diff --git a/.gitignore b/.gitignore index 29dbe12dd..c37e5cc93 100644 --- a/.gitignore +++ b/.gitignore @@ -36,9 +36,6 @@ include /test_sig /test_rand /test_aes -benchmark_lowmc -pp_matrices -precomputed_data # Debug files *.dSYM/ @@ -61,7 +58,12 @@ VisualStudio/**/*.user # External sources external -src/sig_picnic/external +src/sig_picnic/external/build/** +/temp/ + +# Travis files +cmake-3.8.0.tar.gz +cmake-3.8.0/** #Autotools autom4te.cache diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000..de05b1302 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "picnic"] + path = src/sig_picnic/external + url = https://github.com/IAIK/Picnic.git diff --git a/.travis-tests.sh b/.travis-tests.sh index 3c2eca5bc..828782a9f 100755 --- a/.travis-tests.sh +++ b/.travis-tests.sh @@ -54,9 +54,10 @@ if [[ ${ENABLE_KEX_SIDH_CLN16} == 0 ]];then enable_disable_str+=" --disable-kex-sidh-cln16" fi -./download-and-setup-picnic.sh -if [[ ! -z "${M4RI_DIR// }" ]];then - enable_disable_str+=" --with-m4ri-dir=${M4RI_DIR}" +if [[ ${ENABLE_SIG_PICNIC} == 0 ]];then + enable_disable_str+=" --disable-sig-picnic" +else + cd src/sig_picnic;sh ./build_picnic.sh;cd ../..; fi if [[ ${ENABLE_KEX_RLWE_NEWHOPE_AVX2} == 1 ]];then diff --git a/.travis.yml b/.travis.yml index 1fddcbe7e..90a44a75c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,20 +11,21 @@ matrix: - ENABLE_KEX_LWE_FRODO=0 - ENABLE_KEX_MLWE_KYBER=0 - ENABLE_KEX_SIDH_CLN16=0 - - USE_PICNIC=1 + - ENABLE_SIG_PICNIC=0 - USE_OPENSSL=1 - ENABLE_KEX_RLWE_NEWHOPE_AVX2=1 addons: apt: sources: - ubuntu-toolchain-r-test - packages: - - libm4ri-dev before_install: - sh .travis/install-clang-format-linux.sh + - sh .travis/install_cmake3_8.sh - os: linux compiler: gcc - env: CC_OQS=gcc-4.9 + env: + - CC_OQS=gcc-4.9 + - ENABLE_SIG_PICNIC=0 addons: apt: sources: @@ -33,6 +34,7 @@ matrix: - gcc-4.9 before_install: - sh .travis/install-clang-format-linux.sh + - sh .travis/install_cmake3_8.sh - os: linux compiler: gcc env: CC_OQS=gcc-5 @@ -44,6 +46,7 @@ matrix: - gcc-5 before_install: - sh .travis/install-clang-format-linux.sh + - sh .travis/install_cmake3_8.sh - os: linux compiler: gcc env: @@ -58,6 +61,7 @@ matrix: - libssl-dev before_install: - sh .travis/install-clang-format-linux.sh + - sh .travis/install_cmake3_8.sh - os: osx compiler: clang env: @@ -75,13 +79,10 @@ matrix: - OPENSSL_DIR=/usr/local/opt/openssl # openssl is a keg-only package - ENABLE_CODE_MCBITS=1 - ENABLE_SIDH_IQC_REF=1 - - USE_PICNIC=1 - - M4RI_DIR=/usr/local/ before_install: - brew update - brew install libsodium - brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/0c4314c499576b28e4c082b591228a8f940954c0/Formula/clang-format.rb - - brew install homebrew/science/m4ri script: - ./.travis-tests.sh diff --git a/.travis/banned-functions-check.sh b/.travis/banned-functions-check.sh deleted file mode 100755 index 48ae7e214..000000000 --- a/.travis/banned-functions-check.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -retvalue=0 - -if [[ $(find . -name '*.[ch]' -exec grep -H bzero {} \;) ]]; -then - tput setaf 1; - echo "Code uses banned functions (bzero)."; - tput sgr 0 - retvalue=1; -fi; - -# can add more checks here by copying the above code block - -if [[ $retvalue == 0 ]]; -then - tput setaf 2; - echo "Code does not use banned functions."; - tput sgr 0 -fi; - -exit $retvalue; diff --git a/.travis/global-namespace-check.sh b/.travis/global-namespace-check.sh index fbb403607..aee73d46c 100755 --- a/.travis/global-namespace-check.sh +++ b/.travis/global-namespace-check.sh @@ -1,11 +1,11 @@ #!/bin/bash -if [[ $(nm -g liboqs.a | grep ' T ' | grep -E -v -i ' T [_]?[OQS|ntru]') ]]; +if [[ $(nm -g liboqs.a | grep ' T ' | grep -E -v -i ' T [_]?[OQS|ntru|picnic|Keccak]') ]]; then tput setaf 1; echo "Code contains the following non-namespaced global symbols; see https://github.com/open-quantum-safe/liboqs/wiki/Coding-conventions for function naming conventions."; tput sgr 0 - nm -g liboqs.a | grep ' T ' | grep -E -v -i ' T [_]?[OQS|ntru]' + nm -g liboqs.a | grep ' T ' | grep -E -v -i ' T [_]?[OQS|ntru|picnic|Keccak]' exit 1; else tput setaf 2; diff --git a/.travis/install_cmake3_8.sh b/.travis/install_cmake3_8.sh new file mode 100755 index 000000000..cd4c86c8d --- /dev/null +++ b/.travis/install_cmake3_8.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +echo "Installing CMake 3.8 ..." +wget http://www.cmake.org/files/v3.8/cmake-3.8.0.tar.gz +tar zxf cmake-3.8.0.tar.gz +cd cmake-3.8.0 +./configure > /dev/null 2>&1 +make > /dev/null 2>&1 +sudo make install > /dev/null 2>&1 +echo "Done installing CMake 3.8" diff --git a/.travis/style-check.sh b/.travis/style-check.sh index 06f520550..01de315ab 100755 --- a/.travis/style-check.sh +++ b/.travis/style-check.sh @@ -1,6 +1,7 @@ #!/bin/bash -modified=$(git status -s) +# see what has been modified (ignoring submodules because they are likely patched) +modified=$(git status -s --ignore-submodules) if [ "$modified" ]; then tput setaf 1; @@ -17,7 +18,7 @@ else CLANGFORMAT=clang-format-3.9 make prettyprint fi; -modified=$(git status -s) +modified=$(git status -s --ignore-submodules) if [[ ${ENABLE_KEX_RLWE_NEWHOPE_AVX2} == 1 ]];then modified=$(echo $modified | grep -v "kex_rlwe_newhope/avx2" | grep -v "Makefile.am" | grep -v "avx2/kex*") diff --git a/Makefile.am b/Makefile.am index 3a168e88e..ac600267e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,7 +12,7 @@ CLANGFORMAT ?= clang-format-3.9 SUBDIRS = ${SRCDIR} BUILT_SOURCES = links -lib_LTLIBRARIES = liboqs.la +lib_LTLIBRARIES = liboqs.la libmerge_external.la liboqs_la_SOURCES = liboqs_la_LIBADD = src/common/libcommon.la liboqs_la_LIBADD += src/crypto/aes/libaes.la @@ -53,7 +53,9 @@ if USE_SIDH_IQC liboqs_la_LIBADD += src/kex_sidh_iqc_ref/libsidhiqc.la endif -#liboqs_la_LIBADD += src/sig_picnic/libpicnic.la +if USE_SIG_PICNIC +liboqs_la_LIBADD += src/sig_picnic/libpicnic_i.la +endif installheaderdir=$(includedir)/oqs installheader_HEADERS=config.h \ @@ -64,7 +66,7 @@ installheader_HEADERS=config.h \ src/crypto/rand_urandom_chacha20/rand_urandom_chacha20.h \ src/crypto/sha3/sha3.h \ src/kex/kex.h \ - src/kex_lwe_frodo/kex_lwe_frodo.h \ + src/kex_lwe_frodo/kex_lwe_frodo.h \ src/kex_mlwe_kyber/kex_mlwe_kyber.h \ src/kex_ntru/kex_ntru.h \ src/kex_rlwe_bcns15/kex_rlwe_bcns15.h \ @@ -97,10 +99,15 @@ endif noinst_bin_PROGRAMS = test_rand test_kex test_aes -if USE_OPENSSL -#noinst_bin_PROGRAMS += pp_matrices test_sig +libmerge_external.la: +if USE_SIG_PICNIC + mkdir -p temp && cp liboqs.a temp/ && cp src/sig_picnic/external/build/libpicnic_static.a temp/ + cd temp && ar x liboqs.a && ar x libpicnic_static.a && ar cr liboqs.a *.o && ranlib liboqs.a && mv liboqs.a ../.libs + cd .. && rm -rf temp endif +noinst_bin_PROGRAMS = test_rand test_kex test_aes test_sig + noinst_bindir=$(prefix)/tests test_kex_LDADD = liboqs.la -lm test_kex_SOURCES = src/kex/test_kex.c @@ -116,18 +123,12 @@ if USE_SIDH_IQC test_kex_LDADD += -L$(GMP_DIR)/lib -lgmp endif +test_sig_LDADD = liboqs.la -lm +test_sig_SOURCES = src/sig/test_sig.c +test_sig_CPPFLAGS = -I./include +test_sig_CPPFLAGS += $(AM_CPPFLAGS) if USE_OPENSSL -#test_sig_LDADD = liboqs.la -lm -#test_sig_SOURCES = src/sig/test_sig.c -#test_sig_CPPFLAGS = -I${OPENSSL_DIR}/include -I./include -#test_sig_CPPFLAGS += $(AM_CPPFLAGS) -#test_sig_LDADD += -L${OPENSSL_DIR}/lib -lssl -lcrypto - -#pp_matrices_LDADD = liboqs.la -lm -#pp_matrices_SOURCES = src/sig_picnic/external/Picnic-master/preprocessMatrices.c -#pp_matrices_CPPFLAGS = -std=c99 -I${OPENSSL_DIR}/include -I${M4RI_DIR}/include/m4ri -I./include -#pp_matrices_CPPFLAGS += $(AM_CPPFLAGS) -#pp_matrices_LDADD += -L${OPENSSL_DIR}/lib -L${M4RI_DIR}/lib -lssl -lcrypto -lm4ri +test_sig_LDADD += -L$(OPENSSL_DIR)/lib -lcrypto endif test_aes_LDADD = liboqs.la -lm @@ -157,12 +158,7 @@ test: clean-tests ./test_kex --quiet ./test_rand --quiet ./test_aes -if USE_OPENSSL -# mkdir -p precomputed_data -# ./pp_matrices -# ./test_sig -endif - + ./test_sig links: $(MKDIR_P) include/oqs @@ -187,9 +183,7 @@ endif cp -f src/kex_sidh_cln16/kex_sidh_cln16.h include/oqs cp -f src/kex_mlwe_kyber/kex_mlwe_kyber.h include/oqs cp -f src/sig/sig.h include/oqs -if USE_OPENSSL - cp -f src/sig_picnic/external/Picnic-master/picnic.h include/oqs -endif + cp -f src/sig_picnic/sig_picnic.h include/oqs $(LN_S) -f .libs/liboqs.a if USE_MCBITS cp -f src/kex_code_mcbits/kex_code_mcbits.h include/oqs @@ -198,7 +192,6 @@ if USE_SIDH_IQC cp -f src/kex_sidh_iqc_ref/kex_sidh_iqc_ref.h include/oqs $(LN_S) -f src/kex_sidh_iqc_ref/sample_params endif - $(LN_S) -f ../../src/sig_picnic/sig_picnic.h include/oqs clean-local: rm -f liboqs.a @@ -206,16 +199,13 @@ clean-local: if USE_SIDH_IQC rm -f sample_params endif + + clean-tests: - rm -f test_kex test_rand test_aes -if USE_OPENSSL -# rm -f test_sig -# rm -f pp_matrices -# rm -rf precomputed_data -endif + rm -f test_kex test_rand test_aes test_sig prettyprint: - find src -name '*.c' -o -name '*.h' | grep -v Picnic* | grep -v "kex_rlwe_newhope/avx2" | xargs $(CLANGFORMAT) -style=file -i + find src -name '*.c' -o -name '*.h' | grep -v sig_picnic/external* | grep -v "kex_rlwe_newhope/avx2" | xargs $(CLANGFORMAT) -style=file -i docs: links doxygen diff --git a/README.md b/README.md index f8cf7698a..803867782 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ liboqs currently contains: - `kex_code_mcbits`: "McBits": key exchange from the error correcting codes, specifically Niederreiter's form of McEliece public key encryption using hidden Goppa codes (Bernstein, Chou, Schwabe, *CHES 2013*, [https://eprint.iacr.org/2015/610](https://eprint.iacr.org/2015/610)), using the implementation of McBits from [https://www.win.tue.nl/~tchou/mcbits/](https://www.win.tue.nl/~tchou/mcbits/)) - `kex_ntru`: NTRU: key transport using NTRU public key encryption (Hoffstein, Pipher, Silverman, *ANTS 1998*) with the EES743EP1 parameter set, wrapper around the implementation from the NTRU Open Source project [https://github.com/NTRUOpenSourceProject/NTRUEncrypt](https://github.com/NTRUOpenSourceProject/NTRUEncrypt)) - `kex_mlwe_kyber`: Kyber: a CCA-secure module-lattice-based key exchange mechanism (Bos, Ducas, Kiltz, Lepoint, Lyubashevsky, Schwabe, Shanck, Stehlé, *Real World Crypto 2017*, [https://eprint.iacr.org/2017/634](https://eprint.iacr.org/2017/634)), using the reference C implementation of Kyber from [pq-crystals/kyber](https://github.com/pq-crystals/kyber) -- `sig_picnic`: signature based on zero-knowledge proof as specified in Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives (Melissa Chase and David Derler and Steven Goldfeder and Claudio Orlandi and Sebastian Ramacher and Christian Rechberger and Daniel Slamanig and Greg Zaverucha, [https://eprint.iacr.org/2017/279.pdf](https://eprint.iacr.org/2017/279.pdf)) +- `sig_picnic`: signature based on zero-knowledge proof as specified in Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives (Melissa Chase and David Derler and Steven Goldfeder and Claudio Orlandi and Sebastian Ramacher and Christian Rechberger and Daniel Slamanig and Greg Zaverucha, [https://eprint.iacr.org/2017/279.pdf](https://eprint.iacr.org/2017/279.pdf)), using the optimized implemenation from [https://github.com/IAIK/Picnic](https://github.com/IAIK/Picnic) Detailed information about each algorithm and implementations can be found in the [docs/Algorithm data sheets](https://github.com/open-quantum-safe/liboqs/tree/master/docs/Algorithm%20data%20sheets) directory. @@ -44,19 +44,19 @@ Builds have been tested on Mac OS X 10.11.6, macOS 10.12.5, Ubuntu 16.04.1. ### Install dependencies for macOS -You need to install `autoconf`, `automake` and `libtool`: +You need to install autoconf, automake, cmake, and libtool: - brew install autoconf automake libtool + brew install autoconf automake cmake libtool ### Install dependencies for Ubuntu -You need to install autoconf, automake and libtool: +You need to install autoconf, automake, cmake, and libtool: - sudo apt install autoconf automake libtool + sudo apt install autoconf automake cmake libtool ### Building -To build, first clone or download the source from GitHub, then simply type: +To build, first clone (with the --recursive flag) or download the source from GitHub, then simply type: autoreconf -i ./configure @@ -80,6 +80,7 @@ To run the tests, simply type: To run benchmarks, run ./test_kex --bench + ./test_sig --bench To run benchmark only on some ciphers, run @@ -206,15 +207,7 @@ McBits is disabled by default in the Visual Studio build; follow these steps to - Add the sodium "src/include" location to the "Additional Include Directories" in the oqs project C properties. - Add the libsodium library to the "Additional Dependencies" in the `test_kex` project Linker properties. -Picnic is disabled by default in the Visual Studio build; follow these steps to enable it: -- Download the [Picnic library](https://github.com/Microsoft/Picnic/archive/master.zip), unzip it into src\sig\sig_picnic\external. -- Open src\sig_picnic\external\Picnic-master\VisualStudio\picnic.sln, build the library for the desired target. -- Add "ENABLE_PICNIC" the oqs and test_picnic projects' C/C++ Preprocessor Definitions. -- Add "libeay32.lib" and "picnic.lib" to the test_picnic project's Linker Input. -Picnic requires pre-generated parameters to run. They cannot be generated on Windows due to some lib dependencies. They must therefore -be generated externally and imported on the Windows machine; see the Picnic library documentation. Once this is done, before running -the OQS unit tests or other programs using OQS with Picnic enabled, follow this step: -- Add an environment variable PICNIC_PARAMS_PATH containing the path of the pregenerated parameters. +Picnic is not currently supported in the Visual Studio build. Building for Android -------------------- diff --git a/configure.ac b/configure.ac index 0f2fe9b05..317374f4a 100644 --- a/configure.ac +++ b/configure.ac @@ -127,6 +127,10 @@ ARG_DISBL_SET([kex-sidh-cln16], [disable KEX-SIDH-CLN16.]) AM_CONDITIONAL([kex_sidh_cln16], [test "x$kex_sidh_cln16" = xtrue]) AM_CONDITIONAL([USE_KEX_SIDH_CLN16], [test "x$kex_sidh_cln16" = xtrue]) +ARG_DISBL_SET([sig-picnic], [disable SIG-PICNIC.]) +AM_CONDITIONAL([sig_picnic], [test "x$sig_picnic" = xtrue]) +AM_CONDITIONAL([USE_SIG_PICNIC], [test "x$sig_picnic" = xtrue]) + ARG_ENABL_SET([kex-rlwe-newhope-avx2], [enable KEX-RLWE-NEWHOPE-AVX2.]) AM_CONDITIONAL([kex_rlwe_newhope_avx2], [test "x$kex_rlwe_newhope_avx2" = xtrue]) AM_CONDITIONAL([USE_KEX_RLWE_NEWHOPE_AVX2], [test "x$kex_rlwe_newhope_avx2" = xtrue]) @@ -218,8 +222,6 @@ if test x"$kex_sidh_cln16" = x"true"; then AC_DEFINE(ENABLE_KEX_SIDH_CLN16, 1, "Define to 1 when SIDH CLN16 enabled") fi -SRCDIR=${SRCDIR}" src/sig" - # Conditional KEX if test x"$kex_code_mcbits" = x"true"; then SRCDIR=${SRCDIR}" src/kex_code_mcbits" @@ -228,6 +230,18 @@ if test x"$kex_sidh_iqc_ref" = x"true"; then SRCDIR=${SRCDIR}" src/kex_sidh_iqc_ref" fi +# SIG +SRCDIR=${SRCDIR}" src/sig" + +if test x"$sig_picnic" = x"true"; then + SRCDIR=${SRCDIR}" src/sig_picnic" + AM_CPPFLAGS=${AM_CPPFLAGS}" -DENABLE_SIG_PICNIC" + AC_CONFIG_COMMANDS_POST([echo Building Picnic library]) + AC_CONFIG_COMMANDS_POST([cd src/sig_picnic]) + AC_CONFIG_COMMANDS_POST([./build_picnic.sh]) + AC_CONFIG_COMMANDS_POST([cd ../..]) +fi + # Flags AM_CPPFLAGS=${AM_CPPFLAGS}" -g -std=gnu11 -Wno-unused-function -Werror -Wpedantic -Wall -Wextra -DCONSTANT_TIME" if test x"$aes_ni" = x"true"; then @@ -264,6 +278,7 @@ AC_SUBST(USE_KEX_MLWE_KYBER) AC_SUBST(USE_KEX_RLWE_MSRLN16) AC_SUBST(USE_KEX_RLWE_NEWHOPE) AC_SUBST(USE_KEX_SIDH_CLN16) +AC_SUBST(USE_SIG_PICNIC) AC_SUBST(ON_DARWIN) AC_SUBST(X86_64) AC_SUBST(USE_KEX_RLWE_NEWHOPE_AVX2) diff --git a/download-and-setup-picnic.sh b/download-and-setup-picnic.sh deleted file mode 100755 index 7d86d9d1b..000000000 --- a/download-and-setup-picnic.