pt[i + 2] = (uint32_t)((t[j + 2] >> 4) | (t[j + 3] << 26));
pt[i + 3] = (uint32_t)((t[j + 3] >> 6) | (t[j + 4] << 24));
pt[i + 4] = (uint32_t)((t[j + 4] >> 8) | (t[j + 5] << 22));
pt[i + 5] = (uint32_t)((t[j + 5] >> 10) | (t[j + 6] << 20));
pt[i + 6] = (uint32_t)((t[j + 6] >> 12) | (t[j + 7] << 18));
pt[i + 7] = (uint32_t)((t[j + 7] >> 14) | (t[j + 8] << 16));
pt[i + 8] = (uint32_t)((t[j + 8] >> 16) | (t[j + 9] << 14));
pt[i + 9] = (uint32_t)((t[j + 9] >> 18) | (t[j + 10] << 12));
pt[i + 10] = (uint32_t)((t[j + 10] >> 20) | (t[j + 11] << 10));
pt[i + 11] = (uint32_t)((t[j + 11] >> 22) | (t[j + 12] << 8));
pt[i + 12] = (uint32_t)((t[j + 12] >> 24) | (t[j + 13] << 6));
pt[i + 13] = (uint32_t)((t[j + 13] >> 26) | (t[j + 14] << 4));
pt[i + 14] = (uint32_t)((t[j + 14] >> 28) | (t[j + 15] << 2));
j += 16;
}
memcpy(&pk[PARAM_N * PARAM_K * PARAM_Q_LOG / 8], seedA, CRYPTO_SEEDBYTES);
}
#define maskq ((1 << PARAM_Q_LOG) - 1)
static void decode_pk(int32_t *pk, unsigned char *seedA, const unsigned char *pk_in) { // Decode public key pk
unsigned int i, j = 0;
uint32_t *pt = (uint32_t *) pk_in, *t = (uint32_t *) pk;
for (i = 0; i < PARAM_N * PARAM_K; i += 16) {
t[i + 0] = (pt[j + 0]) & maskq;
t[i + 1] = ((pt[j + 0] >> 30) | (pt[j + 1] << 2)) & maskq;
t[i + 2] = ((pt[j + 1] >> 28) | (pt[j + 2] << 4)) & maskq;
t[i + 3] = ((pt[j + 2] >> 26) | (pt[j + 3] << 6)) & maskq;
t[i + 4] = ((pt[j + 3] >> 24) | (pt[j + 4] << 8)) & maskq;
t[i + 5] = ((pt[j + 4] >> 22) | (pt[j + 5] << 10)) & maskq;
t[i + 6] = ((pt[j + 5] >> 20) | (pt[j + 6] << 12)) & maskq;
t[i + 7] = ((pt[j + 6] >> 18) | (pt[j + 7] << 14)) & maskq;
t[i + 8] = ((pt[j + 7] >> 16) | (pt[j + 8] << 16)) & maskq;
t[i + 9] = ((pt[j + 8] >> 14) | (pt[j + 9] << 18)) & maskq;
t[i + 10] = ((pt[j + 9] >> 12) | (pt[j + 10] << 20)) & maskq;
t[i + 11] = ((pt[j + 10] >> 10) | (pt[j + 11] << 22)) & maskq;
t[i + 12] = ((pt[j + 11] >> 8) | (pt[j + 12] << 24)) & maskq;
t[i + 13] = ((pt[j + 12] >> 6) | (pt[j + 13] << 26)) & maskq;
t[i + 14] = ((pt[j + 13] >> 4) | (pt[j + 14] << 28)) & maskq;
t[i + 15] = ((pt[j + 14] >> 2)) & maskq;
j += 15;
}
memcpy(seedA, &pk_in[PARAM_N * PARAM_K * PARAM_Q_LOG / 8], CRYPTO_SEEDBYTES);
}
#define maskb1 ((1 << (PARAM_B_BITS + 1)) - 1)
static void encode_sig(unsigned char *sm, unsigned char *c, poly z) { // Encode signature sm
unsigned int i, j = 0;
uint64_t *t = (uint64_t *) z;
uint32_t *pt = (uint32_t *) sm;
for (i = 0; i < (PARAM_N * (PARAM_B_BITS + 1) / 32); i += 11) {
pt[i + 0] = (uint32_t)((t[j + 0] & ((1 << 22) - 1)) | (t[j + 1] << 22));
pt[i + 1] = (uint32_t)(((t[j + 1] >> 10) & ((1 << 12) - 1)) | (t[j + 2] << 12));
pt[i + 2] = (uint32_t)(((t[j + 2] >> 20) & ((1 << 2) - 1)) | ((t[j + 3] & maskb1) << 2) | (t[j + 4] << 24));
pt[i + 3] = (uint32_t)(((t[j + 4] >> 8) & ((1 << 14) - 1)) | (t[j + 5] << 14));
pt[i + 4] = (uint32_t)(((t[j + 5] >> 18) & ((1 << 4) - 1)) | ((t[j + 6] & maskb1) << 4) | (t[j + 7] << 26));
pt[i + 5] = (uint32_t)(((t[j + 7] >> 6) & ((1 << 16) - 1)) | (t[j + 8] << 16));
pt[i + 6] = (uint32_t)(((t[j + 8] >> 16) & ((1 << 6) - 1)) | ((t[j + 9] & maskb1) << 6) | (t[j + 10] << 28));
pt[i + 7] = (uint32_t)(((t[j + 10] >> 4) & ((1 << 18) - 1)) | (t[j + 11] << 18));
pt[i + 8] = (uint32_t)(((t[j + 11] >> 14) & ((1 << 8) - 1)) | ((t[j + 12] & maskb1) << 8) | (t[j + 13] << 30));
pt[i + 9] = (uint32_t)(((t[j + 13] >> 2) & ((1 << 20) - 1)) | (t[j + 14] << 20));
pt[i + 10] = (uint32_t)(((t[j + 14] >> 12) & ((1 << 10) - 1)) | (t[j + 15] << 10));
j += 16;
}
memcpy(&sm[PARAM_N * (PARAM_B_BITS + 1) / 8], c, CRYPTO_C_BYTES);
}
static void decode_sig(unsigned char *c, poly z, const unsigned char *sm) { // Decode signature sm
unsigned int i, j = 0;
uint32_t *pt = (uint32_t *) sm;
for (i = 0; i < PARAM_N; i += 16) {
z[i + 0] = ((int32_t) pt[j + 0] << 10) >> 10;
z[i + 1] = (int32_t)(pt[j + 0] >> 22) | ((int32_t)(pt[j + 1] << 20) >> 10);
z[i + 2] = (int32_t)(pt[j + 1] >> 12) | ((int32_t)(pt[j + 2] << 30) >> 10);
z[i + 3] = ((int32_t) pt[j + 2] << 8) >> 10;
z[i + 4] = (int32_t)(pt[j + 2] >> 24) | ((int32_t)(pt[j + 3] << 18) >> 10);
z[i + 5] = (int32_t)(pt[j + 3] >> 14) | ((int32_t)(pt[j + 4] << 28) >> 10);
z[i + 6] = ((int32_t) pt[j + 4] << 6) >> 10;
z[i + 7] = (int32_t)(pt[j + 4] >> 26) | ((int32_t)(pt[j + 5] << 16) >> 10);
z[i + 8] = (int32_t)(pt[j + 5] >> 16) | ((int32_t)(pt[j + 6] << 26) >> 10);
z[i + 9] = ((int32_t) pt[j + 6] << 4) >> 10;
z[i + 10] = (int32_t)(pt[j + 6] >> 28) | ((int32_t)(pt[j + 7] << 14) >> 10);
z[i + 11] = (int32_t)(pt[j + 7] >> 18) | ((int32_t)(pt[j + 8] << 24) >> 10);
z[i + 12] = ((int32_t) pt[j + 8] << 2) >> 10;
z[i + 13] = (int32_t)(pt[j + 8] >> 30) | ((int32_t)(pt[j + 9] << 12) >> 10);
z[i + 14] = (int32_t)(pt[j + 9] >> 20) | ((int32_t)(pt[j + 10] << 22) >> 10);
z[i + 15] = (int32_t) pt[j + 10] >> 10;
j += 11;
}
memcpy(c, &sm[PARAM_N * (PARAM_B_BITS + 1) / 8], CRYPTO_C_BYTES);
}
#endif

14
src/sig/qtesla/external/pack.h vendored Normal file
View File

@ -0,0 +1,14 @@
#ifndef PACK_H
#define PACK_H
#include "poly.h"
#include <stdint.h>
static void hash_H(unsigned char *c_bin, poly v, const unsigned char *hm);
static void pack_sk(unsigned char *sk, poly s, poly_k e, unsigned char *seeds);
static void encode_pk(unsigned char *pk, const poly_k t, const unsigned char *seedA);
static void decode_pk(int32_t *pk, unsigned char *seedA, const unsigned char *pk_in);
static void encode_sig(unsigned char *sm, unsigned char *c, poly z);
static void decode_sig(unsigned char *c, poly z, const unsigned char *sm);
#endif

68
src/sig/qtesla/external/params.h vendored Normal file
View File

@ -0,0 +1,68 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: provably-secure qTESLA parameters
**************************************************************************************/
#ifndef PARAMS_H
#define PARAMS_H
#if defined(_qTESLA_p_I_)
#define PARAM_N 1024
#define PARAM_N_LOG 10
#define PARAM_SIGMA 8.5
#define PARAM_Q 343576577
#define PARAM_Q_LOG 29
#define PARAM_QINV 2205847551
#define PARAM_BARR_MULT 3
#define PARAM_BARR_DIV 30
#define PARAM_B 524287
#define PARAM_B_BITS 19
#define PARAM_S_BITS 8
#define PARAM_K 4
#define PARAM_SIGMA_E PARAM_SIGMA
#define PARAM_H 25
#define PARAM_D 22
#define PARAM_GEN_A 108
#define PARAM_KEYGEN_BOUND_E 554
#define PARAM_E PARAM_KEYGEN_BOUND_E
#define PARAM_KEYGEN_BOUND_S 554
#define PARAM_S PARAM_KEYGEN_BOUND_S
#define PARAM_R2_INVN 13632409
#define PARAM_R 172048372
#define SHAKE OQS_SHA3_shake128
#define cSHAKE OQS_SHA3_cshake128_simple
#define SHAKE_RATE OQS_SHA3_SHAKE128_RATE
#elif defined(_qTESLA_p_III_)
#define PARAM_N 2048
#define PARAM_N_LOG 11
#define PARAM_SIGMA 8.5
#define PARAM_Q 856145921
#define PARAM_Q_LOG 30
#define PARAM_QINV 587710463
#define PARAM_BARR_MULT 5
#define PARAM_BARR_DIV 32
#define PARAM_B 2097151
#define PARAM_B_BITS 21
#define PARAM_S_BITS 8
#define PARAM_K 5
#define PARAM_SIGMA_E PARAM_SIGMA
#define PARAM_H 40
#define PARAM_D 24
#define PARAM_GEN_A 180
#define PARAM_KEYGEN_BOUND_E 901
#define PARAM_E PARAM_KEYGEN_BOUND_E
#define PARAM_KEYGEN_BOUND_S 901
#define PARAM_S PARAM_KEYGEN_BOUND_S
#define PARAM_R2_INVN 513161157
#define PARAM_R 14237691
#define SHAKE OQS_SHA3_shake256
#define cSHAKE OQS_SHA3_cshake256_simple
#define SHAKE_RATE OQS_SHA3_SHAKE256_RATE
#endif
#endif

