sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-09 00:04:26 -04:00
Code Issues Projects Releases Wiki Activity

Cleanup global namespace.

Browse Source
This commit is contained in:
Alex Parent 2016-10-14 10:50:31 -04:00
parent fd12d8ba10
commit 181e602943
15 changed files with 264 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -52,10 +52,10 @@ $(KEX_RLWE_BCNS15_OBJS): $(KEX_RLWE_BCNS15_HEADERS)
# KEX_NEWHOPE
KEX_RLWE_NEWHOPE_OBJS := $(addprefix objs/kex_rlwe_newhope/, \
kex_rlwe_newhope.o newhope.o fips202.o error_correction.o poly.o reduce.o ntt.o precomp.o )
kex_rlwe_newhope.o)
KEX_RLWE_NEWHOPE_HEADERS := $(addprefix src/kex_rlwe_newhope/, \
kex_rlwe_newhope.h newhope.h fips202.h error_correction.h poly.h reduce.h ntt.h )
kex_rlwe_newhope.h)
$(KEX_RLWE_NEWHOPE_OBJS): $(KEX_RLWE_NEWHOPE_HEADERS)

113
src/kex_rlwe_newhope/error_correction.c
View File

@ -1,113 +0,0 @@
#include "error_correction.h"
//See paper for details on the error reconciliation
static int32_t abs(int32_t v) {
int32_t mask = v >> 31;
return (v ^ mask) - mask;
}
static int32_t f(int32_t *v0, int32_t *v1, int32_t x) {
int32_t xit, t, r, b;
// Next 6 lines compute t = x/PARAM_Q;
b = x * 2730;
t = b >> 25;
b = x - t * 12289;
b = 12288 - b;
b >>= 31;
t -= b;
r = t & 1;
xit = (t >> 1);
*v0 = xit + r; // v0 = round(x/(2*PARAM_Q))
t -= 1;
r = t & 1;
*v1 = (t >> 1) + r;
return abs(x - ((*v0) * 2 * PARAM_Q));
}
static int32_t g(int32_t x) {
int32_t t, c, b;
// Next 6 lines compute t = x/(4*PARAM_Q);
b = x * 2730;
t = b >> 27;
b = x - t * 49156;
b = 49155 - b;
b >>= 31;
t -= b;
c = t & 1;
t = (t >> 1) + c; // t = round(x/(8*PARAM_Q))
t *= 8 * PARAM_Q;
return abs(t - x);
}
static int16_t LDDecode(int32_t xi0, int32_t xi1, int32_t xi2, int32_t xi3) {
int32_t t;
t = g(xi0);
t += g(xi1);
t += g(xi2);
t += g(xi3);
t -= 8 * PARAM_Q;
t >>= 31;
return t & 1;
}
void helprec(poly *c, const poly *v, OQS_RAND *oqs_rand) {
int32_t v0[4], v1[4], v_tmp[4], k;
unsigned char rbit;
unsigned char rand[32];
int i;
oqs_rand->rand_n(oqs_rand, rand, 32);
for (i = 0; i < 256; i++) {
rbit = (rand[i >> 3] >> (i & 7)) & 1;
k = f(v0 + 0, v1 + 0, 8 * v->coeffs[ 0 + i] + 4 * rbit);
k += f(v0 + 1, v1 + 1, 8 * v->coeffs[256 + i] + 4 * rbit);
k += f(v0 + 2, v1 + 2, 8 * v->coeffs[512 + i] + 4 * rbit);
k += f(v0 + 3, v1 + 3, 8 * v->coeffs[768 + i] + 4 * rbit);
k = (2 * PARAM_Q - 1 - k) >> 31;
v_tmp[0] = ((~k) & v0[0]) ^ (k & v1[0]);
v_tmp[1] = ((~k) & v0[1]) ^ (k & v1[1]);
v_tmp[2] = ((~k) & v0[2]) ^ (k & v1[2]);
v_tmp[3] = ((~k) & v0[3]) ^ (k & v1[3]);
c->coeffs[ 0 + i] = (v_tmp[0] - v_tmp[3]) & 3;
c->coeffs[256 + i] = (v_tmp[1] - v_tmp[3]) & 3;
c->coeffs[512 + i] = (v_tmp[2] - v_tmp[3]) & 3;
c->coeffs[768 + i] = ( -k + 2 * v_tmp[3]) & 3;
}
}
void rec(unsigned char *key, const poly *v, const poly *c) {
int i;
int32_t tmp[4];
for (i = 0; i < 32; i++)
key[i] = 0;
for (i = 0; i < 256; i++) {
tmp[0] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[ 0 + i] - PARAM_Q * (2 * c->coeffs[ 0 + i] + c->coeffs[768 + i]);
tmp[1] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[256 + i] - PARAM_Q * (2 * c->coeffs[256 + i] + c->coeffs[768 + i]);
tmp[2] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[512 + i] - PARAM_Q * (2 * c->coeffs[512 + i] + c->coeffs[768 + i]);
tmp[3] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[768 + i] - PARAM_Q * ( c->coeffs[768 + i]);
key[i >> 3] |= LDDecode(tmp[0], tmp[1], tmp[2], tmp[3]) << (i & 7);
}
}