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -mkdir -p src/sig_picnic/external -cd src/sig_picnic/external -wget https://github.com/Microsoft/Picnic/archive/master.zip -unzip master -cd Picnic-master - - diff --git a/src/sig/sig.c b/src/sig/sig.c index 3fbd7ac1b..bc6d49cb1 100644 --- a/src/sig/sig.c +++ b/src/sig/sig.c @@ -1,7 +1,7 @@ #include #include #include -#ifdef ENABLE_PICNIC +#ifdef ENABLE_SIG_PICNIC #include #endif @@ -17,14 +17,14 @@ OQS_SIG *OQS_SIG_new(OQS_RAND *rand, enum OQS_SIG_algid algid) { s->rand = rand; switch (algid) { -#ifdef ENABLE_PICNIC +#ifdef ENABLE_SIG_PICNIC + case OQS_SIG_picnic_L1_FS: + case OQS_SIG_picnic_L1_UR: + case OQS_SIG_picnic_L3_FS: + case OQS_SIG_picnic_L3_UR: + case OQS_SIG_picnic_L5_FS: + case OQS_SIG_picnic_L5_UR: case OQS_SIG_picnic_default: - case OQS_SIG_picnic_42_14_FS: - case OQS_SIG_picnic_42_14_UR: - case OQS_SIG_picnic_1_316_FS: - case OQS_SIG_picnic_1_316_UR: - case OQS_SIG_picnic_10_38_FS: - case OQS_SIG_picnic_10_38_UR: if (OQS_SIG_picnic_get(s, algid) != OQS_SUCCESS) { free(s); return NULL; @@ -67,6 +67,5 @@ void OQS_SIG_free(OQS_SIG *s) { if (s == NULL) { return; } - s->shutdown(s); free(s); } diff --git a/src/sig/sig.h b/src/sig/sig.h index c562eb2ab..60d9199dc 100644 --- a/src/sig/sig.h +++ b/src/sig/sig.h @@ -12,18 +12,19 @@ /** * Supported signature algorithms. - * Note: the Picnic algs are not wrapped with a ENABLE_PICNIC + * Note: the Picnic algs are not wrapped with a ENABLE_SIG_PICNIC * to avoid forcing calling apps to define the macro. The library * compiled without the macro fails if these algid are requested. */ enum OQS_SIG_algid { - OQS_SIG_picnic_default, // equivalent to OQS_SIG_picnic_10_38_FS - OQS_SIG_picnic_42_14_FS, // LowMC with Fiat-Shamir balanced number of s-boxes (42) and rounds (14). - OQS_SIG_picnic_42_14_UR, // LowMC with Unruh balanced number of s-boxes (42) and rounds (14). */ - OQS_SIG_picnic_1_316_FS, // LowMC with Fiat-Shamir and a small number of s-boxes (1) with a large number of rounds (316). */ - OQS_SIG_picnic_1_316_UR, // LowMC with Unruh and a small number of s-boxes (1) with a large number of rounds (316). */ - OQS_SIG_picnic_10_38_FS, // LowMC with Fiat-Shamir balanced number of s-boxes (10) and rounds (38). */ - OQS_SIG_picnic_10_38_UR, // LowMC with Unruh balanced number of s-boxes (10) and rounds (38). */ + /* Picnic sig algs */ + OQS_SIG_picnic_default, // equivalent to OQS_SIG_picnic_L1_FS + OQS_SIG_picnic_L1_FS, + OQS_SIG_picnic_L1_UR, + OQS_SIG_picnic_L3_FS, + OQS_SIG_picnic_L3_UR, + OQS_SIG_picnic_L5_FS, + OQS_SIG_picnic_L5_UR, }; /** @@ -109,14 +110,6 @@ struct OQS_SIG { @return OQS_SUCCESS on success, or OQS_ERROR on failure. */ int (*verify)(const OQS_SIG *s, const uint8_t *pub, const uint8_t *msg, const size_t msg_len, const uint8_t *sig, const size_t sig_len); - - /** - * Shuts down the algorithm library. - * - * @param s The signature structure. - @return OQS_SUCCESS on success, or OQS_ERROR on failure. - */ - int (*shutdown)(OQS_SIG *s); }; /** diff --git a/src/sig/test_sig.c b/src/sig/test_sig.c index 5ee7b19cc..350727886 100644 --- a/src/sig/test_sig.c +++ b/src/sig/test_sig.c @@ -24,14 +24,14 @@ struct sig_testcase { }; /* Add new testcases here */ -#ifdef ENABLE_PICNIC +#ifdef ENABLE_SIG_PICNIC struct sig_testcase sig_testcases[] = { - {OQS_SIG_picnic_1_316_FS, "picnic_1_316_FS", 0, 10}, - {OQS_SIG_picnic_1_316_UR, "picnic_1_316_UR", 0, 10}, - {OQS_SIG_picnic_10_38_FS, "picnic_10_38_FS", 0, 10}, - {OQS_SIG_picnic_10_38_UR, "picnic_10_38_UR", 0, 10}, - {OQS_SIG_picnic_42_14_FS, "picnic_42_14_FS", 0, 10}, - {OQS_SIG_picnic_42_14_UR, "picnic_42_14_UR", 0, 10}, + {OQS_SIG_picnic_L1_FS, "picnic_L1_FS", 0, 10}, + {OQS_SIG_picnic_L1_UR, "picnic_L1_UR", 0, 10}, + {OQS_SIG_picnic_L3_FS, "picnic_L3_FS", 0, 10}, + {OQS_SIG_picnic_L3_UR, "picnic_L3_UR", 0, 10}, + {OQS_SIG_picnic_L5_FS, "picnic_L5_FS", 0, 10}, + {OQS_SIG_picnic_L5_UR, "picnic_L5_UR", 0, 10}, }; #endif @@ -268,7 +268,7 @@ cleanup: return rc; } -#ifdef ENABLE_PICNIC +#ifdef ENABLE_SIG_PICNIC int main(int argc, char **argv) { int success = 1; bool run_all = true; @@ -345,9 +345,9 @@ cleanup: } return (success == 1) ? EXIT_SUCCESS : EXIT_FAILURE; } -#else // !ENABLE_PICNIC +#else // !ENABLE_SIG_PICNIC int main() { printf("No signature algorithm available. Make sure configure was run properly; see Readme.md.\n"); - return 1; + return 0; } #endif diff --git a/src/sig_picnic/Makefile.am b/src/sig_picnic/Makefile.am index fc378b530..fc76287b3 100644 --- a/src/sig_picnic/Makefile.am +++ b/src/sig_picnic/Makefile.am @@ -1,9 +1,6 @@ AUTOMAKE_OPTIONS = foreign -noinst_LTLIBRARIES = libpicnic.la - - -libpicnic_la_SOURCES = sig_picnic.c external/Picnic-master/picnic.c external/Picnic-master/LowMCEnc.c external/Picnic-master/LowMC.c -libpicnic_la_CPPFLAGS = -march=native -I$(OPENSSL_DIR)/include -I../../include -Iexternal/Picnic-master -libpicnic_la_CPPFLAGS += $(AM_CPPFLAGS) -libpicnic_la_CPPFLAGS += -std=c99 +noinst_LTLIBRARIES = libpicnic_i.la +libpicnic_i_la_SOURCES = sig_picnic.c +libpicnic_i_la_CPPFLAGS = -march=native -I../../include -Iexternal -Iexternal/build +libpicnic_i_la_CPPFLAGS += $(AM_CPPFLAGS) diff --git a/src/sig_picnic/build_picnic.sh b/src/sig_picnic/build_picnic.sh new file mode 100755 index 000000000..54f8ecbba --- /dev/null +++ b/src/sig_picnic/build_picnic.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +mkdir -p external/build +# check if patch has already been applied +patch -p1 -N -f --dry-run --silent -d external < oqs_sig_picnic.patch 2>/dev/null 1>/dev/null +if [ $? -eq 0 ]; +then + # apply the patch + echo Patching Picnic external + patch -p1 -N -f -d external < oqs_sig_picnic.patch +fi +cd external/build +# make picnic +cmake -UWITH_LTO -DWITH_LTO:BOOL=OFF .. +make + diff --git a/src/sig_picnic/external b/src/sig_picnic/external new file mode 160000 index 000000000..9e5069de6 --- /dev/null +++ b/src/sig_picnic/external @@ -0,0 +1 @@ +Subproject commit 9e5069de61779f807485f18a6b973e1af53fe6ea diff --git a/src/sig_picnic/oqs_sig_picnic.patch b/src/sig_picnic/oqs_sig_picnic.patch new file mode 100644 index 000000000..597afd7a3 --- /dev/null +++ b/src/sig_picnic/oqs_sig_picnic.patch @@ -0,0 +1,3730 @@ +diff --git a/bitstream.c b/bitstream.c +index 69f5dfd..3bbd97d 100644 +--- a/bitstream.c ++++ b/bitstream.c +@@ -13,7 +13,7 @@ + + #include "bitstream.h" + +-bitstream_value_t bitstream_get_bits(bitstream_t* bs, unsigned int num_bits) { ++bitstream_value_t oqs_sig_picnic_bitstream_get_bits(bitstream_t* bs, unsigned int num_bits) { + const uint8_t* p = &bs->buffer[bs->position / 8]; + const unsigned int skip_bits = bs->position % 8; + const unsigned int start_bits = 8 - skip_bits; +@@ -37,7 +37,7 @@ bitstream_value_t bitstream_get_bits(bitstream_t* bs, unsigned int num_bits) { + return ret; + } + +-int bitstream_put_bits(bitstream_t* bs, bitstream_value_t value, unsigned int num_bits) { ++int oqs_sig_picnic_bitstream_put_bits(bitstream_t* bs, bitstream_value_t value, unsigned int num_bits) { + const unsigned int skip_bits = bs->position % 8; + uint8_t* p = &bs->buffer[bs->position / 8]; + +diff --git a/bitstream.h b/bitstream.h +index 551c90c..134ecad 100644 +--- a/bitstream.h ++++ b/bitstream.h +@@ -19,7 +19,7 @@ typedef struct { + size_t position; + } bitstream_t; + +-bitstream_value_t bitstream_get_bits(bitstream_t* bs, unsigned int num_bits); +-int bitstream_put_bits(bitstream_t* bs, bitstream_value_t value, unsigned int num_bits); ++bitstream_value_t oqs_sig_picnic_bitstream_get_bits(bitstream_t* bs, unsigned int num_bits); ++int oqs_sig_picnic_bitstream_put_bits(bitstream_t* bs, bitstream_value_t value, unsigned int num_bits); + + #endif +diff --git a/io.c b/io.c +index 0630aab..07d8fb4 100644 +--- a/io.c ++++ b/io.c +@@ -15,7 +15,7 @@ + + #include "compat.h" + +-void mzd_to_char_array(uint8_t* dst, const mzd_local_t* data, unsigned len) { ++void oqs_sig_picnic_mzd_to_char_array(uint8_t* dst, const mzd_local_t* data, unsigned len) { + const size_t word_count = len / sizeof(uint64_t); + const uint64_t* rows = &CONST_FIRST_ROW(data)[word_count - 1]; + uint64_t* wdst = (uint64_t*)dst; +@@ -25,7 +25,7 @@ void mzd_to_char_array(uint8_t* dst, const mzd_local_t* data, unsigned len) { + } + } + +-void mzd_from_char_array(mzd_local_t* result, const uint8_t* data, unsigned len) { ++void oqs_sig_picnic_mzd_from_char_array(mzd_local_t* result, const uint8_t* data, unsigned len) { + const size_t word_count = len / sizeof(uint64_t); + uint64_t* rows = &FIRST_ROW(result)[word_count - 1]; + const uint64_t* wsrc = (const uint64_t*)data; +diff --git a/io.h b/io.h +index 5544302..2799a75 100644 +--- a/io.h ++++ b/io.h +@@ -15,8 +15,8 @@ + + #include "mzd_additional.h" + +-void mzd_to_char_array(uint8_t* dst, const mzd_local_t* data, unsigned numbytes); +-void mzd_from_char_array(mzd_local_t* result, const uint8_t* data, unsigned len); ++void oqs_sig_picnic_mzd_to_char_array(uint8_t* dst, const mzd_local_t* data, unsigned numbytes); ++void oqs_sig_picnic_mzd_from_char_array(mzd_local_t* result, const uint8_t* data, unsigned len); + + void print_hex(FILE* out, const uint8_t* data, size_t len); + +diff --git a/kdf_shake.c b/kdf_shake.c +index 14b6dbb..572b402 100644 +--- a/kdf_shake.c ++++ b/kdf_shake.c +@@ -13,7 +13,7 @@ + + #include "kdf_shake.h" + +-void hash_init(hash_context* ctx, const picnic_instance_t* pp) { ++void oqs_sig_picnic_hash_init(hash_context* ctx, const picnic_instance_t* pp) { + if (pp->security_level == 64) { + Keccak_HashInitialize_SHAKE128(ctx); + } else { +diff --git a/kdf_shake.h b/kdf_shake.h +index 82152fd..9fd44a0 100644 +--- a/kdf_shake.h ++++ b/kdf_shake.h +@@ -35,15 +35,15 @@ + + typedef Keccak_HashInstance hash_context; + +-void hash_init(hash_context* ctx, const picnic_instance_t* pp); ++void oqs_sig_picnic_hash_init(hash_context* ctx, const picnic_instance_t* pp); + +-#define hash_update(ctx, data, size) Keccak_HashUpdate((ctx), (data), (size) << 3) +-#define hash_final(ctx) Keccak_HashFinal((ctx), NULL) +-#define hash_squeeze(buffer, buflen, ctx) Keccak_HashSqueeze((ctx), (buffer), (buflen) << 3) ++#define hash_update(ctx, data, size) oqs_sig_picnic_Keccak_HashUpdate((ctx), (data), (size) << 3) ++#define hash_final(ctx) oqs_sig_picnic_Keccak_HashFinal((ctx), NULL) ++#define hash_squeeze(buffer, buflen, ctx) oqs_sig_picnic_Keccak_HashSqueeze((ctx), (buffer), (buflen) << 3) + + typedef Keccak_HashInstance kdf_shake_t; + +-#define kdf_shake_init(ctx, pp) hash_init((ctx), (pp)) ++#define kdf_shake_init(ctx, pp) oqs_sig_picnic_hash_init((ctx), (pp)) + #define kdf_shake_update_key(ctx, key, keylen) hash_update((ctx), (key), (keylen)) + #define kdf_shake_finalize_key(ctx) hash_final((ctx)) + #define kdf_shake_get_randomness(ctx, dst, count) hash_squeeze((dst), (count), (ctx)) +diff --git a/lowmc.c b/lowmc.c +index d4e5387..2d7a036 100644 +--- a/lowmc.c ++++ b/lowmc.c +@@ -47,46 +47,46 @@ static void sbox_layer_uint64(mzd_local_t* y, mzd_local_t const* x, mask_t const + #ifdef WITH_CUSTOM_INSTANCES + static void sbox_layer_bitsliced(mzd_local_t* out, mzd_local_t const* in, mask_t const* mask) { + mzd_local_t* buffer[6] = {NULL}; +- mzd_local_init_multiple_ex(buffer, 6, 1, in->ncols, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(buffer, 6, 1, in->ncols, false); + + // a +- mzd_local_t* x0m = mzd_and(buffer[0], mask->x0, in); ++ mzd_local_t* x0m = oqs_sig_picnic_mzd_and(buffer[0], mask->x0, in); + // b +- mzd_local_t* x1m = mzd_and(buffer[1], mask->x1, in); ++ mzd_local_t* x1m = oqs_sig_picnic_mzd_and(buffer[1], mask->x1, in); + // c +- mzd_local_t* x2m = mzd_and(buffer[2], mask->x2, in); ++ mzd_local_t* x2m = oqs_sig_picnic_mzd_and(buffer[2], mask->x2, in); + +- mzd_shift_left(x0m, x0m, 2); +- mzd_shift_left(x1m, x1m, 1); ++ oqs_sig_picnic_mzd_shift_left(x0m, x0m, 2); ++ oqs_sig_picnic_mzd_shift_left(x1m, x1m, 1); + + // b & c +- mzd_local_t* t0 = mzd_and(buffer[3], x1m, x2m); ++ mzd_local_t* t0 = oqs_sig_picnic_mzd_and(buffer[3], x1m, x2m); + // c & a +- mzd_local_t* t1 = mzd_and(buffer[4], x0m, x2m); ++ mzd_local_t* t1 = oqs_sig_picnic_mzd_and(buffer[4], x0m, x2m); + // a & b +- mzd_local_t* t2 = mzd_and(buffer[5], x0m, x1m); ++ mzd_local_t* t2 = oqs_sig_picnic_mzd_and(buffer[5], x0m, x1m); + + // (b & c) ^ a +- mzd_xor(t0, t0, x0m); ++ oqs_sig_picnic_mzd_xor(t0, t0, x0m); + + // (c & a) ^ a ^ b +- mzd_xor(t1, t1, x0m); +- mzd_xor(t1, t1, x1m); ++ oqs_sig_picnic_mzd_xor(t1, t1, x0m); ++ oqs_sig_picnic_mzd_xor(t1, t1, x1m); + + // (a & b) ^ a ^ b ^c +- mzd_xor(t2, t2, x0m); +- mzd_xor(t2, t2, x1m); +- mzd_xor(t2, t2, x2m); ++ oqs_sig_picnic_mzd_xor(t2, t2, x0m); ++ oqs_sig_picnic_mzd_xor(t2, t2, x1m); ++ oqs_sig_picnic_mzd_xor(t2, t2, x2m); + +- mzd_shift_right(t0, t0, 2); +- mzd_shift_right(t1, t1, 1); ++ oqs_sig_picnic_mzd_shift_right(t0, t0, 2); ++ oqs_sig_picnic_mzd_shift_right(t1, t1, 1); + +- mzd_and(out, in, mask->mask); +- mzd_xor(out, out, t2); +- mzd_xor(out, out, t0); +- mzd_xor(out, out, t1); ++ oqs_sig_picnic_mzd_and(out, in, mask->mask); ++ oqs_sig_picnic_mzd_xor(out, out, t2); ++ oqs_sig_picnic_mzd_xor(out, out, t0); ++ oqs_sig_picnic_mzd_xor(out, out, t1); + +- mzd_local_free_multiple(buffer); ++ oqs_sig_picnic_mzd_local_free_multiple(buffer); + } + + #ifdef WITH_OPT +@@ -264,17 +264,17 @@ static sbox_layer_impl get_sbox_layer(const lowmc_t* lowmc) { + #if defined(REDUCED_LINEAR_LAYER) + static mzd_local_t* lowmc_reduced_linear_layer(lowmc_t const* lowmc, lowmc_key_t const* lowmc_key, + mzd_local_t const* p, sbox_layer_impl sbox_layer) { +- mzd_local_t* x = mzd_local_init_ex(1, lowmc->n, false); +- mzd_local_t* y = mzd_local_init_ex(1, lowmc->n, false); +- mzd_local_t* nl_part = mzd_local_init_ex(1, lowmc->r * 32, false); ++ mzd_local_t* x = oqs_sig_picnic_mzd_local_init_ex(1, lowmc->n, false); ++ mzd_local_t* y = oqs_sig_picnic_mzd_local_init_ex(1, lowmc->n, false); ++ mzd_local_t* nl_part = oqs_sig_picnic_mzd_local_init_ex(1, lowmc->r * 32, false); + +- mzd_local_copy(x, p); ++ oqs_sig_picnic_mzd_local_copy(x, p); + #if defined(MUL_M4RI) +- mzd_addmul_vl(x, lowmc_key, lowmc->k0_lookup); +- mzd_mul_vl(nl_part, lowmc_key, lowmc->precomputed_non_linear_part_lookup); ++ oqs_sig_picnic_mzd_addmul_vl(x, lowmc_key, lowmc->k0_lookup); ++ oqs_sig_picnic_mzd_mul_vl(nl_part, lowmc_key, lowmc->precomputed_non_linear_part_lookup); + #else +- mzd_addmul_v(x, lowmc_key, lowmc->k0_matrix); +- mzd_mul_v(nl_part, lowmc_key, lowmc->precomputed_non_linear_part_matrix); ++ oqs_sig_picnic_mzd_addmul_v(x, lowmc_key, lowmc->k0_matrix); ++ oqs_sig_picnic_mzd_mul_v(nl_part, lowmc_key, lowmc->precomputed_non_linear_part_matrix); + #endif + + word mask = WORD_C(0xFFFFFFFF); +@@ -287,28 +287,28 @@ static mzd_local_t* lowmc_reduced_linear_layer(lowmc_t const* lowmc, lowmc_key_t + mask = ~mask; + + #if defined(MUL_M4RI) +- mzd_mul_vl(y, x, round->l_lookup); ++ oqs_sig_picnic_mzd_mul_vl(y, x, round->l_lookup); + #else +- mzd_mul_v(y, x, round->l_matrix); ++ oqs_sig_picnic_mzd_mul_v(y, x, round->l_matrix); + #endif +- mzd_xor(x, y, round->constant); ++ oqs_sig_picnic_mzd_xor(x, y, round->constant); + } + +- mzd_local_free(y); +- mzd_local_free(nl_part); ++ oqs_sig_picnic_mzd_local_free(y); ++ oqs_sig_picnic_mzd_local_free(nl_part); + return x; + } + #else + static mzd_local_t* lowmc_plain(lowmc_t const* lowmc, lowmc_key_t const* lowmc_key, + mzd_local_t const* p, sbox_layer_impl sbox_layer) { +- mzd_local_t* x = mzd_local_init_ex(1, lowmc->n, false); +- mzd_local_t* y = mzd_local_init_ex(1, lowmc->n, false); ++ mzd_local_t* x = oqs_sig_picnic_mzd_local_init_ex(1, lowmc->n, false); ++ mzd_local_t* y = oqs_sig_picnic_mzd_local_init_ex(1, lowmc->n, false); + +- mzd_local_copy(x, p); ++ oqs_sig_picnic_mzd_local_copy(x, p); + #if defined(MUL_M4RI) +- mzd_addmul_vl(x, lowmc_key, lowmc->k0_lookup); ++ oqs_sig_picnic_mzd_addmul_vl(x, lowmc_key, lowmc->k0_lookup); + #else +- mzd_addmul_v(x, lowmc_key, lowmc->k0_matrix); ++ oqs_sig_picnic_mzd_addmul_v(x, lowmc_key, lowmc->k0_matrix); + #endif + + lowmc_round_t const* round = lowmc->rounds; +@@ -316,24 +316,24 @@ static mzd_local_t* lowmc_plain(lowmc_t const* lowmc, lowmc_key_t const* lowmc_k + sbox_layer(x, x, &lowmc->mask); + + #if defined(MUL_M4RI) +- mzd_mul_vl(y, x, round->l_lookup); ++ oqs_sig_picnic_mzd_mul_vl(y, x, round->l_lookup); + #else +- mzd_mul_v(y, x, round->l_matrix); ++ oqs_sig_picnic_mzd_mul_v(y, x, round->l_matrix); + #endif +- mzd_xor(x, y, round->constant); ++ oqs_sig_picnic_mzd_xor(x, y, round->constant); + #if defined(MUL_M4RI) && !defined(REDUCED_LINEAR_LAYER) +- mzd_addmul_vl(x, lowmc_key, round->k_lookup); ++ oqs_sig_picnic_mzd_addmul_vl(x, lowmc_key, round->k_lookup); + #else +- mzd_addmul_v(x, lowmc_key, round->k_matrix); ++ oqs_sig_picnic_mzd_addmul_v(x, lowmc_key, round->k_matrix); + #endif + } + +- mzd_local_free(y); ++ oqs_sig_picnic_mzd_local_free(y); + return x; + } + #endif + +-mzd_local_t* lowmc_call(lowmc_t const* lowmc, lowmc_key_t const* lowmc_key, mzd_local_t const* p) { ++mzd_local_t* oqs_sig_picnic_lowmc_call(lowmc_t const* lowmc, lowmc_key_t const* lowmc_key, mzd_local_t const* p) { + sbox_layer_impl sbox_layer = get_sbox_layer(lowmc); + if (!sbox_layer) { + return NULL; +diff --git a/lowmc.h b/lowmc.h +index 38eba01..ef46d82 100644 +--- a/lowmc.h ++++ b/lowmc.h +@@ -19,6 +19,6 @@ + * \param p the plaintext + * \return the ciphertext + */ +-mzd_local_t* lowmc_call(lowmc_t const* lowmc, lowmc_key_t const* lowmc_key, mzd_local_t const* p); ++mzd_local_t* oqs_sig_picnic_lowmc_call(lowmc_t const* lowmc, lowmc_key_t const* lowmc_key, mzd_local_t const* p); + + #endif +diff --git a/lowmc_128_128_20.c b/lowmc_128_128_20.c +index 32c87a4..c79516e 100644 +--- a/lowmc_128_128_20.c ++++ b/lowmc_128_128_20.c +@@ -5723,7 +5723,7 @@ static const mzd_local_t precomputed_round_key_matrix_non_linear_part_128_128_20 + }}; + + #endif +-const mzd_local_t* lowmc_128_128_20_get_linear_layer(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_linear_layer(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -5771,7 +5771,7 @@ const mzd_local_t* lowmc_128_128_20_get_linear_layer(uint32_t r) { + } + + #if !defined(REDUCED_LINEAR_LAYER) +-const mzd_local_t* lowmc_128_128_20_get_round_key(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_round_key(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -5822,7 +5822,7 @@ const mzd_local_t* lowmc_128_128_20_get_round_key(uint32_t r) { + #endif + + +-const mzd_local_t* lowmc_128_128_20_get_round_const(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_round_const(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -5869,11 +5869,11 @@ const mzd_local_t* lowmc_128_128_20_get_round_const(uint32_t r) { + } + } + #if defined(REDUCED_LINEAR_LAYER) +-const mzd_local_t* lowmc_128_128_20_get_precomputed_round_key_matrix_non_linear_part(void) { ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_precomputed_round_key_matrix_non_linear_part(void) { + return &precomputed_round_key_matrix_non_linear_part_128_128_20; + } + +-const mzd_local_t* lowmc_128_128_20_get_precomputed_round_key_matrix_linear_part(void) { ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_precomputed_round_key_matrix_linear_part(void) { + return &precomputed_round_key_matrix_linear_part_128_128_20; + } + #endif +diff --git a/lowmc_128_128_20.h b/lowmc_128_128_20.h +index 83a1b67..8cbd325 100644 +--- a/lowmc_128_128_20.h ++++ b/lowmc_128_128_20.h +@@ -6,10 +6,10 @@ + #include "mzd_additional.h" + + +-const mzd_local_t* lowmc_128_128_20_get_linear_layer(uint32_t r); +-const mzd_local_t* lowmc_128_128_20_get_round_key(uint32_t r); +-const mzd_local_t* lowmc_128_128_20_get_round_const(uint32_t r); +-const mzd_local_t* lowmc_128_128_20_get_precomputed_round_key_matrix_non_linear_part(void); +-const mzd_local_t* lowmc_128_128_20_get_precomputed_round_key_matrix_linear_part(void); ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_linear_layer(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_round_key(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_round_const(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_precomputed_round_key_matrix_non_linear_part(void); ++const mzd_local_t* oqs_sig_picnic_lowmc_128_128_20_get_precomputed_round_key_matrix_linear_part(void); + + #endif +diff --git a/lowmc_192_192_30.c b/lowmc_192_192_30.c +index 40a4eb2..7e82863 100644 +--- a/lowmc_192_192_30.c ++++ b/lowmc_192_192_30.c +@@ -12415,7 +12415,7 @@ static const mzd_local_t precomputed_round_key_matrix_non_linear_part_192_192_30 + }}; + + #endif +-const mzd_local_t* lowmc_192_192_30_get_linear_layer(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_linear_layer(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -12483,7 +12483,7 @@ const mzd_local_t* lowmc_192_192_30_get_linear_layer(uint32_t r) { + } + + #if !defined(REDUCED_LINEAR_LAYER) +-const mzd_local_t* lowmc_192_192_30_get_round_key(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_round_key(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -12554,7 +12554,7 @@ const mzd_local_t* lowmc_192_192_30_get_round_key(uint32_t r) { + #endif + + +-const mzd_local_t* lowmc_192_192_30_get_round_const(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_round_const(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -12621,11 +12621,11 @@ const mzd_local_t* lowmc_192_192_30_get_round_const(uint32_t r) { + } + } + #if defined(REDUCED_LINEAR_LAYER) +-const mzd_local_t* lowmc_192_192_30_get_precomputed_round_key_matrix_non_linear_part(void) { ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_precomputed_round_key_matrix_non_linear_part(void) { + return &precomputed_round_key_matrix_non_linear_part_192_192_30; + } + +-const mzd_local_t* lowmc_192_192_30_get_precomputed_round_key_matrix_linear_part(void) { ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_precomputed_round_key_matrix_linear_part(void) { + return &precomputed_round_key_matrix_linear_part_192_192_30; + } + #endif +diff --git a/lowmc_192_192_30.h b/lowmc_192_192_30.h +index fb0169a..538166b 100644 +--- a/lowmc_192_192_30.h ++++ b/lowmc_192_192_30.h +@@ -6,10 +6,10 @@ + #include "mzd_additional.h" + + +-const mzd_local_t* lowmc_192_192_30_get_linear_layer(uint32_t r); +-const mzd_local_t* lowmc_192_192_30_get_round_key(uint32_t r); +-const mzd_local_t* lowmc_192_192_30_get_round_const(uint32_t r); +-const mzd_local_t* lowmc_192_192_30_get_precomputed_round_key_matrix_non_linear_part(void); +-const mzd_local_t* lowmc_192_192_30_get_precomputed_round_key_matrix_linear_part(void); ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_linear_layer(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_round_key(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_round_const(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_precomputed_round_key_matrix_non_linear_part(void); ++const mzd_local_t* oqs_sig_picnic_lowmc_192_192_30_get_precomputed_round_key_matrix_linear_part(void); + + #endif +diff --git a/lowmc_256_256_38.c b/lowmc_256_256_38.c +index fd2284f..092d6f0 100644 +--- a/lowmc_256_256_38.c ++++ b/lowmc_256_256_38.c +@@ -20623,7 +20623,7 @@ static const mzd_local_t precomputed_round_key_matrix_non_linear_part_256_256_38 + }}; + + #endif +-const mzd_local_t* lowmc_256_256_38_get_linear_layer(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_linear_layer(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -20707,7 +20707,7 @@ const mzd_local_t* lowmc_256_256_38_get_linear_layer(uint32_t r) { + } + + #if !defined(REDUCED_LINEAR_LAYER) +-const mzd_local_t* lowmc_256_256_38_get_round_key(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_round_key(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -20794,7 +20794,7 @@ const mzd_local_t* lowmc_256_256_38_get_round_key(uint32_t r) { + #endif + + +-const mzd_local_t* lowmc_256_256_38_get_round_const(uint32_t r) { ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_round_const(uint32_t r) { + switch(r) { + default: + return NULL; +@@ -20877,11 +20877,11 @@ const mzd_local_t* lowmc_256_256_38_get_round_const(uint32_t r) { + } + } + #if defined(REDUCED_LINEAR_LAYER) +-const mzd_local_t* lowmc_256_256_38_get_precomputed_round_key_matrix_non_linear_part(void) { ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_precomputed_round_key_matrix_non_linear_part(void) { + return &precomputed_round_key_matrix_non_linear_part_256_256_38; + } + +-const mzd_local_t* lowmc_256_256_38_get_precomputed_round_key_matrix_linear_part(void) { ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_precomputed_round_key_matrix_linear_part(void) { + return &precomputed_round_key_matrix_linear_part_256_256_38; + } + #endif +diff --git a/lowmc_256_256_38.h b/lowmc_256_256_38.h +index 6bb0c59..b0c0afc 100644 +--- a/lowmc_256_256_38.h ++++ b/lowmc_256_256_38.h +@@ -6,10 +6,10 @@ + #include "mzd_additional.h" + + +-const mzd_local_t* lowmc_256_256_38_get_linear_layer(uint32_t r); +-const mzd_local_t* lowmc_256_256_38_get_round_key(uint32_t r); +-const mzd_local_t* lowmc_256_256_38_get_round_const(uint32_t r); +-const mzd_local_t* lowmc_256_256_38_get_precomputed_round_key_matrix_non_linear_part(void); +-const mzd_local_t* lowmc_256_256_38_get_precomputed_round_key_matrix_linear_part(void); ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_linear_layer(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_round_key(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_round_const(uint32_t r); ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_precomputed_round_key_matrix_non_linear_part(void); ++const mzd_local_t* oqs_sig_picnic_lowmc_256_256_38_get_precomputed_round_key_matrix_linear_part(void); + + #endif +diff --git a/lowmc_pars.c b/lowmc_pars.c +index 24bfb76..6b59834 100644 +--- a/lowmc_pars.c ++++ b/lowmc_pars.c +@@ -38,20 +38,20 @@ + #include + + static mask_t* prepare_masks(mask_t* mask, unsigned int n, unsigned int m) { +- mask->x0 = mzd_local_init(1, n); +- mask->x1 = mzd_local_init_ex(1, n, false); +- mask->x2 = mzd_local_init_ex(1, n, false); +- mask->mask = mzd_local_init(1, n); ++ mask->x0 = oqs_sig_picnic_mzd_local_init(1, n); ++ mask->x1 = oqs_sig_picnic_mzd_local_init_ex(1, n, false); ++ mask->x2 = oqs_sig_picnic_mzd_local_init_ex(1, n, false); ++ mask->mask = oqs_sig_picnic_mzd_local_init(1, n); + + const unsigned int bound = n - 3 * m; + for (unsigned int i = 0; i < bound; ++i) { +- mzd_local_write_bit(mask->mask, 0, i, 1); ++ oqs_sig_picnic_mzd_local_write_bit(mask->mask, 0, i, 1); + } + for (unsigned int i = bound; i < n; i += 3) { +- mzd_local_write_bit(mask->x0, 0, i, 1); ++ oqs_sig_picnic_mzd_local_write_bit(mask->x0, 0, i, 1); + } +- mzd_shift_left(mask->x1, mask->x0, 1); +- mzd_shift_left(mask->x2, mask->x0, 2); ++ oqs_sig_picnic_mzd_shift_left(mask->x1, mask->x0, 1); ++ oqs_sig_picnic_mzd_shift_left(mask->x2, mask->x0, 2); + + mask->x0i = FIRST_ROW(mask->x0)[n / 64 - 1]; + mask->x1i = FIRST_ROW(mask->x1)[n / 64 - 1]; +@@ -61,7 +61,7 @@ static mask_t* prepare_masks(mask_t* mask, unsigned int n, unsigned int m) { + return mask; + } + +-bool lowmc_init(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, unsigned int k) { ++bool oqs_sig_picnic_lowmc_init(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, unsigned int k) { + if (!lowmc) { + return false; + } +@@ -80,19 +80,19 @@ bool lowmc_init(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, + + #define LOAD_OPT(N, K, R) \ + lowmc->precomputed_non_linear_part_matrix = \ +- lowmc_##N##_##K##_##R##_get_precomputed_round_key_matrix_non_linear_part(); \ +- lowmc->k0_matrix = lowmc_##N##_##K##_##R##_get_precomputed_round_key_matrix_linear_part() ++ oqs_sig_picnic_lowmc_##N##_##K##_##R##_get_precomputed_round_key_matrix_non_linear_part(); \ ++ lowmc->k0_matrix = oqs_sig_picnic_lowmc_##N##_##K##_##R##_get_precomputed_round_key_matrix_linear_part() + + #define LOAD(N, K, R) \ +- lowmc->k0_matrix = lowmc_##N##_##K##_##R##_get_round_key(0); \ ++ lowmc->k0_matrix = oqs_sig_picnic_lowmc_##N##_##K##_##R##_get_round_key(0); \ + for (unsigned int i = 0; i < (R); ++i) { \ +- lowmc->rounds[i].k_matrix = lowmc_##N##_##K##_##R##_get_round_key(i + 1); \ ++ lowmc->rounds[i].k_matrix = oqs_sig_picnic_lowmc_##N##_##K##_##R##_get_round_key(i + 1); \ + } + + #define LOAD_FROM_FIXED_IMPL(N, K, R, PREC) \ + for (unsigned int i = 0; i < (R); ++i) { \ +- lowmc->rounds[i].l_matrix = lowmc_##N##_##K##_##R##_get_linear_layer(i); \ +- lowmc->rounds[i].constant = lowmc_##N##_##K##_##R##_get_round_const(i); \ ++ lowmc->rounds[i].l_matrix = oqs_sig_picnic_lowmc_##N##_##K##_##R##_get_linear_layer(i); \ ++ lowmc->rounds[i].constant = oqs_sig_picnic_lowmc_##N##_##K##_##R##_get_round_const(i); \ + } \ + LOAD##PREC(N, K, R); + +@@ -127,29 +127,29 @@ bool lowmc_init(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, + } + #endif + +- lowmc_clear(lowmc); ++ oqs_sig_picnic_lowmc_clear(lowmc); + return false; + + precomp: + + #ifdef MUL_M4RI +- lowmc->k0_lookup = mzd_precompute_matrix_lookup(lowmc->k0_matrix); ++ lowmc->k0_lookup = oqs_sig_picnic_mzd_precompute_matrix_lookup(lowmc->k0_matrix); + #ifdef REDUCED_LINEAR_LAYER + lowmc->precomputed_non_linear_part_lookup = +- mzd_precompute_matrix_lookup(lowmc->precomputed_non_linear_part_matrix); ++ oqs_sig_picnic_mzd_precompute_matrix_lookup(lowmc->precomputed_non_linear_part_matrix); + #endif + #endif + #ifdef MUL_M4RI + for (unsigned int i = 0; i < r; ++i) { +- lowmc->rounds[i].l_lookup = mzd_precompute_matrix_lookup(lowmc->rounds[i].l_matrix); ++ lowmc->rounds[i].l_lookup = oqs_sig_picnic_mzd_precompute_matrix_lookup(lowmc->rounds[i].l_matrix); + #if !defined(REDUCED_LINEAR_LAYER) +- lowmc->rounds[i].k_lookup = mzd_precompute_matrix_lookup(lowmc->rounds[i].k_matrix); ++ lowmc->rounds[i].k_lookup = oqs_sig_picnic_mzd_precompute_matrix_lookup(lowmc->rounds[i].k_matrix); + #endif + } + #endif + + if (!prepare_masks(&lowmc->mask, n, m)) { +- lowmc_clear(lowmc); ++ oqs_sig_picnic_lowmc_clear(lowmc); + return false; + } + +@@ -164,7 +164,7 @@ static mzd_local_t* readMZD_TStructFromFile(FILE* file) { + ret += fread(&(nrows), sizeof(uint32_t), 1, file); + ret += fread(&(ncols), sizeof(uint32_t), 1, file); + +- mzd_local_t* A = mzd_local_init_ex(nrows, ncols, false); ++ mzd_local_t* A = oqs_sig_picnic_mzd_local_init_ex(nrows, ncols, false); + for (unsigned int i = 0; i < A->nrows; i++) { + ret += fread(ROW(A, i), A->rowstride * sizeof(word), 1, file); + } +@@ -172,7 +172,7 @@ static mzd_local_t* readMZD_TStructFromFile(FILE* file) { + return A; + } + +-bool lowmc_read_file(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, ++bool oqs_sig_picnic_lowmc_read_file(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, + unsigned int k) { + if (!lowmc) { + return false; +@@ -217,40 +217,40 @@ bool lowmc_read_file(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned in + } + #endif + +-void lowmc_clear(lowmc_t* lowmc) { ++void oqs_sig_picnic_lowmc_clear(lowmc_t* lowmc) { + for (unsigned int i = 0; i < lowmc->r; ++i) { + #ifdef MUL_M4RI + #if !defined(REDUCED_LINEAR_LAYER) +- mzd_local_free(lowmc->rounds[i].k_lookup); ++ oqs_sig_picnic_mzd_local_free(lowmc->rounds[i].k_lookup); + #endif +- mzd_local_free(lowmc->rounds[i].l_lookup); ++ oqs_sig_picnic_mzd_local_free(lowmc->rounds[i].l_lookup); + #endif + if (lowmc->needs_free) { +- mzd_local_free((mzd_local_t*)lowmc->rounds[i].constant); ++ oqs_sig_picnic_mzd_local_free((mzd_local_t*)lowmc->rounds[i].constant); + #if !defined(REDUCED_LINEAR_LAYER) +- mzd_local_free((mzd_local_t*)lowmc->rounds[i].k_matrix); ++ oqs_sig_picnic_mzd_local_free((mzd_local_t*)lowmc->rounds[i].k_matrix); + #endif +- mzd_local_free((mzd_local_t*)lowmc->rounds[i].l_matrix); ++ oqs_sig_picnic_mzd_local_free((mzd_local_t*)lowmc->rounds[i].l_matrix); + } + } + #ifdef REDUCED_LINEAR_LAYER + if (lowmc->needs_free) { +- mzd_local_free((mzd_local_t*)lowmc->precomputed_non_linear_part_matrix); ++ oqs_sig_picnic_mzd_local_free((mzd_local_t*)lowmc->precomputed_non_linear_part_matrix); + } + #endif + #ifdef MUL_M4RI +- mzd_local_free(lowmc->k0_lookup); ++ oqs_sig_picnic_mzd_local_free(lowmc->k0_lookup); + #ifdef REDUCED_LINEAR_LAYER +- mzd_local_free(lowmc->precomputed_non_linear_part_lookup); ++ oqs_sig_picnic_mzd_local_free(lowmc->precomputed_non_linear_part_lookup); + #endif + #endif + if (lowmc->needs_free) { +- mzd_local_free((mzd_local_t*)lowmc->k0_matrix); ++ oqs_sig_picnic_mzd_local_free((mzd_local_t*)lowmc->k0_matrix); + } + free(lowmc->rounds); + +- mzd_local_free(lowmc->mask.x0); +- mzd_local_free(lowmc->mask.x1); +- mzd_local_free(lowmc->mask.x2); +- mzd_local_free(lowmc->mask.mask); ++ oqs_sig_picnic_mzd_local_free(lowmc->mask.x0); ++ oqs_sig_picnic_mzd_local_free(lowmc->mask.x1); ++ oqs_sig_picnic_mzd_local_free(lowmc->mask.x2); ++ oqs_sig_picnic_mzd_local_free(lowmc->mask.mask); + } +diff --git a/lowmc_pars.h b/lowmc_pars.h +index 0adaca8..429d98a 100644 +--- a/lowmc_pars.h ++++ b/lowmc_pars.h +@@ -72,16 +72,16 @@ typedef struct { + * + * \return parameters defining a LowMC instance (including a key) + */ +-bool lowmc_init(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, unsigned int k); ++bool oqs_sig_picnic_lowmc_init(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, unsigned int k); + + /** + * Clears the allocated LowMC parameters + * + * \param lowmc the LowMC parameters to be cleared + */ +-void lowmc_clear(lowmc_t* lowmc); ++void oqs_sig_picnic_lowmc_clear(lowmc_t* lowmc); + +-bool lowmc_read_file(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, ++bool oqs_sig_picnic_lowmc_read_file(lowmc_t* lowmc, unsigned int m, unsigned int n, unsigned int r, + unsigned int k); + + #endif +diff --git a/mpc.c b/mpc.c +index db17ffb..095a901 100644 +--- a/mpc.c ++++ b/mpc.c +@@ -22,32 +22,32 @@ + + #include + +-void mpc_clear(mzd_local_t* const* res, unsigned sc) { ++void oqs_sig_picnic_mpc_clear(mzd_local_t* const* res, unsigned sc) { + for (unsigned int i = 0; i < sc; i++) { +- mzd_local_clear(res[i]); ++ oqs_sig_picnic_mzd_local_clear(res[i]); + } + } + +-void mpc_shift_right(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, ++void oqs_sig_picnic_mpc_shift_right(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, + unsigned sc) { +- MPC_LOOP_CONST(mzd_shift_right, res, val, count, sc); ++ MPC_LOOP_CONST(oqs_sig_picnic_mzd_shift_right, res, val, count, sc); + } + +-void mpc_shift_left(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, unsigned sc) { +- MPC_LOOP_CONST(mzd_shift_left, res, val, count, sc); ++void oqs_sig_picnic_mpc_shift_left(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, unsigned sc) { ++ MPC_LOOP_CONST(oqs_sig_picnic_mzd_shift_left, res, val, count, sc); + } + +-void mpc_and_const(mzd_local_t* const* result, mzd_local_t* const* first, mzd_local_t const* second, ++void oqs_sig_picnic_mpc_and_const(mzd_local_t* const* result, mzd_local_t* const* first, mzd_local_t const* second, + unsigned sc) { +- MPC_LOOP_CONST(mzd_xor, result, first, second, sc); ++ MPC_LOOP_CONST(oqs_sig_picnic_mzd_xor, result, first, second, sc); + } + +-void mpc_xor(mzd_local_t* const* result, mzd_local_t* const* first, mzd_local_t* const* second, ++void oqs_sig_picnic_mpc_xor(mzd_local_t* const* result, mzd_local_t* const* first, mzd_local_t* const* second, + unsigned sc) { +- MPC_LOOP_SHARED(mzd_xor, result, first, second, sc); ++ MPC_LOOP_SHARED(oqs_sig_picnic_mzd_xor, result, first, second, sc); + } + +-void mpc_and_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, uint64_t const* r, ++void oqs_sig_picnic_mpc_and_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, uint64_t const* r, + view_t* view, unsigned viewshift) { + for (unsigned m = 0; m < SC_PROOF; ++m) { + const unsigned j = (m + 1) % SC_PROOF; +@@ -96,27 +96,27 @@ void mpc_and_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second + #ifdef WITH_SSE2 + #ifdef WITH_CUSTOM_INSTANCES + ATTRIBUTE_TARGET("sse2") +-void mpc_and_sse(__m128i* res, __m128i const* first, __m128i const* second, __m128i const* r, ++void oqs_sig_picnic_mpc_and_sse(__m128i* res, __m128i const* first, __m128i const* second, __m128i const* r, + view_t* view, unsigned