213
src/sig/qtesla/external/poly.c vendored Normal file
View File

@ -0,0 +1,213 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: NTT, modular reduction and polynomial functions
**************************************************************************************/
#include "poly.h"
#include <oqs/sha3.h>
#include "api.h"
// OQS note: commented out because files are included in the same file
//extern poly zeta;
//extern poly zetainv;
static void poly_uniform(poly_k a, const unsigned char *seed) { // Generation of polynomials "a_i"
unsigned int pos = 0, i = 0, nbytes = (PARAM_Q_LOG + 7) / 8;
unsigned int nblocks = PARAM_GEN_A;
uint32_t val1, val2, val3, val4, mask = (uint32_t)(1 << PARAM_Q_LOG) - 1;
unsigned char buf[OQS_SHA3_SHAKE128_RATE * PARAM_GEN_A];
uint16_t dmsp = 0;
OQS_SHA3_cshake128_simple(buf, OQS_SHA3_SHAKE128_RATE * PARAM_GEN_A, dmsp++, seed, CRYPTO_RANDOMBYTES);
while (i < PARAM_K * PARAM_N) {
if (pos > OQS_SHA3_SHAKE128_RATE * nblocks - 4 * nbytes) {
nblocks = 1;
OQS_SHA3_cshake128_simple(buf, OQS_SHA3_SHAKE128_RATE * nblocks, dmsp++, seed, CRYPTO_RANDOMBYTES);
pos = 0;
}
val1 = (*(uint32_t *) (buf + pos)) & mask;
pos += nbytes;
val2 = (*(uint32_t *) (buf + pos)) & mask;
pos += nbytes;
val3 = (*(uint32_t *) (buf + pos)) & mask;
pos += nbytes;
val4 = (*(uint32_t *) (buf + pos)) & mask;
pos += nbytes;
if (val1 < PARAM_Q && i < PARAM_K * PARAM_N)
a[i++] = reduce((int64_t) val1 * PARAM_R2_INVN);
if (val2 < PARAM_Q && i < PARAM_K * PARAM_N)
a[i++] = reduce((int64_t) val2 * PARAM_R2_INVN);
if (val3 < PARAM_Q && i < PARAM_K * PARAM_N)
a[i++] = reduce((int64_t) val3 * PARAM_R2_INVN);
if (val4 < PARAM_Q && i < PARAM_K * PARAM_N)
a[i++] = reduce((int64_t) val4 * PARAM_R2_INVN);
}
}
static int64_t reduce(int64_t a) { // Montgomery reduction
int64_t u;
u = (a * PARAM_QINV) & 0xFFFFFFFF;
u *= PARAM_Q;
a += u;
return a >> 32;
}
static int64_t barr_reduce(int64_t a) { // Barrett reduction
int64_t u = (a * PARAM_BARR_MULT) >> PARAM_BARR_DIV;
return a - u * PARAM_Q;
}
static void ntt(poly a, const poly w) { // Forward NTT transform
int NumoProblems = PARAM_N >> 1, jTwiddle = 0;
for (; NumoProblems > 0; NumoProblems >>= 1) {
int jFirst, j = 0;
for (jFirst = 0; jFirst < PARAM_N; jFirst = j + NumoProblems) {
sdigit_t W = (sdigit_t) w[jTwiddle++];
for (j = jFirst; j < jFirst + NumoProblems; j++) {
#if defined(_qTESLA_p_I_)
int64_t temp = reduce((int64_t) W * a[j + NumoProblems]);
a[j + NumoProblems] = a[j] + (PARAM_Q - temp);
a[j] = temp + a[j];
#else
int64_t temp = barr_reduce(reduce((int64_t) W * a[j + NumoProblems]));
a[j + NumoProblems] = barr_reduce(a[j] + (2LL * PARAM_Q - temp));
a[j] = barr_reduce(temp + a[j]);
#endif
}
}
}
}
static void nttinv(poly a, const poly w) { // Inverse NTT transform
int NumoProblems = 1, jTwiddle = 0;
for (NumoProblems = 1; NumoProblems < PARAM_N; NumoProblems *= 2) {
int jFirst, j = 0;
for (jFirst = 0; jFirst < PARAM_N; jFirst = j + NumoProblems) {
sdigit_t W = (sdigit_t) w[jTwiddle++];
for (j = jFirst; j < jFirst + NumoProblems; j++) {
int64_t temp = a[j];
#if defined(_qTESLA_p_I_)
a[j] = (temp + a[j + NumoProblems]);
a[j + NumoProblems] = reduce((int64_t) W * (temp + (2 * PARAM_Q - a[j + NumoProblems])));
}
}
NumoProblems *= 2;
for (jFirst = 0; jFirst < PARAM_N; jFirst = j + NumoProblems) {
sdigit_t W = (sdigit_t) w[jTwiddle++];
for (j = jFirst; j < jFirst + NumoProblems; j++) {
int64_t temp = a[j];
a[j] = barr_reduce(temp + a[j + NumoProblems]);
a[j + NumoProblems] = reduce((int64_t) W * (temp + (2 * PARAM_Q - a[j + NumoProblems])));
#else
a[j] = barr_reduce((temp + a[j + NumoProblems]));
a[j + NumoProblems] = barr_reduce(reduce((int64_t) W * (temp + (2LL * PARAM_Q - a[j + NumoProblems]))));
#endif
}
}
}
}
static void poly_pointwise(poly result, const poly x, const poly y) { // Pointwise polynomial multiplication result = x.y
for (int i = 0; i < PARAM_N; i++)
result[i] = reduce(x[i] * y[i]);
}
static void poly_ntt(poly x_ntt, const poly x) { // Call to NTT function. Avoids input destruction
for (int i = 0; i < PARAM_N; i++)
x_ntt[i] = x[i];
ntt(x_ntt, zeta);
}
static void poly_mul(poly result, const poly x, const poly y) { // Polynomial multiplication result = x*y, with in place reduction for (X^N+1)
// The inputs x and y are assumed to be in NTT form
poly_pointwise(result, x, y);
nttinv(result, zetainv);
}
static void poly_add(poly result, const poly x, const poly y) { // Polynomial addition result = x+y
for (int i = 0; i < PARAM_N; i++)
result[i] = x[i] + y[i];
}
static void poly_add_correct(poly result, const poly x, const poly y) { // Polynomial addition result = x+y with correction
for (int i = 0; i < PARAM_N; i++) {
result[i] = x[i] + y[i];
result[i] += (result[i] >> (RADIX32 - 1)) & PARAM_Q; // If result[i] < 0 then add q
result[i] -= PARAM_Q;
result[i] += (result[i] >> (RADIX32 - 1)) & PARAM_Q; // If result[i] >= q then subtract q
}
}
static void poly_sub(poly result, const poly x, const poly y) { // Polynomial subtraction result = x-y
for (int i = 0; i < PARAM_N; i++)
result[i] = barr_reduce(x[i] - y[i]);
}
/********************************************************************************************
* Name: sparse_mul8
* Description: performs sparse polynomial multiplication
* Parameters: inputs:
* - const unsigned char* s: part of the secret key
* - const uint32_t pos_list[PARAM_H]: list of indices of nonzero elements in c
* - const int16_t sign_list[PARAM_H]: list of signs of nonzero elements in c
* outputs:
* - poly prod: product of 2 polynomials
*
* Note: pos_list[] and sign_list[] contain public information since c is public
*********************************************************************************************/
static void sparse_mul8(poly prod, const unsigned char *s, const uint32_t pos_list[PARAM_H], const int16_t sign_list[PARAM_H]) {
int i, j, pos;
int8_t *t = (int8_t *) s;
for (i = 0; i < PARAM_N; i++)
prod[i] = 0;
for (i = 0; i < PARAM_H; i++) {
pos = pos_list[i];
for (j = 0; j < pos; j++) {
prod[j] = prod[j] - sign_list[i] * t[j + PARAM_N - pos];
}
for (j = pos; j < PARAM_N; j++) {
prod[j] = prod[j] + sign_list[i] * t[j - pos];
}
}
}
/********************************************************************************************
* Name: sparse_mul32
* Description: performs sparse polynomial multiplication
* Parameters: inputs:
* - const int32_t* pk: part of the public key
* - const uint32_t pos_list[PARAM_H]: list of indices of nonzero elements in c
* - const int16_t sign_list[PARAM_H]: list of signs of nonzero elements in c
* outputs:
* - poly prod: product of 2 polynomials
*********************************************************************************************/
static void sparse_mul32(poly prod, const int32_t *pk, const uint32_t pos_list[PARAM_H], const int16_t sign_list[PARAM_H]) {
int i, j, pos;
for (i = 0; i < PARAM_N; i++)
prod[i] = 0;
for (i = 0; i < PARAM_H; i++) {
pos = pos_list[i];
for (j = 0; j < pos; j++) {
prod[j] = prod[j] - sign_list[i] * pk[j + PARAM_N - pos];
}
for (j = pos; j < PARAM_N; j++) {
prod[j] = prod[j] + sign_list[i] * pk[j - pos];
}
}
for (i = 0; i < PARAM_N; i++)
prod[i] = barr_reduce(prod[i]);
}

24
src/sig/qtesla/external/poly.h vendored Normal file
View File

@ -0,0 +1,24 @@
#ifndef POLY_H
#define POLY_H
#include "params.h"
#include "config.h"
#include <stdint.h>
typedef int64_t poly[PARAM_N];
typedef int64_t poly_k[PARAM_N * PARAM_K];
static int64_t reduce(int64_t a);
static int64_t barr_reduce(int64_t a);
static void ntt(poly a, const poly w);
static void nttinv(poly a, const poly w);
static void poly_ntt(poly x_ntt, const poly x);
static void poly_mul(poly result, const poly x, const poly y);
static void poly_add(poly result, const poly x, const poly y);
static void poly_add_correct(poly result, const poly x, const poly y);
static void poly_sub(poly result, const poly x, const poly y);
static void sparse_mul8(poly prod, const unsigned char *s, const uint32_t pos_list[PARAM_H], const int16_t sign_list[PARAM_H]);
static void sparse_mul32(poly prod, const int32_t *pk, const uint32_t pos_list[PARAM_H], const int16_t sign_list[PARAM_H]);
static void poly_uniform(poly_k a, const unsigned char *seed);
#endif

