sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-12-07 00:02:12 -05:00
Code Issues Projects Releases Wiki Activity

Add MQDSS from PQClean

Browse Source
This commit is contained in:
Douglas Stebila 2019-07-01 21:02:25 -04:00
parent dd2b872b1d
commit 5227cc7cd2
30 changed files with 1927 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile.am
View File

@ -44,6 +44,9 @@ endif
if ENABLE_SIG_DILITHIUM
liboqs_la_LIBADD += src/sig/dilithium/libsigdilithium.la
endif
if ENABLE_SIG_MQDSS
liboqs_la_LIBADD += src/sig/mqdss/libsigmqdss.la
endif
##### OQS_COPY_FROM_PQCLEAN_FRAGMENT_IF_ENABLE_END
if ENABLE_KEM_FRODOKEM
liboqs_la_LIBADD += src/kem/frodokem/libkemfrodokem.la
@ -73,6 +76,7 @@ installheader_HEADERS= src/oqs.h \
src/kem/sike/kem_sike.h \
src/sig/sig.h \
src/sig/dilithium/sig_dilithium.h \
src/sig/mqdss/sig_mqdss.h \
src/sig/picnic/sig_picnic.h \
src/sig/qtesla/sig_qtesla.h
##### OQS_COPY_FROM_PQCLEAN_FRAGMENT_INSTALLHEADER_END
@ -109,6 +113,7 @@ links:
cp -f src/kem/newhope/kem_newhope.h include/oqs
cp -f src/kem/ntru/kem_ntru.h include/oqs
cp -f src/sig/dilithium/sig_dilithium.h include/oqs
cp -f src/sig/mqdss/sig_mqdss.h include/oqs
##### OQS_COPY_FROM_PQCLEAN_FRAGMENT_LINKS_END
cp -f src/kem/frodokem/kem_frodokem.h include/oqs
cp -f src/kem/sike/kem_sike.h include/oqs

8
VisualStudio/oqs/dll.def
View File

@ -107,4 +107,10 @@ EXPORTS
OQS_SIG_dilithium_3_verify
OQS_SIG_dilithium_4_keypair
OQS_SIG_dilithium_4_sign
OQS_SIG_dilithium_4_verify
OQS_SIG_dilithium_4_verify
OQS_SIG_mqdss_31_48_keypair
OQS_SIG_mqdss_31_48_sign
OQS_SIG_mqdss_31_48_verify
OQS_SIG_mqdss_31_64_keypair
OQS_SIG_mqdss_31_64_sign
OQS_SIG_mqdss_31_64_verify

17
VisualStudio/oqs/oqs.vcxproj
View File

@ -41,6 +41,7 @@
<ClInclude Include="..\..\src\kem\newhope\kem_newhope.h" />
<ClInclude Include="..\..\src\kem\ntru\kem_ntru.h" />
<ClInclude Include="..\..\src\sig\dilithium\sig_dilithium.h" />
<ClInclude Include="..\..\src\sig\mqdss\sig_mqdss.h" />
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_CLINCLUDE_END -->
<ClInclude Include="..\..\src\kem\frodokem\kem_frodokem.h" />
<ClInclude Include="..\..\src\kem\sike\kem_sike.h" />
@ -214,6 +215,14 @@
<ClCompile Include="..\..\src\sig\dilithium\pqclean_dilithium4_clean\reduce.c" />
<ClCompile Include="..\..\src\sig\dilithium\pqclean_dilithium4_clean\rounding.c" />
<ClCompile Include="..\..\src\sig\dilithium\pqclean_dilithium4_clean\symmetric.c" />
<ClCompile Include="..\..\src\sig\mqdss\sig_mqdss_31_48.c" />
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-48_clean\gf31.c" />
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-48_clean\mq.c" />
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-48_clean\sign.c" />
<ClCompile Include="..\..\src\sig\mqdss\sig_mqdss_31_64.c" />
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-64_clean\gf31.c" />
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-64_clean\mq.c" />
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-64_clean\sign.c" />
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_CLCOMPILE_END -->
<ClCompile Include="..\..\src\kem\kem.c" />
<ClCompile Include="..\..\src\kem\frodokem\kem_frodokem640aes.c" />
@ -412,6 +421,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_DEBUG_WIN32_END -->
@ -452,6 +462,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_DEBUGDLL_WIN32_END -->
@ -492,6 +503,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_DEBUG_X64_END -->
@ -540,6 +552,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_DEBUGDLL_X64_END -->
@ -587,6 +600,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_RELEASE_WIN32_END -->
@ -631,6 +645,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_RELEASEDLL_WIN32_END -->
@ -675,6 +690,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_RELEASE_X64_END -->
@ -727,6 +743,7 @@ copy "$(SolutionDir)..\src\kem\frodokem\kem_frodokem.h" "$(SolutionDir)include\o
copy "$(SolutionDir)..\src\kem\sike\kem_sike.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\sig.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\dilithium\sig_dilithium.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\mqdss\sig_mqdss.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\picnic\sig_picnic.h" "$(SolutionDir)include\oqs\"
copy "$(SolutionDir)..\src\sig\qtesla\sig_qtesla.h" "$(SolutionDir)include\oqs\"</Command>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_PREBUILD_EVENT_COMMAND_RELEASEDLL_X64_END -->

36
VisualStudio/oqs/oqs.vcxproj.filters
View File

@ -350,6 +350,30 @@
<ClCompile Include="..\..\src\sig\dilithium\pqclean_dilithium4_clean\symmetric.c">
<Filter>dilithium\4</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\sig_mqdss_31_48.c">
<Filter>mqdss\31_48</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-48_clean\gf31.c">
<Filter>mqdss\31_48</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-48_clean\mq.c">
<Filter>mqdss\31_48</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-48_clean\sign.c">
<Filter>mqdss\31_48</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\sig_mqdss_31_64.c">
<Filter>mqdss\31_64</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-64_clean\gf31.c">
<Filter>mqdss\31_64</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-64_clean\mq.c">
<Filter>mqdss\31_64</Filter>
</ClCompile>
<ClCompile Include="..\..\src\sig\mqdss\pqclean_mqdss-64_clean\sign.c">
<Filter>mqdss\31_64</Filter>
</ClCompile>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_CLCOMPILE_END -->
<ClCompile Include="..\..\src\kem\frodokem\kem_frodokem640aes.c">
<Filter>frodokem</Filter>
@ -512,6 +536,9 @@
<ClInclude Include="..\..\src\sig\dilithium\sig_dilithium.h">
<Filter>dilithium</Filter>
</ClInclude>
<ClInclude Include="..\..\src\sig\mqdss\sig_mqdss.h">
<Filter>mqdss</Filter>
</ClInclude>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_CLINCLUDE_END -->
<ClInclude Include="..\..\src\kem\frodokem\kem_frodokem.h">
<Filter>frodokem</Filter>
@ -726,6 +753,15 @@
<Filter Include="dilithium\4">
<UniqueIdentifier>{fb8c21f2-891b-46fb-8a45-17f69dfa31bd}</UniqueIdentifier>
</Filter>
<Filter Include="mqdss">
<UniqueIdentifier>{ac98bd77-73db-4889-b91f-75dc49769226}</UniqueIdentifier>
</Filter>
<Filter Include="mqdss\31_48">
<UniqueIdentifier>{f640e0c6-bcdd-4964-951b-5af45229036f}</UniqueIdentifier>
</Filter>
<Filter Include="mqdss\31_64">
<UniqueIdentifier>{cb56a63a-35d6-4825-92fa-07094d96d063}</UniqueIdentifier>
</Filter>
<!-- OQS_COPY_FROM_PQCLEAN_FRAGMENT_FILTER_END -->
</ItemGroup>
</Project>

2
VisualStudio/winconfig.h
View File

@ -40,6 +40,8 @@
#define OQS_ENABLE_SIG_dilithium_2
#define OQS_ENABLE_SIG_dilithium_3
#define OQS_ENABLE_SIG_dilithium_4
#define OQS_ENABLE_SIG_mqdss_31_48
#define OQS_ENABLE_SIG_mqdss_31_64
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_SIGS_END
#define OQS_KEM_DEFAULT OQS_KEM_alg_sike_p434
#define OQS_SIG_DEFAULT OQS_SIG_alg_picnic_L1_FS

5
config/features.m4
View File

@ -48,6 +48,7 @@ AC_DEFUN([CONFIG_FEATURE_FLAGS],
ARG_DISBL_SET_WRAP([kem-newhope], [kem_newhope], [ENABLE_KEM_NEWHOPE], [src/kem/newhope])
ARG_DISBL_SET_WRAP([kem-ntru], [kem_ntru], [ENABLE_KEM_NTRU], [src/kem/ntru])
ARG_DISBL_SET_WRAP([sig-dilithium], [sig_dilithium], [ENABLE_SIG_DILITHIUM], [src/sig/dilithium])
ARG_DISBL_SET_WRAP([sig-mqdss], [sig_mqdss], [ENABLE_SIG_MQDSS], [src/sig/mqdss])
##### OQS_COPY_FROM_PQCLEAN_FRAGMENT_ARG_DISBL_SET_WRAP_END
ARG_DISBL_SET_WRAP([kem-frodokem], [kem_frodokem], [ENABLE_KEM_FRODOKEM], [src/kem/frodokem])
ARG_DISBL_SET_WRAP([kem-sike], [kem_sike], [ENABLE_KEM_SIKE], [src/kem/sike])
@ -104,6 +105,10 @@ AC_DEFUN([CONFIG_FEATURES],
AC_DEFINE(OQS_ENABLE_SIG_dilithium_3, 1, "Define to 1 when DILITHIUM_3 enabled")
AC_DEFINE(OQS_ENABLE_SIG_dilithium_4, 1, "Define to 1 when DILITHIUM_4 enabled")
])
AM_COND_IF([ENABLE_SIG_MQDSS], [
AC_DEFINE(OQS_ENABLE_SIG_mqdss_31_48, 1, "Define to 1 when MQDSS-31-48 enabled")
AC_DEFINE(OQS_ENABLE_SIG_mqdss_31_64, 1, "Define to 1 when MQDSS-31-64 enabled")
])
##### OQS_COPY_FROM_PQCLEAN_FRAGMENT_AM_COND_IF_END
AM_COND_IF([ENABLE_KEM_FRODOKEM], [

1
configure.ac
View File

@ -72,6 +72,7 @@ AC_CONFIG_FILES([Makefile
src/sig/picnic/Makefile
src/sig/qtesla/Makefile
src/sig/dilithium/Makefile
src/sig/mqdss/Makefile
src/kem/bike/Makefile
src/kem/kyber/Makefile
src/kem/newhope/Makefile