viewshift) { + mpc_and_def(__m128i, _mm_and_si128, _mm_xor_si128, mm128_shift_right); + } + + ATTRIBUTE_TARGET("sse2") +-void mpc_and_256_sse(__m128i res[SC_PROOF][2], __m128i const first[SC_PROOF][2], ++void oqs_sig_picnic_mpc_and_256_sse(__m128i res[SC_PROOF][2], __m128i const first[SC_PROOF][2], + __m128i const second[SC_PROOF][2], __m128i const r[SC_PROOF][2], view_t* view, + unsigned viewshift) { + mpc_and_def_multiple(__m128i, mm256_and_sse, mm256_xor_sse, mm256_shift_right_sse, 2); + } + + ATTRIBUTE_TARGET("sse2") +-void mpc_and_384_sse(__m128i res[SC_PROOF][3], __m128i const first[SC_PROOF][3], ++void oqs_sig_picnic_mpc_and_384_sse(__m128i res[SC_PROOF][3], __m128i const first[SC_PROOF][3], + __m128i const second[SC_PROOF][3], __m128i const r[SC_PROOF][3], view_t* view, + unsigned viewshift) { + mpc_and_def_multiple(__m128i, mm384_and_sse, mm384_xor_sse, mm384_shift_right_sse, 3); + } + + ATTRIBUTE_TARGET("sse2") +-void mpc_and_512_sse(__m128i res[SC_PROOF][4], __m128i const first[SC_PROOF][4], ++void oqs_sig_picnic_mpc_and_512_sse(__m128i res[SC_PROOF][4], __m128i const first[SC_PROOF][4], + __m128i const second[SC_PROOF][4], __m128i const r[SC_PROOF][4], view_t* view, + unsigned viewshift) { + mpc_and_def_multiple(__m128i, mm512_and_sse, mm512_xor_sse, mm512_shift_right_sse, 4); +@@ -169,7 +169,7 @@ void mpc_and_512_neon(uint32x4_t res[SC_PROOF][4], uint32x4_t const first[SC_PRO + #endif + #endif + +-void mpc_and(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, ++void oqs_sig_picnic_mpc_and(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, + mzd_local_t* const* r, view_t* view, unsigned viewshift, mzd_local_t* const* buffer) { + mzd_local_t* b = buffer[0]; + +@@ -177,26 +177,26 @@ void mpc_and(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* co + const unsigned j = (m + 1) % SC_PROOF; + + // f[m] & s[m] +- mzd_and(res[m], first[m], second[m]); ++ oqs_sig_picnic_mzd_and(res[m], first[m], second[m]); + + // f[m + 1] & s[m] +- mzd_and(b, first[j], second[m]); +- mzd_xor(res[m], res[m], b); ++ oqs_sig_picnic_mzd_and(b, first[j], second[m]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], b); + + // f[m] & s[m + 1] +- mzd_and(b, first[m], second[j]); +- mzd_xor(res[m], res[m], b); ++ oqs_sig_picnic_mzd_and(b, first[m], second[j]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], b); + + // ... ^ r[m] ^ r[m + 1] +- mzd_xor(res[m], res[m], r[m]); +- mzd_xor(res[m], res[m], r[j]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], r[m]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], r[j]); + } + +- mpc_shift_right(buffer, res, viewshift, SC_PROOF); +- mpc_xor(view->s, view->s, buffer, SC_PROOF); ++ oqs_sig_picnic_mpc_shift_right(buffer, res, viewshift, SC_PROOF); ++ oqs_sig_picnic_mpc_xor(view->s, view->s, buffer, SC_PROOF); + } + +-void mpc_and_verify_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, ++void oqs_sig_picnic_mpc_and_verify_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, + uint64_t const* r, view_t* view, uint64_t const mask, + unsigned viewshift) { + for (unsigned m = 0; m < (SC_VERIFY - 1); ++m) { +@@ -312,13 +312,13 @@ void mpc_and_verify_512_avx(__m256i res[SC_VERIFY][2], __m256i const first[SC_VE + + #ifdef WITH_NEON + #ifdef WITH_CUSTOM_INSTANCES +-void mpc_and_verify_neon(uint32x4_t* res, uint32x4_t const* first, uint32x4_t const* second, ++void oqs_sig_picnic_mpc_and_verify_neon(uint32x4_t* res, uint32x4_t const* first, uint32x4_t const* second, + uint32x4_t const* r, view_t* view, uint32x4_t const mask, + unsigned viewshift) { + mpc_and_verify_def(uint32x4_t, vandq_u32, veorq_u32, mm128_shift_right, mm128_shift_left); + } + +-void mpc_and_verify_256_neon(uint32x4_t res[SC_VERIFY][2], uint32x4_t const first[SC_VERIFY][2], ++void oqs_sig_picnic_mpc_and_verify_256_neon(uint32x4_t res[SC_VERIFY][2], uint32x4_t const first[SC_VERIFY][2], + uint32x4_t const second[SC_VERIFY][2], + uint32x4_t const r[SC_VERIFY][2], view_t* view, uint32x4_t const* mask, + unsigned viewshift) { +@@ -326,7 +326,7 @@ void mpc_and_verify_256_neon(uint32x4_t res[SC_VERIFY][2], uint32x4_t const firs + 2); + } + +-void mpc_and_verify_384_neon(uint32x4_t res[SC_VERIFY][3], uint32x4_t const first[SC_VERIFY][3], ++void oqs_sig_picnic_mpc_and_verify_384_neon(uint32x4_t res[SC_VERIFY][3], uint32x4_t const first[SC_VERIFY][3], + uint32x4_t const second[SC_VERIFY][3], + uint32x4_t const r[SC_VERIFY][3], view_t* view, uint32x4_t const* mask, + unsigned viewshift) { +@@ -334,7 +334,7 @@ void mpc_and_verify_384_neon(uint32x4_t res[SC_VERIFY][3], uint32x4_t const firs + 3); + } + +-void mpc_and_verify_512_neon(uint32x4_t res[SC_VERIFY][4], uint32x4_t const first[SC_VERIFY][4], ++void oqs_sig_picnic_mpc_and_verify_512_neon(uint32x4_t res[SC_VERIFY][4], uint32x4_t const first[SC_VERIFY][4], + uint32x4_t const second[SC_VERIFY][4], + uint32x4_t const r[SC_VERIFY][4], view_t* view, uint32x4_t const* mask, + unsigned viewshift) { +@@ -345,7 +345,7 @@ void mpc_and_verify_512_neon(uint32x4_t res[SC_VERIFY][4], uint32x4_t const firs + #endif + #endif + +-void mpc_and_verify(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, ++void oqs_sig_picnic_mpc_and_verify(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, + mzd_local_t* const* r, view_t* view, mzd_local_t const* mask, + unsigned viewshift, mzd_local_t* const* buffer) { + mzd_local_t* b = buffer[0]; +@@ -353,29 +353,29 @@ void mpc_and_verify(mzd_local_t* const* res, mzd_local_t* const* first, mzd_loca + for (unsigned m = 0; m < (SC_VERIFY - 1); ++m) { + const unsigned j = m + 1; + +- mzd_and(res[m], first[m], second[m]); ++ oqs_sig_picnic_mzd_and(res[m], first[m], second[m]); + +- mzd_and(b, first[j], second[m]); +- mzd_xor(res[m], res[m], b); ++ oqs_sig_picnic_mzd_and(b, first[j], second[m]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], b); + +- mzd_and(b, first[m], second[j]); +- mzd_xor(res[m], res[m], b); ++ oqs_sig_picnic_mzd_and(b, first[m], second[j]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], b); + +- mzd_xor(res[m], res[m], r[m]); +- mzd_xor(res[m], res[m], r[j]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], r[m]); ++ oqs_sig_picnic_mzd_xor(res[m], res[m], r[j]); + } + + for (unsigned m = 0; m < (SC_VERIFY - 1); ++m) { +- mzd_shift_right(b, res[m], viewshift); +- mzd_xor(view->s[m], view->s[m], b); ++ oqs_sig_picnic_mzd_shift_right(b, res[m], viewshift); ++ oqs_sig_picnic_mzd_xor(view->s[m], view->s[m], b); + } + +- mzd_shift_left(res[SC_VERIFY - 1], view->s[SC_VERIFY - 1], viewshift); +- mzd_and(res[SC_VERIFY - 1], res[SC_VERIFY - 1], mask); ++ oqs_sig_picnic_mzd_shift_left(res[SC_VERIFY - 1], view->s[SC_VERIFY - 1], viewshift); ++ oqs_sig_picnic_mzd_and(res[SC_VERIFY - 1], res[SC_VERIFY - 1], mask); + } + +-void mpc_copy(mzd_local_t** out, mzd_local_t* const* in, unsigned sc) { ++void oqs_sig_picnic_mpc_copy(mzd_local_t** out, mzd_local_t* const* in, unsigned sc) { + for (unsigned i = 0; i < sc; ++i) { +- mzd_local_copy(out[i], in[i]); ++ oqs_sig_picnic_mzd_local_copy(out[i], in[i]); + } + } +diff --git a/mpc.h b/mpc.h +index 7539e90..8b7a2d7 100644 +--- a/mpc.h ++++ b/mpc.h +@@ -48,32 +48,32 @@ typedef view_t rvec_t; + } \ + } while (0) + +-void mpc_shift_right(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, ++void oqs_sig_picnic_mpc_shift_right(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, + unsigned sc) ATTR_NONNULL; + +-void mpc_shift_left(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, ++void oqs_sig_picnic_mpc_shift_left(mzd_local_t* const* res, mzd_local_t* const* val, unsigned count, + unsigned sc) ATTR_NONNULL; + +-void mpc_and_const(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t const* second, ++void oqs_sig_picnic_mpc_and_const(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t const* second, + unsigned sc) ATTR_NONNULL; + +-void mpc_xor(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, ++void oqs_sig_picnic_mpc_xor(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, + unsigned sc) ATTR_NONNULL; + +-void mpc_clear(mzd_local_t* const* res, unsigned sc) ATTR_NONNULL; ++void oqs_sig_picnic_mpc_clear(mzd_local_t* const* res, unsigned sc) ATTR_NONNULL; + +-void mpc_and(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, ++void oqs_sig_picnic_mpc_and(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, + mzd_local_t* const* r, view_t* view, unsigned viewshift, + mzd_local_t* const* buffer) ATTR_NONNULL; + +-void mpc_and_verify(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, ++void oqs_sig_picnic_mpc_and_verify(mzd_local_t* const* res, mzd_local_t* const* first, mzd_local_t* const* second, + mzd_local_t* const* r, view_t* view, mzd_local_t const* mask, + unsigned viewshift, mzd_local_t* const* buffer) ATTR_NONNULL; + +-void mpc_and_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, uint64_t const* r, ++void oqs_sig_picnic_mpc_and_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, uint64_t const* r, + view_t* view, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, ++void oqs_sig_picnic_mpc_and_verify_uint64(uint64_t* res, uint64_t const* first, uint64_t const* second, + uint64_t const* r, view_t* view, uint64_t const mask, + unsigned viewshift) ATTR_NONNULL; + +@@ -81,85 +81,85 @@ void mpc_and_verify_uint64(uint64_t* res, uint64_t const* first, uint64_t const* + #include "simd.h" + #if defined(WITH_SSE2) || defined(WITH_AVX) || defined(WITH_SSE4_1) + +-void mpc_and_sse(__m128i* res, __m128i const* first, __m128i const* second, __m128i const* r, ++void oqs_sig_picnic_mpc_and_sse(__m128i* res, __m128i const* first, __m128i const* second, __m128i const* r, + view_t* view, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_sse(__m128i* res, __m128i const* first, __m128i const* second, __m128i const* r, ++void oqs_sig_picnic_mpc_and_verify_sse(__m128i* res, __m128i const* first, __m128i const* second, __m128i const* r, + view_t* view, __m128i const mask, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_256_sse(__m128i res[SC_PROOF][2], __m128i const first[SC_PROOF][2], ++void oqs_sig_picnic_mpc_and_256_sse(__m128i res[SC_PROOF][2], __m128i const first[SC_PROOF][2], + __m128i const second[SC_PROOF][2], __m128i const r[SC_PROOF][2], view_t* view, + unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_256_sse(__m128i res[SC_VERIFY][2], __m128i const first[SC_VERIFY][2], ++void oqs_sig_picnic_mpc_and_verify_256_sse(__m128i res[SC_VERIFY][2], __m128i const first[SC_VERIFY][2], + __m128i const second[SC_VERIFY][2], __m128i const r[SC_VERIFY][2], + view_t* view, __m128i const* mask, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_384_sse(__m128i res[SC_PROOF][3], __m128i const first[SC_PROOF][3], ++void oqs_sig_picnic_mpc_and_384_sse(__m128i res[SC_PROOF][3], __m128i const first[SC_PROOF][3], + __m128i const second[SC_PROOF][3], __m128i const r[SC_PROOF][3], view_t* view, + unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_384_sse(__m128i res[SC_VERIFY][3], __m128i const first[SC_VERIFY][3], ++void oqs_sig_picnic_mpc_and_verify_384_sse(__m128i res[SC_VERIFY][3], __m128i const first[SC_VERIFY][3], + __m128i const second[SC_VERIFY][3], __m128i const r[SC_VERIFY][3], + view_t* view, __m128i const* mask, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_512_sse(__m128i res[SC_PROOF][4], __m128i const first[SC_PROOF][4], ++void oqs_sig_picnic_mpc_and_512_sse(__m128i res[SC_PROOF][4], __m128i const first[SC_PROOF][4], + __m128i const second[SC_PROOF][4], __m128i const r[SC_PROOF][4], view_t* view, + unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_512_sse(__m128i res[SC_VERIFY][4], __m128i const first[SC_VERIFY][4], ++void oqs_sig_picnic_mpc_and_verify_512_sse(__m128i res[SC_VERIFY][4], __m128i const first[SC_VERIFY][4], + __m128i const second[SC_VERIFY][4], __m128i const r[SC_VERIFY][4], + view_t* view, __m128i const* mask, unsigned viewshift) ATTR_NONNULL; + + #endif + + #if defined(WITH_AVX2) +-void mpc_and_avx(__m256i* res, __m256i const* first, __m256i const* second, __m256i const* r, ++void oqs_sig_picnic_mpc_and_avx(__m256i* res, __m256i const* first, __m256i const* second, __m256i const* r, + view_t* view, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_avx(__m256i* res, __m256i const* first, __m256i const* second, __m256i const* r, ++void oqs_sig_picnic_mpc_and_verify_avx(__m256i* res, __m256i const* first, __m256i const* second, __m256i const* r, + view_t* view, __m256i const mask, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_512_avx(__m256i res[SC_VERIFY][2], __m256i const first[SC_VERIFY][2], ++void oqs_sig_picnic_mpc_and_512_avx(__m256i res[SC_VERIFY][2], __m256i const first[SC_VERIFY][2], + __m256i const second[SC_VERIFY][2], __m256i const r[SC_VERIFY][2], + view_t* view, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_512_avx(__m256i res[SC_VERIFY][2], __m256i const first[SC_VERIFY][2], ++void oqs_sig_picnic_mpc_and_verify_512_avx(__m256i res[SC_VERIFY][2], __m256i const first[SC_VERIFY][2], + __m256i const second[SC_VERIFY][2], __m256i const r[SC_VERIFY][2], + view_t* view, __m256i const* mask, unsigned viewshift) ATTR_NONNULL; + #endif + + #ifdef WITH_NEON +-void mpc_and_neon(uint32x4_t* res, uint32x4_t const* first, uint32x4_t const* second, ++void oqs_sig_picnic_mpc_and_neon(uint32x4_t* res, uint32x4_t const* first, uint32x4_t const* second, + uint32x4_t const* r, view_t* view, unsigned viewshift); + +-void mpc_and_verify_neon(uint32x4_t* res, uint32x4_t const* first, uint32x4_t const* second, ++void oqs_sig_picnic_mpc_and_verify_neon(uint32x4_t* res, uint32x4_t const* first, uint32x4_t const* second, + uint32x4_t const* r, view_t* view, uint32x4_t const mask, + unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_256_neon(uint32x4_t res[SC_PROOF][2], uint32x4_t const first[SC_PROOF][2], ++void oqs_sig_picnic_mpc_and_256_neon(uint32x4_t res[SC_PROOF][2], uint32x4_t const first[SC_PROOF][2], + uint32x4_t const second[SC_PROOF][2], uint32x4_t const r[SC_PROOF][2], + view_t* view, unsigned viewshift); + +-void mpc_and_verify_256_neon(uint32x4_t res[SC_VERIFY][2], uint32x4_t const first[SC_VERIFY][2], ++void oqs_sig_picnic_mpc_and_verify_256_neon(uint32x4_t res[SC_VERIFY][2], uint32x4_t const first[SC_VERIFY][2], + uint32x4_t const second[SC_VERIFY][2], + uint32x4_t const r[SC_VERIFY][2], view_t* view, uint32x4_t const* mask, + unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_384_neon(uint32x4_t res[SC_PROOF][3], uint32x4_t const first[SC_PROOF][3], ++void oqs_sig_picnic_mpc_and_384_neon(uint32x4_t res[SC_PROOF][3], uint32x4_t const first[SC_PROOF][3], + uint32x4_t const second[SC_PROOF][3], uint32x4_t const r[SC_PROOF][3], + view_t* view, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_384_neon(uint32x4_t res[SC_VERIFY][3], uint32x4_t const first[SC_VERIFY][3], ++void oqs_sig_picnic_mpc_and_verify_384_neon(uint32x4_t res[SC_VERIFY][3], uint32x4_t const first[SC_VERIFY][3], + uint32x4_t const second[SC_VERIFY][3], + uint32x4_t const r[SC_VERIFY][3], view_t* view, uint32x4_t const* mask, + unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_512_neon(uint32x4_t res[SC_PROOF][4], uint32x4_t const first[SC_PROOF][4], ++void oqs_sig_picnic_mpc_and_512_neon(uint32x4_t res[SC_PROOF][4], uint32x4_t const first[SC_PROOF][4], + uint32x4_t const second[SC_PROOF][4], uint32x4_t const r[SC_PROOF][4], + view_t* view, unsigned viewshift) ATTR_NONNULL; + +-void mpc_and_verify_512_neon(uint32x4_t res[SC_VERIFY][4], uint32x4_t const first[SC_VERIFY][4], ++void oqs_sig_picnic_mpc_and_verify_512_neon(uint32x4_t res[SC_VERIFY][4], uint32x4_t const first[SC_VERIFY][4], + uint32x4_t const second[SC_VERIFY][4], + uint32x4_t const r[SC_VERIFY][4], view_t* view, uint32x4_t const* mask, + unsigned viewshift) ATTR_NONNULL; +@@ -167,6 +167,6 @@ void mpc_and_verify_512_neon(uint32x4_t res[SC_VERIFY][4], uint32x4_t const firs + #endif + #endif + +-void mpc_copy(mzd_local_t** out, mzd_local_t* const* in, unsigned sc) ATTR_NONNULL_ARG(2); ++void oqs_sig_picnic_mpc_copy(mzd_local_t** out, mzd_local_t* const* in, unsigned sc) ATTR_NONNULL_ARG(2); + + #endif +diff --git a/mpc_lowmc.c b/mpc_lowmc.c +index 7e3d8fe..41ffbdc 100644 +--- a/mpc_lowmc.c ++++ b/mpc_lowmc.c +@@ -102,13 +102,13 @@ static void _mpc_sbox_layer_bitsliced_verify(mzd_local_t** out, mzd_local_t* con + mask_t const* mask, sbox_vars_t const* vars) { + bitsliced_step_1(SC_VERIFY); + +- mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); + // a & b +- mpc_and_verify(vars->r0m, vars->x0s, vars->x1s, vars->r2m, view, mask->x2, 0, vars->v); ++ oqs_sig_picnic_mpc_and_verify(vars->r0m, vars->x0s, vars->x1s, vars->r2m, view, mask->x2, 0, vars->v); + // b & c +- mpc_and_verify(vars->r2m, vars->x1s, vars->x2m, vars->r1s, view, mask->x2, 1, vars->v); ++ oqs_sig_picnic_mpc_and_verify(vars->r2m, vars->x1s, vars->x2m, vars->r1s, view, mask->x2, 1, vars->v); + // c & a +- mpc_and_verify(vars->r1m, vars->x0s, vars->x2m, vars->r0s, view, mask->x2, 2, vars->v); ++ oqs_sig_picnic_mpc_and_verify(vars->r1m, vars->x0s, vars->x2m, vars->r0s, view, mask->x2, 2, vars->v); + + bitsliced_step_2(SC_VERIFY); + } +@@ -167,9 +167,9 @@ static void _mpc_sbox_layer_bitsliced_uint64(uint64_t* out, uint64_t const* in, + bitsliced_step_1_uint64(SC_PROOF); + + memset(view->t, 