1852
src/sig/qtesla/external/qTESLA_I.c vendored
View File

File diff suppressed because it is too large Load Diff

13
src/sig/qtesla/external/qTESLA_I.h vendored
View File

@ -1,13 +0,0 @@
OQS_API OQS_STATUS OQS_SIG_qTESLA_I_keypair(
unsigned char *,
unsigned char *);
OQS_API OQS_STATUS OQS_SIG_qTESLA_I_sign(
unsigned char *, unsigned long long *,
const unsigned char *, unsigned long long,
const unsigned char *);
OQS_API OQS_STATUS OQS_SIG_qTESLA_I_verify(
unsigned char *, unsigned long long,
const unsigned char *, unsigned long long,
const unsigned char *);

2891
src/sig/qtesla/external/qTESLA_III_size.c vendored
View File

File diff suppressed because it is too large Load Diff

13
src/sig/qtesla/external/qTESLA_III_size.h vendored
View File

@ -1,13 +0,0 @@
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_size_keypair(
unsigned char *,
unsigned char *);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_size_sign(
unsigned char *, unsigned long long *,
const unsigned char *, unsigned long long,
const unsigned char *);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_size_verify(
unsigned char *, unsigned long long,
const unsigned char *, unsigned long long,
const unsigned char *);

2817
src/sig/qtesla/external/qTESLA_III_speed.c vendored
View File

File diff suppressed because it is too large Load Diff

13
src/sig/qtesla/external/qTESLA_III_speed.h vendored
View File

@ -1,13 +0,0 @@
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_speed_keypair(
unsigned char *,
unsigned char *);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_speed_sign(
unsigned char *, unsigned long long *,
const unsigned char *, unsigned long long,
const unsigned char *);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_speed_verify(
unsigned char *, unsigned long long,
const unsigned char *, unsigned long long,
const unsigned char *);

168
src/sig/qtesla/external/qTESLA_api.c vendored
View File

@ -1,168 +0,0 @@
/* FILE TO BE INCLUDED IN qTESLA_*.c, original code from sign.c */
/*********************************************************
* Name: crypto_sign_keypair
* Description: generates a public and private key pair
* Parameters: inputs: none
* outputs:
* - unsigned char *pk: public key
* - unsigned char *sk: secret key
* Returns: 0 for successful execution
**********************************************************/
static OQS_STATUS crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
unsigned char randomness[CRYPTO_RANDOMBYTES], randomness_extended[4 * CRYPTO_SEEDBYTES];
poly s, e, a, t;
int nonce = 0; // Initialize domain separator for error and secret polynomials
#ifdef DEBUG
ctr_keygen = 0;
#endif
// Get randomness_extended <- seed_e, seed_s, seed_a, seed_y
OQS_randombytes(randomness, CRYPTO_RANDOMBYTES);
if (strcmp(CRYPTO_ALGNAME, "qTesla-I") == 0) {
OQS_SHA3_shake128(randomness_extended, 4 * CRYPTO_SEEDBYTES, randomness, CRYPTO_RANDOMBYTES);
} else /* III-size, III-speed */ {
OQS_SHA3_shake256(randomness_extended, 4 * CRYPTO_SEEDBYTES, randomness, CRYPTO_RANDOMBYTES);
}
do { // Sample the error polynomial
#ifdef DEBUG
ctr_keygen++;
#endif
sample_gauss_poly(e, randomness_extended, ++nonce);
} while (check_ES(e, (int) PARAM_KEYGEN_BOUND_E) != 0);
do { // Sample the secret polynomial
#ifdef DEBUG
ctr_keygen++;
#endif
sample_gauss_poly(s, &randomness_extended[CRYPTO_SEEDBYTES], ++nonce);
} while (check_ES(s, (int) PARAM_KEYGEN_BOUND_S) != 0);
// Generate uniform polynomial "a"
poly_uniform(a, &randomness_extended[2 * CRYPTO_SEEDBYTES]);
// Compute the public key t = as+e
poly_mul(t, a, s);
poly_add(t, t, e);
// Pack public and private keys
pack_sk(sk, s, e, &randomness_extended[2 * CRYPTO_SEEDBYTES]);
encode_pk(pk, t, &randomness_extended[2 * CRYPTO_SEEDBYTES]);
return OQS_SUCCESS;
}
/***************************************************************
* OQS note: modified to satisfy the sign/verify API
* Name: crypto_sign
* Description: outputs a signature for a given message m
* Parameters: inputs:
* - const unsigned char *m: message to be signed
* - unsigned long long mlen: message length
* - const unsigned char* sk: secret key
* outputs:
* - unsigned char *sm: signature
* - unsigned long long *smlen: signature length*
* Returns: 0 for successful execution
***************************************************************/
static OQS_STATUS crypto_sign(unsigned char *sm, unsigned long long *smlen, const unsigned char *m, unsigned long long mlen, const unsigned char *sk) {
unsigned char c[CRYPTO_C_BYTES], randomness[CRYPTO_SEEDBYTES], randomness_input[CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES + mlen];
uint32_t pos_list[PARAM_W];
int16_t sign_list[PARAM_W];
poly y, v, Sc, Ec, z, a;
int nonce = 0; // Initialize domain separator for sampling y
#ifdef DEBUG
ctr_sign = 0;
rejwctr = 0;
rejyzctr = 0;
#endif
// Get H(seed_y, r, m) to sample y
OQS_randombytes(randomness_input + CRYPTO_RANDOMBYTES, CRYPTO_RANDOMBYTES);
memcpy(randomness_input, &sk[CRYPTO_SECRETKEYBYTES - CRYPTO_SEEDBYTES], CRYPTO_SEEDBYTES);
memcpy(randomness_input + CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES, m, mlen);
if (strcmp(CRYPTO_ALGNAME, "qTesla-I") == 0) {
OQS_SHA3_shake128(randomness, CRYPTO_SEEDBYTES, randomness_input, CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES + mlen);
} else /* III-size, III-speed */ {
OQS_SHA3_shake256(randomness, CRYPTO_SEEDBYTES, randomness_input, CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES + mlen);
}
poly_uniform(a, &sk[CRYPTO_SECRETKEYBYTES - 2 * CRYPTO_SEEDBYTES]);
while (1) {
#ifdef DEBUG
ctr_sign++;
#endif
sample_y(y, randomness, ++nonce); // Sample y uniformly at random from [-B,B]
poly_mul(v, a, y);
hash_vm(c, v, m, mlen);
encode_c(pos_list, sign_list, c); // Generate c = Enc(c'), where c' is the hashing of v together with m
sparse_mul16(Sc, sk, pos_list, sign_list);
poly_add(z, y, Sc); // Compute z = y + sc
if (test_rejection(z) != 0) { // Rejection sampling
#ifdef DEBUG
rejyzctr++;
#endif
continue;
}
sparse_mul16(Ec, sk + (sizeof(int16_t) * PARAM_N), pos_list, sign_list);
poly_sub(v, v, Ec);
if (test_v(v) != 0) {
#ifdef DEBUG
rejwctr++;
#endif
continue;
}
// Pack signature
*smlen = CRYPTO_BYTES;
encode_sig(sm, c, z);
return OQS_SUCCESS;
}
}
/************************************************************
* OQS note: modified to satisfy the sign/verify API
* Name: crypto_sign_open
* Description: verification of a signature sm
* Parameters: inputs:
* - unsigned char *m: original (signed) message
* - unsigned long long mlen: message length*
* - const unsigned char *sm: signature
* - unsigned long long smlen: signature length
* - const unsigned char* pk: public Key
* Returns: 0 for valid signature
* <0 for invalid signature
************************************************************/
static OQS_STATUS crypto_verify(unsigned char *m, unsigned long long mlen, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) {
unsigned char c[CRYPTO_C_BYTES], c_sig[CRYPTO_C_BYTES], seed[CRYPTO_SEEDBYTES];
uint32_t pos_list[PARAM_W];
int16_t sign_list[PARAM_W];
int32_t pk_t[PARAM_N];
poly w, z, a, Tc;
if (smlen < CRYPTO_BYTES)
return OQS_ERROR;
decode_sig(c, z, sm);
if (test_z(z) != 0)
return OQS_ERROR; // Check norm of z
decode_pk((int32_t *) pk_t, seed, pk);
poly_uniform(a, seed);
encode_c(pos_list, sign_list, c);
poly_mul(w, a, z);
sparse_mul32(Tc, pk_t, pos_list, sign_list);
poly_sub(w, w, Tc); // Compute w = az - tc
hash_vm(c_sig, w, m, mlen);
// Check if the calculated c matches c from the signature
if (memcmp(c, c_sig, CRYPTO_C_BYTES))
return OQS_ERROR;
return OQS_SUCCESS;
}

69
src/sig/qtesla/external/sample.c vendored Normal file
View File

@ -0,0 +1,69 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: sampling functions
**************************************************************************************/
#include "api.h"
#include "sample.h"
#include "params.h"
#include <oqs/sha3.h>
#define NBLOCKS_SHAKE SHAKE_RATE / (((PARAM_B_BITS + 1) + 7) / 8)
#define BPLUS1BYTES ((PARAM_B_BITS + 1) + 7) / 8
static void sample_y(poly y, const unsigned char *seed, int nonce) { // Sample polynomial y, such that each coefficient is in the range [-B,B]
unsigned int i = 0, pos = 0, nblocks = PARAM_N;
unsigned char buf[PARAM_N * BPLUS1BYTES + 1];
unsigned int nbytes = BPLUS1BYTES;
int16_t dmsp = (int16_t)(nonce << 8);
cSHAKE((uint8_t *) buf, PARAM_N * nbytes, dmsp++, seed, CRYPTO_RANDOMBYTES);
while (i < PARAM_N) {
if (pos >= nblocks * nbytes) {
nblocks = NBLOCKS_SHAKE;
cSHAKE((uint8_t *) buf, SHAKE_RATE, dmsp++, seed, CRYPTO_RANDOMBYTES);
pos = 0;
}
y[i] = (*(uint32_t *) (buf + pos)) & ((1 << (PARAM_B_BITS + 1)) - 1);
y[i] -= PARAM_B;
if (y[i] != (1 << PARAM_B_BITS))
i++;
pos += nbytes;
}
}
static void encode_c(uint32_t *pos_list, int16_t *sign_list, unsigned char *c_bin) { // Encoding of c' by mapping the output of the hash function H to an N-element vector with entries {-1,0,1}
int i, pos, cnt = 0;
int16_t c[PARAM_N];
unsigned char r[OQS_SHA3_SHAKE128_RATE];
uint16_t dmsp = 0;
// Use the hash value as key to generate some randomness
OQS_SHA3_cshake128_simple(r, OQS_SHA3_SHAKE128_RATE, dmsp++, c_bin, CRYPTO_RANDOMBYTES);
// Use rejection sampling to determine positions to be set in the new vector
for (i = 0; i < PARAM_N; i++)
c[i] = 0;
for (i = 0; i < PARAM_H;) { // Sample a unique position k times. Use two bytes
if (cnt > (OQS_SHA3_SHAKE128_RATE - 3)) {
OQS_SHA3_cshake128_simple(r, OQS_SHA3_SHAKE128_RATE, dmsp++, c_bin, CRYPTO_RANDOMBYTES);
cnt = 0;
}
pos = (r[cnt] << 8) | (r[cnt + 1]);
pos = pos & (PARAM_N - 1); // Position is in the range [0,N-1]
if (c[pos] == 0) { // Position has not been set yet. Determine sign
if ((r[cnt + 2] & 1) == 1)
c[pos] = -1;
else
c[pos] = 1;
pos_list[i] = pos;
sign_list[i] = c[pos];
i++;
}
cnt += 3;
}
}