13
src/kex_rlwe_newhope/error_correction.h
View File

@ -1,13 +0,0 @@
#ifndef ERROR_CORRECTION_H
#define ERROR_CORRECTION_H
#include "inttypes.h"
#include "params.h"
#include "math.h"
#include "poly.h"
#include <stdio.h>
void helprec(poly *c, const poly *v, OQS_RAND *rand);
void rec(unsigned char *key, const poly *v, const poly *c);
#endif

20
src/kex_rlwe_newhope/fips202.c
View File

@ -7,8 +7,9 @@
#include <stdint.h>
#include <assert.h>
#include "fips202.h"
#define SHAKE128_RATE 168
#define SHA3_256_RATE 136
#define NROUNDS 24
#define ROL(a, offset) ((a << offset) ^ (a >> (64-offset)))
@ -57,7 +58,7 @@ static const uint64_t KeccakF_RoundConstants[NROUNDS] = {
(uint64_t)0x8000000080008008ULL
};
void KeccakF1600_StatePermute(uint64_t *state) {
static void KeccakF1600_StatePermute(uint64_t *state) {
int round;
uint64_t Aba, Abe, Abi, Abo, Abu;
@ -370,26 +371,15 @@ static void keccak_squeezeblocks(unsigned char *h, unsigned long long int nblock
}
}
void shake128_absorb(uint64_t *s, const unsigned char *input, unsigned int inputByteLen) {
keccak_absorb(s, SHAKE128_RATE, input, inputByteLen, 0x1F);
}
void shake128_squeezeblocks(unsigned char *output, unsigned long long nblocks, uint64_t *s) {
static void shake128_squeezeblocks(unsigned char *output, unsigned long long nblocks, uint64_t *s) {
keccak_squeezeblocks(output, nblocks, s, SHAKE128_RATE);
}
void shake128(unsigned char *output, unsigned int outputByteLen, const unsigned char *input, unsigned int inputByteLen) {
uint64_t s[25];
assert(!(outputByteLen % SHAKE128_RATE));
shake128_absorb(s, input, inputByteLen);
shake128_squeezeblocks(output, outputByteLen / SHAKE128_RATE, s);
}
void sha3256(unsigned char *output, const unsigned char *input, unsigned int inputByteLen) {
static void sha3256(unsigned char *output, const unsigned char *input, unsigned int inputByteLen) {
uint64_t s[25];
unsigned char t[SHA3_256_RATE];
int i;

12
src/kex_rlwe_newhope/fips202.h
View File

@ -1,12 +0,0 @@
#ifndef FIPS202_H
#define FIPS202_H
#define SHAKE128_RATE 168
#define SHA3_256_RATE 136
void shake128_absorb(uint64_t *s, const unsigned char *input, unsigned int inputByteLen);
void shake128_squeezeblocks(unsigned char *output, unsigned long long nblocks, uint64_t *s);
void shake128(unsigned char *output, unsigned int outputByteLen, const unsigned char *input, unsigned int inputByteLen);
void sha3256(unsigned char *output, const unsigned char *input, unsigned int inputByteLen);
#endif