0, sizeof(uint64_t) * SC_PROOF); +- mpc_and_uint64(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_uint64(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_uint64(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_and_uint64(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_uint64(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_uint64(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_step_2_uint64(SC_PROOF); + } +@@ -179,9 +179,9 @@ static void _mpc_sbox_layer_bitsliced_verify_uint64(uint64_t* out, uint64_t cons + bitsliced_step_1_uint64(SC_VERIFY); + + view->t[0] = 0; +- mpc_and_verify_uint64(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_uint64(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_uint64(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mpc_and_verify_uint64(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_uint64(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_uint64(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_step_2_uint64(SC_VERIFY); + } +@@ -335,10 +335,10 @@ static void _mpc_sbox_layer_bitsliced_128_sse(mzd_local_t** out, mzd_local_t* co + mask_t const* mask) { + bitsliced_mm_step_1(SC_PROOF, __m128i, _mm_and_si128, mm128_shift_left); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_sse(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_sse(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_sse(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_sse(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_sse(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_sse(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2(SC_PROOF, __m128i, _mm_and_si128, _mm_xor_si128, mm128_shift_right); + } +@@ -349,10 +349,10 @@ static void _mpc_sbox_layer_bitsliced_verify_128_sse(mzd_local_t** out, mzd_loca + mask_t const* mask) { + bitsliced_mm_step_1(SC_VERIFY, __m128i, _mm_and_si128, mm128_shift_left); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_sse(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_sse(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_sse(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_sse(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_sse(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_sse(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2(SC_VERIFY, __m128i, _mm_and_si128, _mm_xor_si128, mm128_shift_right); + } +@@ -363,10 +363,10 @@ static void _mpc_sbox_layer_bitsliced_256_sse(mzd_local_t** out, mzd_local_t* co + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_PROOF, __m128i, mm256_and_sse, mm256_shift_left_sse, 2); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_256_sse(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_256_sse(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_256_sse(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_256_sse(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_256_sse(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_256_sse(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_PROOF, __m128i, mm256_and_sse, mm256_xor_sse, + mm256_shift_right_sse, 2); +@@ -378,10 +378,10 @@ static void _mpc_sbox_layer_bitsliced_verify_256_sse(mzd_local_t** out, mzd_loca + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_VERIFY, __m128i, mm256_and_sse, mm256_shift_left_sse, 2); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_256_sse(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_256_sse(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_256_sse(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_256_sse(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_256_sse(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_256_sse(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_VERIFY, __m128i, mm256_and_sse, mm256_xor_sse, + mm256_shift_right_sse, 2); +@@ -393,10 +393,10 @@ static void _mpc_sbox_layer_bitsliced_384_sse(mzd_local_t** out, mzd_local_t* co + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_PROOF, __m128i, mm384_and_sse, mm384_shift_left_sse, 3); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_384_sse(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_384_sse(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_384_sse(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_384_sse(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_384_sse(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_384_sse(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_PROOF, __m128i, mm384_and_sse, mm384_xor_sse, + mm384_shift_right_sse, 3); +@@ -408,10 +408,10 @@ static void _mpc_sbox_layer_bitsliced_verify_384_sse(mzd_local_t** out, mzd_loca + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_VERIFY, __m128i, mm384_and_sse, mm384_shift_left_sse, 3); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_384_sse(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_384_sse(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_384_sse(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_384_sse(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_384_sse(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_384_sse(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_VERIFY, __m128i, mm384_and_sse, mm384_xor_sse, + mm384_shift_right_sse, 3); +@@ -423,10 +423,10 @@ static void _mpc_sbox_layer_bitsliced_512_sse(mzd_local_t** out, mzd_local_t* co + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_PROOF, __m128i, mm512_and_sse, mm512_shift_left_sse, 4); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_512_sse(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_512_sse(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_512_sse(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_512_sse(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_512_sse(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_512_sse(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_PROOF, __m128i, mm512_and_sse, mm512_xor_sse, + mm512_shift_right_sse, 4); +@@ -438,10 +438,10 @@ static void _mpc_sbox_layer_bitsliced_verify_512_sse(mzd_local_t** out, mzd_loca + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_VERIFY, __m128i, mm512_and_sse, mm512_shift_left_sse, 4); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_512_sse(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_512_sse(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_512_sse(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_512_sse(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_512_sse(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_512_sse(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_VERIFY, __m128i, mm512_and_sse, mm512_xor_sse, + mm512_shift_right_sse, 4); +@@ -457,10 +457,10 @@ static void _mpc_sbox_layer_bitsliced_256_avx(mzd_local_t** out, mzd_local_t* co + mask_t const* mask) { + bitsliced_mm_step_1(SC_PROOF, __m256i, _mm256_and_si256, mm256_shift_left); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_avx(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_avx(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_avx(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_avx(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_avx(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_avx(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2(SC_PROOF, __m256i, _mm256_and_si256, _mm256_xor_si256, mm256_shift_right); + } +@@ -471,10 +471,10 @@ static void _mpc_sbox_layer_bitsliced_verify_256_avx(mzd_local_t** out, mzd_loca + mask_t const* mask) { + bitsliced_mm_step_1(SC_VERIFY, __m256i, _mm256_and_si256, mm256_shift_left); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_avx(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_avx(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_avx(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_avx(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_avx(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_avx(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2(SC_VERIFY, __m256i, _mm256_and_si256, _mm256_xor_si256, mm256_shift_right); + } +@@ -485,10 +485,10 @@ static void _mpc_sbox_layer_bitsliced_512_avx(mzd_local_t** out, mzd_local_t* co + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_PROOF, __m256i, mm512_and_avx, mm512_shift_left_avx, 2); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_512_avx(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_512_avx(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_512_avx(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_512_avx(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_512_avx(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_512_avx(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_PROOF, __m256i, mm512_and_avx, mm512_xor_avx, + mm512_shift_right_avx, 2); +@@ -500,10 +500,10 @@ static void _mpc_sbox_layer_bitsliced_verify_512_avx(mzd_local_t** out, mzd_loca + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_VERIFY, __m256i, mm512_and_avx, mm512_shift_left_avx, 2); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_512_avx(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_512_avx(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_512_avx(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_512_avx(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_512_avx(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_512_avx(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_VERIFY, __m256i, mm512_and_avx, mm512_xor_avx, + mm512_shift_right_avx, 2); +@@ -518,10 +518,10 @@ static void _mpc_sbox_layer_bitsliced_128_neon(mzd_local_t** out, mzd_local_t* c + mask_t const* mask) { + bitsliced_mm_step_1(SC_PROOF, uint32x4_t, vandq_u32, mm128_shift_left); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_neon(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_neon(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_neon(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_neon(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_neon(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_neon(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2(SC_PROOF, uint32x4_t, vandq_u32, veorq_u32, mm128_shift_right); + } +@@ -531,10 +531,10 @@ static void _mpc_sbox_layer_bitsliced_verify_128_neon(mzd_local_t** out, mzd_loc + mask_t const* mask) { + bitsliced_mm_step_1(SC_VERIFY, uint32x4_t, vandq_u32, mm128_shift_left); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_neon(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_neon(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_neon(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_neon(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_neon(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_neon(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2(SC_VERIFY, uint32x4_t, vandq_u32, veorq_u32, mm128_shift_right); + } +@@ -544,10 +544,10 @@ static void _mpc_sbox_layer_bitsliced_256_neon(mzd_local_t** out, mzd_local_t* c + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_PROOF, uint32x4_t, mm256_and, mm256_shift_left, 2); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_256_neon(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_256_neon(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_256_neon(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_256_neon(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_256_neon(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_256_neon(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_PROOF, uint32x4_t, mm256_and, mm256_xor, mm256_shift_right, + 2); +@@ -558,10 +558,10 @@ static void _mpc_sbox_layer_bitsliced_verify_256_neon(mzd_local_t** out, mzd_loc + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_VERIFY, uint32x4_t, mm256_and, mm256_shift_left, 2); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_256_neon(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_256_neon(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_256_neon(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_256_neon(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_256_neon(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_256_neon(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_VERIFY, uint32x4_t, mm256_and, mm256_xor, + mm256_shift_right, 2); +@@ -572,10 +572,10 @@ static void _mpc_sbox_layer_bitsliced_384_neon(mzd_local_t** out, mzd_local_t* c + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_PROOF, uint32x4_t, mm384_and, mm384_shift_left, 3); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_384_neon(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_384_neon(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_384_neon(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_384_neon(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_384_neon(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_384_neon(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_PROOF, uint32x4_t, mm384_and, mm384_xor, mm384_shift_right, + 3); +@@ -586,10 +586,10 @@ static void _mpc_sbox_layer_bitsliced_verify_384_neon(mzd_local_t** out, mzd_loc + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_VERIFY, uint32x4_t, mm384_and, mm384_shift_left, 3); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_384_neon(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_384_neon(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_384_neon(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_384_neon(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_384_neon(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_384_neon(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_VERIFY, uint32x4_t, mm384_and, mm384_xor, + mm384_shift_right, 3); +@@ -601,10 +601,10 @@ static void _mpc_sbox_layer_bitsliced_512_neon(mzd_local_t** out, mzd_local_t* c + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_PROOF, uint32x4_t, mm512_and, mm512_shift_left, 4); + +- mpc_clear(view->s, SC_PROOF); +- mpc_and_512_neon(r0m, x0s, x1s, r2m, view, 0); +- mpc_and_512_neon(r2m, x1s, x2m, r1s, view, 1); +- mpc_and_512_neon(r1m, x0s, x2m, r0s, view, 2); ++ oqs_sig_picnic_mpc_clear(view->s, SC_PROOF); ++ oqs_sig_picnic_mpc_and_512_neon(r0m, x0s, x1s, r2m, view, 0); ++ oqs_sig_picnic_mpc_and_512_neon(r2m, x1s, x2m, r1s, view, 1); ++ oqs_sig_picnic_mpc_and_512_neon(r1m, x0s, x2m, r0s, view, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_PROOF, uint32x4_t, mm512_and, mm512_xor, mm512_shift_right, + 4); +@@ -615,10 +615,10 @@ static void _mpc_sbox_layer_bitsliced_verify_512_neon(mzd_local_t** out, mzd_loc + mask_t const* mask) { + bitsliced_mm_step_1_multiple_of_128(SC_VERIFY, uint32x4_t, mm512_and, mm512_shift_left, 4); + +- mzd_local_clear(view->s[0]); +- mpc_and_verify_512_neon(r0m, x0s, x1s, r2m, view, mx2, 0); +- mpc_and_verify_512_neon(r2m, x1s, x2m, r1s, view, mx2, 1); +- mpc_and_verify_512_neon(r1m, x0s, x2m, r0s, view, mx2, 2); ++ oqs_sig_picnic_mzd_local_clear(view->s[0]); ++ oqs_sig_picnic_mpc_and_verify_512_neon(r0m, x0s, x1s, r2m, view, mx2, 0); ++ oqs_sig_picnic_mpc_and_verify_512_neon(r2m, x1s, x2m, r1s, view, mx2, 1); ++ oqs_sig_picnic_mpc_and_verify_512_neon(r1m, x0s, x2m, r0s, view, mx2, 2); + + bitsliced_mm_step_2_multiple_of_128(SC_VERIFY, uint32x4_t, mm512_and, mm512_xor, + mm512_shift_right, 4); +@@ -700,7 +700,7 @@ static void _mpc_sbox_layer_bitsliced_verify_512_neon(mzd_local_t** out, mzd_loc + #define loop_optimize(sbox_args, sbox, sbox_selector, no_scr, no_scr_active, const_mat_mul_func, \ + add_func, mul_more_cols, const_addmat_mul_func, ch, shares) \ + mzd_local_t* nl_part[shares]; \ +- mzd_local_init_multiple_ex(nl_part, shares, 1, lowmc->r * 32, false); \ ++ oqs_sig_picnic_mzd_local_init_multiple_ex(nl_part, shares, 1, lowmc->r * 32, false); \ + MPC_LOOP(mul_more_cols, nl_part, lowmc_key, lowmc->precomputed_non_linear_part_##no_scr, \ + shares); \ + word mask = 0x00000000FFFFFFFF; \ +@@ -715,7 +715,7 @@ static void _mpc_sbox_layer_bitsliced_verify_512_neon(mzd_local_t** out, mzd_loc + MPC_LOOP(const_mat_mul_func, x, y, round->l_##no_scr, shares); \ + MPC_IF_ELSE(add_func, x, x, round->constant, shares, ch); \ + } \ +- mzd_local_free_multiple(nl_part); ++ oqs_sig_picnic_mzd_local_free_multiple(nl_part); + + #define loop(sbox_args, sbox, sbox_selector, no_scr, no_scr_active, const_mat_mul_func, add_func, \ + mul_more_cols, const_addmat_mul_func, ch, shares) \ +@@ -739,12 +739,12 @@ static void _mpc_sbox_layer_bitsliced_verify_512_neon(mzd_local_t** out, mzd_loc + #define _mpc_lowmc_call_bitsliced(ch, sbox_args, sbox, sbox_selector, no_scr, no_scr_active, \ + optimize, const_mat_mul_func, add_func, mul_more_cols, \ + const_addmat_mul_func) \ +- mpc_copy(in_out_shares->s, lowmc_key, SC_PROOF); \ ++ oqs_sig_picnic_mpc_copy(in_out_shares->s, lowmc_key, SC_PROOF); \ + ++in_out_shares; \ + VARS_##sbox_args(SC_PROOF); \ + mzd_local_t** x = in_out_shares->s; \ + mzd_local_t* y[SC_PROOF]; \ +- mzd_local_init_multiple_ex(y, SC_PROOF, 1, lowmc->n, false); \ ++ oqs_sig_picnic_mzd_local_init_multiple_ex(y, SC_PROOF, 1, lowmc->n, false); \ + \ + MPC_LOOP(const_mat_mul_func, x, lowmc_key, lowmc->k0_##no_scr, SC_PROOF); \ + MPC_IF_ELSE(add_func, x, x, p, SC_PROOF, ch); \ +@@ -754,7 +754,7 @@ static void _mpc_sbox_layer_bitsliced_verify_512_neon(mzd_local_t** out, mzd_loc + loop##optimize(sbox_args, sbox, sbox_selector, no_scr, no_scr_active, const_mat_mul_func, \ + add_func, mul_more_cols, const_addmat_mul_func, ch, SC_PROOF) \ + VARS_FREE_##sbox_args; \ +- mzd_local_free_multiple(y); ++ oqs_sig_picnic_mzd_local_free_multiple(y); + + #define init_key mzd_local_t* const* lowmc_key = &in_out_shares->s[0]; + +@@ -767,7 +767,7 @@ static void _mpc_sbox_layer_bitsliced_verify_512_neon(mzd_local_t** out, mzd_loc + VARS_##sbox_args(SC_VERIFY); \ + mzd_local_t* x[2 * SC_VERIFY]; \ + mzd_local_t** y = &x[SC_VERIFY]; \ +- mzd_local_init_multiple_ex(x, 2 * SC_VERIFY, 1, lowmc->n, false); \ ++ oqs_sig_picnic_mzd_local_init_multiple_ex(x, 2 * SC_VERIFY, 1, lowmc->n, false); \ + \ + MPC_LOOP(const_mat_mul_func, x, lowmc_key, lowmc->k0_##no_scr, SC_VERIFY); \ + MPC_IF_ELSE(add_func, x, x, p, SC_VERIFY, ch); \ +@@ -776,8 +776,8 @@ static void _mpc_sbox_layer_bitsliced_verify_512_neon(mzd_local_t** out, mzd_loc + \ + loop##optimize(sbox_args, sbox, sbox_selector, no_scr, no_scr_active, const_mat_mul_func, \ + add_func, mul_more_cols, const_addmat_mul_func, ch, SC_VERIFY); \ +- mpc_copy(in_out_shares->s, x, SC_VERIFY); \ +- mzd_local_free_multiple(x); \ ++ oqs_sig_picnic_mpc_copy(in_out_shares->s, x, SC_VERIFY); \ ++ oqs_sig_picnic_mzd_local_free_multiple(x); \ + VARS_FREE_##sbox_args; + + static void mpc_lowmc_call(lowmc_t const* lowmc, mpc_lowmc_key_t* lowmc_key, mzd_local_t const* p, +@@ -787,25 +787,25 @@ static void mpc_lowmc_call(lowmc_t const* lowmc, mpc_lowmc_key_t* lowmc_key, mzd + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced(0, 6, _mpc_sbox_layer_bitsliced, mzd, lookup, noscr, _optimize, +- mzd_mul_vl_general, mzd_xor_general, mzd_mul_vl_general, ++ oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, + mzd_addmul_vl_general); + } else + #endif + { +- _mpc_lowmc_call_bitsliced(0, 6, , uint64, lookup, noscr, _optimize, mzd_mul_vl_general, +- mzd_xor_general, mzd_mul_vl_general, mzd_addmul_vl_general); ++ _mpc_lowmc_call_bitsliced(0, 6, , uint64, lookup, noscr, _optimize, oqs_sig_picnic_mzd_mul_vl_general, ++ oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, mzd_addmul_vl_general); + } + #else + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced(0, 6, _mpc_sbox_layer_bitsliced, mzd, matrix, scr, _optimize, +- mzd_mul_v_general, mzd_xor_general, mzd_mul_v_general, +- mzd_addmul_v_general); ++ oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_v_general, ++ oqs_sig_picnic_mzd_addmul_v_general); + } else + #endif + { +- _mpc_lowmc_call_bitsliced(0, 6, , uint64, matrix, scr, _optimize, mzd_mul_v_general, +- mzd_xor_general, mzd_mul_v_general, mzd_addmul_v_general); ++ _mpc_lowmc_call_bitsliced(0, 6, , uint64, matrix, scr, _optimize, oqs_sig_picnic_mzd_mul_v_general, ++ oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_addmul_v_general); + } + #endif + #else +@@ -813,23 +813,23 @@ static void mpc_lowmc_call(lowmc_t const* lowmc, mpc_lowmc_key_t* lowmc_key, mzd + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced(0, 6, _mpc_sbox_layer_bitsliced, mzd, lookup, noscr, , +- mzd_mul_vl_general, mzd_xor_general, , mzd_addmul_vl_general); ++ oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, , mzd_addmul_vl_general); + } else + #endif + { +- _mpc_lowmc_call_bitsliced(0, 6, , uint64, lookup, noscr, , mzd_mul_vl_general, mzd_xor_general, ++ _mpc_lowmc_call_bitsliced(0, 6, , uint64, lookup, noscr, , oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, + , mzd_addmul_vl_general); + } + #else + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced(0, 6, _mpc_sbox_layer_bitsliced, mzd, matrix, scr, , +- mzd_mul_v_general, mzd_xor_general, , mzd_addmul_v_general); ++ oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_mul_vl_general, , oqs_sig_picnic_mzd_addmul_v_general); + } else + #endif + { +- _mpc_lowmc_call_bitsliced(0, 6, , uint64, matrix, scr, , mzd_mul_v_general, mzd_xor_general, , +- mzd_addmul_v_general); ++ _mpc_lowmc_call_bitsliced(0, 6, , uint64, matrix, scr, , oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_mul_vl_general, , ++ oqs_sig_picnic_mzd_addmul_v_general); + } + #endif + #endif +@@ -842,26 +842,26 @@ static void mpc_lowmc_call_verify(lowmc_t const* lowmc, mzd_local_t const* p, vi + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced_verify_m(ch, 6, _mpc_sbox_layer_bitsliced_verify, mzd, lookup, noscr, +- _optimize, mzd_mul_vl_general, mzd_xor_general, +- mzd_mul_vl_general, mzd_addmul_vl_general); ++ _optimize, oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, ++ oqs_sig_picnic_mzd_mul_vl_general, mzd_addmul_vl_general); + } else + #endif + { + _mpc_lowmc_call_bitsliced_verify_m(ch, 6, , uint64, lookup, noscr, _optimize, +- mzd_mul_vl_general, mzd_xor_general, mzd_mul_vl_general, ++ oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, + mzd_addmul_vl_general); + } + #else + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced_verify_m(ch, 6, _mpc_sbox_layer_bitsliced_verify, mzd, matrix, scr, +- _optimize, mzd_mul_v_general, mzd_xor_general, +- mzd_mul_v_general, mzd_addmul_v_general); ++ _optimize, oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_mul_vl_general, ++ oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_addmul_v_general); + } else + #endif + { +- _mpc_lowmc_call_bitsliced_verify_m(ch, 6, , uint64, matrix, scr, _optimize, mzd_mul_v_general, +- mzd_xor_general, mzd_mul_v_general, mzd_addmul_v_general); ++ _mpc_lowmc_call_bitsliced_verify_m(ch, 6, , uint64, matrix, scr, _optimize, oqs_sig_picnic_mzd_mul_v_general, ++ oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_addmul_v_general); + } + #endif + #else +@@ -869,24 +869,24 @@ static void mpc_lowmc_call_verify(lowmc_t const* lowmc, mzd_local_t const* p, vi + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced_verify_m(ch, 6, _mpc_sbox_layer_bitsliced_verify, mzd, lookup, noscr, +- , mzd_mul_vl_general, mzd_xor_general, , ++ , oqs_sig_picnic_mzd_mul_vl_general, oqs_sig_picnic_mzd_mul_vl_general, , + mzd_addmul_vl_general); + } else + #endif + { +- _mpc_lowmc_call_bitsliced_verify_m(ch, 6, , uint64, lookup, noscr, , mzd_mul_vl_general, +- mzd_xor_general, , mzd_addmul_vl_general); ++ _mpc_lowmc_call_bitsliced_verify_m(ch, 6, , uint64, lookup, noscr, , oqs_sig_picnic_mzd_mul_vl_general, ++ oqs_sig_picnic_mzd_mul_vl_general, , mzd_addmul_vl_general); + } + #else + #ifdef WITH_CUSTOM_INSTANCES + if (lowmc->m != 10) { + _mpc_lowmc_call_bitsliced_verify_m(ch, 6, _mpc_sbox_layer_bitsliced_verify, mzd, matrix, scr, , +- mzd_mul_v_general, mzd_xor_general, , mzd_addmul_v_general); ++ oqs_sig_picnic_mzd_mul_v_general, oqs_sig_picnic_mzd_mul_vl_general, , oqs_sig_picnic_mzd_addmul_v_general); + } else + #endif + { +- _mpc_lowmc_call_bitsliced_verify_m(ch, 6, , uint64, matrix, scr, , mzd_mul_v_general, +- mzd_xor_general, , mzd_addmul_v_general); ++ _mpc_lowmc_call_bitsliced_verify_m(ch, 6, , uint64, matrix, scr, , oqs_sig_picnic_mzd_mul_v_general, ++ mzd_xor_general, , oqs_sig_picnic_mzd_addmul_v_general); + } + #endif + #endif +@@ -1026,67 +1026,67 @@ static void mpc_lowmc_call_verify(lowmc_t const* lowmc, mzd_local_t const* p, vi + #ifdef WITH_SSE2 + mpc_lowmc_call_def(mpc_lowmc_call_128_sse, mpc_lowmc_call_verify_128_sse, + _mpc_sbox_layer_bitsliced_128_sse, _mpc_sbox_layer_bitsliced_verify_128_sse, +- mzd_mul_v_sse, mzd_mul_vl_sse_128, mzd_xor_sse, mzd_xor_sse, mzd_mul_v_sse, +- mzd_mul_vl_sse, mzd_addmul_v_sse, mzd_addmul_vl_sse_128); ++ oqs_sig_picnic_mzd_mul_v_sse, oqs_sig_picnic_mzd_mul_vl_sse_128, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_mul_v_sse, ++ oqs_sig_picnic_mzd_mul_vl_sse, oqs_sig_picnic_mzd_addmul_v_sse, oqs_sig_picnic_mzd_addmul_vl_sse_128); + mpc_lowmc_call_def(mpc_lowmc_call_256_sse, mpc_lowmc_call_verify_256_sse, + _mpc_sbox_layer_bitsliced_256_sse, _mpc_sbox_layer_bitsliced_verify_256_sse, +- mzd_mul_v_sse, mzd_mul_vl_sse, mzd_xor_sse, mzd_xor_sse, mzd_mul_v_sse, +- mzd_mul_vl_sse, mzd_addmul_v_sse, mzd_addmul_vl_sse); ++ oqs_sig_picnic_mzd_mul_v_sse, oqs_sig_picnic_mzd_mul_vl_sse, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_mul_v_sse, ++ oqs_sig_picnic_mzd_mul_vl_sse, oqs_sig_picnic_mzd_addmul_v_sse, oqs_sig_picnic_mzd_addmul_vl_sse); + #ifdef WITH_CUSTOM_INSTANCES + mpc_lowmc_call_def(mpc_lowmc_call_384_sse, mpc_lowmc_call_verify_384_sse, + _mpc_sbox_layer_bitsliced_384_sse, _mpc_sbox_layer_bitsliced_verify_384_sse, +- mzd_mul_v_sse, mzd_mul_vl_sse, mzd_xor_sse, mzd_xor_sse, mzd_mul_v_sse, +- mzd_mul_vl_sse, mzd_addmul_v_sse, mzd_addmul_vl_sse); ++ oqs_sig_picnic_mzd_mul_v_sse, oqs_sig_picnic_mzd_mul_vl_sse, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_mul_v_sse, ++ oqs_sig_picnic_mzd_mul_vl_sse, oqs_sig_picnic_mzd_addmul_v_sse, oqs_sig_picnic_mzd_addmul_vl_sse); + mpc_lowmc_call_def(mpc_lowmc_call_512_sse, mpc_lowmc_call_verify_512_sse, + _mpc_sbox_layer_bitsliced_512_sse, _mpc_sbox_layer_bitsliced_verify_512_sse, +- mzd_mul_v_sse, mzd_mul_vl_sse, mzd_xor_sse, mzd_xor_sse, mzd_mul_v_sse, +- mzd_mul_vl_sse, mzd_addmul_v_sse, mzd_addmul_vl_sse); ++ oqs_sig_picnic_mzd_mul_v_sse, oqs_sig_picnic_mzd_mul_vl_sse, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_xor_sse, oqs_sig_picnic_mzd_mul_v_sse, ++ oqs_sig_picnic_mzd_mul_vl_sse, oqs_sig_picnic_mzd_addmul_v_sse, oqs_sig_picnic_mzd_addmul_vl_sse); + #endif + #endif + #ifdef WITH_AVX2 + mpc_lowmc_call_def(mpc_lowmc_call_256_avx, mpc_lowmc_call_verify_256_avx, + _mpc_sbox_layer_bitsliced_256_avx, _mpc_sbox_layer_bitsliced_verify_256_avx, +- mzd_mul_v_avx, mzd_mul_vl_avx_256, mzd_xor_avx, mzd_xor_avx, mzd_mul_v_avx, +- mzd_mul_vl_avx, mzd_addmul_v_avx, mzd_addmul_vl_avx_256); ++ oqs_sig_picnic_mzd_mul_v_avx, oqs_sig_picnic_mzd_mul_vl_avx_256, oqs_sig_picnic_mzd_xor_avx, oqs_sig_picnic_mzd_xor_avx, oqs_sig_picnic_mzd_mul_v_avx, ++ oqs_sig_picnic_mzd_mul_vl_avx, oqs_sig_picnic_mzd_addmul_v_avx, oqs_sig_picnic_mzd_addmul_vl_avx_256); + #ifdef WITH_CUSTOM_INSTANCES + mpc_lowmc_call_def(mpc_lowmc_call_384_avx, mpc_lowmc_call_verify_384_avx, + _mpc_sbox_layer_bitsliced_512_avx, _mpc_sbox_layer_bitsliced_verify_512_avx, +- mzd_mul_v_avx, mzd_mul_vl_avx, mzd_xor_avx, mzd_xor_avx, mzd_mul_v_avx, +- mzd_mul_vl_avx, mzd_addmul_v_avx, mzd_addmul_vl_avx); ++ oqs_sig_picnic_mzd_mul_v_avx, oqs_sig_picnic_mzd_mul_vl_avx, oqs_sig_picnic_mzd_xor_avx, oqs_sig_picnic_mzd_xor_avx, oqs_sig_picnic_mzd_mul_v_avx, ++ oqs_sig_picnic_mzd_mul_vl_avx, oqs_sig_picnic_mzd_addmul_v_avx, oqs_sig_picnic_mzd_addmul_vl_avx); + mpc_lowmc_call_def(mpc_lowmc_call_512_avx, mpc_lowmc_call_verify_512_avx, + _mpc_sbox_layer_bitsliced_512_avx, _mpc_sbox_layer_bitsliced_verify_512_avx, +- mzd_mul_v_avx, mzd_mul_vl_avx, mzd_xor_avx, mzd_xor_avx, mzd_mul_v_avx, +- mzd_mul_vl_avx, mzd_addmul_v_avx, mzd_addmul_vl_avx); ++ oqs_sig_picnic_mzd_mul_v_avx, oqs_sig_picnic_mzd_mul_vl_avx, oqs_sig_picnic_mzd_xor_avx, oqs_sig_picnic_mzd_xor_avx, oqs_sig_picnic_mzd_mul_v_avx, ++ oqs_sig_picnic_mzd_mul_vl_avx, oqs_sig_picnic_mzd_addmul_v_avx, oqs_sig_picnic_mzd_addmul_vl_avx); + #endif + #endif + #ifdef WITH_NEON + mpc_lowmc_call_def(mpc_lowmc_call_128_neon, mpc_lowmc_call_verify_128_neon, + _mpc_sbox_layer_bitsliced_128_neon, _mpc_sbox_layer_bitsliced_verify_128_neon, +- mzd_mul_v_neon, mzd_mul_vl_neon_128, mzd_xor_neon, mzd_xor_neon, mzd_mul_v_neon, +- mzd_mul_vl_neon_multiple_of_128, mzd_addmul_v_neon, mzd_addmul_vl_neon_128); ++ oqs_sig_picnic_mzd_mul_v_neon, oqs_sig_picnic_mzd_mul_vl_neon_128, oqs_sig_picnic_mzd_xor_neon, oqs_sig_picnic_mzd_xor_neon, oqs_sig_picnic_mzd_mul_v_neon, ++ oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128, oqs_sig_picnic_mzd_addmul_v_neon, oqs_sig_picnic_mzd_addmul_vl_neon_128); + mpc_lowmc_call_def(mpc_lowmc_call_256_neon, mpc_lowmc_call_verify_256_neon, + _mpc_sbox_layer_bitsliced_256_neon, _mpc_sbox_layer_bitsliced_verify_256_neon, +- mzd_mul_v_neon, mzd_mul_vl_neon_multiple_of_128, mzd_xor_neon, mzd_xor_neon, +- mzd_mul_v_neon, mzd_mul_vl_neon_multiple_of_128, mzd_addmul_v_neon, +- mzd_addmul_vl_neon); ++ oqs_sig_picnic_mzd_mul_v_neon, oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128, oqs_sig_picnic_mzd_xor_neon, oqs_sig_picnic_mzd_xor_neon, ++ oqs_sig_picnic_mzd_mul_v_neon, oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128, oqs_sig_picnic_mzd_addmul_v_neon, ++ oqs_sig_picnic_mzd_addmul_vl_neon); + #ifdef WITH_CUSTOM_INSTANCES + mpc_lowmc_call_def(mpc_lowmc_call_384_neon, mpc_lowmc_call_verify_384_neon, + _mpc_sbox_layer_bitsliced_384_neon, _mpc_sbox_layer_bitsliced_verify_384_neon, +- mzd_mul_v_neon, mzd_mul_vl_neon_multiple_of_128, mzd_xor_neon, mzd_xor_neon, +- mzd_mul_v_neon, mzd_mul_vl_neon_multiple_of_128, mzd_addmul_v_neon, +- mzd_addmul_vl_neon); ++ oqs_sig_picnic_mzd_mul_v_neon, oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128, oqs_sig_picnic_mzd_xor_neon, oqs_sig_picnic_mzd_xor_neon, ++ oqs_sig_picnic_mzd_mul_v_neon, oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128, oqs_sig_picnic_mzd_addmul_v_neon, ++ oqs_sig_picnic_mzd_addmul_vl_neon); + mpc_lowmc_call_def(mpc_lowmc_call_512_neon, mpc_lowmc_call_verify_512_neon, + _mpc_sbox_layer_bitsliced_512_neon, _mpc_sbox_layer_bitsliced_verify_512_neon, +- mzd_mul_v_neon, mzd_mul_vl_neon_multiple_of_128, mzd_xor_neon, mzd_xor_neon, +- mzd_mul_v_neon, mzd_mul_vl_neon_multiple_of_128, mzd_addmul_v_neon, +- mzd_addmul_vl_neon); ++ oqs_sig_picnic_mzd_mul_v_neon, oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128, oqs_sig_picnic_mzd_xor_neon, oqs_sig_picnic_mzd_xor_neon, ++ oqs_sig_picnic_mzd_mul_v_neon, oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128, oqs_sig_picnic_mzd_addmul_v_neon, ++ oqs_sig_picnic_mzd_addmul_vl_neon); + #endif + #endif + #endif + + static void sbox_vars_clear(sbox_vars_t* vars) { + if (vars->storage) { +- mzd_local_free_multiple(vars->storage); ++ oqs_sig_picnic_mzd_local_free_multiple(vars->storage); + free(vars->storage); + memset(vars, 0, sizeof(*vars)); + } +@@ -1094,7 +1094,7 @@ static void sbox_vars_clear(sbox_vars_t* vars) { + + static sbox_vars_t* sbox_vars_init(sbox_vars_t* vars, uint32_t n, unsigned sc) { + vars->storage = calloc(11 * sc, sizeof(mzd_local_t*)); +- mzd_local_init_multiple_ex(vars->storage, 11 * sc, 1, n, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(vars->storage, 11 * sc, 1, n, false); + + for (unsigned int i = 0; i < sc; ++i) { + vars->x0m[i] = vars->storage[11 * i + 0]; +@@ -1119,7 +1119,7 @@ static sbox_vars_t* sbox_vars_init(sbox_vars_t* vars, uint32_t n, unsigned sc) { + #define general_or_10(l, f) f##_10 + #endif + +-lowmc_implementation_f get_lowmc_implementation(const lowmc_t* lowmc) { ++lowmc_implementation_f oqs_sig_picnic_get_lowmc_implementation(const lowmc_t* lowmc) { + #ifdef WITH_OPT + #ifdef WITH_SSE2 + if (CPU_SUPPORTS_SSE2 && lowmc->n <= 128) { +@@ -1176,7 +1176,7 @@ lowmc_implementation_f get_lowmc_implementation(const lowmc_t* lowmc) { + return mpc_lowmc_call; + } + +-lowmc_verify_implementation_f get_lowmc_verify_implementation(const lowmc_t* lowmc) { ++lowmc_verify_implementation_f oqs_sig_picnic_get_lowmc_verify_implementation(const lowmc_t* lowmc) { + #ifdef WITH_OPT + #ifdef WITH_SSE2 + if (CPU_SUPPORTS_SSE2 && lowmc->n <= 128) { +diff --git a/mpc_lowmc.h b/mpc_lowmc.h +index 39f5d95..de6b38f 100644 +--- a/mpc_lowmc.h ++++ b/mpc_lowmc.h +@@ -24,7 +24,7 @@ typedef void (*lowmc_implementation_f)(lowmc_t const*, mpc_lowmc_key_t*, mzd_loc + typedef void (*lowmc_verify_implementation_f)(lowmc_t const*, mzd_local_t const*, view_t*, + in_out_shares_t*, rvec_t*, unsigned int); + +-lowmc_implementation_f get_lowmc_implementation(const lowmc_t* lowmc); +-lowmc_verify_implementation_f get_lowmc_verify_implementation(const lowmc_t* lowmc); ++lowmc_implementation_f oqs_sig_picnic_get_lowmc_implementation(const lowmc_t* lowmc); ++lowmc_verify_implementation_f oqs_sig_picnic_get_lowmc_verify_implementation(const lowmc_t* lowmc); + + #endif +diff --git a/mzd_additional.c b/mzd_additional.c +index a0e362d..91d15b8 100644 +--- a/mzd_additional.c ++++ b/mzd_additional.c +@@ -55,7 +55,7 @@ static uint32_t calculate_rowstride(uint32_t width) { + // In mzd_local_init_multiple we do the same, but store n mzd_local_t instances in one + // memory block. + +-mzd_local_t* mzd_local_init_ex(uint32_t r, uint32_t c, bool clear) { ++mzd_local_t* oqs_sig_picnic_mzd_local_init_ex(uint32_t r, uint32_t c, bool clear) { + const uint32_t width = (c + 64 - 1) / 64; + const uint32_t rowstride = calculate_rowstride(width); + +@@ -79,11 +79,11 @@ mzd_local_t* mzd_local_init_ex(uint32_t r, uint32_t c, bool clear) { + return A; + } + +-void mzd_local_free(mzd_local_t* v) { ++void oqs_sig_picnic_mzd_local_free(mzd_local_t* v) { + aligned_free(v); + } + +-void mzd_local_init_multiple_ex(mzd_local_t** dst, size_t n, uint32_t r, uint32_t c, bool clear) { ++void oqs_sig_picnic_mzd_local_init_multiple_ex(mzd_local_t** dst, size_t n, uint32_t r, uint32_t c, bool clear) { + const uint32_t width = (c + 64 - 1) / 64; + const uint32_t rowstride = calculate_rowstride(width); + +@@ -111,19 +111,19 @@ void mzd_local_init_multiple_ex(mzd_local_t** dst, size_t n, uint32_t r, uint32_ + } + } + +-void mzd_local_free_multiple(mzd_local_t** vs) { ++void oqs_sig_picnic_mzd_local_free_multiple(mzd_local_t** vs) { + if (vs) { + aligned_free(vs[0]); + } + } + +-mzd_local_t* mzd_local_copy(mzd_local_t* dst, mzd_local_t const* src) { ++mzd_local_t* oqs_sig_picnic_mzd_local_copy(mzd_local_t* dst, mzd_local_t const* src) { + if (dst == src) { + return dst; + } + + if (!dst) { +- dst = mzd_local_init(src->nrows, src->ncols); ++ dst = oqs_sig_picnic_mzd_local_init(src->nrows, src->ncols); + } + + memcpy(ASSUME_ALIGNED(FIRST_ROW(dst), 32), ASSUME_ALIGNED(CONST_FIRST_ROW(src), 32), +@@ -131,13 +131,13 @@ mzd_local_t* mzd_local_copy(mzd_local_t* dst, mzd_local_t const* src) { + return dst; + } + +-void mzd_local_clear(mzd_local_t* c) { ++void oqs_sig_picnic_mzd_local_clear(mzd_local_t* c) { + memset(ASSUME_ALIGNED(FIRST_ROW(c), 32), 0, c->nrows * sizeof(word) * c->rowstride); + } + +-void mzd_shift_right(mzd_local_t* res, mzd_local_t const* val, unsigned count) { ++void oqs_sig_picnic_mzd_shift_right(mzd_local_t* res, mzd_local_t const* val, unsigned count) { + if (!count) { +- mzd_local_copy(res, val); ++ oqs_sig_picnic_mzd_local_copy(res, val); + return; + } + +@@ -154,9 +154,9 @@ void mzd_shift_right(mzd_local_t* res, mzd_local_t const* val, unsigned count) { + *resptr = *valptr >> count; + } + +-void mzd_shift_left(mzd_local_t* res, mzd_local_t const* val, unsigned count) { ++void oqs_sig_picnic_mzd_shift_left(mzd_local_t* res, mzd_local_t const* val, unsigned count) { + if (!count) { +- mzd_local_copy(res, val); ++ oqs_sig_picnic_mzd_local_copy(res, val); + return; + } + +@@ -240,7 +240,7 @@ static inline mzd_local_t* mzd_and_neon(mzd_local_t* res, mzd_local_t const* fir + #endif + #endif + +-mzd_local_t* mzd_and(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { ++mzd_local_t* oqs_sig_picnic_mzd_and(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { + #ifdef WITH_OPT + #ifdef WITH_AVX2 + if (CPU_SUPPORTS_AVX2 && first->ncols >= 256 && ((first->ncols & (word_size_bits - 1)) == 0)) { +@@ -274,7 +274,7 @@ mzd_local_t* mzd_and(mzd_local_t* res, mzd_local_t const* first, mzd_local_t con + #ifdef WITH_OPT + #ifdef WITH_SSE2 + ATTRIBUTE_TARGET("sse2") +-mzd_local_t* mzd_xor_sse(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { ++mzd_local_t* oqs_sig_picnic_mzd_xor_sse(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { + unsigned int width = first->rowstride; + word* resptr = FIRST_ROW(res); + word const* firstptr = CONST_FIRST_ROW(first); +@@ -295,7 +295,7 @@ mzd_local_t* mzd_xor_sse(mzd_local_t* res, mzd_local_t const* first, mzd_local_t + + #ifdef WITH_AVX2 + ATTRIBUTE_TARGET("avx2") +-mzd_local_t* mzd_xor_avx(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { ++mzd_local_t* oqs_sig_picnic_mzd_xor_avx(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { + unsigned int width = first->rowstride; + word* resptr = FIRST_ROW(res); + word const* firstptr = CONST_FIRST_ROW(first); +@@ -315,7 +315,7 @@ mzd_local_t* mzd_xor_avx(mzd_local_t* res, mzd_local_t const* first, mzd_local_t + #endif + + #ifdef WITH_NEON +-inline mzd_local_t* mzd_xor_neon(mzd_local_t* res, mzd_local_t const* first, ++inline mzd_local_t* oqs_sig_picnic_mzd_xor_neon(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) { + unsigned int width = first->rowstride; + word* resptr = FIRST_ROW(res); +@@ -336,28 +336,28 @@ inline mzd_local_t* mzd_xor_neon(mzd_local_t* res, mzd_local_t const* first, + #endif + #endif + +-mzd_local_t* mzd_xor(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { ++mzd_local_t* oqs_sig_picnic_mzd_xor(mzd_local_t* res, mzd_local_t const* first, mzd_local_t const* second) { + #ifdef WITH_OPT + #ifdef WITH_AVX2 + if (CPU_SUPPORTS_AVX2 && first->ncols >= 256 && ((first->ncols & (word_size_bits - 1)) == 0)) { +- return mzd_xor_avx(res, first, second); ++ return oqs_sig_picnic_mzd_xor_avx(res, first, second); + } + #endif + #ifdef WITH_SSE2 + if (CPU_SUPPORTS_SSE2 && ((first->ncols & (word_size_bits - 1)) == 0)) { +- return mzd_xor_sse(res, first, second); ++ return oqs_sig_picnic_mzd_xor_sse(res, first, second); + } + #endif + #ifdef WITH_NEON + if (CPU_SUPPORTS_NEON && ((first->ncols & (word_size_bits - 1)) == 0)) { +- return mzd_xor_neon(res, first, second); ++ return oqs_sig_picnic_mzd_xor_neon(res, first, second); + } + #endif + #endif +- return mzd_xor_general(res, first, second); ++ return oqs_sig_picnic_mzd_xor_general(res, first, second); + } + +-mzd_local_t* mzd_xor_general(mzd_local_t* res, mzd_local_t const* first, ++mzd_local_t* oqs_sig_picnic_mzd_xor_general(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) { + unsigned int width = first->width; + word* resptr = FIRST_ROW(res); +@@ -371,37 +371,37 @@ mzd_local_t* mzd_xor_general(mzd_local_t* res, mzd_local_t const* first, + return res; + } + +-mzd_local_t* mzd_mul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) { ++mzd_local_t* oqs_sig_picnic_mzd_mul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) { + if (At->nrows != v->ncols) { + // number of columns does not match + return NULL; + } + +- mzd_local_clear(c); +- return mzd_addmul_v(c, v, At); ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_v(c, v, At); + } + +-mzd_local_t* mzd_mul_v_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) { ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) { + + if (At->nrows != v->ncols) { + // number of columns does not match + return NULL; + } + +- mzd_local_clear(c); +- return mzd_addmul_v_general(c, v, At); ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_v_general(c, v, At); + } + + #ifdef WITH_OPT + #ifdef WITH_SSE2 + ATTRIBUTE_TARGET("sse2") +-mzd_local_t* mzd_mul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { +- mzd_local_clear(c); +- return mzd_addmul_v_sse(c, v, A); ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_v_sse(c, v, A); + } + + ATTRIBUTE_TARGET("sse2") +-mzd_local_t* mzd_addmul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word* cptr = FIRST_ROW(c); + word const* vptr = CONST_FIRST_ROW(v); + const unsigned int width = v->width; +@@ -428,13 +428,13 @@ mzd_local_t* mzd_addmul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t + + #ifdef WITH_AVX2 + ATTRIBUTE_TARGET("avx2") +-mzd_local_t* mzd_mul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { +- mzd_local_clear(c); +- return mzd_addmul_v_avx(c, v, A); ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_v_avx(c, v, A); + } + + ATTRIBUTE_TARGET("avx2") +-mzd_local_t* mzd_addmul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word* cptr = FIRST_ROW(c); + word const* vptr = CONST_FIRST_ROW(v); + const unsigned int width = v->width; +@@ -460,12 +460,12 @@ mzd_local_t* mzd_addmul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t + #endif + + #ifdef WITH_NEON +-mzd_local_t* mzd_mul_v_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { +- mzd_local_clear(c); +- return mzd_addmul_v_neon(c, v, A); ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_v_neon(c, v, A); + } + +-inline mzd_local_t* mzd_addmul_v_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++inline mzd_local_t* oqs_sig_picnic_mzd_addmul_v_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word* cptr = FIRST_ROW(c); + word const* vptr = CONST_FIRST_ROW(v); + const unsigned int width = v->width; +@@ -491,7 +491,7 @@ inline mzd_local_t* mzd_addmul_v_neon(mzd_local_t* c, mzd_local_t const* v, mzd_ + #endif + #endif + +-mzd_local_t* mzd_addmul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + if (A->ncols != c->ncols || A->nrows != v->ncols) { + // number of columns does not match + return NULL; +@@ -501,26 +501,26 @@ mzd_local_t* mzd_addmul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t cons + if (A->nrows % (sizeof(word) * 8) == 0) { + #ifdef WITH_AVX2 + if (CPU_SUPPORTS_AVX2 && (A->ncols & 0xff) == 0) { +- return mzd_addmul_v_avx(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_v_avx(c, v, A); + } + #endif + #ifdef WITH_SSE2 + if (CPU_SUPPORTS_SSE2 && (A->ncols & 0x7f) == 0) { +- return mzd_addmul_v_sse(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_v_sse(c, v, A); + } + #endif + #ifdef WITH_NEON + if (CPU_SUPPORTS_NEON && (A->ncols & 0x7f) == 0) { +- return mzd_addmul_v_neon(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_v_neon(c, v, A); + } + #endif + } + #endif + +- return mzd_addmul_v_general(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_v_general(c, v, A); + } + +-mzd_local_t* mzd_addmul_v_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + + const unsigned int len = A->width; + const unsigned int rowstride = A->rowstride; +@@ -547,7 +547,7 @@ mzd_local_t* mzd_addmul_v_general(mzd_local_t* c, mzd_local_t const* v, mzd_loca + return c; + } + +-bool mzd_local_equal(mzd_local_t const* first, mzd_local_t const* second) { ++bool oqs_sig_picnic_mzd_local_equal(mzd_local_t const* first, mzd_local_t const* second) { + if (first == second) { + return true; + } +@@ -587,8 +587,8 @@ static void xor_comb(const unsigned int len, word* Brow, mzd_local_t const* A, + * Pre-compute matrices for faster mzd_addmul_v computions. + * + */ +-mzd_local_t* mzd_precompute_matrix_lookup(mzd_local_t const* A) { +- mzd_local_t* B = mzd_local_init_ex(32 * A->nrows, A->ncols, true); ++mzd_local_t* oqs_sig_picnic_mzd_precompute_matrix_lookup(mzd_local_t const* A) { ++ mzd_local_t* B = oqs_sig_picnic_mzd_local_init_ex(32 * A->nrows, A->ncols, true); + + const unsigned int len = A->width; + +@@ -608,7 +608,7 @@ mzd_local_t* mzd_precompute_matrix_lookup(mzd_local_t const* A) { + #ifdef WITH_OPT + #ifdef WITH_SSE2 + ATTRIBUTE_TARGET("sse2") +-mzd_local_t* mzd_mul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + const unsigned int width = v->width; + static const unsigned int moff2 = 256; +@@ -630,13 +630,13 @@ mzd_local_t* mzd_mul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_ + } + + ATTRIBUTE_TARGET("sse2") +-mzd_local_t* mzd_mul_vl_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { +- mzd_local_clear(c); +- return mzd_addmul_vl_sse(c, v, A); ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_vl_sse(c, v, A); + } + + ATTRIBUTE_TARGET("sse2") +-mzd_local_t* mzd_addmul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + const unsigned int width = v->width; + static const unsigned int moff2 = 256; +@@ -658,7 +658,7 @@ mzd_local_t* mzd_addmul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, mzd_loc + } + + ATTRIBUTE_TARGET("sse2") +-mzd_local_t* mzd_addmul_vl_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + const unsigned int width = v->width; + const unsigned int rowstride = A->rowstride; +@@ -683,7 +683,7 @@ mzd_local_t* mzd_addmul_vl_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t + + #ifdef WITH_AVX2 + ATTRIBUTE_TARGET("avx2") +-mzd_local_t* mzd_mul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + const unsigned int width = v->width; + static const unsigned int moff2 = 256; +@@ -705,7 +705,7 @@ mzd_local_t* mzd_mul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, mzd_local_ + } + + ATTRIBUTE_TARGET("avx2") +-mzd_local_t* mzd_addmul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + const unsigned int width = v->width; + static const unsigned int moff2 = 256; +@@ -727,13 +727,13 @@ mzd_local_t* mzd_addmul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, mzd_loc + } + + ATTRIBUTE_TARGET("avx2") +-mzd_local_t* mzd_mul_vl_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { +- mzd_local_clear(c); +- return mzd_addmul_vl_avx(c, v, A); ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_vl_avx(c, v, A); + } + + ATTRIBUTE_TARGET("avx2") +-mzd_local_t* mzd_addmul_vl_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + const unsigned int width = v->width; + const unsigned int rowstride = A->rowstride; +@@ -757,7 +757,7 @@ mzd_local_t* mzd_addmul_vl_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t + #endif + + #ifdef WITH_NEON +-mzd_local_t* mzd_mul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + const unsigned int width = v->width; +@@ -780,7 +780,7 @@ mzd_local_t* mzd_mul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, mzd_local + return c; + } + +-mzd_local_t* mzd_addmul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), 16); + static const unsigned int moff2 = 256; + +@@ -804,13 +804,13 @@ mzd_local_t* mzd_addmul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, mzd_lo + return c; + } + +-mzd_local_t* mzd_mul_vl_neon_multiple_of_128(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) { +- mzd_local_clear(c); ++ oqs_sig_picnic_mzd_local_clear(c); + return mzd_addmul_vl_neon(c, v, A); + } + +-mzd_local_t* mzd_addmul_vl_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + word const* vptr = ASSUME_ALIGNED(CONST_FIRST_ROW(v), alignof(uint32x4_t)); + const unsigned int width = v->width; + const unsigned int rowstride = A->rowstride; +@@ -835,7 +835,7 @@ mzd_local_t* mzd_addmul_vl_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_ + #endif + #endif + +-mzd_local_t* mzd_mul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + if (A->nrows != 32 * v->ncols) { + // number of columns does not match + return NULL; +@@ -846,36 +846,36 @@ mzd_local_t* mzd_mul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* + #ifdef WITH_AVX2 + if (CPU_SUPPORTS_AVX2) { + if (A->ncols == 256) { +- return mzd_mul_vl_avx_256(c, v, A); ++ return oqs_sig_picnic_mzd_mul_vl_avx_256(c, v, A); + } + } + #endif + #ifdef WITH_SSE2 + if (CPU_SUPPORTS_SSE2) { + if (A->ncols == 128) { +- return mzd_mul_vl_sse_128(c, v, A); ++ return oqs_sig_picnic_mzd_mul_vl_sse_128(c, v, A); + } + } + #endif + #ifdef WITH_NEON + if (CPU_SUPPORTS_NEON) { + if (A->ncols == 128) { +- return mzd_mul_vl_neon_128(c, v, A); ++ return oqs_sig_picnic_mzd_mul_vl_neon_128(c, v, A); + } + } + #endif + } + #endif +- mzd_local_clear(c); +- return mzd_addmul_vl(c, v, A); ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_vl(c, v, A); + } + +-mzd_local_t* mzd_mul_vl_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { +- mzd_local_clear(c); +- return mzd_addmul_vl_general(c, v, A); ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++ oqs_sig_picnic_mzd_local_clear(c); ++ return oqs_sig_picnic_mzd_addmul_vl_general(c, v, A); + } + +-mzd_local_t* mzd_addmul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + if (A->ncols != c->ncols || A->nrows != 32 * v->ncols) { + // number of columns does not match + return NULL; +@@ -886,39 +886,39 @@ mzd_local_t* mzd_addmul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t con + #ifdef WITH_AVX2 + if (CPU_SUPPORTS_AVX2) { + if (A->ncols == 256) { +- return mzd_addmul_vl_avx_256(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_vl_avx_256(c, v, A); + } + if ((A->ncols & 0xff) == 0) { +- return mzd_addmul_vl_avx(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_vl_avx(c, v, A); + } + } + #endif + #ifdef WITH_SSE2 + if (CPU_SUPPORTS_SSE2) { + if (A->ncols == 128) { +- return mzd_addmul_vl_sse_128(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_vl_sse_128(c, v, A); + } + if ((A->ncols & 0x7f) == 0) { +- return mzd_addmul_vl_sse(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_vl_sse(c, v, A); + } + } + #endif + #ifdef WITH_NEON + if (CPU_SUPPORTS_NEON) { + if (A->ncols == 128) { +- return mzd_addmul_vl_neon_128(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_vl_neon_128(c, v, A); + } + if ((A->ncols & 0x7f) == 0) { +- return mzd_addmul_vl_neon(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_vl_neon(c, v, A); + } + } + #endif + } + #endif +- return mzd_addmul_vl_general(c, v, A); ++ return oqs_sig_picnic_mzd_addmul_vl_general(c, v, A); + } + +-mzd_local_t* mzd_addmul_vl_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_general(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) { + const unsigned int len = A->width; + word* cptr = FIRST_ROW(c); + word const* vptr = CONST_FIRST_ROW(v); +diff --git a/mzd_additional.h b/mzd_additional.h +index 7992128..c084e6d 100644 +--- a/mzd_additional.h ++++ b/mzd_additional.h +@@ -27,44 +27,44 @@ typedef struct { + uint64_t rows[]; + } mzd_local_t ATTR_ALIGNED(32); + +-mzd_local_t* mzd_local_init_ex(uint32_t r, uint32_t c, bool clear) ATTR_ASSUME_ALIGNED(32); ++mzd_local_t* oqs_sig_picnic_mzd_local_init_ex(uint32_t r, uint32_t c, bool clear) ATTR_ASSUME_ALIGNED(32); + +-#define mzd_local_init(r, c) mzd_local_init_ex(r, c, true) ++#define oqs_sig_picnic_mzd_local_init(r, c) oqs_sig_picnic_mzd_local_init_ex(r, c, true) + +-void mzd_local_free(mzd_local_t* v); ++void oqs_sig_picnic_mzd_local_free(mzd_local_t* v); + +-void mzd_local_init_multiple_ex(mzd_local_t** dst, size_t n, uint32_t r, uint32_t c, bool clear) ++void oqs_sig_picnic_mzd_local_init_multiple_ex(mzd_local_t** dst, size_t n, uint32_t r, uint32_t c, bool clear) + ATTR_NONNULL_ARG(1); + +-#define mzd_local_init_multiple(dst, n, r, c) mzd_local_init_multiple_ex(dst, n, r, c, true) ++#define oqs_sig_picnic_mzd_local_init_multiple(dst, n, r, c) oqs_sig_picnic_mzd_local_init_multiple_ex(dst, n, r, c, true) + + /** +- * mzd_free for mzd_local_init_multiple. ++ * oqs_sig_picnic_mzd_free for oqs_sig_picnic_mzd_local_init_multiple. + */ +-void mzd_local_free_multiple(mzd_local_t** vs); ++void oqs_sig_picnic_mzd_local_free_multiple(mzd_local_t** vs); + /** +- * Improved mzd_copy for specific memory layouts. ++ * Improved oqs_sig_picnic_mzd_copy for specific memory layouts. + */ +-mzd_local_t* mzd_local_copy(mzd_local_t* dst, mzd_local_t const* src) ATTR_NONNULL_ARG(2); ++mzd_local_t* oqs_sig_picnic_mzd_local_copy(mzd_local_t* dst, mzd_local_t const* src) ATTR_NONNULL_ARG(2); + +-void mzd_local_clear(mzd_local_t* c) ATTR_NONNULL; ++void oqs_sig_picnic_mzd_local_clear(mzd_local_t* c) ATTR_NONNULL; + +-void mzd_shift_right(mzd_local_t* res, mzd_local_t