11
src/sig/qtesla/external/sample.h vendored Normal file
View File

@ -0,0 +1,11 @@
#ifndef SAMPLE_H
#define SAMPLE_H
#include <stdint.h>
#include "params.h"
#include "poly.h"
static void sample_y(poly y, const unsigned char *seed, int nonce);
static void encode_c(uint32_t *pos_list, int16_t *sign_list, unsigned char *c_bin);
#endif

309
src/sig/qtesla/external/sign.c vendored Normal file
View File

@ -0,0 +1,309 @@
/*************************************************************************************
* qTESLA: an efficient post-quantum signature scheme based on the R-LWE problem
*
* Abstract: high-level functions of the signature scheme
**************************************************************************************/
#include <string.h>
#include <stdlib.h>
#include "api.h"
#include "params.h"
#include "poly.h"
#include "pack.h"
#include "sample.h"
#include "gauss.h"
#include <oqs/rand.h>
#include <oqs/sha3.h>
#ifdef STATS
unsigned long long rejwctr;
unsigned long long rejyzctr;
unsigned long long ctr_keygen;
unsigned long long ctr_sign;
#endif
static void hash_H(unsigned char *c_bin, poly_k v, const unsigned char *hm) { // Hash-based function H to generate c'
unsigned char t[PARAM_K * PARAM_N + HM_BYTES];
int32_t mask, cL, temp;
unsigned int i, k, index;
for (k = 0; k < PARAM_K; k++) {
index = k * PARAM_N;
for (i = 0; i < PARAM_N; i++) {
temp = (int32_t) v[index];
// If v[i] > PARAM_Q/2 then v[i] -= PARAM_Q
mask = (PARAM_Q / 2 - temp) >> (RADIX32 - 1);
temp = ((temp - PARAM_Q) & mask) | (temp & ~mask);
cL = temp & ((1 << PARAM_D) - 1);
// If cL > 2^(d-1) then cL -= 2^d
mask = ((1 << (PARAM_D - 1)) - cL) >> (RADIX32 - 1);
cL = ((cL - (1 << PARAM_D)) & mask) | (cL & ~mask);
t[index++] = (unsigned char) ((temp - cL) >> PARAM_D);
}
}
memcpy(&t[PARAM_K * PARAM_N], hm, HM_BYTES);
SHAKE(c_bin, CRYPTO_C_BYTES, t, PARAM_K * PARAM_N + HM_BYTES);
}
static __inline int32_t Abs(int32_t value) { // Compute absolute value
int32_t mask = value >> (RADIX32 - 1);
return ((mask ^ value) - mask);
}
static int test_rejection(poly z) { // Check bounds for signature vector z during signing. Returns 0 if valid, otherwise outputs 1 if invalid (rejected).
// This function does not leak any information about the coefficient that fails the test.
uint32_t valid = 0;
for (int i = 0; i < PARAM_N; i++) {
valid |= (uint32_t)(PARAM_B - PARAM_S) - Abs((int32_t) z[i]);
}
return (int) (valid >> 31);
}
static int test_correctness(poly v) { // Check bounds for w = v - ec during signature verification. Returns 0 if valid, otherwise outputs 1 if invalid (rejected).
// This function leaks the position of the coefficient that fails the test (but this is independent of the secret data).
// It does not leak the sign of the coefficients.
int32_t mask, left, val;
uint32_t t0, t1;
for (int i = 0; i < PARAM_N; i++) {
// If v[i] > PARAM_Q/2 then v[i] -= PARAM_Q
mask = (int32_t)(PARAM_Q / 2 - v[i]) >> (RADIX32 - 1);
val = ((v[i] - PARAM_Q) & mask) | (v[i] & ~mask);
// If (Abs(val) < PARAM_Q/2 - PARAM_E) then t0 = 0, else t0 = 1
t0 = (uint32_t)(~(Abs(val) - (PARAM_Q / 2 - PARAM_E))) >> (RADIX32 - 1);
left = val;
val = (val + (1 << (PARAM_D - 1)) - 1) >> PARAM_D;
val = left - (val << PARAM_D);
// If (Abs(val) < (1<<(PARAM_D-1))-PARAM_E) then t1 = 0, else t1 = 1
t1 = (uint32_t)(~(Abs(val) - ((1 << (PARAM_D - 1)) - PARAM_E))) >> (RADIX32 - 1);
if ((t0 | t1) == 1) // Returns 1 if any of the two tests failed
return 1;
}
return 0;
}
static int test_z(poly z) { // Check bounds for signature vector z during signature verification
// Returns 0 if valid, otherwise outputs 1 if invalid (rejected)
for (int i = 0; i < PARAM_N; i++) {
if (z[i] < -(PARAM_B - PARAM_S) || z[i] > (PARAM_B - PARAM_S))
return 1;
}
return 0;
}
static int check_ES(poly p, unsigned int bound) { // Checks the generated polynomial e or s
// Returns 0 if ok, otherwise returns 1
unsigned int i, j, sum = 0, limit = PARAM_N;
int32_t temp, mask, list[PARAM_N];
for (j = 0; j < PARAM_N; j++)
list[j] = Abs((int32_t) p[j]);
for (j = 0; j < PARAM_H; j++) {
for (i = 0; i < limit - 1; i++) {
// If list[i+1] > list[i] then exchange contents
mask = (list[i + 1] - list[i]) >> (RADIX32 - 1);
temp = (list[i + 1] & mask) | (list[i] & ~mask);
list[i + 1] = (list[i] & mask) | (list[i + 1] & ~mask);
list[i] = temp;
}
sum += (unsigned int) list[limit - 1];
limit -= 1;
}
if (sum > bound)
return 1;
return 0;
}
/*********************************************************
* Name: crypto_sign_keypair
* Description: generates a public and private key pair
* Parameters: inputs: none
* outputs:
* - unsigned char *pk: public key
* - unsigned char *sk: secret key
* Returns: 0 for successful execution
**********************************************************/
static int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) {
unsigned char randomness[CRYPTO_RANDOMBYTES], randomness_extended[(PARAM_K + 3) * CRYPTO_SEEDBYTES];
poly s, s_ntt;
poly_k e, a, t;
int k, nonce = 0; // Initialize domain separator for error and secret polynomials
#ifdef STATS
ctr_keygen = 0;
#endif
// Get randomness_extended <- seed_e, seed_s, seed_a, seed_y
OQS_randombytes(randomness, CRYPTO_RANDOMBYTES);
SHAKE(randomness_extended, (PARAM_K + 3) * CRYPTO_SEEDBYTES, randomness, CRYPTO_RANDOMBYTES);
for (k = 0; k < PARAM_K; k++) {
do { // Sample the error polynomials
#ifdef STATS
ctr_keygen++;
#endif
sample_gauss_poly(&e[k * PARAM_N], &randomness_extended[k * CRYPTO_SEEDBYTES], ++nonce);
} while (check_ES(&e[k * PARAM_N], PARAM_KEYGEN_BOUND_E) != 0);
}
do { // Sample the secret polynomial
#ifdef STATS
ctr_keygen++;
#endif
sample_gauss_poly(s, &randomness_extended[PARAM_K * CRYPTO_SEEDBYTES], ++nonce);
} while (check_ES(s, PARAM_KEYGEN_BOUND_S) != 0);
// Generate uniform polynomial "a"
poly_uniform(a, &randomness_extended[(PARAM_K + 1) * CRYPTO_SEEDBYTES]);
poly_ntt(s_ntt, s);
// Compute the public key t = as+e
for (k = 0; k < PARAM_K; k++) {
poly_mul(&t[k * PARAM_N], &a[k * PARAM_N], s_ntt);
poly_add_correct(&t[k * PARAM_N], &t[k * PARAM_N], &e[k * PARAM_N]);
}
// Pack public and private keys
pack_sk(sk, s, e, &randomness_extended[(PARAM_K + 1) * CRYPTO_SEEDBYTES]);
encode_pk(pk, t, &randomness_extended[(PARAM_K + 1) * CRYPTO_SEEDBYTES]);
return 0;
}
/***************************************************************
* Name: crypto_sign
* Description: outputs a signature for a given message m
* Parameters: inputs:
* - const unsigned char *m: message to be signed
* - unsigned long long mlen: message length
* - const unsigned char* sk: secret key
* outputs:
* - unsigned char *sm: signature
* - unsigned long long *smlen: signature length*
* Returns: 0 for successful execution
***************************************************************/
static int crypto_sign(unsigned char *sm, unsigned long long *smlen, const unsigned char *m, unsigned long long mlen, const unsigned char *sk) {
unsigned char c[CRYPTO_C_BYTES], randomness[CRYPTO_SEEDBYTES], randomness_input[CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES + HM_BYTES];
uint32_t pos_list[PARAM_H];
int16_t sign_list[PARAM_H];
poly y, y_ntt, Sc, z;
poly_k v, Ec, a;
int k, rsp, nonce = 0; // Initialize domain separator for sampling y
#ifdef STATS
ctr_sign = 0;
rejwctr = 0;
rejyzctr = 0;
#endif
// Get H(seed_y, r, H(m)) to sample y
OQS_randombytes(randomness_input + CRYPTO_RANDOMBYTES, CRYPTO_RANDOMBYTES);
memcpy(randomness_input, &sk[CRYPTO_SECRETKEYBYTES - CRYPTO_SEEDBYTES], CRYPTO_SEEDBYTES);
SHAKE(randomness_input + CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES, HM_BYTES, m, mlen);
SHAKE(randomness, CRYPTO_SEEDBYTES, randomness_input, CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES + HM_BYTES);
poly_uniform(a, &sk[CRYPTO_SECRETKEYBYTES - 2 * CRYPTO_SEEDBYTES]);
while (1) {
#ifdef STATS
ctr_sign++;
#endif
sample_y(y, randomness, ++nonce); // Sample y uniformly at random from [-B,B]
poly_ntt(y_ntt, y);
for (k = 0; k < PARAM_K; k++)
poly_mul(&v[k * PARAM_N], &a[k * PARAM_N], y_ntt);
hash_H(c, v, randomness_input + CRYPTO_RANDOMBYTES + CRYPTO_SEEDBYTES);
encode_c(pos_list, sign_list, c); // Generate c = Enc(c'), where c' is the hashing of v together with m
sparse_mul8(Sc, sk, pos_list, sign_list);
poly_add(z, y, Sc); // Compute z = y + sc
if (test_rejection(z) != 0) { // Rejection sampling
#ifdef STATS
rejyzctr++;
#endif
continue;
}
for (k = 0; k < PARAM_K; k++) {
sparse_mul8(&Ec[k * PARAM_N], sk + (sizeof(int8_t) * PARAM_N * (k + 1)), pos_list, sign_list);
poly_sub(&v[k * PARAM_N], &v[k * PARAM_N], &Ec[k * PARAM_N]);
rsp = test_correctness(&v[k * PARAM_N]);
if (rsp != 0) {
#ifdef STATS
rejwctr++;
#endif
break;
}
}
if (rsp != 0)
continue;
// Copy message to signature package, and pack signature
/* OQS note: we return the signature directly in OQS
for (unsigned long long i = 0; i < mlen; i++)
sm[CRYPTO_BYTES+i] = m[i];
*/
*smlen = CRYPTO_BYTES /* + mlen */;
encode_sig(sm, c, z);
return 0;
}
}
/************************************************************
* Name: crypto_sign_open
* Description: verification of a signature sm
* Parameters: inputs:
* - const unsigned char *sm: signature
* - unsigned long long smlen: signature length
* - const unsigned char* pk: public Key
* - unsigned char *m: original (signed) message
* - unsigned long long mlen: message length*
* Returns: 0 for valid signature
* <0 for invalid signature
************************************************************/
static int crypto_sign_open(unsigned char *m, unsigned long long /* * */ mlen, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) {
unsigned char c[CRYPTO_C_BYTES], c_sig[CRYPTO_C_BYTES], seed[CRYPTO_SEEDBYTES], hm[HM_BYTES];
uint32_t pos_list[PARAM_H];
int16_t sign_list[PARAM_H];
int32_t pk_t[PARAM_N * PARAM_K];
poly_k w, a, Tc;
poly z, z_ntt;
int k;
if (smlen < CRYPTO_BYTES)
return -1;
decode_sig(c, z, sm);
if (test_z(z) != 0)
return -2; // Check norm of z
decode_pk(pk_t, seed, pk);
poly_uniform(a, seed);
encode_c(pos_list, sign_list, c);
poly_ntt(z_ntt, z);
for (k = 0; k < PARAM_K; k++) { // Compute w = az - tc
sparse_mul32(&Tc[k * PARAM_N], &pk_t[k * PARAM_N], pos_list, sign_list);
poly_mul(&w[k * PARAM_N], &a[k * PARAM_N], z_ntt);
poly_sub(&w[k * PARAM_N], &w[k * PARAM_N], &Tc[k * PARAM_N]);
}
SHAKE(hm, HM_BYTES, m /*sm+CRYPTO_BYTES*/, mlen /*smlen-CRYPTO_BYTES*/);
hash_H(c_sig, w, hm);
// Check if the calculated c matches c from the signature
if (memcmp(c, c_sig, CRYPTO_C_BYTES))
return -3;
/* OQS note: the message isn't included in the signature in OQS
*mlen = smlen-CRYPTO_BYTES;
for (unsigned long long i = 0; i < *mlen; i++)
m[i] = sm[CRYPTO_BYTES+i];
*/
return 0;
}