18
scripts/copy_from_pqclean/copy_from_pqclean.yml
View File

@ -100,3 +100,21 @@ sigs:
implementation: clean
sources: ['sign.c', 'polyvec.c', 'poly.c', 'packing.c', 'ntt.c', 'reduce.c', 'rounding.c', 'symmetric.c']
visual_studio_guid: fb8c21f2-891b-46fb-8a45-17f69dfa31bd
-
name: mqdss
visual_studio_guid: ac98bd77-73db-4889-b91f-75dc49769226
schemes:
-
scheme: "31_48"
pqclean_scheme: mqdss-48
pretty_name_full: MQDSS-31-48
implementation: clean
sources: ['gf31.c', 'mq.c', 'sign.c']
visual_studio_guid: f640e0c6-bcdd-4964-951b-5af45229036f
-
scheme: "31_64"
pqclean_scheme: mqdss-64
pretty_name_full: MQDSS-31-64
implementation: clean
sources: ['gf31.c', 'mq.c', 'sign.c']
visual_studio_guid: cb56a63a-35d6-4825-92fa-07094d96d063

13
src/sig/mqdss/Makefile.am Normal file
View File

@ -0,0 +1,13 @@
AUTOMAKE_OPTIONS = foreign
noinst_LTLIBRARIES = libsigmqdss.la
noinst_LTLIBRARIES += libsigmqdss_31_48.la libsigmqdss_31_64.la
libsigmqdss_la_LIBADD = libsigmqdss_31_48.la libsigmqdss_31_64.la
libsigmqdss_la_SOURCES =
libsigmqdss_31_48_la_SOURCES = sig_mqdss_31_48.c pqclean_mqdss-48_clean/gf31.c pqclean_mqdss-48_clean/mq.c pqclean_mqdss-48_clean/sign.c
libsigmqdss_31_48_la_CFLAGS = $(AM_CFLAGS) -I../../common/pqclean_shims
libsigmqdss_31_64_la_SOURCES = sig_mqdss_31_64.c pqclean_mqdss-64_clean/gf31.c pqclean_mqdss-64_clean/mq.c pqclean_mqdss-64_clean/sign.c
libsigmqdss_31_64_la_CFLAGS = $(AM_CFLAGS) -I../../common/pqclean_shims

116
src/sig/mqdss/pqclean_mqdss-48_clean/LICENSE Normal file
View File

@ -0,0 +1,116 @@
CC0 1.0 Universal
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator and
subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for the
purpose of contributing to a commons of creative, cultural and scientific
works ("Commons") that the public can reliably and without fear of later
claims of infringement build upon, modify, incorporate in other works, reuse
and redistribute as freely as possible in any form whatsoever and for any
purposes, including without limitation commercial purposes. These owners may
contribute to the Commons to promote the ideal of a free culture and the
further production of creative, cultural and scientific works, or to gain
reputation or greater distribution for their Work in part through the use and
efforts of others.
For these and/or other purposes and motivations, and without any expectation
of additional consideration or compensation, the person associating CC0 with a
Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
and publicly distribute the Work under its terms, with knowledge of his or her
Copyright and Related Rights in the Work and the meaning and intended legal
effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not limited
to, the following:
i. the right to reproduce, adapt, distribute, perform, display, communicate,
and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or likeness
depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data in
a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation thereof,
including any amended or successor version of such directive); and
vii. other similar, equivalent or corresponding rights throughout the world
based on applicable law or treaty, and any national implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention of,
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
and Related Rights and associated claims and causes of action, whether now
known or unknown (including existing as well as future claims and causes of
action), in the Work (i) in all territories worldwide, (ii) for the maximum
duration provided by applicable law or treaty (including future time
extensions), (iii) in any current or future medium and for any number of
copies, and (iv) for any purpose whatsoever, including without limitation
commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
the Waiver for the benefit of each member of the public at large and to the
detriment of Affirmer's heirs and successors, fully intending that such Waiver
shall not be subject to revocation, rescission, cancellation, termination, or
any other legal or equitable action to disrupt the quiet enjoyment of the Work
by the public as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason be
judged legally invalid or ineffective under applicable law, then the Waiver
shall be preserved to the maximum extent permitted taking into account
Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
is so judged Affirmer hereby grants to each affected person a royalty-free,
non transferable, non sublicensable, non exclusive, irrevocable and
unconditional license to exercise Affirmer's Copyright and Related Rights in
the Work (i) in all territories worldwide, (ii) for the maximum duration
provided by applicable law or treaty (including future time extensions), (iii)
in any current or future medium and for any number of copies, and (iv) for any
purpose whatsoever, including without limitation commercial, advertising or
promotional purposes (the "License"). The License shall be deemed effective as
of the date CC0 was applied by Affirmer to the Work. Should any part of the
License for any reason be judged legally invalid or ineffective under
applicable law, such partial invalidity or ineffectiveness shall not
invalidate the remainder of the License, and in such case Affirmer hereby
affirms that he or she will not (i) exercise any of his or her remaining
Copyright and Related Rights in the Work or (ii) assert any associated claims
and causes of action with respect to the Work, in either case contrary to
Affirmer's express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or warranties
of any kind concerning the Work, express, implied, statutory or otherwise,
including without limitation warranties of title, merchantability, fitness
for a particular purpose, non infringement, or the absence of latent or
other defects, accuracy, or the present or absence of errors, whether or not
discoverable, all to the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without limitation
any person's Copyright and Related Rights in the Work. Further, Affirmer
disclaims responsibility for obtaining any necessary consents, permissions
or other rights required for any use of the Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to this
CC0 or use of the Work.
For more information, please see
<http://creativecommons.org/publicdomain/zero/1.0/>

47
src/sig/mqdss/pqclean_mqdss-48_clean/api.h Normal file
View File

@ -0,0 +1,47 @@
#ifndef PQCLEAN_MQDSS48_CLEAN_API_H
#define PQCLEAN_MQDSS48_CLEAN_API_H
#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_MQDSS48_CLEAN_CRYPTO_ALGNAME "MQDSS-48"
#define PQCLEAN_MQDSS48_CLEAN_CRYPTO_SECRETKEYBYTES 16
#define PQCLEAN_MQDSS48_CLEAN_CRYPTO_PUBLICKEYBYTES 46
#define PQCLEAN_MQDSS48_CLEAN_CRYPTO_BYTES 20854
/*
* Generates an MQDSS key pair.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_keypair(
uint8_t *pk, uint8_t *sk);
/**
* Returns an array containing a detached signature.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature(
uint8_t *sig, size_t *siglen,
const uint8_t *m, size_t mlen, const uint8_t *sk);
/**
* Verifies a detached signature and message under a given public key.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify(
const uint8_t *sig, size_t siglen,
const uint8_t *m, size_t mlen, const uint8_t *pk);
/**
* Returns an array containing the signature followed by the message.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign(
uint8_t *sm, size_t *smlen,
const uint8_t *m, size_t mlen, const uint8_t *sk);
/**
* Verifies a given signature-message pair under a given public key.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_open(
uint8_t *m, size_t *mlen,
const uint8_t *sm, size_t smlen, const uint8_t *pk);
#endif

133
src/sig/mqdss/pqclean_mqdss-48_clean/gf31.c Normal file
View File

@ -0,0 +1,133 @@
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include "fips202.h"
#include "gf31.h"
#include "params.h"
/* This performs a full unique reduction mod 13 on x; x can be any unsigned
16-bit integer (i.e. in the range [0, 65535]) */
gf31 PQCLEAN_MQDSS48_CLEAN_mod31(gf31 x) {
gf31 t;
t = (gf31)(x & 31);
x >>= 5;
t = (gf31)(t + (x & 31));
x >>= 5;
t = (gf31)(t + (x & 31));
x >>= 5;
t = (gf31)(t + (x & 31));
t = (gf31)((t >> 5) + (t & 31));
t = (gf31)((t >> 5) + (t & 31));
return (gf31)((t != 31) * t);
}
/* Given a vector of N elements in the range [0, 31], this reduces the elements
to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS48_CLEAN_vgf31_unique(gf31 *out, const gf31 *in) {
int i;
for (i = 0; i < N; i++) {
out[i] = (gf31)((1 - (in[i] == 31)) * in[i]);
}
}
/* Given a vector of 16-bit integers (i.e. in [0, 65535], this reduces the
elements to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(gf31 *out, const gf31 *in) {
int i;
for (i = 0; i < N; i++) {
out[i] = PQCLEAN_MQDSS48_CLEAN_mod31(in[i]);
}
}
/* Given a seed, samples len gf31 elements (in the range [0, 30]), and places
them in a vector of 16-bit elements */
void PQCLEAN_MQDSS48_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *seed, size_t seedlen) {
int i = 0, j;
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
shake256_absorb(&shakestate, seed, seedlen);
while (i < len) {
shake256_squeezeblocks(shakeblock, 1, &shakestate);
for (j = 0; j < SHAKE256_RATE && i < len; j++) {
if ((shakeblock[j] & 31) != 31) {
out[i] = (shakeblock[j] & 31);
i++;
}
}
}
}
/* Given a seed, samples len gf31 elements, transposed into unsigned range,
i.e. in the range [-15, 15], and places them in an array of 8-bit integers.
This is used for the expansion of F, which wants packed elements. */
void PQCLEAN_MQDSS48_CLEAN_gf31_nrand_schar(signed char *out, int len, const unsigned char *seed, size_t seedlen) {
int i = 0, j;
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
shake256_absorb(&shakestate, seed, seedlen);
while (i < len) {
shake256_squeezeblocks(shakeblock, 1, &shakestate);
for (j = 0; j < SHAKE256_RATE && i < len; j++) {
if ((shakeblock[j] & 31) != 31) {
out[i] = (signed char)(((signed char)shakeblock[j] & 31) - 15);
i++;
}
}
}
}
/* Unpacks an array of packed GF31 elements to one element per gf31.
Assumes that there is sufficient empty space available at the end of the
array to unpack. Can perform in-place. */
void PQCLEAN_MQDSS48_CLEAN_gf31_nunpack(gf31 *out, const unsigned char *in, unsigned int n) {
size_t i;
unsigned int j = ((n * 5) >> 3) - 1;
unsigned int d = 0;
for (i = n; i > 0; i--) {
out[i - 1] = (gf31)((in[j] >> d) & 31);
d += 5;
if (d > 8) {
d -= 8;
j--;
out[i - 1] = (gf31)(out[i - 1] ^ ((in[j] << (5 - d)) & 31));
}
}
}
/* Packs an array of GF31 elements from gf31's to concatenated 5-bit values.
Assumes that there is sufficient space available to unpack.
Can perform in-place. */
void PQCLEAN_MQDSS48_CLEAN_gf31_npack(unsigned char *out, const gf31 *in, unsigned int n) {
unsigned int i = 0;
unsigned int j;
int d = 3;
for (j = 0; j < n; j++) {
assert(in[j] < 31);
}
/* There will be ceil(5n / 8) output blocks */
memset(out, 0, ((5 * n + 7) & (unsigned int)~7) >> 3);
for (j = 0; j < n; j++) {
if (d < 0) {
d += 8;
out[i] = (unsigned char)((out[i] & (255 << (d - 3))) |
((in[j] >> (8 - d)) & ~(255 << (d - 3))));
i++;
}
out[i] = (unsigned char)((out[i] & ~(31 << d)) | ((in[j] << d) & (31 << d)));
d -= 5;
}
}