9
src/kex_rlwe_newhope/kex_rlwe_newhope.c
View File

@ -8,8 +8,9 @@
#include <oqs/kex.h>
#include <oqs/rand.h>
#include "params.h"
#include "kex_rlwe_newhope.h"
#include "newhope.h"
#include "newhope.c"
OQS_KEX *OQS_KEX_rlwe_newhope_new(OQS_RAND *rand) {
OQS_KEX *k = malloc(sizeof(OQS_KEX));
@ -41,7 +42,7 @@ int OQS_KEX_rlwe_newhope_alice_0(UNUSED OQS_KEX *k, void **alice_priv, uint8_t *
if (*alice_priv == NULL) goto err;
/* generate public/private key pair */
OQS_KEX_rlwe_newhope_keygen(*alice_msg, (poly *) (*alice_priv), k->rand);
keygen(*alice_msg, (poly *) (*alice_priv), k->rand);
*alice_msg_len = NEWHOPE_SENDABYTES;
ret = 1;
@ -73,7 +74,7 @@ int OQS_KEX_rlwe_newhope_bob(UNUSED OQS_KEX *k, const uint8_t *alice_msg, const
if (*key == NULL) goto err;
/* generate Bob's response */
OQS_KEX_rlwe_newhope_sharedb(*key, *bob_msg, alice_msg, k->rand);
sharedb(*key, *bob_msg, alice_msg, k->rand);
*bob_msg_len = NEWHOPE_SENDBBYTES;
*key_len = 32;
@ -103,7 +104,7 @@ int OQS_KEX_rlwe_newhope_alice_1(UNUSED OQS_KEX *k, const void *alice_priv, cons
if (*key == NULL) goto err;
/* generate Alice's session key */
OQS_KEX_rlwe_newhope_shareda(*key, (poly *) alice_priv, bob_msg);
shareda(*key, (poly *) alice_priv, bob_msg);
*key_len = 32;
ret = 1;

14
src/kex_rlwe_newhope/newhope.c
View File

@ -1,7 +1,7 @@
#include "poly.h"
#include "error_correction.h"
#include "fips202.h"
#include "newhope.h"
#include <stdint.h>
#include "precomp.c"
#include "fips202.c"
#include "poly.c"
static void encode_a(unsigned char *r, const poly *pk, const unsigned char *seed) {
int i;
@ -42,7 +42,7 @@ static void gen_a(poly *a, const unsigned char *seed) {
// API FUNCTIONS
void OQS_KEX_rlwe_newhope_keygen(unsigned char *send, poly *sk, OQS_RAND *rand) {
static void keygen(unsigned char *send, poly *sk, OQS_RAND *rand) {
poly a, e, r, pk;
unsigned char seed[NEWHOPE_SEEDBYTES];
@ -63,7 +63,7 @@ void OQS_KEX_rlwe_newhope_keygen(unsigned char *send, poly *sk, OQS_RAND *rand)
}
void OQS_KEX_rlwe_newhope_sharedb(unsigned char *sharedkey, unsigned char *send, const unsigned char *received, OQS_RAND *rand) {
static void sharedb(unsigned char *sharedkey, unsigned char *send, const unsigned char *received, OQS_RAND *rand) {
poly sp, ep, v, a, pka, c, epp, bp;
unsigned char seed[NEWHOPE_SEEDBYTES];
@ -96,7 +96,7 @@ void OQS_KEX_rlwe_newhope_sharedb(unsigned char *sharedkey, unsigned char *send,
}
void OQS_KEX_rlwe_newhope_shareda(unsigned char *sharedkey, const poly *sk, const unsigned char *received) {
static void shareda(unsigned char *sharedkey, const poly *sk, const unsigned char *received) {
poly v, bp, c;
decode_b(&bp, &c, received);

12
src/kex_rlwe_newhope/newhope.h
View File

@ -1,12 +0,0 @@
#ifndef NEWHOPE_H
#define NEWHOPE_H
#include "poly.h"
#include "error_correction.h"
#include <math.h>
#include <stdio.h>
#include <oqs/rand.h>
void OQS_KEX_rlwe_newhope_keygen(unsigned char *send, poly *sk, OQS_RAND *rand);
void OQS_KEX_rlwe_newhope_sharedb(unsigned char *sharedkey, unsigned char *send, const unsigned char *received, OQS_RAND *rand);
void OQS_KEX_rlwe_newhope_shareda(unsigned char *sharedkey, const poly *ska, const unsigned char *received);
#endif