43
src/sig/qtesla/qtesla_p_I.c Normal file
View File

@ -0,0 +1,43 @@
/* qTesla-p-I */
#include "sig_qtesla.h"
#ifdef OQS_ENABLE_SIG_qTesla_p_I
#define _qTESLA_p_I_
#include "external/consts.c"
#include "external/gauss.c"
#include "external/pack.c"
#include "external/poly.c"
#include "external/sample.c"
#include "external/sign.c"
OQS_API OQS_STATUS OQS_SIG_qTesla_p_I_keypair(uint8_t *public_key, uint8_t *secret_key) {
int rv = crypto_sign_keypair(public_key, secret_key);
if (rv == 0) {
return OQS_SUCCESS;
} else {
return OQS_ERROR;
}
}
OQS_API OQS_STATUS OQS_SIG_qTesla_p_I_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) {
int rv = crypto_sign(signature, (long long unsigned int *) signature_len, message, message_len, secret_key);
if (rv == 0) {
return OQS_SUCCESS;
} else {
return OQS_ERROR;
}
}
OQS_API OQS_STATUS OQS_SIG_qTesla_p_I_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) {
int rv = crypto_sign_open((unsigned char *) message, message_len, signature, signature_len, public_key);
if (rv == 0) {
return OQS_SUCCESS;
} else {
return OQS_ERROR;
}
}
#endif

42
src/sig/qtesla/qtesla_p_III.c Normal file
View File

@ -0,0 +1,42 @@
/* qTesla-p-III */
#include "sig_qtesla.h"
#ifdef OQS_ENABLE_SIG_qTesla_p_III
#define _qTESLA_p_III_
#include "external/consts.c"
#include "external/gauss.c"
#include "external/pack.c"
#include "external/poly.c"
#include "external/sample.c"
#include "external/sign.c"
OQS_API OQS_STATUS OQS_SIG_qTesla_p_III_keypair(uint8_t *public_key, uint8_t *secret_key) {
int rv = crypto_sign_keypair(public_key, secret_key);
if (rv == 0) {
return OQS_SUCCESS;
} else {
return OQS_ERROR;
}
}
OQS_API OQS_STATUS OQS_SIG_qTesla_p_III_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) {
int rv = crypto_sign(signature, (long long unsigned int *) signature_len, message, message_len, secret_key);
if (rv == 0) {
return OQS_SUCCESS;
} else {
return OQS_ERROR;
}
}
OQS_API OQS_STATUS OQS_SIG_qTesla_p_III_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) {
int rv = crypto_sign_open((unsigned char *) message, message_len, signature, signature_len, public_key);
if (rv == 0) {
return OQS_SUCCESS;
} else {
return OQS_ERROR;
}
}
#endif

67
src/sig/qtesla/sig_qtesla.c
View File

@ -2,81 +2,54 @@
#include <oqs/sig_qtesla.h>
#ifdef OQS_ENABLE_SIG_qTESLA_I
#ifdef OQS_ENABLE_SIG_qTesla_p_I
OQS_SIG *OQS_SIG_qTESLA_I_new() {
OQS_SIG *OQS_SIG_qTesla_p_I_new() {
OQS_SIG *sig = malloc(sizeof(OQS_SIG));
if (sig == NULL) {
return NULL;
}
sig->method_name = OQS_SIG_alg_qTESLA_I;
sig->alg_version = "https://github.com/qtesla/qTesla/commit/5e921da989b9b44aba95f63d9c28927d518f630c";
sig->method_name = OQS_SIG_alg_qTesla_p_I;
sig->alg_version = "https://github.com/microsoft/qTESLA-Library/commit/dcaabbff1ef2c1e993c4bca7eb9d4821f2f56bd5";
sig->claimed_nist_level = 1;
sig->euf_cma = true;
sig->length_public_key = OQS_SIG_qTESLA_I_length_public_key;
sig->length_secret_key = OQS_SIG_qTESLA_I_length_secret_key;
sig->length_signature = OQS_SIG_qTESLA_I_length_signature;
sig->length_public_key = OQS_SIG_qTesla_p_I_length_public_key;
sig->length_secret_key = OQS_SIG_qTesla_p_I_length_secret_key;
sig->length_signature = OQS_SIG_qTesla_p_I_length_signature;
sig->keypair = OQS_SIG_qTESLA_I_keypair;
sig->sign = OQS_SIG_qTESLA_I_sign;
sig->verify = OQS_SIG_qTESLA_I_verify;
sig->keypair = OQS_SIG_qTesla_p_I_keypair;
sig->sign = OQS_SIG_qTesla_p_I_sign;
sig->verify = OQS_SIG_qTesla_p_I_verify;
return sig;
}
#endif
#ifdef OQS_ENABLE_SIG_qTESLA_III_size
#ifdef OQS_ENABLE_SIG_qTesla_p_III
OQS_SIG *OQS_SIG_qTESLA_III_size_new() {
OQS_SIG *OQS_SIG_qTesla_p_III_new() {
OQS_SIG *sig = malloc(sizeof(OQS_SIG));
if (sig == NULL) {
return NULL;
}
sig->method_name = OQS_SIG_alg_qTESLA_III_size;
sig->alg_version = "https://github.com/qtesla/qTesla/commit/5e921da989b9b44aba95f63d9c28927d518f630c";
sig->method_name = OQS_SIG_alg_qTesla_p_III;
sig->alg_version = "https://github.com/microsoft/qTESLA-Library/commit/dcaabbff1ef2c1e993c4bca7eb9d4821f2f56bd5";
sig->claimed_nist_level = 3;
sig->euf_cma = true;
sig->length_public_key = OQS_SIG_qTESLA_III_size_length_public_key;
sig->length_secret_key = OQS_SIG_qTESLA_III_size_length_secret_key;
sig->length_signature = OQS_SIG_qTESLA_III_size_length_signature;
sig->length_public_key = OQS_SIG_qTesla_p_III_length_public_key;
sig->length_secret_key = OQS_SIG_qTesla_p_III_length_secret_key;
sig->length_signature = OQS_SIG_qTesla_p_III_length_signature;
sig->keypair = OQS_SIG_qTESLA_III_size_keypair;
sig->sign = OQS_SIG_qTESLA_III_size_sign;
sig->verify = OQS_SIG_qTESLA_III_size_verify;
return sig;
}
#endif
#ifdef OQS_ENABLE_SIG_qTESLA_III_speed
OQS_SIG *OQS_SIG_qTESLA_III_speed_new() {
OQS_SIG *sig = malloc(sizeof(OQS_SIG));
if (sig == NULL) {
return NULL;
}
sig->method_name = OQS_SIG_alg_qTESLA_III_speed;
sig->alg_version = "https://github.com/qtesla/qTesla/commit/5e921da989b9b44aba95f63d9c28927d518f630c";
sig->claimed_nist_level = 3;
sig->euf_cma = true;
sig->length_public_key = OQS_SIG_qTESLA_III_speed_length_public_key;
sig->length_secret_key = OQS_SIG_qTESLA_III_speed_length_secret_key;
sig->length_signature = OQS_SIG_qTESLA_III_speed_length_signature;
sig->keypair = OQS_SIG_qTESLA_III_speed_keypair;
sig->sign = OQS_SIG_qTESLA_III_speed_sign;
sig->verify = OQS_SIG_qTESLA_III_speed_verify;
sig->keypair = OQS_SIG_qTesla_p_III_keypair;
sig->sign = OQS_SIG_qTesla_p_III_sign;
sig->verify = OQS_SIG_qTesla_p_III_verify;
return sig;
}