40
src/sig/mqdss/pqclean_mqdss-48_clean/gf31.h Normal file
View File

@ -0,0 +1,40 @@
#ifndef MQDSS_GF31_H
#define MQDSS_GF31_H
#include <stddef.h>
#include <stdint.h>
typedef uint16_t gf31;
/* This performs a full unique reduction mod 13 on x; x can be any unsigned
16-bit integer (i.e. in the range [0, 65535]) */
gf31 PQCLEAN_MQDSS48_CLEAN_mod31(gf31 x);
/* Given a vector of elements in the range [0, 31], this reduces the elements
to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS48_CLEAN_vgf31_unique(gf31 *out, const gf31 *in);
/* Given a vector of 16-bit integers (i.e. in [0, 65535], this reduces the
elements to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(gf31 *out, const gf31 *in);
/* Given a seed, samples len gf31 elements (in the range [0, 30]), and places
them in a vector of 16-bit elements */
void PQCLEAN_MQDSS48_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *seed, size_t seedlen);
/* Given a seed, samples len gf31 elements, transposed into unsigned range,
i.e. in the range [-15, 15], and places them in an array of 8-bit integers.
This is used for the expansion of F, which wants packed elements. */
void PQCLEAN_MQDSS48_CLEAN_gf31_nrand_schar(signed char *out, int len, const unsigned char *seed, size_t seedlen);
/* Unpacks an array of packed GF31 elements to one element per gf31.
Assumes that there is sufficient empty space available at the end of the
array to unpack. Can perform in-place. */
void PQCLEAN_MQDSS48_CLEAN_gf31_nunpack(gf31 *out, const unsigned char *in, unsigned int n);
/* Packs an array of GF31 elements from gf31's to concatenated 5-bit values.
Assumes that there is sufficient space available to unpack.
Can perform in-place. */
void PQCLEAN_MQDSS48_CLEAN_gf31_npack(unsigned char *out, const gf31 *in, unsigned int n);
#endif

81
src/sig/mqdss/pqclean_mqdss-48_clean/mq.c Normal file
View File

@ -0,0 +1,81 @@
#include "mq.h"
#include "params.h"
/* Computes all products x_i * x_j, returns in reduced form */
inline static
void generate_quadratic_terms( gf31 *xij, const gf31 *x ) {
int i, j, k;
k = 0;
for (i = 0; i < N; i++) {
for (j = 0; j <= i; j++) {
xij[k] = PQCLEAN_MQDSS48_CLEAN_mod31((gf31)(x[i] * x[j]));
k++;
}
}
}
/* Computes all terms (x_i * y_j) + (x_j * y_i), returns in reduced form */
inline static
void generate_xiyj_p_xjyi_terms( gf31 *xij, const gf31 *x, const gf31 *y ) {
int i, j, k;
k = 0;
for (i = 0; i < N; i++) {
for (j = 0; j <= i; j++) {
xij[k] = PQCLEAN_MQDSS48_CLEAN_mod31((gf31)(x[i] * y[j] + x[j] * y[i]));
k++;
}
}
}
/* Evaluates the MQ function on a vector of N gf31 elements x (expected to be
in reduced 5-bit representation). Expects the coefficients in F to be in
signed representation (i.e. [-15, 15], packed bytewise).
Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS48_CLEAN_MQ(gf31 *fx, const gf31 *x, const signed char *F) {
int i, j;
gf31 _xij[N * (N + 1) >> 1];
int r[M] = {0};
generate_quadratic_terms(_xij, x);
for (i = 0; i < N; i += 2) {
for (j = 0; j < M; j++) {
r[j] += ((int)x[i]) * ((int)F[i * M + 2 * j]) +
((int)x[i + 1]) * ((int)F[i * M + 2 * j + 1]);
}
}
for (i = 0; i < (N * (N + 1)) >> 1; i += 2) {
for (j = 0; j < M; j++) {
r[j] += ((int)_xij[i]) * ((int)F[N * M + i * M + 2 * j]) +
((int)_xij[i + 1]) * ((int)F[N * M + i * M + 2 * j + 1]);
}
}
for (i = 0; i < M; i++) {
fx[i] = PQCLEAN_MQDSS48_CLEAN_mod31((gf31)((r[i] >> 15) + (r[i] & 0x7FFF)));
}
}
/* Evaluates the bilinear polar form of the MQ function (i.e. G) on a vector of
N gf31 elements x (expected to be in reduced 5-bit representation). Expects
the coefficients in F to be in signed representation (i.e. [-15, 15], packed
bytewise). Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS48_CLEAN_G(gf31 *fx, const gf31 *x, const gf31 *y, const signed char *F) {
int i, j;
gf31 _xij[N * (N + 1) >> 1];
int r[M] = {0};
generate_xiyj_p_xjyi_terms(_xij, x, y);
for (i = 0; i < (N * (N + 1)) >> 1; i += 2) {
for (j = 0; j < M; j++) {
r[j] += ((int)_xij[i]) * ((int)F[N * M + i * M + 2 * j]) +
((int)_xij[i + 1]) * ((int)F[N * M + i * M + 2 * j + 1]);
}
}
for (i = 0; i < M; i++) {
fx[i] = PQCLEAN_MQDSS48_CLEAN_mod31((gf31)((r[i] >> 15) + (r[i] & 0x7FFF)));
}
}

18
src/sig/mqdss/pqclean_mqdss-48_clean/mq.h Normal file
View File

@ -0,0 +1,18 @@
#ifndef MQDSS_MQ_H
#define MQDSS_MQ_H
#include "gf31.h"
/* Evaluates the MQ function on a vector of N gf31 elements x (expected to be
in reduced 5-bit representation). Expects the coefficients in F to be in
signed representation (i.e. [-15, 15], packed bytewise).
Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS48_CLEAN_MQ(gf31 *fx, const gf31 *x, const signed char *F);
/* Evaluates the bilinear polar form of the MQ function (i.e. G) on a vector of
N gf31 elements x (expected to be in reduced 5-bit representation). Expects
the coefficients in F to be in signed representation (i.e. [-15, 15], packed
bytewise). Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS48_CLEAN_G(gf31 *fx, const gf31 *x, const gf31 *y, const signed char *F);
#endif

25
src/sig/mqdss/pqclean_mqdss-48_clean/params.h Normal file
View File

@ -0,0 +1,25 @@
#ifndef MQDSS_PARAMS_H
#define MQDSS_PARAMS_H
#define N 48
#define M N
#define F_LEN (M * (((N * (N + 1)) >> 1) + N)) /* Number of elements in F */
#define ROUNDS 135
/* Number of bytes that N, M and F_LEN elements require when packed into a byte
array, 5-bit elements packed continuously. */
/* Assumes N and M to be multiples of 8 */
#define NPACKED_BYTES ((N * 5) >> 3)
#define MPACKED_BYTES ((M * 5) >> 3)
#define FPACKED_BYTES ((F_LEN * 5) >> 3)
#define HASH_BYTES 32
#define SEED_BYTES 16
#define PK_BYTES (SEED_BYTES + MPACKED_BYTES)
#define SK_BYTES SEED_BYTES
// R, sigma_0, ROUNDS * (t1, r{0,1}, e1, c, rho)
#define SIG_LEN (2 * HASH_BYTES + ROUNDS * (2*NPACKED_BYTES + MPACKED_BYTES + HASH_BYTES + HASH_BYTES))
#endif