95
src/kex_rlwe_newhope/ntt.c
View File

@ -1,95 +0,0 @@
#include "inttypes.h"
#include "ntt.h"
#include "params.h"
#include "reduce.h"
static uint16_t bitrev_table[1024] = {
0, 512, 256, 768, 128, 640, 384, 896, 64, 576, 320, 832, 192, 704, 448, 960, 32, 544, 288, 800, 160, 672, 416, 928, 96, 608, 352, 864, 224, 736, 480, 992,
16, 528, 272, 784, 144, 656, 400, 912, 80, 592, 336, 848, 208, 720, 464, 976, 48, 560, 304, 816, 176, 688, 432, 944, 112, 624, 368, 880, 240, 752, 496, 1008,
8, 520, 264, 776, 136, 648, 392, 904, 72, 584, 328, 840, 200, 712, 456, 968, 40, 552, 296, 808, 168, 680, 424, 936, 104, 616, 360, 872, 232, 744, 488, 1000,
24, 536, 280, 792, 152, 664, 408, 920, 88, 600, 344, 856, 216, 728, 472, 984, 56, 568, 312, 824, 184, 696, 440, 952, 120, 632, 376, 888, 248, 760, 504, 1016,
4, 516, 260, 772, 132, 644, 388, 900, 68, 580, 324, 836, 196, 708, 452, 964, 36, 548, 292, 804, 164, 676, 420, 932, 100, 612, 356, 868, 228, 740, 484, 996,
20, 532, 276, 788, 148, 660, 404, 916, 84, 596, 340, 852, 212, 724, 468, 980, 52, 564, 308, 820, 180, 692, 436, 948, 116, 628, 372, 884, 244, 756, 500, 1012,
12, 524, 268, 780, 140, 652, 396, 908, 76, 588, 332, 844, 204, 716, 460, 972, 44, 556, 300, 812, 172, 684, 428, 940, 108, 620, 364, 876, 236, 748, 492, 1004,
28, 540, 284, 796, 156, 668, 412, 924, 92, 604, 348, 860, 220, 732, 476, 988, 60, 572, 316, 828, 188, 700, 444, 956, 124, 636, 380, 892, 252, 764, 508, 1020,
2, 514, 258, 770, 130, 642, 386, 898, 66, 578, 322, 834, 194, 706, 450, 962, 34, 546, 290, 802, 162, 674, 418, 930, 98, 610, 354, 866, 226, 738, 482, 994,
18, 530, 274, 786, 146, 658, 402, 914, 82, 594, 338, 850, 210, 722, 466, 978, 50, 562, 306, 818, 178, 690, 434, 946, 114, 626, 370, 882, 242, 754, 498, 1010,
10, 522, 266, 778, 138, 650, 394, 906, 74, 586, 330, 842, 202, 714, 458, 970, 42, 554, 298, 810, 170, 682, 426, 938, 106, 618, 362, 874, 234, 746, 490, 1002,
26, 538, 282, 794, 154, 666, 410, 922, 90, 602, 346, 858, 218, 730, 474, 986, 58, 570, 314, 826, 186, 698, 442, 954, 122, 634, 378, 890, 250, 762, 506, 1018,
6, 518, 262, 774, 134, 646, 390, 902, 70, 582, 326, 838, 198, 710, 454, 966, 38, 550, 294, 806, 166, 678, 422, 934, 102, 614, 358, 870, 230, 742, 486, 998,
22, 534, 278, 790, 150, 662, 406, 918, 86, 598, 342, 854, 214, 726, 470, 982, 54, 566, 310, 822, 182, 694, 438, 950, 118, 630, 374, 886, 246, 758, 502, 1014,
14, 526, 270, 782, 142, 654, 398, 910, 78, 590, 334, 846, 206, 718, 462, 974, 46, 558, 302, 814, 174, 686, 430, 942, 110, 622, 366, 878, 238, 750, 494, 1006,
30, 542, 286, 798, 158, 670, 414, 926, 94, 606, 350, 862, 222, 734, 478, 990, 62, 574, 318, 830, 190, 702, 446, 958, 126, 638, 382, 894, 254, 766, 510, 1022,
1, 513, 257, 769, 129, 641, 385, 897, 65, 577, 321, 833, 193, 705, 449, 961, 33, 545, 289, 801, 161, 673, 417, 929, 97, 609, 353, 865, 225, 737, 481, 993,
17, 529, 273, 785, 145, 657, 401, 913, 81, 593, 337, 849, 209, 721, 465, 977, 49, 561, 305, 817, 177, 689, 433, 945, 113, 625, 369, 881, 241, 753, 497, 1009,
9, 521, 265, 777, 137, 649, 393, 905, 73, 585, 329, 841, 201, 713, 457, 969, 41, 553, 297, 809, 169, 681, 425, 937, 105, 617, 361, 873, 233, 745, 489, 1001,