46
src/sig/qtesla/sig_qtesla.h
View File

@ -3,45 +3,31 @@
#include <oqs/oqs.h>
#ifdef OQS_ENABLE_SIG_qTESLA_I
#ifdef OQS_ENABLE_SIG_qTesla_p_I
#define OQS_SIG_qTESLA_I_length_public_key 1504
#define OQS_SIG_qTESLA_I_length_secret_key 2112
#define OQS_SIG_qTESLA_I_length_signature 1376
#define OQS_SIG_qTesla_p_I_length_public_key 14880
#define OQS_SIG_qTesla_p_I_length_secret_key 5184
#define OQS_SIG_qTesla_p_I_length_signature 2592
OQS_SIG *OQS_SIG_qTESLA_I_new();
OQS_SIG *OQS_SIG_qTesla_p_I_new();
OQS_API OQS_STATUS OQS_SIG_qTESLA_I_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTESLA_I_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTESLA_I_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
OQS_API OQS_STATUS OQS_SIG_qTesla_p_I_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTesla_p_I_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTesla_p_I_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
#endif
#ifdef OQS_ENABLE_SIG_qTESLA_III_size
#ifdef OQS_ENABLE_SIG_qTesla_p_III
#define OQS_SIG_qTESLA_III_size_length_public_key 2976
#define OQS_SIG_qTESLA_III_size_length_secret_key 4160
#define OQS_SIG_qTESLA_III_size_length_signature 2720
#define OQS_SIG_qTesla_p_III_length_public_key 38432
#define OQS_SIG_qTesla_p_III_length_secret_key 12352
#define OQS_SIG_qTesla_p_III_length_signature 5664
OQS_SIG *OQS_SIG_qTESLA_III_size_new();
OQS_SIG *OQS_SIG_qTesla_p_III_new();
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_size_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_size_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_size_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
#endif
#ifdef OQS_ENABLE_SIG_qTESLA_III_speed
#define OQS_SIG_qTESLA_III_speed_length_public_key 3104
#define OQS_SIG_qTESLA_III_speed_length_secret_key 4160
#define OQS_SIG_qTESLA_III_speed_length_signature 2848
OQS_SIG *OQS_SIG_qTESLA_III_speed_new();
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_speed_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_speed_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTESLA_III_speed_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
OQS_API OQS_STATUS OQS_SIG_qTesla_p_III_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTesla_p_III_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_qTesla_p_III_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
#endif

34
src/sig/sig.c
View File

@ -18,7 +18,7 @@ OQS_API const char *OQS_SIG_alg_identifier(size_t i) {
OQS_SIG_alg_sphincs_haraka_128f_robust, OQS_SIG_alg_sphincs_haraka_128f_simple, OQS_SIG_alg_sphincs_haraka_128s_robust, OQS_SIG_alg_sphincs_haraka_128s_simple, OQS_SIG_alg_sphincs_haraka_192f_robust, OQS_SIG_alg_sphincs_haraka_192f_simple, OQS_SIG_alg_sphincs_haraka_192s_robust, OQS_SIG_alg_sphincs_haraka_192s_simple, OQS_SIG_alg_sphincs_haraka_256f_robust, OQS_SIG_alg_sphincs_haraka_256f_simple, OQS_SIG_alg_sphincs_haraka_256s_robust, OQS_SIG_alg_sphincs_haraka_256s_simple, OQS_SIG_alg_sphincs_sha256_128f_robust, OQS_SIG_alg_sphincs_sha256_128f_simple, OQS_SIG_alg_sphincs_sha256_128s_robust, OQS_SIG_alg_sphincs_sha256_128s_simple, OQS_SIG_alg_sphincs_sha256_192f_robust, OQS_SIG_alg_sphincs_sha256_192f_simple, OQS_SIG_alg_sphincs_sha256_192s_robust, OQS_SIG_alg_sphincs_sha256_192s_simple, OQS_SIG_alg_sphincs_sha256_256f_robust, OQS_SIG_alg_sphincs_sha256_256f_simple, OQS_SIG_alg_sphincs_sha256_256s_robust, OQS_SIG_alg_sphincs_sha256_256s_simple, OQS_SIG_alg_sphincs_shake256_128f_robust, OQS_SIG_alg_sphincs_shake256_128f_simple, OQS_SIG_alg_sphincs_shake256_128s_robust, OQS_SIG_alg_sphincs_shake256_128s_simple, OQS_SIG_alg_sphincs_shake256_192f_robust, OQS_SIG_alg_sphincs_shake256_192f_simple, OQS_SIG_alg_sphincs_shake256_192s_robust, OQS_SIG_alg_sphincs_shake256_192s_simple, OQS_SIG_alg_sphincs_shake256_256f_robust, OQS_SIG_alg_sphincs_shake256_256f_simple, OQS_SIG_alg_sphincs_shake256_256s_robust, OQS_SIG_alg_sphincs_shake256_256s_simple,
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_ALG_IDENTIFIER_END
OQS_SIG_alg_picnic_L1_FS, OQS_SIG_alg_picnic_L1_UR, OQS_SIG_alg_picnic_L3_FS, OQS_SIG_alg_picnic_L3_UR, OQS_SIG_alg_picnic_L5_FS, OQS_SIG_alg_picnic_L5_UR, OQS_SIG_alg_picnic2_L1_FS, OQS_SIG_alg_picnic2_L3_FS, OQS_SIG_alg_picnic2_L5_FS,
OQS_SIG_alg_qTESLA_I, OQS_SIG_alg_qTESLA_III_size, OQS_SIG_alg_qTESLA_III_speed};
OQS_SIG_alg_qTesla_p_I, OQS_SIG_alg_qTesla_p_III};
if (i >= OQS_SIG_algs_length) {
return NULL;
} else {
@ -338,20 +338,14 @@ OQS_API int OQS_SIG_alg_is_enabled(const char *method_name) {
#else
return 0;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTESLA_I)) {
#ifdef OQS_ENABLE_SIG_qTESLA_I
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTesla_p_I)) {
#ifdef OQS_ENABLE_SIG_qTesla_p_I
return 1;
#else
return 0;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTESLA_III_size)) {
#ifdef OQS_ENABLE_SIG_qTESLA_III_size
return 1;
#else
return 0;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTESLA_III_speed)) {
#ifdef OQS_ENABLE_SIG_qTESLA_III_speed
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTesla_p_III)) {
#ifdef OQS_ENABLE_SIG_qTesla_p_III
return 1;
#else
return 0;
@ -670,21 +664,15 @@ OQS_API OQS_SIG *OQS_SIG_new(const char *method_name) {
#else
return NULL;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTESLA_I)) {
#ifdef OQS_ENABLE_SIG_qTESLA_I
return OQS_SIG_qTESLA_I_new();
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTesla_p_I)) {
#ifdef OQS_ENABLE_SIG_qTesla_p_I
return OQS_SIG_qTesla_p_I_new();
#else
return NULL;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTESLA_III_size)) {
#ifdef OQS_ENABLE_SIG_qTESLA_III_size
return OQS_SIG_qTESLA_III_size_new();
#else
return NULL;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTESLA_III_speed)) {
#ifdef OQS_ENABLE_SIG_qTESLA_III_speed
return OQS_SIG_qTESLA_III_speed_new();
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_qTesla_p_III)) {
#ifdef OQS_ENABLE_SIG_qTesla_p_III
return OQS_SIG_qTesla_p_III_new();
#else
return NULL;
#endif

16
src/sig/sig.h
View File

@ -37,11 +37,11 @@ extern "C" {
#define OQS_SIG_alg_picnic_L1_UR "picnic_L1_UR"
/** Algorithm identifier for picnic_L3_FS */
#define OQS_SIG_alg_picnic_L3_FS "picnic_L3_FS"
/** Algorithm identifier for Picnic_L3_UR */
/** Algorithm identifier for picnic_L3_UR */
#define OQS_SIG_alg_picnic_L3_UR "picnic_L3_UR"
/** Algorithm identifier for Picnic_L5_FS */
/** Algorithm identifier for picnic_L5_FS */
#define OQS_SIG_alg_picnic_L5_FS "picnic_L5_FS"
/** Algorithm identifier for Picnic_L5_FS */
/** Algorithm identifier for picnic_L5_FS */
#define OQS_SIG_alg_picnic_L5_UR "picnic_L5_UR"
/** Algorithm identifier for picnic2_L1_FS */
#define OQS_SIG_alg_picnic2_L1_FS "picnic2_L1_FS"
@ -49,12 +49,10 @@ extern "C" {
#define OQS_SIG_alg_picnic2_L3_FS "picnic2_L3_FS"
/** Algorithm identifier for picnic2_L5_FS */
#define OQS_SIG_alg_picnic2_L5_FS "picnic2_L5_FS"
/** Algorithm identifier for qTESLA_I */
#define OQS_SIG_alg_qTESLA_I "qTESLA_I"
/** Algorithm identifier for qTESLA_III_size */
#define OQS_SIG_alg_qTESLA_III_size "qTESLA_III_size"
/** Algorithm identifier for qTESLA_III_speed */
#define OQS_SIG_alg_qTESLA_III_speed "qTESLA_III_speed"
/** Algorithm identifier for qTesla-p-I */
#define OQS_SIG_alg_qTesla_p_I "qTesla-p-I"
/** Algorithm identifier for qTesla-p-III */
#define OQS_SIG_alg_qTesla_p_III "qTesla-p-III"
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_ALG_IDENTIFIER_START
/** Algorithm identifier for DILITHIUM_2 */
#define OQS_SIG_alg_dilithium_2 "DILITHIUM_2"