384
src/sig/mqdss/pqclean_mqdss-48_clean/sign.c Normal file
View File

@ -0,0 +1,384 @@
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include "api.h"
#include "fips202.h"
#include "gf31.h"
#include "mq.h"
#include "params.h"
#include "randombytes.h"
/* Takes an array of len bytes and computes a hash digest.
This is used as a hash function in the Fiat-Shamir transform. */
static void H(unsigned char *out, const unsigned char *in, const size_t len) {
shake256(out, HASH_BYTES, in, len);
}
/* Takes two arrays of N packed elements and an array of M packed elements,
and computes a HASH_BYTES commitment. */
static void com_0(unsigned char *c,
const unsigned char *rho,
const unsigned char *inn, const unsigned char *inn2,
const unsigned char *inm) {
unsigned char buffer[HASH_BYTES + 2 * NPACKED_BYTES + MPACKED_BYTES];
memcpy(buffer, rho, HASH_BYTES);
memcpy(buffer + HASH_BYTES, inn, NPACKED_BYTES);
memcpy(buffer + HASH_BYTES + NPACKED_BYTES, inn2, NPACKED_BYTES);
memcpy(buffer + HASH_BYTES + 2 * NPACKED_BYTES, inm, MPACKED_BYTES);
shake256(c, HASH_BYTES, buffer, HASH_BYTES + 2 * NPACKED_BYTES + MPACKED_BYTES);
}
/* Takes an array of N packed elements and an array of M packed elements,
and computes a HASH_BYTES commitment. */
static void com_1(unsigned char *c,
const unsigned char *rho,
const unsigned char *inn, const unsigned char *inm) {
unsigned char buffer[HASH_BYTES + NPACKED_BYTES + MPACKED_BYTES];
memcpy(buffer, rho, HASH_BYTES);
memcpy(buffer + HASH_BYTES, inn, NPACKED_BYTES);
memcpy(buffer + HASH_BYTES + NPACKED_BYTES, inm, MPACKED_BYTES);
shake256(c, HASH_BYTES, buffer, HASH_BYTES + NPACKED_BYTES + MPACKED_BYTES);
}
/*
* Generates an MQDSS key pair.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk) {
signed char F[F_LEN];
unsigned char skbuf[SEED_BYTES * 2];
gf31 sk_gf31[N];
gf31 pk_gf31[M];
// Expand sk to obtain a seed for F and the secret input s.
// We also expand to obtain a value for sampling r0, t0 and e0 during
// signature generation, but that is not relevant here.
randombytes(sk, SEED_BYTES);
shake256(skbuf, SEED_BYTES * 2, sk, SEED_BYTES);
memcpy(pk, skbuf, SEED_BYTES);
PQCLEAN_MQDSS48_CLEAN_gf31_nrand_schar(F, F_LEN, pk, SEED_BYTES);
PQCLEAN_MQDSS48_CLEAN_gf31_nrand(sk_gf31, N, skbuf + SEED_BYTES, SEED_BYTES);
PQCLEAN_MQDSS48_CLEAN_MQ(pk_gf31, sk_gf31, F);
PQCLEAN_MQDSS48_CLEAN_vgf31_unique(pk_gf31, pk_gf31);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(pk + SEED_BYTES, pk_gf31, M);
return 0;
}
/**
* Returns an array containing a detached signature.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature(
uint8_t *sig, size_t *siglen,
const uint8_t *m, size_t mlen, const uint8_t *sk) {
signed char F[F_LEN];
unsigned char skbuf[SEED_BYTES * 4];
gf31 pk_gf31[M];
unsigned char pk[SEED_BYTES + MPACKED_BYTES];
// Concatenated for convenient hashing.
unsigned char D_sigma0_h0_sigma1[HASH_BYTES * 3 + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES)];
unsigned char *D = D_sigma0_h0_sigma1;
unsigned char *sigma0 = D_sigma0_h0_sigma1 + HASH_BYTES;
unsigned char *h0 = D_sigma0_h0_sigma1 + 2 * HASH_BYTES;
unsigned char *t1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES;
unsigned char *e1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES + ROUNDS * NPACKED_BYTES;
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
unsigned char h1[((ROUNDS + 7) & ~7) >> 3];
unsigned char rnd_seed[HASH_BYTES + SEED_BYTES];
unsigned char rho[2 * ROUNDS * HASH_BYTES];
unsigned char *rho0 = rho;
unsigned char *rho1 = rho + ROUNDS * HASH_BYTES;
gf31 sk_gf31[N];
gf31 rnd[(2 * N + M) * ROUNDS]; // Concatenated for easy RNG.
gf31 *r0 = rnd;
gf31 *t0 = rnd + N * ROUNDS;
gf31 *e0 = rnd + 2 * N * ROUNDS;
gf31 r1[N * ROUNDS];
gf31 t1[N * ROUNDS];
gf31 e1[M * ROUNDS];
gf31 gx[M * ROUNDS];
unsigned char packbuf0[NPACKED_BYTES];
unsigned char packbuf1[NPACKED_BYTES];
unsigned char packbuf2[MPACKED_BYTES];
unsigned char c[HASH_BYTES * ROUNDS * 2];
gf31 alpha;
int alpha_count = 0;
int b;
int i, j;
shake256incctx state;
shake256(skbuf, SEED_BYTES * 4, sk, SEED_BYTES);
PQCLEAN_MQDSS48_CLEAN_gf31_nrand_schar(F, F_LEN, skbuf, SEED_BYTES);
shake256_inc_init(&state);
shake256_inc_absorb(&state, sk, SEED_BYTES);
shake256_inc_absorb(&state, m, mlen);
shake256_inc_finalize(&state);
shake256_inc_squeeze(sig, HASH_BYTES, &state); // Compute R.
memcpy(pk, skbuf, SEED_BYTES);
PQCLEAN_MQDSS48_CLEAN_gf31_nrand(sk_gf31, N, skbuf + SEED_BYTES, SEED_BYTES);
PQCLEAN_MQDSS48_CLEAN_MQ(pk_gf31, sk_gf31, F);
PQCLEAN_MQDSS48_CLEAN_vgf31_unique(pk_gf31, pk_gf31);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(pk + SEED_BYTES, pk_gf31, M);
shake256_inc_init(&state);
shake256_inc_absorb(&state, pk, PK_BYTES);
shake256_inc_absorb(&state, sig, HASH_BYTES);
shake256_inc_absorb(&state, m, mlen);
shake256_inc_finalize(&state);
shake256_inc_squeeze(D, HASH_BYTES, &state);
sig += HASH_BYTES; // Compensate for prefixed R.
memcpy(rnd_seed, skbuf + 2 * SEED_BYTES, SEED_BYTES);
memcpy(rnd_seed + SEED_BYTES, D, HASH_BYTES);
shake256(rho, 2 * ROUNDS * HASH_BYTES, rnd_seed, SEED_BYTES + HASH_BYTES);
memcpy(rnd_seed, skbuf + 3 * SEED_BYTES, SEED_BYTES);
memcpy(rnd_seed + SEED_BYTES, D, HASH_BYTES);
PQCLEAN_MQDSS48_CLEAN_gf31_nrand(rnd, (2 * N + M) * ROUNDS, rnd_seed, SEED_BYTES + HASH_BYTES);
for (i = 0; i < ROUNDS; i++) {
for (j = 0; j < N; j++) {
r1[j + i * N] = (gf31)(31 + sk_gf31[j] - r0[j + i * N]);
}
PQCLEAN_MQDSS48_CLEAN_G(gx + i * M, t0 + i * N, r1 + i * N, F);
}
for (i = 0; i < ROUNDS * M; i++) {
gx[i] = (gf31)(gx[i] + e0[i]);
}
for (i = 0; i < ROUNDS; i++) {
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf0, r0 + i * N, N);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf1, t0 + i * N, N);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf2, e0 + i * M, M);
com_0(c + HASH_BYTES * (2 * i + 0), rho0 + i * HASH_BYTES, packbuf0, packbuf1, packbuf2);
PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(r1 + i * N, r1 + i * N);
PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(gx + i * M, gx + i * M);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf0, r1 + i * N, N);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf1, gx + i * M, M);
com_1(c + HASH_BYTES * (2 * i + 1), rho1 + i * HASH_BYTES, packbuf0, packbuf1);
}
H(sigma0, c, HASH_BYTES * ROUNDS * 2); // Compute sigma_0.
shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES);
shake256_squeezeblocks(shakeblock, 1, &shakestate);
memcpy(h0, shakeblock, HASH_BYTES);
memcpy(sig, sigma0, HASH_BYTES);
sig += HASH_BYTES; // Compensate for sigma_0.
for (i = 0; i < ROUNDS; i++) {
do {
alpha = shakeblock[alpha_count] & 31;
alpha_count++;
if (alpha_count == SHAKE256_RATE) {
alpha_count = 0;
shake256_squeezeblocks(shakeblock, 1, &shakestate);
}
} while (alpha == 31);
for (j = 0; j < N; j++) {
t1[i * N + j] = (gf31)(alpha * r0[j + i * N] - t0[j + i * N] + 31);
}
PQCLEAN_MQDSS48_CLEAN_MQ(e1 + i * M, r0 + i * N, F);
for (j = 0; j < N; j++) {
e1[i * N + j] = (gf31)(alpha * e1[j + i * M] - e0[j + i * M] + 31);
}
PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(t1 + i * N, t1 + i * N);
PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(e1 + i * N, e1 + i * N);
}
PQCLEAN_MQDSS48_CLEAN_gf31_npack(t1packed, t1, N * ROUNDS);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(e1packed, e1, M * ROUNDS);
memcpy(sig, t1packed, NPACKED_BYTES * ROUNDS);
sig += NPACKED_BYTES * ROUNDS;
memcpy(sig, e1packed, MPACKED_BYTES * ROUNDS);
sig += MPACKED_BYTES * ROUNDS;
shake256(h1, ((ROUNDS + 7) & ~7) >> 3, D_sigma0_h0_sigma1, 3 * HASH_BYTES + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES));
for (i = 0; i < ROUNDS; i++) {
b = (h1[(i >> 3)] >> (i & 7)) & 1;
if (b == 0) {
PQCLEAN_MQDSS48_CLEAN_gf31_npack(sig, r0 + i * N, N);
} else if (b == 1) {
PQCLEAN_MQDSS48_CLEAN_gf31_npack(sig, r1 + i * N, N);
}
memcpy(sig + NPACKED_BYTES, c + HASH_BYTES * (2 * i + (1 - b)), HASH_BYTES);
memcpy(sig + NPACKED_BYTES + HASH_BYTES, rho + (i + b * ROUNDS) * HASH_BYTES, HASH_BYTES);
sig += NPACKED_BYTES + 2 * HASH_BYTES;
}
*siglen = SIG_LEN;
return 0;
}
/**
* Verifies a detached signature and message under a given public key.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify(
const uint8_t *sig, size_t siglen,
const uint8_t *m, size_t mlen, const uint8_t *pk) {
gf31 r[N];
gf31 t[N];
gf31 e[M];
signed char F[F_LEN];
gf31 pk_gf31[M];
// Concatenated for convenient hashing.
unsigned char D_sigma0_h0_sigma1[HASH_BYTES * 3 + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES)];
unsigned char *D = D_sigma0_h0_sigma1;
unsigned char *sigma0 = D_sigma0_h0_sigma1 + HASH_BYTES;
unsigned char *h0 = D_sigma0_h0_sigma1 + 2 * HASH_BYTES;
unsigned char *t1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES;
unsigned char *e1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES + ROUNDS * NPACKED_BYTES;
unsigned char h1[((ROUNDS + 7) & ~7) >> 3];
unsigned char c[HASH_BYTES * ROUNDS * 2];
memset(c, 0, HASH_BYTES * 2);
gf31 x[N];
gf31 y[M];
gf31 z[M];
unsigned char packbuf0[NPACKED_BYTES];
unsigned char packbuf1[MPACKED_BYTES];
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
int i, j;
gf31 alpha;
int alpha_count = 0;
int b;
shake256incctx state;
if (siglen != SIG_LEN) {
return -1;
}
shake256_inc_init(&state);
shake256_inc_absorb(&state, pk, PK_BYTES);
shake256_inc_absorb(&state, sig, HASH_BYTES);
shake256_inc_absorb(&state, m, mlen);
shake256_inc_finalize(&state);
shake256_inc_squeeze(D, HASH_BYTES, &state);
sig += HASH_BYTES;
PQCLEAN_MQDSS48_CLEAN_gf31_nrand_schar(F, F_LEN, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_MQDSS48_CLEAN_gf31_nunpack(pk_gf31, pk, M);
memcpy(sigma0, sig, HASH_BYTES);
shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES);
shake256_squeezeblocks(shakeblock, 1, &shakestate);
memcpy(h0, shakeblock, HASH_BYTES);
sig += HASH_BYTES;
memcpy(t1packed, sig, ROUNDS * NPACKED_BYTES);
sig += ROUNDS * NPACKED_BYTES;
memcpy(e1packed, sig, ROUNDS * MPACKED_BYTES);
sig += ROUNDS * MPACKED_BYTES;
shake256(h1, ((ROUNDS + 7) & ~7) >> 3, D_sigma0_h0_sigma1, 3 * HASH_BYTES + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES));
for (i = 0; i < ROUNDS; i++) {
do {
alpha = shakeblock[alpha_count] & 31;
alpha_count++;
if (alpha_count == SHAKE256_RATE) {
alpha_count = 0;
shake256_squeezeblocks(shakeblock, 1, &shakestate);
}
} while (alpha == 31);
b = (h1[(i >> 3)] >> (i & 7)) & 1;
PQCLEAN_MQDSS48_CLEAN_gf31_nunpack(r, sig, N);
PQCLEAN_MQDSS48_CLEAN_gf31_nunpack(t, t1packed + NPACKED_BYTES * i, N);
PQCLEAN_MQDSS48_CLEAN_gf31_nunpack(e, e1packed + MPACKED_BYTES * i, M);
if (b == 0) {
PQCLEAN_MQDSS48_CLEAN_MQ(y, r, F);
for (j = 0; j < N; j++) {
x[j] = (gf31)(alpha * r[j] - t[j] + 31);
}
for (j = 0; j < N; j++) {
y[j] = (gf31)(alpha * y[j] - e[j] + 31);
}
PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(x, x);
PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(y, y);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf0, x, N);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf1, y, M);
com_0(c + HASH_BYTES * (2 * i + 0), sig + HASH_BYTES + NPACKED_BYTES, sig, packbuf0, packbuf1);
} else {
PQCLEAN_MQDSS48_CLEAN_MQ(y, r, F);
PQCLEAN_MQDSS48_CLEAN_G(z, t, r, F);
for (j = 0; j < N; j++) {
y[j] = (gf31)(alpha * (31 + pk_gf31[j] - y[j]) - z[j] - e[j] + 62);
}
PQCLEAN_MQDSS48_CLEAN_vgf31_shorten_unique(y, y);
PQCLEAN_MQDSS48_CLEAN_gf31_npack(packbuf0, y, M);
com_1(c + HASH_BYTES * (2 * i + 1), sig + HASH_BYTES + NPACKED_BYTES, sig, packbuf0);
}
memcpy(c + HASH_BYTES * (2 * i + (1 - b)), sig + NPACKED_BYTES, HASH_BYTES);
sig += NPACKED_BYTES + 2 * HASH_BYTES;
}
H(c, c, HASH_BYTES * ROUNDS * 2);
if (memcmp(c, sigma0, HASH_BYTES) != 0) {
return -1;
}
return 0;
}
/**
* Returns an array containing the signature followed by the message.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign(
uint8_t *sm, size_t *smlen,
const uint8_t *m, size_t mlen, const uint8_t *sk) {
size_t siglen;
PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature(
sm, &siglen, m, mlen, sk);
memmove(sm + SIG_LEN, m, mlen);
*smlen = siglen + mlen;
return 0;
}
/**
* Verifies a given signature-message pair under a given public key.
*/
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_open(
uint8_t *m, size_t *mlen,
const uint8_t *sm, size_t smlen, const uint8_t *pk) {
/* The API caller does not necessarily know what size a signature should be
but MQDSS signatures are always exactly SIG_LEN. */
if (smlen < SIG_LEN) {
memset(m, 0, smlen);
*mlen = 0;
return -1;
}
*mlen = smlen - SIG_LEN;
if (PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify(
sm, SIG_LEN, sm + SIG_LEN, *mlen, pk)) {
memset(m, 0, smlen);
*mlen = 0;
return -1;
}
/* If verification was successful, move the message to the right place. */
memmove(m, sm + SIG_LEN, *mlen);
return 0;
}