25, 537, 281, 793, 153, 665, 409, 921, 89, 601, 345, 857, 217, 729, 473, 985, 57, 569, 313, 825, 185, 697, 441, 953, 121, 633, 377, 889, 249, 761, 505, 1017,
5, 517, 261, 773, 133, 645, 389, 901, 69, 581, 325, 837, 197, 709, 453, 965, 37, 549, 293, 805, 165, 677, 421, 933, 101, 613, 357, 869, 229, 741, 485, 997,
21, 533, 277, 789, 149, 661, 405, 917, 85, 597, 341, 853, 213, 725, 469, 981, 53, 565, 309, 821, 181, 693, 437, 949, 117, 629, 373, 885, 245, 757, 501, 1013,
13, 525, 269, 781, 141, 653, 397, 909, 77, 589, 333, 845, 205, 717, 461, 973, 45, 557, 301, 813, 173, 685, 429, 941, 109, 621, 365, 877, 237, 749, 493, 1005,
29, 541, 285, 797, 157, 669, 413, 925, 93, 605, 349, 861, 221, 733, 477, 989, 61, 573, 317, 829, 189, 701, 445, 957, 125, 637, 381, 893, 253, 765, 509, 1021,
3, 515, 259, 771, 131, 643, 387, 899, 67, 579, 323, 835, 195, 707, 451, 963, 35, 547, 291, 803, 163, 675, 419, 931, 99, 611, 355, 867, 227, 739, 483, 995,
19, 531, 275, 787, 147, 659, 403, 915, 83, 595, 339, 851, 211, 723, 467, 979, 51, 563, 307, 819, 179, 691, 435, 947, 115, 627, 371, 883, 243, 755, 499, 1011,
11, 523, 267, 779, 139, 651, 395, 907, 75, 587, 331, 843, 203, 715, 459, 971, 43, 555, 299, 811, 171, 683, 427, 939, 107, 619, 363, 875, 235, 747, 491, 1003,
27, 539, 283, 795, 155, 667, 411, 923, 91, 603, 347, 859, 219, 731, 475, 987, 59, 571, 315, 827, 187, 699, 443, 955, 123, 635, 379, 891, 251, 763, 507, 1019,
7, 519, 263, 775, 135, 647, 391, 903, 71, 583, 327, 839, 199, 711, 455, 967, 39, 551, 295, 807, 167, 679, 423, 935, 103, 615, 359, 871, 231, 743, 487, 999,
23, 535, 279, 791, 151, 663, 407, 919, 87, 599, 343, 855, 215, 727, 471, 983, 55, 567, 311, 823, 183, 695, 439, 951, 119, 631, 375, 887, 247, 759, 503, 1015,
15, 527, 271, 783, 143, 655, 399, 911, 79, 591, 335, 847, 207, 719, 463, 975, 47, 559, 303, 815, 175, 687, 431, 943, 111, 623, 367, 879, 239, 751, 495, 1007,
31, 543, 287, 799, 159, 671, 415, 927, 95, 607, 351, 863, 223, 735, 479, 991, 63, 575, 319, 831, 191, 703, 447, 959, 127, 639, 383, 895, 255, 767, 511, 1023
};
void bitrev_vector(uint16_t *poly) {
unsigned int i, r;
uint16_t tmp;
for (i = 0; i < PARAM_N; i++) {
r = bitrev_table[i];
if (i < r) {
tmp = poly[i];
poly[i] = poly[r];
poly[r] = tmp;
}
}
}
void mul_coefficients(uint16_t *poly, const uint16_t *factors) {
unsigned int i;
for (i = 0; i < PARAM_N; i++)
poly[i] = montgomery_reduce((poly[i] * factors[i]));
}
/* GS_bo_to_no; omegas need to be in Montgomery domain */
void ntt(uint16_t *a, const uint16_t *omega) {
int i, start, j, jTwiddle, distance;
uint16_t temp, W;
for (i = 0; i < 10; i += 2) {
// Even level
distance = (1 << i);
for (start = 0; start < distance; start++) {
jTwiddle = 0;
for (j = start; j < PARAM_N - 1; j += 2 * distance) {
W = omega[jTwiddle++];
temp = a[j];
a[j] = (temp + a[j + distance]); // Omit reduction (be lazy)
a[j + distance] = montgomery_reduce((W * ((uint32_t)temp + 3 * PARAM_Q - a[j + distance])));
}
}
// Odd level
distance <<= 1;
for (start = 0; start < distance; start++) {
jTwiddle = 0;
for (j = start; j < PARAM_N - 1; j += 2 * distance) {
W = omega[jTwiddle++];
temp = a[j];
a[j] = barrett_reduce((temp + a[j + distance]));
a[j + distance] = montgomery_reduce((W * ((uint32_t)temp + 3 * PARAM_Q - a[j + distance])));
}
}
}
}