8
tests/KATs/sig/qTESLA_I.kat
View File

@ -1,8 +0,0 @@
count = 0
seed = 061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1
mlen = 33
msg = D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8
pk = D1A8328AB997DF974E1933437AE5A0410F8C7FE23216345AC4A5C78AD3B5A548C865320EEB017238F4790A3286130E56206AA8DCF6732FAE84244557A9068A50E0B130C94DA9503577EECD89516736715450C56A357BD912B7082C4AD8D900C11A869DDFC6B76FF5E443B8A818315E1A80367872AC1DB9720F1B52088637A0A064B89A31A8088802D4159BB51553095B65FACE5ECA26836D081504EC6632B04C23505806A5704F08FDCE2770A1331E719E59EDB5A6E0725519850D76131036CECE0B1434CF323BE8A18138164C4E20A6E138B1C1CBF00BEBF642C327EED1A9609C9E576652618619BFF36945989B4D9521C4002C423143183D0848D2526AC5B9750993ECB9EB01F3A37CFB61EAEAD1E856143A1088E30515CD083584049300827FF1DBDC4BA9D93278E9244698306FC08C8C69A26714067AF1AB9F1389DCE3D8EE1B911D1B22A9D50A8544ED9002ACF28B3CE0401C3952AE7595D41A8EB6C0D5A86A4A7A016C366B317C516DA90A107115EFA5FBAD8FDA098EA1C903C583C165F9E98047745E5A2259BC728BD9F9364E83A1652733305F61A19BEDFAFB31579EA57E6752ED032567AAE0C700AAD55B34FE080A0017BEEFAB0B801BF2674376EFA6D3E9E8C168FCD4766A03638D8CA69A2D52C3048A29732129A381A733C5499F42F9149D401E29C40090D2C89E8E966E7D130B7758FC1A8EF8157FD6901475CBF3998124273740BC511C94BC6A60722A0637A982060FA0CCF26CA5F913477C331293EC739EC463185E9738E2BE049145A5D20DD4BA90DBCFB0351A5ECE0C49D6C63E3DE647AA01CF427425ED6EF125DA35B96BCE5813FD38B1BA7D9F1799E493B121D85F68D7F34804D9066D662AA9AC08F05F187FABE8B4B586CA1114A534A5FA5C477546FF9AE610CCB5A3A410A4A57D11EAE73C25939FDA490BCEF620686A0CD5EE2E8928E252FDF3359D5DCAE85EBD2B7D6024BDA3420BEB830433B49DAA9216CD1DDE72BAFC4429748E72CE406F2A8F1A7CC0EA665323C6045B6192A4009992235673DBCA3DE54ADF008F7AE140EEA5EA58FE77185C521CB20E55EFF60C60CB94723C52E998B0F48462352F9E9108B4E1939F668E6AD974754B20D46FBD288AA4401DA6068B7DFA1A3CDC02CC4D929F94DAC9C3555C42381244EC9730286A433D1DE1ED631704C7C84FCFF9AC8AC89133FB2439A00B89C26F42F9AAA35060C32F04E837B8E21B7382C68E27674A036D6651AAB40553BB05D2B07DF2FC1D62D22323209850698827CE0AC364AC0A1F7E953C308EAD14F838376BFE0686B58AACA9F357FD49CBCE19FDE9E8235DA5381707FD9693496F63C5A431B93386839C4CB3FC717E15B69C3D42184322A2DB1FF579DD41AB6E7152EE2871217A9C972A1B1F63804C16DBB4C5BEEABDCBB889DDDA5C1AA2E5239C71448F9B057CECB7CA054081244D920C1AAA12261812FA61DEB7BAC9C047315D0B014527484F8ADABE093C048E6845C3C8CDA9E2CCC35290617B22EDA5208E791CF41491C1539211A68BD518420A464823E5294600D0603DC03E051F8C91A215E90462644218C8BEC7D056EAEE617D4B57BFE98547F15D65757AF536D53364E1605E2D569E002CAD27BF074702C58235A8248AFE5876F08D2D5DA8992522F73F0777977CBD6455AC438C56434FCCB0B33D288A652B25A64C1FD6D262A46E30C0A18EE968474CE03DB0526AF0B8A0B171078F6825C070F2A9C28A504C6527EAD2564305991504EAD3AD3501A360417EF44B3C9A6D5B2B8E714E229912D649DE63ACC85AFEE6D5B3B2CB3198276AA01E4E36F8B8DC5C5DDA1323E5C354EA3E18B23E84D2E4EC600E63FAB91B3BC3A1FF82A07A82501DF9E33CEDC8FEDC536F8CAB0D5CD9C503D8A5862C959DAC6B497F34ACAACA65013CA683416B41AC4B278C39856DCC30F2C0C1E79024FF53FD630ADF6F8F038821AD68C11531F1016760EDAA88115EA068A48238537E648E38AA07061D3A4FAEDDDF35C4A60A07230EE9984D47236E598947F023A3A86A5D8A752CBA4EADDCA006ECD6E676231F340284FAB8F57C0081E766667A993B08009265B8004398CF119F95FCC217D38228F1D1F14BCFC5B7160986C339
sk = 20001D000F00F8FFEEFF0E0028001900EEFFE5FFE4FF1F00FBFFFBFF02001B00FBFFE0FF1900050007001A00F4FF1500EBFF0600F8FF22000A000C00FAFF0900D1FFFCFFF9FFE1FF1A00EDFFE3FF0D000800FAFFE6FF120004000200EEFFEDFFFDFF0B000000FEFFD7FFD9FF1600CCFFEFFFF2FFFCFFDEFFEAFF190019001000F5FFF0FF0E000C002800D9FF18001200F5FFFAFFFBFFFEFFF9FF0B000B003500F7FF20001800EBFFF5FF0F00FDFFF9FFDCFF0900DCFF0000D3FFEEFF05000A00F1FF14000C001B001B00F6FFE8FFEBFF1300E7FF15003200FFFF17000F0020001F000E00DDFF0500E1FF0D000A000A0012000000F5FF2300D1FFF9FF1100220005000B00E5FFF6FFFBFF0E00F9FF1A000D00D2FF0F002000F9FF060007002600E3FFF5FFEFFFE8FFD5FF0900F9FFFCFF09002700DDFF010027000000D1FFE2FF020017001B001D00E1FF0F00E0FFF1FFFCFFEDFF0D00280008000C00FFFFD8FF0B001400170007001B00F8FF0B001600180012000500E4FFF8FFFFFF19001A001E001900C0FFF2FFE4FF0B00F6FFEAFFF4FFF7FF1B00EAFF020001002400BAFFAFFFF6FFDFFFE6FFDFFFF6FF1F000200ECFF0B00F0FF270010001A001A000500F2FFE5FF1C00E5FF0B000A00FBFFC4FF0F00F3FF0200FEFFE7FF0E00FDFFE4FFF4FFFCFFF5FF1C00FFFF1A00190002000100FBFFDCFF1100F4FF1900FEFFC7FFEDFFF6FFFDFF33000200E0FFE5FF18000800F4FFF2FF18000C000A00D4FFF5FF2F00D5FFFAFFE7FF0500F4FFE2FFF2FFD3FF07001600EFFF0000E2FF15000E00EAFF07001A00E0FFF2FFFCFFEDFF0200E2FF1700F6FF06002D0004000200FBFFF8FFF6FF1A001B001E000B001B000C00F7FF3300FDFF2900EEFF2E001600210011001700EBFFE1FFCEFFF5FF0D00CFFF1700F8FF0100E6FF0800FDFFFFFFBFFFEAFF0400FAFFF5FFF8FF1300DFFF1500FBFFC9FF1800FBFFE5FF08001A002A0004001C000300FAFFFEFFF7FFDFFF0400FBFF1800DBFF0B00FCFF1200F6FFE4FF2A00F8FFDBFF2800D9FFE9FF0B00F4FF09000700E4FFF1FF1700ECFFFBFF1B00F9FF1A00F6FFFAFF1300E9FFF3FF2700E9FFE5FFDEFF0200F7FF0E00DCFFFBFF2000F8FF1100F0FFF2FF0300F6FFE0FFE7FFE7FFF3FF1700F7FF0A001B0001001B00FAFFC7FFE7FFE3FF1400F5FFF5FFFDFFDCFF1A000400EFFF0C000B00EFFFF8FFEDFF1900F2FF1400F2FFFFFF0000EDFFE6FFEEFF3700E5FF0A00E9FFF1FFE1FF140020000600F3FF0F00ECFF05000C0002002800DDFF01000000D9FF1E0006001300F3FF1300E6FF0B0006001E002800F5FF0400F3FF0D0020001A00E3FF0A0012000100DCFFF8FF4200EEFF02001700D3FF1100F4FF0A00040011001A00160015001C00F2FFDCFF1F00F9FFEDFF0100010025002200FDFFEBFF0B00E3FF15002C00F9FF1700D4FF05000B00FFFFF0FF1B001100FEFFD8FFEAFF2F00160013001300D9FF0F00ECFF1300FAFFFDFF14000D000F000E00FEFF2600F5FF0500DDFFE4FFF2FFEFFFEBFF1B00E0FF04001C00F3FF02001D00CFFF09000100FDFFEDFFE5FF20000E00E5FFFFFF0B00F9FF0E002100F7FF0600F2FF1300E3FFFEFFEDFF1100DAFF22000800FFFF19000100FEFFD6FFFCFF0200F5FFFEFF1800EBFFF3FFE8FF0800F2FFFBFF1300EEFFF4FF1100F5FF0B00DEFFECFF0E000B000E00F5FF0D001B00F7FFE4FF0200E8FF160003000000ECFFF5FF180005000500F0FFF2FFEBFFF3FFECFF1500E8FFEAFFF8FF0800C8FF0A000A000800FEFF0F00F4FFF3FFF1FFFCFFFDFF0800260010001000E7FFF7FFDFFF0B00F8FFF7FF1D00F9FF0C00FBFFEEFF1500EDFFE8FF0600F9FF080005000300FAFF190008002800F7FFFFFF33001B0008000B0013000F000700F4FF08000500CDFF09002900FEFF10001D00E6FF1000FFFFF8FF1600EDFF0100C7FFE2FF0D002000F5FFFAFFE7FFDFFFDFFFF6FFF9FFDEFFF4FF0E00E3FFD9FF0B001A00280015002B00E6FF320012000A00FAFFE9FFC9FFE5FF06000F001B002100F3FF410016001D00EBFFCFFFDFFF0300F3FFF4FF0E00ECFFE5FF16001200E0FF170003001300EDFFFEFFEFFFEBFFF7FFE4FF2100ECFFF7FF3100E3FF0200FBFFEEFFDAFF0800EAFFF4FF20000400E0FFFDFFFCFF070017001A000300200009000600EDFF08000000F2FFF6FF2100E1FF1200D9FFF9FFE4FF26001B001D00F3FF0B0023002B00E3FFE5FFEDFF0C00DBFF060007001D000300F5FFECFF22001C0014001700FEFFD4FFF7FF0C00F5FFE2FF0C002500E8FFEAFFEAFFFEFF2200F8FFF9FF250003001D000600F1FF0E001B00F4FF240028001C00E6FFDDFFFAFFE4FF060009002800F4FF0400FFFFF7FFECFF1F002C00D2FF0C00E0FFF0FF03000200FCFFE2FF0A00E8FF14000C00E6FFE8FF0F00DDFF0600EBFF0E000F002A00F8FFF9FF32000900E1FF050029000500E3FFF4FF1500060019001900C8FF0500E9FFE5FFF5FF1A000C00FCFF160014000D00FFFF00002300FEFF15000F004B00D9FF04002600EDFF24001500FAFFF0FF0A00D3FF01000D00DDFF3100E9FF0E00CEFF0F00ECFFDCFF25000B000300D7FF08000A0004001A0027001600F7FFD0FFF6FF2200F6FFE5FF23000A00140015000300070006000600F8FF0600F7FFD5FFEAFF0D00F2FF2E000C000000FBFFF6FF1C00120012000B00FAFFF9FFF5FF01002E001B000F0002002200F9FFE5FF1500E5FF0200EFFF1A00F4FFF0FF1B000900F0FF170028001B00EBFF1700E9FF1200E1FFFAFF2E00FCFF02000200F7FFF1FFF5FFEFFF12001F00ECFF2C00E9FF1700E2FF1700DDFFFCFF11001C000600F5FFE5FFF8FF0400DAFF2F000C00FEFF1B00993B08009265B8004398CF119F95FCC217D38228F1D1F14BCFC5B7160986C339F23EB15423271EF1CF476289657DBBB1460665D3944B78BEE92D15AA609768F9
smlen = 1409
sm = 73F0146209A9A0E9B7D70D9C92785CC084305749CE186A22A49B901E0AB202659A5FDE2CA6055C113F01DD52A83411B0F36E0F6287066EB3646C660961067680F8779A254A0929BA34490A97E8B1951E78287023FB699EDD5FC0EEB330FF10FFECC6F0AA224FD1925200C666121758CB7D8238C9F281594A872AA433803089841C1ECCE2947AF06597BAAE5F8B3B81866FD601B772F4C824A2E1729498085B9CA7760BBBFC20C3F4AF5D56783DD908292A4DDBFEEF546112C4EC06B32D8B74245DA6613FC533CE33D439F7BB21CC112E3165DBB48AA0D8E62421F2153B7366A99CCF2925F5D094B6F38BCF011FF0A58E474D08FF748B238017465202C47598F84AAABE303AFC794052B09AB057B9D2D90BF7E26D085111E3F07223BD5417CF123D211F75530AD1C557AC22F864B79EF94585B4D6C203A2BF74192D25E99530CC0DE6F62DBE3CA0B8161D340492C715B49626B265B89E00D5DD10B151CB57D039E94EF23DF831EDDA97CB7F022B680EAE6B39F9092248ADDDE155F76A62D4DCA3961197438870D3B14A5B9592CF4BFB18ACF47E3821502825FA0D8810162FE1D9679A172F674A32D2CA98E747DC32C4B7317A9CB0E01C510AB92BCE6C3CF31435B9F63775A6A3D1FC1D29BAFF93BE7F068C590C2AA753779A9D87678BD49411E3F4C3C3B245C2146A7BA1259416551B95D1AB3F197A621C37DFE9B19BE241A787C2A00FBC01E7435043974A683FC5B30BF69A8E55224F94F1F524C862760B99F28DDA98FB244EAE9A29F4F4911468ECE6590EC89D0E8708EEF8D6B204F38955F14B3664C4B7D6DC27A27ED41B010B83996DA7864101822AB1F78A5F2099C69D70CC2777244BD4124524F61B2BE8F18DE6DE36F1E053FF6B1B799A8A38BE4442A1F717BE47B556F61641499776B4895E7DD7D6D3C53529E1C792219FBB5F25F56E71255F00E5D09E677D5AB3C159984A5076DA7FA342993D857FA319DEA21E48FF63DB49DB07A5D8EFBAF660139D2CB269C55448DA3B8753B256CEBB881924DF6F0463727A6B821BB10A4FD6543A48ACA35E5B5529AD472ACFCB7C129CB4EE92FF0CE4AB3762722F283F3A5EF207659EB85FCE3FDEBCB88502BE8623259FB7B1ED40F2DA7C71319A926B60436DF76C71CCDAC818E842DAEBDB438F6ED4B871638DB49EABCE9AD734D4B5664EC74E5D72B23AD131589F3BDC9119F5E311549E1031461F045B34B8E6B88FD7D84713830A533F4084E9DECE9B9C4825745CD2FAF3183EEA89050476C770244B2A754A13D96B3E19F3B98FA777290ADEBD9863265D6A9ED6EDA6E3106C31A05A7B035AAACFB2AA76F7A5A04EEDC7F08B13BC1F9C5142FE58BF0CA7F389C7C6704D4D7BF0507D16EC1FF58130388E80C40A44A73CDC22CDC9B643C0A258805FB7CC2CFCCEEF1CE24CDB55B96B9A1EB3D1EEE9BB5AAFD37BA9C4A2387CCE3A39335C498A366E736653BE7DCC39ACB598984179391E6A521D13736B9C56EECFE71B71894E59D9E19863254E3415BBDD0D3D497BA5267999711F6B08A3519BC55A029F5945033B2593963624D0082C20FF437C0CAB61F7B9538AE4F456BD827ADEED1FDAF580A41789E5E86C2462058EEE793526DA59329C822491237173D8D01B1D22CAC6FBEE92C839D19AC193D6848084298A525EA881CC449E3B610C7A7BED083AA32D9830F8862BBD12261C9047C3F8DEE6744FF0603B38CCBBA3BFAE6B4042D5BEE0816923635E6AF9536EFC8E8670C7D3291BDF90F1CC1DD923B6B51CFBB161A43D2C7D3EA2FCF0D75D894EE95F448D6E930CF6CB90CA1708FD214961980C6CAC65CE4CDA5BEA9E703D845A7029DEC205FBCF31492C73FB7D17215B18F8BAD562C535EB1B76A3216AD55796EB2DEECAD8605F177BDC3AFB196E944D886C343F85D9F288871687012092C77000A8B1BA851EC5DB17D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8