116
src/sig/mqdss/pqclean_mqdss-64_clean/LICENSE Normal file
View File

@ -0,0 +1,116 @@
CC0 1.0 Universal
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator and
subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for the
purpose of contributing to a commons of creative, cultural and scientific
works ("Commons") that the public can reliably and without fear of later
claims of infringement build upon, modify, incorporate in other works, reuse
and redistribute as freely as possible in any form whatsoever and for any
purposes, including without limitation commercial purposes. These owners may
contribute to the Commons to promote the ideal of a free culture and the
further production of creative, cultural and scientific works, or to gain
reputation or greater distribution for their Work in part through the use and
efforts of others.
For these and/or other purposes and motivations, and without any expectation
of additional consideration or compensation, the person associating CC0 with a
Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
and publicly distribute the Work under its terms, with knowledge of his or her
Copyright and Related Rights in the Work and the meaning and intended legal
effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not limited
to, the following:
i. the right to reproduce, adapt, distribute, perform, display, communicate,
and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or likeness
depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data in
a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation thereof,
including any amended or successor version of such directive); and
vii. other similar, equivalent or corresponding rights throughout the world
based on applicable law or treaty, and any national implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention of,
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
and Related Rights and associated claims and causes of action, whether now
known or unknown (including existing as well as future claims and causes of
action), in the Work (i) in all territories worldwide, (ii) for the maximum
duration provided by applicable law or treaty (including future time
extensions), (iii) in any current or future medium and for any number of
copies, and (iv) for any purpose whatsoever, including without limitation
commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
the Waiver for the benefit of each member of the public at large and to the
detriment of Affirmer's heirs and successors, fully intending that such Waiver
shall not be subject to revocation, rescission, cancellation, termination, or
any other legal or equitable action to disrupt the quiet enjoyment of the Work
by the public as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason be
judged legally invalid or ineffective under applicable law, then the Waiver
shall be preserved to the maximum extent permitted taking into account
Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
is so judged Affirmer hereby grants to each affected person a royalty-free,
non transferable, non sublicensable, non exclusive, irrevocable and
unconditional license to exercise Affirmer's Copyright and Related Rights in
the Work (i) in all territories worldwide, (ii) for the maximum duration
provided by applicable law or treaty (including future time extensions), (iii)
in any current or future medium and for any number of copies, and (iv) for any
purpose whatsoever, including without limitation commercial, advertising or
promotional purposes (the "License"). The License shall be deemed effective as
of the date CC0 was applied by Affirmer to the Work. Should any part of the
License for any reason be judged legally invalid or ineffective under
applicable law, such partial invalidity or ineffectiveness shall not
invalidate the remainder of the License, and in such case Affirmer hereby
affirms that he or she will not (i) exercise any of his or her remaining
Copyright and Related Rights in the Work or (ii) assert any associated claims
and causes of action with respect to the Work, in either case contrary to
Affirmer's express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or warranties
of any kind concerning the Work, express, implied, statutory or otherwise,
including without limitation warranties of title, merchantability, fitness
for a particular purpose, non infringement, or the absence of latent or
other defects, accuracy, or the present or absence of errors, whether or not
discoverable, all to the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without limitation
any person's Copyright and Related Rights in the Work. Further, Affirmer
disclaims responsibility for obtaining any necessary consents, permissions
or other rights required for any use of the Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to this
CC0 or use of the Work.
For more information, please see
<http://creativecommons.org/publicdomain/zero/1.0/>

47
src/sig/mqdss/pqclean_mqdss-64_clean/api.h Normal file
View File

@ -0,0 +1,47 @@
#ifndef PQCLEAN_MQDSS64_CLEAN_API_H
#define PQCLEAN_MQDSS64_CLEAN_API_H
#include <stddef.h>
#include <stdint.h>
#define PQCLEAN_MQDSS64_CLEAN_CRYPTO_ALGNAME "MQDSS-64"
#define PQCLEAN_MQDSS64_CLEAN_CRYPTO_SECRETKEYBYTES 24
#define PQCLEAN_MQDSS64_CLEAN_CRYPTO_PUBLICKEYBYTES 64
#define PQCLEAN_MQDSS64_CLEAN_CRYPTO_BYTES 43728
/*
* Generates an MQDSS key pair.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_keypair(
uint8_t *pk, uint8_t *sk);
/**
* Returns an array containing a detached signature.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature(
uint8_t *sig, size_t *siglen,
const uint8_t *m, size_t mlen, const uint8_t *sk);
/**
* Verifies a detached signature and message under a given public key.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify(
const uint8_t *sig, size_t siglen,
const uint8_t *m, size_t mlen, const uint8_t *pk);
/**
* Returns an array containing the signature followed by the message.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign(
uint8_t *sm, size_t *smlen,
const uint8_t *m, size_t mlen, const uint8_t *sk);
/**
* Verifies a given signature-message pair under a given public key.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_open(
uint8_t *m, size_t *mlen,
const uint8_t *sm, size_t smlen, const uint8_t *pk);
#endif

133
src/sig/mqdss/pqclean_mqdss-64_clean/gf31.c Normal file
View File

@ -0,0 +1,133 @@
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include "fips202.h"
#include "gf31.h"
#include "params.h"
/* This performs a full unique reduction mod 13 on x; x can be any unsigned
16-bit integer (i.e. in the range [0, 65535]) */
gf31 PQCLEAN_MQDSS64_CLEAN_mod31(gf31 x) {
gf31 t;
t = (gf31)(x & 31);
x >>= 5;
t = (gf31)(t + (x & 31));
x >>= 5;
t = (gf31)(t + (x & 31));
x >>= 5;
t = (gf31)(t + (x & 31));
t = (gf31)((t >> 5) + (t & 31));
t = (gf31)((t >> 5) + (t & 31));
return (gf31)((t != 31) * t);
}
/* Given a vector of N elements in the range [0, 31], this reduces the elements
to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS64_CLEAN_vgf31_unique(gf31 *out, const gf31 *in) {
int i;
for (i = 0; i < N; i++) {
out[i] = (gf31)((1 - (in[i] == 31)) * in[i]);
}
}
/* Given a vector of 16-bit integers (i.e. in [0, 65535], this reduces the
elements to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(gf31 *out, const gf31 *in) {
int i;
for (i = 0; i < N; i++) {
out[i] = PQCLEAN_MQDSS64_CLEAN_mod31(in[i]);
}
}
/* Given a seed, samples len gf31 elements (in the range [0, 30]), and places
them in a vector of 16-bit elements */
void PQCLEAN_MQDSS64_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *seed, size_t seedlen) {
int i = 0, j;
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
shake256_absorb(&shakestate, seed, seedlen);
while (i < len) {
shake256_squeezeblocks(shakeblock, 1, &shakestate);
for (j = 0; j < SHAKE256_RATE && i < len; j++) {
if ((shakeblock[j] & 31) != 31) {
out[i] = (shakeblock[j] & 31);
i++;
}
}
}
}
/* Given a seed, samples len gf31 elements, transposed into unsigned range,
i.e. in the range [-15, 15], and places them in an array of 8-bit integers.
This is used for the expansion of F, which wants packed elements. */
void PQCLEAN_MQDSS64_CLEAN_gf31_nrand_schar(signed char *out, int len, const unsigned char *seed, size_t seedlen) {
int i = 0, j;
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
shake256_absorb(&shakestate, seed, seedlen);
while (i < len) {
shake256_squeezeblocks(shakeblock, 1, &shakestate);
for (j = 0; j < SHAKE256_RATE && i < len; j++) {
if ((shakeblock[j] & 31) != 31) {
out[i] = (signed char)(((signed char)shakeblock[j] & 31) - 15);
i++;
}
}
}
}
/* Unpacks an array of packed GF31 elements to one element per gf31.
Assumes that there is sufficient empty space available at the end of the
array to unpack. Can perform in-place. */
void PQCLEAN_MQDSS64_CLEAN_gf31_nunpack(gf31 *out, const unsigned char *in, unsigned int n) {
size_t i;
unsigned int j = ((n * 5) >> 3) - 1;
unsigned int d = 0;
for (i = n; i > 0; i--) {
out[i - 1] = (gf31)((in[j] >> d) & 31);
d += 5;
if (d > 8) {
d -= 8;
j--;
out[i - 1] = (gf31)(out[i - 1] ^ ((in[j] << (5 - d)) & 31));
}
}
}
/* Packs an array of GF31 elements from gf31's to concatenated 5-bit values.
Assumes that there is sufficient space available to unpack.
Can perform in-place. */
void PQCLEAN_MQDSS64_CLEAN_gf31_npack(unsigned char *out, const gf31 *in, unsigned int n) {
unsigned int i = 0;
unsigned int j;
int d = 3;
for (j = 0; j < n; j++) {
assert(in[j] < 31);
}
/* There will be ceil(5n / 8) output blocks */
memset(out, 0, ((5 * n + 7) & (unsigned int)~7) >> 3);
for (j = 0; j < n; j++) {
if (d < 0) {
d += 8;
out[i] = (unsigned char)((out[i] & (255 << (d - 3))) |
((in[j] >> (8 - d)) & ~(255 << (d - 3))));
i++;
}
out[i] = (unsigned char)((out[i] & ~(31 << d)) | ((in[j] << d) & (31 << d)));
d -= 5;
}
}