16
src/kex_rlwe_newhope/ntt.h
View File

@ -1,16 +0,0 @@
#ifndef NTT_H
#define NTT_H
#include "inttypes.h"
extern uint16_t omegas_montgomery[];
extern uint16_t omegas_inv_montgomery[];
extern uint16_t psis_bitrev_montgomery[];
extern uint16_t psis_inv_montgomery[];
void bitrev_vector(uint16_t *poly);
void mul_coefficients(uint16_t *poly, const uint16_t *factors);
void ntt(uint16_t *poly, const uint16_t *omegas);
#endif

217
src/kex_rlwe_newhope/poly.c
View File

@ -1,9 +1,89 @@
#include "poly.h"
#include "ntt.h"
#include "reduce.h"
#include "fips202.h"
#include "params.h"
#include <oqs/rand.h>
void poly_frombytes(poly *r, const unsigned char *a) {
typedef struct {
uint16_t coeffs[PARAM_N];
} poly __attribute__ ((aligned (32)));
static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;
static uint16_t montgomery_reduce(uint32_t a) {
uint32_t u;
u = (a * qinv);
u &= ((1 << rlog) - 1);
u *= PARAM_Q;
a = a + u;
return a >> 18;
}
static uint16_t barrett_reduce(uint16_t a) {
uint32_t u;
u = ((uint32_t) a * 5) >> 16;
u *= PARAM_Q;
a -= u;
return a;
}
static void bitrev_vector(uint16_t *poly) {
unsigned int i, r;
uint16_t tmp;
for (i = 0; i < PARAM_N; i++) {
r = bitrev_table[i];
if (i < r) {
tmp = poly[i];
poly[i] = poly[r];
poly[r] = tmp;
}
}
}
static void mul_coefficients(uint16_t *poly, const uint16_t *factors) {
unsigned int i;
for (i = 0; i < PARAM_N; i++)
poly[i] = montgomery_reduce((poly[i] * factors[i]));
}
/* GS_bo_to_no; omegas need to be in Montgomery domain */
static void ntt(uint16_t *a, const uint16_t *omega) {
int i, start, j, jTwiddle, distance;
uint16_t temp, W;
for (i = 0; i < 10; i += 2) {
// Even level
distance = (1 << i);
for (start = 0; start < distance; start++) {
jTwiddle = 0;
for (j = start; j < PARAM_N - 1; j += 2 * distance) {
W = omega[jTwiddle++];
temp = a[j];
a[j] = (temp + a[j + distance]); // Omit reduction (be lazy)
a[j + distance] = montgomery_reduce((W * ((uint32_t)temp + 3 * PARAM_Q - a[j + distance])));
}
}
// Odd level
distance <<= 1;
for (start = 0; start < distance; start++) {
jTwiddle = 0;
for (j = start; j < PARAM_N - 1; j += 2 * distance) {
W = omega[jTwiddle++];
temp = a[j];
a[j] = barrett_reduce((temp + a[j + distance]));
a[j + distance] = montgomery_reduce((W * ((uint32_t)temp + 3 * PARAM_Q - a[j + distance])));
}
}
}
}
static void poly_frombytes(poly *r, const unsigned char *a) {
int i;
for (i = 0; i < PARAM_N / 4; i++) {
r->coeffs[4 * i + 0] = a[7 * i + 0] | (((uint16_t)a[7 * i + 1] & 0x3f) << 8);
@ -13,7 +93,7 @@ void poly_frombytes(poly *r, const unsigned char *a) {
}
}
void poly_tobytes(unsigned char *r, const poly *p) {
static void poly_tobytes(unsigned char *r, const poly *p) {
int i;
uint16_t t0, t1, t2, t3, m;
int16_t c;
@ -53,7 +133,7 @@ void poly_tobytes(unsigned char *r, const poly *p) {
}
}
void poly_uniform(poly *a, const unsigned char *seed) {
static void poly_uniform(poly *a, const unsigned char *seed) {
unsigned int pos = 0, ctr = 0;
uint16_t val;
uint64_t state[25];
@ -78,7 +158,7 @@ void poly_uniform(poly *a, const unsigned char *seed) {
}
void poly_getnoise(poly *r, OQS_RAND *rand) {
static void poly_getnoise(poly *r, OQS_RAND *rand) {
#if PARAM_K != 16
#error "poly_getnoise in poly.c only supports k=16"
#endif
@ -102,7 +182,7 @@ void poly_getnoise(poly *r, OQS_RAND *rand) {
}
}