8
tests/KATs/sig/qTESLA_III_size.kat
View File

File diff suppressed because one or more lines are too long

8
tests/KATs/sig/qTESLA_III_speed.kat
View File

File diff suppressed because one or more lines are too long

8
tests/KATs/sig/qTesla-p-I.kat Normal file
View File

File diff suppressed because one or more lines are too long

8
tests/KATs/sig/qTesla-p-III.kat Normal file
View File

File diff suppressed because one or more lines are too long

38
tests/example_sig.c
View File

@ -12,9 +12,9 @@
* statically on the stack, calling a specific algorithm's functions
* directly.
*
* The macros OQS_SIG_qTESLA_I_length_* and the functions OQS_SIG_qTESLA_I_*
* are only defined if the algorithm qTESLA-I was enabled at compile-time
* which must be checked using the OQS_ENABLE_SIG_qTESLA_I macro.
* The macros OQS_SIG_qTesla_p_I_length_* and the functions OQS_SIG_qTesla_p_I_*
* are only defined if the algorithm qTesla-p-I was enabled at compile-time
* which must be checked using the OQS_ENABLE_SIG_qTesla_p_I macro.
*
* <oqs/oqsconfig.h>, which is included in <oqs/oqs.h>, contains macros
* indicating which algorithms were enabled when this instance of liboqs
@ -22,36 +22,36 @@
*/
static OQS_STATUS example_stack() {
#ifdef OQS_ENABLE_SIG_qTESLA_I
#ifdef OQS_ENABLE_SIG_qTesla_p_I
OQS_STATUS rc;
OQS_STATUS ret = OQS_ERROR;
uint8_t public_key[OQS_SIG_qTESLA_I_length_public_key];
uint8_t secret_key[OQS_SIG_qTESLA_I_length_secret_key];
uint8_t public_key[OQS_SIG_qTesla_p_I_length_public_key];
uint8_t secret_key[OQS_SIG_qTesla_p_I_length_secret_key];
uint8_t message[MESSAGE_LEN];
uint8_t signature[OQS_SIG_qTESLA_I_length_signature];
uint8_t signature[OQS_SIG_qTesla_p_I_length_signature];
size_t message_len = MESSAGE_LEN;
size_t signature_len;
OQS_randombytes(message, message_len);
rc = OQS_SIG_qTESLA_I_keypair(public_key, secret_key);
rc = OQS_SIG_qTesla_p_I_keypair(public_key, secret_key);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "ERROR: OQS_SIG_qTESLA_I_keypair failed!\n");
fprintf(stderr, "ERROR: OQS_SIG_qTesla_p_I_keypair failed!\n");
goto err;
}
rc = OQS_SIG_qTESLA_I_sign(signature, &signature_len, message, message_len, secret_key);
rc = OQS_SIG_qTesla_p_I_sign(signature, &signature_len, message, message_len, secret_key);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "ERROR: OQS_SIG_qTESLA_I_sign failed!\n");
fprintf(stderr, "ERROR: OQS_SIG_qTesla_p_I_sign failed!\n");
goto err;
}
rc = OQS_SIG_qTESLA_I_verify(message, message_len, signature, signature_len, public_key);
rc = OQS_SIG_qTesla_p_I_verify(message, message_len, signature, signature_len, public_key);
if (rc != OQS_SUCCESS) {
fprintf(stderr, "ERROR: OQS_SIG_qTESLA_I_verify failed!\n");
fprintf(stderr, "ERROR: OQS_SIG_qTesla_p_I_verify failed!\n");
goto err;
}
printf("[example_stack] OQS_SIG_qTESLA_I operations completed.\n");
printf("[example_stack] OQS_SIG_qTesla_p_I operations completed.\n");
ret = OQS_SUCCESS; // success!
goto cleanup;
@ -59,11 +59,11 @@ err:
ret = OQS_ERROR;
cleanup:
OQS_MEM_cleanse(secret_key, OQS_SIG_qTESLA_I_length_secret_key);
OQS_MEM_cleanse(secret_key, OQS_SIG_qTesla_p_I_length_secret_key);
return ret;
#else
printf("[example_stack] OQS_SIG_qTESLA_I was not enabled at compile-time.\n");
printf("[example_stack] OQS_SIG_qTesla_p_I was not enabled at compile-time.\n");
return OQS_ERROR;
#endif
@ -89,9 +89,9 @@ static OQS_STATUS example_heap() {
OQS_STATUS rc;
OQS_STATUS ret = OQS_ERROR;
sig = OQS_SIG_new(OQS_SIG_alg_qTESLA_I);
sig = OQS_SIG_new(OQS_SIG_alg_qTesla_p_I);
if (sig == NULL) {
printf("[example_heap] OQS_SIG_alg_qTESLA_I was not enabled at compile-time.\n");
printf("[example_heap] OQS_SIG_alg_qTesla_p_I was not enabled at compile-time.\n");
return OQS_ERROR;
}
@ -122,7 +122,7 @@ static OQS_STATUS example_heap() {
goto err;
}
printf("[example_heap] OQS_SIG_qTESLA_I operations completed.\n");
printf("[example_heap] OQS_SIG_qTesla_p_I operations completed.\n");
ret = OQS_SUCCESS; // success
goto cleanup;

2
tests/kat_sig.c
View File

@ -59,7 +59,7 @@ OQS_STATUS combine_message_signature(uint8_t **signed_msg, size_t *signed_msg_le
memcpy(*signed_msg + 4, msg, msg_len);
memcpy(*signed_msg + 4 + msg_len, signature, signature_len);
return OQS_SUCCESS;
} else if ((0 == strcmp(sig->method_name, "qTESLA_I")) || (0 == strcmp(sig->method_name, "qTESLA_III_size")) || (0 == strcmp(sig->method_name, "qTESLA_III_speed"))) {
} else if ((0 == strcmp(sig->method_name, "qTesla-p-I")) || (0 == strcmp(sig->method_name, "qTesla-p-III"))) {
// signed_msg = signature || msg
*signed_msg_len = signature_len + msg_len;
*signed_msg = malloc(*signed_msg_len);