40
src/sig/mqdss/pqclean_mqdss-64_clean/gf31.h Normal file
View File

@ -0,0 +1,40 @@
#ifndef MQDSS_GF31_H
#define MQDSS_GF31_H
#include <stddef.h>
#include <stdint.h>
typedef uint16_t gf31;
/* This performs a full unique reduction mod 13 on x; x can be any unsigned
16-bit integer (i.e. in the range [0, 65535]) */
gf31 PQCLEAN_MQDSS64_CLEAN_mod31(gf31 x);
/* Given a vector of elements in the range [0, 31], this reduces the elements
to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS64_CLEAN_vgf31_unique(gf31 *out, const gf31 *in);
/* Given a vector of 16-bit integers (i.e. in [0, 65535], this reduces the
elements to the range [0, 30] by mapping 31 to 0 (i.e reduction mod 31) */
void PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(gf31 *out, const gf31 *in);
/* Given a seed, samples len gf31 elements (in the range [0, 30]), and places
them in a vector of 16-bit elements */
void PQCLEAN_MQDSS64_CLEAN_gf31_nrand(gf31 *out, int len, const unsigned char *seed, size_t seedlen);
/* Given a seed, samples len gf31 elements, transposed into unsigned range,
i.e. in the range [-15, 15], and places them in an array of 8-bit integers.
This is used for the expansion of F, which wants packed elements. */
void PQCLEAN_MQDSS64_CLEAN_gf31_nrand_schar(signed char *out, int len, const unsigned char *seed, size_t seedlen);
/* Unpacks an array of packed GF31 elements to one element per gf31.
Assumes that there is sufficient empty space available at the end of the
array to unpack. Can perform in-place. */
void PQCLEAN_MQDSS64_CLEAN_gf31_nunpack(gf31 *out, const unsigned char *in, unsigned int n);
/* Packs an array of GF31 elements from gf31's to concatenated 5-bit values.
Assumes that there is sufficient space available to unpack.
Can perform in-place. */
void PQCLEAN_MQDSS64_CLEAN_gf31_npack(unsigned char *out, const gf31 *in, unsigned int n);
#endif

81
src/sig/mqdss/pqclean_mqdss-64_clean/mq.c Normal file
View File

@ -0,0 +1,81 @@
#include "mq.h"
#include "params.h"
/* Computes all products x_i * x_j, returns in reduced form */
inline static
void generate_quadratic_terms( gf31 *xij, const gf31 *x ) {
int i, j, k;
k = 0;
for (i = 0; i < N; i++) {
for (j = 0; j <= i; j++) {
xij[k] = PQCLEAN_MQDSS64_CLEAN_mod31((gf31)(x[i] * x[j]));
k++;
}
}
}
/* Computes all terms (x_i * y_j) + (x_j * y_i), returns in reduced form */
inline static
void generate_xiyj_p_xjyi_terms( gf31 *xij, const gf31 *x, const gf31 *y ) {
int i, j, k;
k = 0;
for (i = 0; i < N; i++) {
for (j = 0; j <= i; j++) {
xij[k] = PQCLEAN_MQDSS64_CLEAN_mod31((gf31)(x[i] * y[j] + x[j] * y[i]));
k++;
}
}
}
/* Evaluates the MQ function on a vector of N gf31 elements x (expected to be
in reduced 5-bit representation). Expects the coefficients in F to be in
signed representation (i.e. [-15, 15], packed bytewise).
Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS64_CLEAN_MQ(gf31 *fx, const gf31 *x, const signed char *F) {
int i, j;
gf31 _xij[N * (N + 1) >> 1];
int r[M] = {0};
generate_quadratic_terms(_xij, x);
for (i = 0; i < N; i += 2) {
for (j = 0; j < M; j++) {
r[j] += ((int)x[i]) * ((int)F[i * M + 2 * j]) +
((int)x[i + 1]) * ((int)F[i * M + 2 * j + 1]);
}
}
for (i = 0; i < (N * (N + 1)) >> 1; i += 2) {
for (j = 0; j < M; j++) {
r[j] += ((int)_xij[i]) * ((int)F[N * M + i * M + 2 * j]) +
((int)_xij[i + 1]) * ((int)F[N * M + i * M + 2 * j + 1]);
}
}
for (i = 0; i < M; i++) {
fx[i] = PQCLEAN_MQDSS64_CLEAN_mod31((gf31)((r[i] >> 15) + (r[i] & 0x7FFF)));
}
}
/* Evaluates the bilinear polar form of the MQ function (i.e. G) on a vector of
N gf31 elements x (expected to be in reduced 5-bit representation). Expects
the coefficients in F to be in signed representation (i.e. [-15, 15], packed
bytewise). Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS64_CLEAN_G(gf31 *fx, const gf31 *x, const gf31 *y, const signed char *F) {
int i, j;
gf31 _xij[N * (N + 1) >> 1];
int r[M] = {0};
generate_xiyj_p_xjyi_terms(_xij, x, y);
for (i = 0; i < (N * (N + 1)) >> 1; i += 2) {
for (j = 0; j < M; j++) {
r[j] += ((int)_xij[i]) * ((int)F[N * M + i * M + 2 * j]) +
((int)_xij[i + 1]) * ((int)F[N * M + i * M + 2 * j + 1]);
}
}
for (i = 0; i < M; i++) {
fx[i] = PQCLEAN_MQDSS64_CLEAN_mod31((gf31)((r[i] >> 15) + (r[i] & 0x7FFF)));
}
}

18
src/sig/mqdss/pqclean_mqdss-64_clean/mq.h Normal file
View File

@ -0,0 +1,18 @@
#ifndef MQDSS_MQ_H
#define MQDSS_MQ_H
#include "gf31.h"
/* Evaluates the MQ function on a vector of N gf31 elements x (expected to be
in reduced 5-bit representation). Expects the coefficients in F to be in
signed representation (i.e. [-15, 15], packed bytewise).
Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS64_CLEAN_MQ(gf31 *fx, const gf31 *x, const signed char *F);
/* Evaluates the bilinear polar form of the MQ function (i.e. G) on a vector of
N gf31 elements x (expected to be in reduced 5-bit representation). Expects
the coefficients in F to be in signed representation (i.e. [-15, 15], packed
bytewise). Outputs M gf31 elements in unique 16-bit representation as fx. */
void PQCLEAN_MQDSS64_CLEAN_G(gf31 *fx, const gf31 *x, const gf31 *y, const signed char *F);
#endif

25
src/sig/mqdss/pqclean_mqdss-64_clean/params.h Normal file
View File

@ -0,0 +1,25 @@
#ifndef MQDSS_PARAMS_H
#define MQDSS_PARAMS_H
#define N 64
#define M N
#define F_LEN (M * (((N * (N + 1)) >> 1) + N)) /* Number of elements in F */
#define ROUNDS 202
/* Number of bytes that N, M and F_LEN elements require when packed into a byte
array, 5-bit elements packed continuously. */
/* Assumes N and M to be multiples of 8 */
#define NPACKED_BYTES ((N * 5) >> 3)
#define MPACKED_BYTES ((M * 5) >> 3)
#define FPACKED_BYTES ((F_LEN * 5) >> 3)
#define HASH_BYTES 48
#define SEED_BYTES 24
#define PK_BYTES (SEED_BYTES + MPACKED_BYTES)
#define SK_BYTES SEED_BYTES
// R, sigma_0, ROUNDS * (t1, r{0,1}, e1, c, rho)
#define SIG_LEN (2 * HASH_BYTES + ROUNDS * (2*NPACKED_BYTES + MPACKED_BYTES + HASH_BYTES + HASH_BYTES))
#endif