void poly_pointwise(poly *r, const poly *a, const poly *b) {
static void poly_pointwise(poly *r, const poly *a, const poly *b) {
int i;
uint16_t t;
for (i = 0; i < PARAM_N; i++) {
@ -111,19 +191,132 @@ void poly_pointwise(poly *r, const poly *a, const poly *b) {
}
}
void poly_add(poly *r, const poly *a, const poly *b) {
static void poly_add(poly *r, const poly *a, const poly *b) {
int i;
for (i = 0; i < PARAM_N; i++)
r->coeffs[i] = barrett_reduce(a->coeffs[i] + b->coeffs[i]);
}
void poly_ntt(poly *r) {
static void poly_ntt(poly *r) {
mul_coefficients(r->coeffs, psis_bitrev_montgomery);
ntt((uint16_t *)r->coeffs, omegas_montgomery);
}
void poly_invntt(poly *r) {
static void poly_invntt(poly *r) {
bitrev_vector(r->coeffs);
ntt((uint16_t *)r->coeffs, omegas_inv_montgomery);
mul_coefficients(r->coeffs, psis_inv_montgomery);
}
//Error Correction:
static int32_t nh_abs(int32_t v) {
int32_t mask = v >> 31;
return (v ^ mask) - mask;
}
static int32_t f(int32_t *v0, int32_t *v1, int32_t x) {
int32_t xit, t, r, b;
// Next 6 lines compute t = x/PARAM_Q;
b = x * 2730;
t = b >> 25;
b = x - t * 12289;
b = 12288 - b;
b >>= 31;
t -= b;
r = t & 1;
xit = (t >> 1);
*v0 = xit + r; // v0 = round(x/(2*PARAM_Q))
t -= 1;
r = t & 1;
*v1 = (t >> 1) + r;
return nh_abs(x - ((*v0) * 2 * PARAM_Q));
}
static int32_t g(int32_t x) {
int32_t t, c, b;
// Next 6 lines compute t = x/(4*PARAM_Q);
b = x * 2730;
t = b >> 27;
b = x - t * 49156;
b = 49155 - b;
b >>= 31;
t -= b;
c = t & 1;
t = (t >> 1) + c; // t = round(x/(8*PARAM_Q))
t *= 8 * PARAM_Q;
return nh_abs(t - x);
}
static int16_t LDDecode(int32_t xi0, int32_t xi1, int32_t xi2, int32_t xi3) {
int32_t t;
t = g(xi0);
t += g(xi1);
t += g(xi2);
t += g(xi3);
t -= 8 * PARAM_Q;
t >>= 31;
return t & 1;
}
static void helprec(poly *c, const poly *v, OQS_RAND *oqs_rand) {
int32_t v0[4], v1[4], v_tmp[4], k;
unsigned char rbit;
unsigned char rand[32];
int i;
oqs_rand->rand_n(oqs_rand, rand, 32);
for (i = 0; i < 256; i++) {
rbit = (rand[i >> 3] >> (i & 7)) & 1;
k = f(v0 + 0, v1 + 0, 8 * v->coeffs[ 0 + i] + 4 * rbit);
k += f(v0 + 1, v1 + 1, 8 * v->coeffs[256 + i] + 4 * rbit);
k += f(v0 + 2, v1 + 2, 8 * v->coeffs[512 + i] + 4 * rbit);
k += f(v0 + 3, v1 + 3, 8 * v->coeffs[768 + i] + 4 * rbit);
k = (2 * PARAM_Q - 1 - k) >> 31;
v_tmp[0] = ((~k) & v0[0]) ^ (k & v1[0]);
v_tmp[1] = ((~k) & v0[1]) ^ (k & v1[1]);
v_tmp[2] = ((~k) & v0[2]) ^ (k & v1[2]);
v_tmp[3] = ((~k) & v0[3]) ^ (k & v1[3]);
c->coeffs[ 0 + i] = (v_tmp[0] - v_tmp[3]) & 3;
c->coeffs[256 + i] = (v_tmp[1] - v_tmp[3]) & 3;
c->coeffs[512 + i] = (v_tmp[2] - v_tmp[3]) & 3;
c->coeffs[768 + i] = ( -k + 2 * v_tmp[3]) & 3;
}
}
static void rec(unsigned char *key, const poly *v, const poly *c) {
int i;
int32_t tmp[4];
for (i = 0; i < 32; i++)
key[i] = 0;
for (i = 0; i < 256; i++) {
tmp[0] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[ 0 + i] - PARAM_Q * (2 * c->coeffs[ 0 + i] + c->coeffs[768 + i]);
tmp[1] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[256 + i] - PARAM_Q * (2 * c->coeffs[256 + i] + c->coeffs[768 + i]);
tmp[2] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[512 + i] - PARAM_Q * (2 * c->coeffs[512 + i] + c->coeffs[768 + i]);
tmp[3] = 16 * PARAM_Q + 8 * (int32_t)v->coeffs[768 + i] - PARAM_Q * ( c->coeffs[768 + i]);
key[i >> 3] |= LDDecode(tmp[0], tmp[1], tmp[2], tmp[3]) << (i & 7);
}
}