384
src/sig/mqdss/pqclean_mqdss-64_clean/sign.c Normal file
View File

@ -0,0 +1,384 @@
#include <assert.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include "api.h"
#include "fips202.h"
#include "gf31.h"
#include "mq.h"
#include "params.h"
#include "randombytes.h"
/* Takes an array of len bytes and computes a hash digest.
This is used as a hash function in the Fiat-Shamir transform. */
static void H(unsigned char *out, const unsigned char *in, const size_t len) {
shake256(out, HASH_BYTES, in, len);
}
/* Takes two arrays of N packed elements and an array of M packed elements,
and computes a HASH_BYTES commitment. */
static void com_0(unsigned char *c,
const unsigned char *rho,
const unsigned char *inn, const unsigned char *inn2,
const unsigned char *inm) {
unsigned char buffer[HASH_BYTES + 2 * NPACKED_BYTES + MPACKED_BYTES];
memcpy(buffer, rho, HASH_BYTES);
memcpy(buffer + HASH_BYTES, inn, NPACKED_BYTES);
memcpy(buffer + HASH_BYTES + NPACKED_BYTES, inn2, NPACKED_BYTES);
memcpy(buffer + HASH_BYTES + 2 * NPACKED_BYTES, inm, MPACKED_BYTES);
shake256(c, HASH_BYTES, buffer, HASH_BYTES + 2 * NPACKED_BYTES + MPACKED_BYTES);
}
/* Takes an array of N packed elements and an array of M packed elements,
and computes a HASH_BYTES commitment. */
static void com_1(unsigned char *c,
const unsigned char *rho,
const unsigned char *inn, const unsigned char *inm) {
unsigned char buffer[HASH_BYTES + NPACKED_BYTES + MPACKED_BYTES];
memcpy(buffer, rho, HASH_BYTES);
memcpy(buffer + HASH_BYTES, inn, NPACKED_BYTES);
memcpy(buffer + HASH_BYTES + NPACKED_BYTES, inm, MPACKED_BYTES);
shake256(c, HASH_BYTES, buffer, HASH_BYTES + NPACKED_BYTES + MPACKED_BYTES);
}
/*
* Generates an MQDSS key pair.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk) {
signed char F[F_LEN];
unsigned char skbuf[SEED_BYTES * 2];
gf31 sk_gf31[N];
gf31 pk_gf31[M];
// Expand sk to obtain a seed for F and the secret input s.
// We also expand to obtain a value for sampling r0, t0 and e0 during
// signature generation, but that is not relevant here.
randombytes(sk, SEED_BYTES);
shake256(skbuf, SEED_BYTES * 2, sk, SEED_BYTES);
memcpy(pk, skbuf, SEED_BYTES);
PQCLEAN_MQDSS64_CLEAN_gf31_nrand_schar(F, F_LEN, pk, SEED_BYTES);
PQCLEAN_MQDSS64_CLEAN_gf31_nrand(sk_gf31, N, skbuf + SEED_BYTES, SEED_BYTES);
PQCLEAN_MQDSS64_CLEAN_MQ(pk_gf31, sk_gf31, F);
PQCLEAN_MQDSS64_CLEAN_vgf31_unique(pk_gf31, pk_gf31);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(pk + SEED_BYTES, pk_gf31, M);
return 0;
}
/**
* Returns an array containing a detached signature.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature(
uint8_t *sig, size_t *siglen,
const uint8_t *m, size_t mlen, const uint8_t *sk) {
signed char F[F_LEN];
unsigned char skbuf[SEED_BYTES * 4];
gf31 pk_gf31[M];
unsigned char pk[SEED_BYTES + MPACKED_BYTES];
// Concatenated for convenient hashing.
unsigned char D_sigma0_h0_sigma1[HASH_BYTES * 3 + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES)];
unsigned char *D = D_sigma0_h0_sigma1;
unsigned char *sigma0 = D_sigma0_h0_sigma1 + HASH_BYTES;
unsigned char *h0 = D_sigma0_h0_sigma1 + 2 * HASH_BYTES;
unsigned char *t1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES;
unsigned char *e1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES + ROUNDS * NPACKED_BYTES;
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
unsigned char h1[((ROUNDS + 7) & ~7) >> 3];
unsigned char rnd_seed[HASH_BYTES + SEED_BYTES];
unsigned char rho[2 * ROUNDS * HASH_BYTES];
unsigned char *rho0 = rho;
unsigned char *rho1 = rho + ROUNDS * HASH_BYTES;
gf31 sk_gf31[N];
gf31 rnd[(2 * N + M) * ROUNDS]; // Concatenated for easy RNG.
gf31 *r0 = rnd;
gf31 *t0 = rnd + N * ROUNDS;
gf31 *e0 = rnd + 2 * N * ROUNDS;
gf31 r1[N * ROUNDS];
gf31 t1[N * ROUNDS];
gf31 e1[M * ROUNDS];
gf31 gx[M * ROUNDS];
unsigned char packbuf0[NPACKED_BYTES];
unsigned char packbuf1[NPACKED_BYTES];
unsigned char packbuf2[MPACKED_BYTES];
unsigned char c[HASH_BYTES * ROUNDS * 2];
gf31 alpha;
int alpha_count = 0;
int b;
int i, j;
shake256incctx state;
shake256(skbuf, SEED_BYTES * 4, sk, SEED_BYTES);
PQCLEAN_MQDSS64_CLEAN_gf31_nrand_schar(F, F_LEN, skbuf, SEED_BYTES);
shake256_inc_init(&state);
shake256_inc_absorb(&state, sk, SEED_BYTES);
shake256_inc_absorb(&state, m, mlen);
shake256_inc_finalize(&state);
shake256_inc_squeeze(sig, HASH_BYTES, &state); // Compute R.
memcpy(pk, skbuf, SEED_BYTES);
PQCLEAN_MQDSS64_CLEAN_gf31_nrand(sk_gf31, N, skbuf + SEED_BYTES, SEED_BYTES);
PQCLEAN_MQDSS64_CLEAN_MQ(pk_gf31, sk_gf31, F);
PQCLEAN_MQDSS64_CLEAN_vgf31_unique(pk_gf31, pk_gf31);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(pk + SEED_BYTES, pk_gf31, M);
shake256_inc_init(&state);
shake256_inc_absorb(&state, pk, PK_BYTES);
shake256_inc_absorb(&state, sig, HASH_BYTES);
shake256_inc_absorb(&state, m, mlen);
shake256_inc_finalize(&state);
shake256_inc_squeeze(D, HASH_BYTES, &state);
sig += HASH_BYTES; // Compensate for prefixed R.
memcpy(rnd_seed, skbuf + 2 * SEED_BYTES, SEED_BYTES);
memcpy(rnd_seed + SEED_BYTES, D, HASH_BYTES);
shake256(rho, 2 * ROUNDS * HASH_BYTES, rnd_seed, SEED_BYTES + HASH_BYTES);
memcpy(rnd_seed, skbuf + 3 * SEED_BYTES, SEED_BYTES);
memcpy(rnd_seed + SEED_BYTES, D, HASH_BYTES);
PQCLEAN_MQDSS64_CLEAN_gf31_nrand(rnd, (2 * N + M) * ROUNDS, rnd_seed, SEED_BYTES + HASH_BYTES);
for (i = 0; i < ROUNDS; i++) {
for (j = 0; j < N; j++) {
r1[j + i * N] = (gf31)(31 + sk_gf31[j] - r0[j + i * N]);
}
PQCLEAN_MQDSS64_CLEAN_G(gx + i * M, t0 + i * N, r1 + i * N, F);
}
for (i = 0; i < ROUNDS * M; i++) {
gx[i] = (gf31)(gx[i] + e0[i]);
}
for (i = 0; i < ROUNDS; i++) {
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf0, r0 + i * N, N);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf1, t0 + i * N, N);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf2, e0 + i * M, M);
com_0(c + HASH_BYTES * (2 * i + 0), rho0 + i * HASH_BYTES, packbuf0, packbuf1, packbuf2);
PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(r1 + i * N, r1 + i * N);
PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(gx + i * M, gx + i * M);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf0, r1 + i * N, N);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf1, gx + i * M, M);
com_1(c + HASH_BYTES * (2 * i + 1), rho1 + i * HASH_BYTES, packbuf0, packbuf1);
}
H(sigma0, c, HASH_BYTES * ROUNDS * 2); // Compute sigma_0.
shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES);
shake256_squeezeblocks(shakeblock, 1, &shakestate);
memcpy(h0, shakeblock, HASH_BYTES);
memcpy(sig, sigma0, HASH_BYTES);
sig += HASH_BYTES; // Compensate for sigma_0.
for (i = 0; i < ROUNDS; i++) {
do {
alpha = shakeblock[alpha_count] & 31;
alpha_count++;
if (alpha_count == SHAKE256_RATE) {
alpha_count = 0;
shake256_squeezeblocks(shakeblock, 1, &shakestate);
}
} while (alpha == 31);
for (j = 0; j < N; j++) {
t1[i * N + j] = (gf31)(alpha * r0[j + i * N] - t0[j + i * N] + 31);
}
PQCLEAN_MQDSS64_CLEAN_MQ(e1 + i * M, r0 + i * N, F);
for (j = 0; j < N; j++) {
e1[i * N + j] = (gf31)(alpha * e1[j + i * M] - e0[j + i * M] + 31);
}
PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(t1 + i * N, t1 + i * N);
PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(e1 + i * N, e1 + i * N);
}
PQCLEAN_MQDSS64_CLEAN_gf31_npack(t1packed, t1, N * ROUNDS);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(e1packed, e1, M * ROUNDS);
memcpy(sig, t1packed, NPACKED_BYTES * ROUNDS);
sig += NPACKED_BYTES * ROUNDS;
memcpy(sig, e1packed, MPACKED_BYTES * ROUNDS);
sig += MPACKED_BYTES * ROUNDS;
shake256(h1, ((ROUNDS + 7) & ~7) >> 3, D_sigma0_h0_sigma1, 3 * HASH_BYTES + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES));
for (i = 0; i < ROUNDS; i++) {
b = (h1[(i >> 3)] >> (i & 7)) & 1;
if (b == 0) {
PQCLEAN_MQDSS64_CLEAN_gf31_npack(sig, r0 + i * N, N);
} else if (b == 1) {
PQCLEAN_MQDSS64_CLEAN_gf31_npack(sig, r1 + i * N, N);
}
memcpy(sig + NPACKED_BYTES, c + HASH_BYTES * (2 * i + (1 - b)), HASH_BYTES);
memcpy(sig + NPACKED_BYTES + HASH_BYTES, rho + (i + b * ROUNDS) * HASH_BYTES, HASH_BYTES);
sig += NPACKED_BYTES + 2 * HASH_BYTES;
}
*siglen = SIG_LEN;
return 0;
}
/**
* Verifies a detached signature and message under a given public key.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify(
const uint8_t *sig, size_t siglen,
const uint8_t *m, size_t mlen, const uint8_t *pk) {
gf31 r[N];
gf31 t[N];
gf31 e[M];
signed char F[F_LEN];
gf31 pk_gf31[M];
// Concatenated for convenient hashing.
unsigned char D_sigma0_h0_sigma1[HASH_BYTES * 3 + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES)];
unsigned char *D = D_sigma0_h0_sigma1;
unsigned char *sigma0 = D_sigma0_h0_sigma1 + HASH_BYTES;
unsigned char *h0 = D_sigma0_h0_sigma1 + 2 * HASH_BYTES;
unsigned char *t1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES;
unsigned char *e1packed = D_sigma0_h0_sigma1 + 3 * HASH_BYTES + ROUNDS * NPACKED_BYTES;
unsigned char h1[((ROUNDS + 7) & ~7) >> 3];
unsigned char c[HASH_BYTES * ROUNDS * 2];
memset(c, 0, HASH_BYTES * 2);
gf31 x[N];
gf31 y[M];
gf31 z[M];
unsigned char packbuf0[NPACKED_BYTES];
unsigned char packbuf1[MPACKED_BYTES];
shake256ctx shakestate;
unsigned char shakeblock[SHAKE256_RATE];
int i, j;
gf31 alpha;
int alpha_count = 0;
int b;
shake256incctx state;
if (siglen != SIG_LEN) {
return -1;
}
shake256_inc_init(&state);
shake256_inc_absorb(&state, pk, PK_BYTES);
shake256_inc_absorb(&state, sig, HASH_BYTES);
shake256_inc_absorb(&state, m, mlen);
shake256_inc_finalize(&state);
shake256_inc_squeeze(D, HASH_BYTES, &state);
sig += HASH_BYTES;
PQCLEAN_MQDSS64_CLEAN_gf31_nrand_schar(F, F_LEN, pk, SEED_BYTES);
pk += SEED_BYTES;
PQCLEAN_MQDSS64_CLEAN_gf31_nunpack(pk_gf31, pk, M);
memcpy(sigma0, sig, HASH_BYTES);
shake256_absorb(&shakestate, D_sigma0_h0_sigma1, 2 * HASH_BYTES);
shake256_squeezeblocks(shakeblock, 1, &shakestate);
memcpy(h0, shakeblock, HASH_BYTES);
sig += HASH_BYTES;
memcpy(t1packed, sig, ROUNDS * NPACKED_BYTES);
sig += ROUNDS * NPACKED_BYTES;
memcpy(e1packed, sig, ROUNDS * MPACKED_BYTES);
sig += ROUNDS * MPACKED_BYTES;
shake256(h1, ((ROUNDS + 7) & ~7) >> 3, D_sigma0_h0_sigma1, 3 * HASH_BYTES + ROUNDS * (NPACKED_BYTES + MPACKED_BYTES));
for (i = 0; i < ROUNDS; i++) {
do {
alpha = shakeblock[alpha_count] & 31;
alpha_count++;
if (alpha_count == SHAKE256_RATE) {
alpha_count = 0;
shake256_squeezeblocks(shakeblock, 1, &shakestate);
}
} while (alpha == 31);
b = (h1[(i >> 3)] >> (i & 7)) & 1;
PQCLEAN_MQDSS64_CLEAN_gf31_nunpack(r, sig, N);
PQCLEAN_MQDSS64_CLEAN_gf31_nunpack(t, t1packed + NPACKED_BYTES * i, N);
PQCLEAN_MQDSS64_CLEAN_gf31_nunpack(e, e1packed + MPACKED_BYTES * i, M);
if (b == 0) {
PQCLEAN_MQDSS64_CLEAN_MQ(y, r, F);
for (j = 0; j < N; j++) {
x[j] = (gf31)(alpha * r[j] - t[j] + 31);
}
for (j = 0; j < N; j++) {
y[j] = (gf31)(alpha * y[j] - e[j] + 31);
}
PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(x, x);
PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(y, y);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf0, x, N);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf1, y, M);
com_0(c + HASH_BYTES * (2 * i + 0), sig + HASH_BYTES + NPACKED_BYTES, sig, packbuf0, packbuf1);
} else {
PQCLEAN_MQDSS64_CLEAN_MQ(y, r, F);
PQCLEAN_MQDSS64_CLEAN_G(z, t, r, F);
for (j = 0; j < N; j++) {
y[j] = (gf31)(alpha * (31 + pk_gf31[j] - y[j]) - z[j] - e[j] + 62);
}
PQCLEAN_MQDSS64_CLEAN_vgf31_shorten_unique(y, y);
PQCLEAN_MQDSS64_CLEAN_gf31_npack(packbuf0, y, M);
com_1(c + HASH_BYTES * (2 * i + 1), sig + HASH_BYTES + NPACKED_BYTES, sig, packbuf0);
}
memcpy(c + HASH_BYTES * (2 * i + (1 - b)), sig + NPACKED_BYTES, HASH_BYTES);
sig += NPACKED_BYTES + 2 * HASH_BYTES;
}
H(c, c, HASH_BYTES * ROUNDS * 2);
if (memcmp(c, sigma0, HASH_BYTES) != 0) {
return -1;
}
return 0;
}
/**
* Returns an array containing the signature followed by the message.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign(
uint8_t *sm, size_t *smlen,
const uint8_t *m, size_t mlen, const uint8_t *sk) {
size_t siglen;
PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature(
sm, &siglen, m, mlen, sk);
memmove(sm + SIG_LEN, m, mlen);
*smlen = siglen + mlen;
return 0;
}
/**
* Verifies a given signature-message pair under a given public key.
*/
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_open(
uint8_t *m, size_t *mlen,
const uint8_t *sm, size_t smlen, const uint8_t *pk) {
/* The API caller does not necessarily know what size a signature should be
but MQDSS signatures are always exactly SIG_LEN. */
if (smlen < SIG_LEN) {
memset(m, 0, smlen);
*mlen = 0;
return -1;
}
*mlen = smlen - SIG_LEN;
if (PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify(
sm, SIG_LEN, sm + SIG_LEN, *mlen, pk)) {
memset(m, 0, smlen);
*mlen = 0;
return -1;
}
/* If verification was successful, move the message to the right place. */
memmove(m, sm + SIG_LEN, *mlen);
return 0;
}

28
src/sig/mqdss/sig_mqdss.h Normal file
View File

@ -0,0 +1,28 @@
#ifndef __OQS_SIG_MQDSS_H
#define __OQS_SIG_MQDSS_H
#include <oqs/oqs.h>
#ifdef OQS_ENABLE_SIG_mqdss_31_48
#define OQS_SIG_mqdss_31_48_length_public_key 46
#define OQS_SIG_mqdss_31_48_length_secret_key 16
#define OQS_SIG_mqdss_31_48_length_signature 20854
OQS_SIG *OQS_SIG_mqdss_31_48_new();
OQS_API OQS_STATUS OQS_SIG_mqdss_31_48_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_mqdss_31_48_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_mqdss_31_48_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
#endif
#ifdef OQS_ENABLE_SIG_mqdss_31_64
#define OQS_SIG_mqdss_31_64_length_public_key 64
#define OQS_SIG_mqdss_31_64_length_secret_key 24
#define OQS_SIG_mqdss_31_64_length_signature 43728
OQS_SIG *OQS_SIG_mqdss_31_64_new();
OQS_API OQS_STATUS OQS_SIG_mqdss_31_64_keypair(uint8_t *public_key, uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_mqdss_31_64_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key);
OQS_API OQS_STATUS OQS_SIG_mqdss_31_64_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key);
#endif
#endif

44
src/sig/mqdss/sig_mqdss_31_48.c Normal file
View File

@ -0,0 +1,44 @@
#include <stdlib.h>
#include <oqs/sig_mqdss.h>
#ifdef OQS_ENABLE_SIG_mqdss_31_48
OQS_SIG *OQS_SIG_mqdss_31_48_new() {
OQS_SIG *sig = malloc(sizeof(OQS_SIG));
if (sig == NULL) {
return NULL;
}
sig->method_name = OQS_SIG_alg_mqdss_31_48;
sig->alg_version = "https://github.com/joostrijneveld/MQDSS/commit/0c64d4d67a37051c1299a3049a5bb8984ca27ecc";
sig->claimed_nist_level = 1;
sig->euf_cma = true;
sig->length_public_key = OQS_SIG_mqdss_31_48_length_public_key;
sig->length_secret_key = OQS_SIG_mqdss_31_48_length_secret_key;
sig->length_signature = OQS_SIG_mqdss_31_48_length_signature;
sig->keypair = OQS_SIG_mqdss_31_48_keypair;
sig->sign = OQS_SIG_mqdss_31_48_sign;
sig->verify = OQS_SIG_mqdss_31_48_verify;
return sig;
}
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk);
int PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk);
OQS_API OQS_STATUS OQS_SIG_mqdss_31_48_keypair(uint8_t *public_key, uint8_t *secret_key) {
return (OQS_STATUS) PQCLEAN_MQDSS48_CLEAN_crypto_sign_keypair(public_key, secret_key);
}
OQS_API OQS_STATUS OQS_SIG_mqdss_31_48_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) {
return (OQS_STATUS) PQCLEAN_MQDSS48_CLEAN_crypto_sign_signature(signature, signature_len, message, message_len, secret_key);
}
OQS_API OQS_STATUS OQS_SIG_mqdss_31_48_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) {
return (OQS_STATUS) PQCLEAN_MQDSS48_CLEAN_crypto_sign_verify(signature, signature_len, message, message_len, public_key);
}
#endif

44
src/sig/mqdss/sig_mqdss_31_64.c Normal file
View File

@ -0,0 +1,44 @@
#include <stdlib.h>
#include <oqs/sig_mqdss.h>
#ifdef OQS_ENABLE_SIG_mqdss_31_64
OQS_SIG *OQS_SIG_mqdss_31_64_new() {
OQS_SIG *sig = malloc(sizeof(OQS_SIG));
if (sig == NULL) {
return NULL;
}
sig->method_name = OQS_SIG_alg_mqdss_31_64;
sig->alg_version = "https://github.com/joostrijneveld/MQDSS/commit/0c64d4d67a37051c1299a3049a5bb8984ca27ecc";
sig->claimed_nist_level = 3;
sig->euf_cma = true;
sig->length_public_key = OQS_SIG_mqdss_31_64_length_public_key;
sig->length_secret_key = OQS_SIG_mqdss_31_64_length_secret_key;
sig->length_signature = OQS_SIG_mqdss_31_64_length_signature;
sig->keypair = OQS_SIG_mqdss_31_64_keypair;
sig->sign = OQS_SIG_mqdss_31_64_sign;
sig->verify = OQS_SIG_mqdss_31_64_verify;
return sig;
}
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t mlen, const uint8_t *sk);
int PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size_t mlen, const uint8_t *pk);
OQS_API OQS_STATUS OQS_SIG_mqdss_31_64_keypair(uint8_t *public_key, uint8_t *secret_key) {
return (OQS_STATUS) PQCLEAN_MQDSS64_CLEAN_crypto_sign_keypair(public_key, secret_key);
}
OQS_API OQS_STATUS OQS_SIG_mqdss_31_64_sign(uint8_t *signature, size_t *signature_len, const uint8_t *message, size_t message_len, const uint8_t *secret_key) {
return (OQS_STATUS) PQCLEAN_MQDSS64_CLEAN_crypto_sign_signature(signature, signature_len, message, message_len, secret_key);
}
OQS_API OQS_STATUS OQS_SIG_mqdss_31_64_verify(const uint8_t *message, size_t message_len, const uint8_t *signature, size_t signature_len, const uint8_t *public_key) {
return (OQS_STATUS) PQCLEAN_MQDSS64_CLEAN_crypto_sign_verify(signature, signature_len, message, message_len, public_key);
}
#endif

13
src/sig/sig.c
View File

@ -14,6 +14,7 @@ OQS_API const char *OQS_SIG_alg_identifier(size_t i) {
OQS_SIG_alg_default,
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_ALG_IDENTIFIER_START
OQS_SIG_alg_dilithium_2, OQS_SIG_alg_dilithium_3, OQS_SIG_alg_dilithium_4,
OQS_SIG_alg_mqdss_31_48, OQS_SIG_alg_mqdss_31_64,
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_ALG_IDENTIFIER_END
OQS_SIG_alg_picnic_L1_FS, OQS_SIG_alg_picnic_L1_UR, OQS_SIG_alg_picnic_L3_FS, OQS_SIG_alg_picnic_L3_UR, OQS_SIG_alg_picnic_L5_FS, OQS_SIG_alg_picnic_L5_UR, OQS_SIG_alg_picnic2_L1_FS, OQS_SIG_alg_picnic2_L3_FS, OQS_SIG_alg_picnic2_L5_FS,
OQS_SIG_alg_qTESLA_I, OQS_SIG_alg_qTESLA_III_size, OQS_SIG_alg_qTESLA_III_speed};
@ -52,6 +53,18 @@ OQS_API OQS_SIG *OQS_SIG_new(const char *method_name) {
return OQS_SIG_dilithium_4_new();
#else
return NULL;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_mqdss_31_48)) {
#ifdef OQS_ENABLE_SIG_mqdss_31_48
return OQS_SIG_mqdss_31_48_new();
#else
return NULL;
#endif
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_mqdss_31_64)) {
#ifdef OQS_ENABLE_SIG_mqdss_31_64
return OQS_SIG_mqdss_31_64_new();
#else
return NULL;
#endif
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_NEW_CASE_END
} else if (0 == strcasecmp(method_name, OQS_SIG_alg_picnic_L1_FS)) {

7
src/sig/sig.h
View File

@ -62,11 +62,15 @@ extern "C" {
#define OQS_SIG_alg_dilithium_3 "DILITHIUM_3"
/** Algorithm identifier for DILITHIUM_4 */
#define OQS_SIG_alg_dilithium_4 "DILITHIUM_4"
/** Algorithm identifier for MQDSS-31-48 */
#define OQS_SIG_alg_mqdss_31_48 "MQDSS-31-48"
/** Algorithm identifier for MQDSS-31-64 */
#define OQS_SIG_alg_mqdss_31_64 "MQDSS-31-64"
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_ALG_IDENTIFIER_END
// EDIT-WHEN-ADDING-SIG
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_ALGS_LENGTH_START
/** Number of algorithm identifiers above (including default). */
#define OQS_SIG_algs_length 16
#define OQS_SIG_algs_length 18
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_ALGS_LENGTH_END
/**
@ -231,6 +235,7 @@ OQS_API void OQS_SIG_free(OQS_SIG *sig);
#include <oqs/sig_qtesla.h>
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_INCLUDE_START
#include <oqs/sig_dilithium.h>
#include <oqs/sig_mqdss.h>
///// OQS_COPY_FROM_PQCLEAN_FRAGMENT_INCLUDE_END
// EDIT-WHEN-ADDING-SIG