23
src/kex_rlwe_newhope/poly.h
View File

@ -1,23 +0,0 @@
#ifndef POLY_H
#define POLY_H
#include <stdint.h>
#include "params.h"
#include <oqs/rand.h>
typedef struct {
uint16_t coeffs[PARAM_N];
} poly __attribute__ ((aligned (32)));
void poly_uniform(poly *a, const unsigned char *seed);
void poly_getnoise(poly *r, OQS_RAND *rand);
void poly_add(poly *r, const poly *a, const poly *b);
void poly_ntt(poly *r);
void poly_invntt(poly *r);
void poly_pointwise(poly *r, const poly *a, const poly *b);
void poly_frombytes(poly *r, const unsigned char *a);
void poly_tobytes(unsigned char *r, const poly *p);
#endif

46
src/kex_rlwe_newhope/precomp.c
View File

File diff suppressed because one or more lines are too long

31
src/kex_rlwe_newhope/reduce.c
View File

@ -1,31 +0,0 @@
#include "reduce.h"
#include "params.h"
/* Incomplete-reduction routines; for details on allowed input ranges
* and produced output ranges, see the description in the paper:
* https://cryptojedi.org/papers/#newhope */
static const uint32_t qinv = 12287; // -inverse_mod(p,2^18)
static const uint32_t rlog = 18;
uint16_t montgomery_reduce(uint32_t a) {
uint32_t u;
u = (a * qinv);
u &= ((1 << rlog) - 1);
u *= PARAM_Q;
a = a + u;
return a >> 18;
}
uint16_t barrett_reduce(uint16_t a) {
uint32_t u;
u = ((uint32_t) a * 5) >> 16;
u *= PARAM_Q;
a -= u;
return a;
}

10
src/kex_rlwe_newhope/reduce.h
View File

@ -1,10 +0,0 @@
#ifndef REDUCE_H
#define REDUCE_H
#include <stdint.h>
uint16_t montgomery_reduce(uint32_t a);
uint16_t barrett_reduce(uint16_t a);
#endif