const* val, unsigned count) ATTR_NONNULL; ++void oqs_sig_picnic_mzd_shift_right(mzd_local_t* res, mzd_local_t const* val, unsigned count) ATTR_NONNULL; + +-void mzd_shift_left(mzd_local_t* res, mzd_local_t const* val, unsigned count) ATTR_NONNULL; ++void oqs_sig_picnic_mzd_shift_left(mzd_local_t* res, mzd_local_t const* val, unsigned count) ATTR_NONNULL; + +-mzd_local_t* mzd_and(mzd_local_t* res, mzd_local_t const* first, ++mzd_local_t* oqs_sig_picnic_mzd_and(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) ATTR_NONNULL; + +-mzd_local_t* mzd_xor(mzd_local_t* res, mzd_local_t const* first, ++mzd_local_t* oqs_sig_picnic_mzd_xor(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) ATTR_NONNULL; +-mzd_local_t* mzd_xor_sse(mzd_local_t* res, mzd_local_t const* first, ++mzd_local_t* oqs_sig_picnic_mzd_xor_sse(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) ATTR_NONNULL; +-mzd_local_t* mzd_xor_avx(mzd_local_t* res, mzd_local_t const* first, ++mzd_local_t* oqs_sig_picnic_mzd_xor_avx(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) ATTR_NONNULL; +-mzd_local_t* mzd_xor_general(mzd_local_t* res, mzd_local_t const* first, ++mzd_local_t* oqs_sig_picnic_mzd_xor_general(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) ATTR_NONNULL; +-mzd_local_t* mzd_xor_neon(mzd_local_t* res, mzd_local_t const* first, ++mzd_local_t* oqs_sig_picnic_mzd_xor_neon(mzd_local_t* res, mzd_local_t const* first, + mzd_local_t const* second) ATTR_NONNULL; + + /** +@@ -77,85 +77,85 @@ mzd_local_t* mzd_xor_neon(mzd_local_t* res, mzd_local_t const* first, + * second vector + * \returns true if both vectors are equal, false otherwise. + */ +-bool mzd_local_equal(mzd_local_t const* first, mzd_local_t const* second) ATTR_NONNULL; ++bool oqs_sig_picnic_mzd_local_equal(mzd_local_t const* first, mzd_local_t const* second) ATTR_NONNULL; + + /** + * Compute v * A optimized for v being a vector. + */ +-mzd_local_t* mzd_mul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) ATTR_NONNULL; +-mzd_local_t* mzd_mul_v_general(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) ATTR_NONNULL; ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_general(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* At) ATTR_NONNULL; +-mzd_local_t* mzd_mul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_mul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_mul_v_neon(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) ATTR_NONNULL; ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A) ATTR_NONNULL; ++mzd_local_t* oqs_sig_picnic_mzd_mul_v_neon(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; + + /** + * Compute c + v * A optimized for c and v being vectors. + */ +-mzd_local_t* mzd_addmul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_v_general(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) ATTR_NONNULL; ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v_general(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A); +-mzd_local_t* mzd_addmul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A); +-mzd_local_t* mzd_addmul_v_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A); ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v_sse(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A); ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v_avx(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A); ++mzd_local_t* oqs_sig_picnic_mzd_addmul_v_neon(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* A); + + /** + * Compute v * A optimized for v being a vector. + */ +-mzd_local_t* mzd_mul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) ATTR_NONNULL; +-mzd_local_t* mzd_mul_vl_general(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl(mzd_local_t* c, mzd_local_t const* v, mzd_local_t const* At) ATTR_NONNULL; ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_general(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_mul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_mul_vl_sse(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_sse(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_mul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_mul_vl_avx(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_avx(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_mul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; + +-mzd_local_t* mzd_mul_vl_neon_multiple_of_128(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_mul_vl_neon_multiple_of_128(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; + /** + * Compute c + v * A optimized for c and v being vectors. + */ +-mzd_local_t* mzd_addmul_vl(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* At) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_sse_128(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_avx_256(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_vl_sse(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_sse(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_vl_avx(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_avx(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_vl_general(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_general(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_neon_128(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; +-mzd_local_t* mzd_addmul_vl_neon(mzd_local_t* c, mzd_local_t const* v, ++mzd_local_t* oqs_sig_picnic_mzd_addmul_vl_neon(mzd_local_t* c, mzd_local_t const* v, + mzd_local_t const* A) ATTR_NONNULL; + + /** + * Compute v * A optimized for v being a vector. + */ +-void mzd_mul_vlm(mzd_local_t** c, mzd_local_t const* const* v, mzd_local_t const* At, ++void oqs_sig_picnic_mzd_mul_vlm(mzd_local_t** c, mzd_local_t const* const* v, mzd_local_t const* At, + unsigned int sc) ATTR_NONNULL; + + /** + * Compute c + v * A optimized for c and v being vectors. + */ +-void mzd_addmul_vlm(mzd_local_t** c, mzd_local_t const* const* v, mzd_local_t const* At, ++void oqs_sig_picnic_mzd_addmul_vlm(mzd_local_t** c, mzd_local_t const* const* v, mzd_local_t const* At, + unsigned int sc) ATTR_NONNULL; + + /** +- * Pre-compute matrices for faster mzd_addmul_v computions. ++ * Pre-compute matrices for faster oqs_sig_picnic_mzd_addmul_v computions. + * + */ +-mzd_local_t* mzd_precompute_matrix_lookup(mzd_local_t const* A) ATTR_NONNULL; ++mzd_local_t* oqs_sig_picnic_mzd_precompute_matrix_lookup(mzd_local_t const* A) ATTR_NONNULL; + + #define ROW(v, r) ((word*)(((uint8_t*)(v)) + 32 + (v)->rowstride * (r) * sizeof(word))) + #define CONST_ROW(v, r) \ +@@ -167,7 +167,7 @@ mzd_local_t* mzd_precompute_matrix_lookup(mzd_local_t const* A) ATTR_NONNULL; + #define WRITE_BIT(w, spot, value) \ + ((w) = (((w) & ~(UINT64_C(1) << (spot))) | (-(word)(value) & (UINT64_C(1) << (spot))))) + +-#define mzd_local_write_bit(v, r, c, b) \ ++#define oqs_sig_picnic_mzd_local_write_bit(v, r, c, b) \ + WRITE_BIT(ROW(v, r)[c / (sizeof(word) * 8)], c % (sizeof(word) * 8), b) + + #endif +diff --git a/picnic.c b/picnic.c +index 91eeed3..55cb19c 100644 +--- a/picnic.c ++++ b/picnic.c +@@ -22,7 +22,7 @@ + #include "randomness.h" + + const picnic_instance_t* picnic_instance_get(picnic_params_t param) { +- return get_instance(param); ++ return oqs_sig_picnic_get_instance(param); + } + + size_t PICNIC_CALLING_CONVENTION picnic_signature_size(picnic_params_t param) { +@@ -110,22 +110,22 @@ int PICNIC_CALLING_CONVENTION picnic_sk_to_pk(const picnic_privatekey_t* sk, + uint8_t* pk_pt = &pk->data[1]; + const uint8_t* sk_pt = &sk->data[1 + input_size]; + +- mzd_local_t* plaintext = mzd_local_init_ex(1, instance->lowmc.n, false); +- mzd_local_t* privkey = mzd_local_init_ex(1, instance->lowmc.k, false); ++ mzd_local_t* plaintext = oqs_sig_picnic_mzd_local_init_ex(1, instance->lowmc.n, false); ++ mzd_local_t* privkey = oqs_sig_picnic_mzd_local_init_ex(1, instance->lowmc.k, false); + +- mzd_from_char_array(plaintext, sk_pt, output_size); +- mzd_from_char_array(privkey, sk_sk, input_size); ++ oqs_sig_picnic_mzd_from_char_array(plaintext, sk_pt, output_size); ++ oqs_sig_picnic_mzd_from_char_array(privkey, sk_sk, input_size); + + // compute public key +- mzd_local_t* ciphertext = lowmc_call(&instance->lowmc, privkey, plaintext); ++ mzd_local_t* ciphertext = oqs_sig_picnic_lowmc_call(&instance->lowmc, privkey, plaintext); + + pk->data[0] = param; + memcpy(pk_pt, sk_pt, output_size); +- mzd_to_char_array(pk_c, ciphertext, output_size); ++ oqs_sig_picnic_mzd_to_char_array(pk_c, ciphertext, output_size); + +- mzd_local_free(ciphertext); +- mzd_local_free(privkey); +- mzd_local_free(plaintext); ++ oqs_sig_picnic_mzd_local_free(ciphertext); ++ oqs_sig_picnic_mzd_local_free(privkey); ++ oqs_sig_picnic_mzd_local_free(plaintext); + + return 0; + } +@@ -156,21 +156,21 @@ int PICNIC_CALLING_CONVENTION picnic_validate_keypair(const picnic_privatekey_t* + return -1; + } + +- mzd_local_t* plaintext = mzd_local_init_ex(1, instance->lowmc.n, false); +- mzd_local_t* privkey = mzd_local_init_ex(1, instance->lowmc.k, false); ++ mzd_local_t* plaintext = oqs_sig_picnic_mzd_local_init_ex(1, instance->lowmc.n, false); ++ mzd_local_t* privkey = oqs_sig_picnic_mzd_local_init_ex(1, instance->lowmc.k, false); + +- mzd_from_char_array(plaintext, sk_pt, instance->output_size); +- mzd_from_char_array(privkey, sk_sk, instance->input_size); ++ oqs_sig_picnic_mzd_from_char_array(plaintext, sk_pt, instance->output_size); ++ oqs_sig_picnic_mzd_from_char_array(privkey, sk_sk, instance->input_size); + + // compute public key +- mzd_local_t* ciphertext = lowmc_call(&instance->lowmc, privkey, plaintext); ++ mzd_local_t* ciphertext = oqs_sig_picnic_lowmc_call(&instance->lowmc, privkey, plaintext); + + uint8_t buffer[MAX_LOWMC_BLOCK_SIZE]; +- mzd_to_char_array(buffer, ciphertext, output_size); ++ oqs_sig_picnic_mzd_to_char_array(buffer, ciphertext, output_size); + +- mzd_local_free(ciphertext); +- mzd_local_free(privkey); +- mzd_local_free(plaintext); ++ oqs_sig_picnic_mzd_local_free(ciphertext); ++ oqs_sig_picnic_mzd_local_free(privkey); ++ oqs_sig_picnic_mzd_local_free(plaintext); + + return memcmp(buffer, pk_c, output_size); + } +@@ -195,7 +195,7 @@ int PICNIC_CALLING_CONVENTION picnic_sign(const picnic_privatekey_t* sk, const u + const uint8_t* sk_c = &sk->data[1 + input_size + output_size]; + const uint8_t* sk_pt = &sk->data[1 + input_size]; + +- return fis_sign(instance, sk_pt, sk_sk, sk_c, message, message_len, signature, signature_len) ++ return oqs_sig_picnic_fis_sign(instance, sk_pt, sk_sk, sk_c, message, message_len, signature, signature_len) + ? 0 + : -1; + } +@@ -218,7 +218,7 @@ int PICNIC_CALLING_CONVENTION picnic_verify(const picnic_publickey_t* pk, const + const uint8_t* pk_c = &pk->data[1 + output_size]; + const uint8_t* pk_pt = &pk->data[1]; + +- return fis_verify(instance, pk_pt, pk_c, message, message_len, signature, signature_len) ? 0 : -1; ++ return oqs_sig_picnic_fis_verify(instance, pk_pt, pk_c, message, message_len, signature, signature_len) ? 0 : -1; + } + + void picnic_visualize(FILE* out, const uint8_t* public_key, size_t public_key_size, +@@ -233,7 +233,7 @@ void picnic_visualize(FILE* out, const uint8_t* public_key, size_t public_key_si + return; + } + +- visualize_signature(out, instance, msg, msglen, sig, siglen); ++ oqs_sig_picnic_visualize_signature(out, instance, msg, msglen, sig, siglen); + } + + const char* PICNIC_CALLING_CONVENTION picnic_get_param_name(picnic_params_t parameters) { +diff --git a/picnic_impl.c b/picnic_impl.c +index f1a308b..ced069e 100644 +--- a/picnic_impl.c ++++ b/picnic_impl.c +@@ -246,10 +246,10 @@ static void mzd_to_bitstream(bitstream_t* bs, const mzd_local_t* v, const size_t + const uint64_t* d = &CONST_FIRST_ROW(v)[v->width - 1]; + size_t bits = size; + for (; bits >= sizeof(uint64_t) * 8; bits -= sizeof(uint64_t) * 8, --d) { +- bitstream_put_bits(bs, *d, sizeof(uint64_t) * 8); ++ oqs_sig_picnic_bitstream_put_bits(bs, *d, sizeof(uint64_t) * 8); + } + if (bits) { +- bitstream_put_bits(bs, *d >> (sizeof(uint64_t) * 8 - bits), bits); ++ oqs_sig_picnic_bitstream_put_bits(bs, *d >> (sizeof(uint64_t) * 8 - bits), bits); + } + } + +@@ -259,10 +259,10 @@ static void mzd_from_bitstream(bitstream_t* bs, mzd_local_t* v, const size_t siz + + size_t bits = size; + for (; bits >= sizeof(uint64_t) * 8; bits -= sizeof(uint64_t) * 8, --d) { +- *d = bitstream_get_bits(bs, sizeof(uint64_t) * 8); ++ *d = oqs_sig_picnic_bitstream_get_bits(bs, sizeof(uint64_t) * 8); + } + if (bits) { +- *d = bitstream_get_bits(bs, bits) << (sizeof(uint64_t) * 8 - bits); ++ *d = oqs_sig_picnic_bitstream_get_bits(bs, bits) << (sizeof(uint64_t) * 8 - bits); + --d; + } + for (; d >= f; --d) { +@@ -271,11 +271,11 @@ static void mzd_from_bitstream(bitstream_t* bs, mzd_local_t* v, const size_t siz + } + + static void uint64_to_bitstream(bitstream_t* bs, const uint64_t v) { +- bitstream_put_bits(bs, v >> (64 - 30), 30); ++ oqs_sig_picnic_bitstream_put_bits(bs, v >> (64 - 30), 30); + } + + static uint64_t uint64_from_bitstream(bitstream_t* bs) { +- return bitstream_get_bits(bs, 30) << (64 - 30); ++ return oqs_sig_picnic_bitstream_get_bits(bs, 30) << (64 - 30); + } + + static void compress_view(uint8_t* dst, const picnic_instance_t* pp, const view_t* views, +@@ -356,13 +356,13 @@ static void decompress_random_tape_new(rvec_t* rvec, const picnic_instance_t* pp + } + + static void mzd_share(mzd_local_t* shared_value[SC_PROOF]) { +- mzd_xor(shared_value[2], shared_value[0], shared_value[2]); +- mzd_xor(shared_value[2], shared_value[1], shared_value[2]); ++ oqs_sig_picnic_mzd_xor(shared_value[2], shared_value[0], shared_value[2]); ++ oqs_sig_picnic_mzd_xor(shared_value[2], shared_value[1], shared_value[2]); + } + + static void mzd_unshare(mzd_local_t* dst, mzd_local_t* shared_value[SC_PROOF]) { +- mzd_xor(dst, shared_value[0], shared_value[1]); +- mzd_xor(dst, dst, shared_value[2]); ++ oqs_sig_picnic_mzd_xor(dst, shared_value[0], shared_value[1]); ++ oqs_sig_picnic_mzd_xor(dst, dst, shared_value[2]); + } + + static bool sign_impl(const picnic_instance_t* pp, const uint8_t* private_key, +@@ -388,13 +388,13 @@ static bool sign_impl(const picnic_instance_t* pp, const uint8_t* private_key, + view_t* views = calloc(sizeof(view_t), view_count); + if (lowmc->m != 10) { + for (size_t i = 0; i < view_count; ++i) { +- mzd_local_init_multiple_ex(views[i].s, SC_PROOF, 1, lowmc_n, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(views[i].s, SC_PROOF, 1, lowmc_n, false); + } + } + + in_out_shares_t in_out_shares[2]; +- mzd_local_init_multiple_ex(in_out_shares[0].s, SC_PROOF, 1, lowmc_k, false); +- mzd_local_init_multiple_ex(in_out_shares[1].s, SC_PROOF, 1, lowmc_n, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(in_out_shares[0].s, SC_PROOF, 1, lowmc_k, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(in_out_shares[1].s, SC_PROOF, 1, lowmc_n, false); + + // Generate seeds + START_TIMING; +@@ -418,7 +418,7 @@ static bool sign_impl(const picnic_instance_t* pp, const uint8_t* private_key, + + START_TIMING; + mzd_local_t* shared_key[SC_PROOF]; +- mzd_local_init_multiple(shared_key, SC_PROOF, 1, lowmc_k); ++ oqs_sig_picnic_mzd_local_init_multiple(shared_key, SC_PROOF, 1, lowmc_k); + END_TIMING(timing_and_size->sign.secret_sharing); + + // START_TIMING; TODO: I guess this shouldn't be here +@@ -426,7 +426,7 @@ static bool sign_impl(const picnic_instance_t* pp, const uint8_t* private_key, + rvec_t* rvec = calloc(sizeof(rvec_t), lowmc_r); // random tapes for and-gates + if (lowmc->m != 10) { + for (unsigned int i = 0; i < lowmc_r; ++i) { +- mzd_local_init_multiple_ex(rvec[i].s, SC_PROOF, 1, lowmc_n, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(rvec[i].s, SC_PROOF, 1, lowmc_n, false); + } + } + +@@ -443,11 +443,11 @@ static bool sign_impl(const picnic_instance_t* pp, const uint8_t* private_key, + // compute sharing + for (unsigned int j = 0; j < SC_PROOF - 1; ++j) { + kdf_shake_get_randomness(&kdfs[j], round->input_shares[j], input_size); +- mzd_from_char_array(shared_key[j], round->input_shares[j], input_size); ++ oqs_sig_picnic_mzd_from_char_array(shared_key[j], round->input_shares[j], input_size); + } +- mzd_local_copy(shared_key[SC_PROOF - 1], lowmc_key); ++ oqs_sig_picnic_mzd_local_copy(shared_key[SC_PROOF - 1], lowmc_key); + mzd_share(shared_key); +- mzd_to_char_array(round->input_shares[SC_PROOF - 1], shared_key[SC_PROOF - 1], input_size); ++ oqs_sig_picnic_mzd_to_char_array(round->input_shares[SC_PROOF - 1], shared_key[SC_PROOF - 1], input_size); + + // compute random tapes + for (unsigned int j = 0; j < SC_PROOF; ++j) { +@@ -464,7 +464,7 @@ static bool sign_impl(const picnic_instance_t* pp, const uint8_t* private_key, + + // commitments + for (unsigned int j = 0; j < SC_PROOF; ++j) { +- mzd_to_char_array(round->output_shares[j], in_out_shares[1].s[j], output_size); ++ oqs_sig_picnic_mzd_to_char_array(round->output_shares[j], in_out_shares[1].s[j], output_size); + compress_view(round->communicated_bits[j], pp, views, j); + hash_commitment(pp, round, j); + } +@@ -487,17 +487,17 @@ static bool sign_impl(const picnic_instance_t* pp, const uint8_t* private_key, + free(tape_bytes); + if (lowmc->m != 10) { + for (unsigned n = 0; n < view_count; ++n) { +- mzd_local_free_multiple(rvec[n].s); ++ oqs_sig_picnic_mzd_local_free_multiple(rvec[n].s); + } + for (unsigned n = 0; n < view_count; ++n) { +- mzd_local_free_multiple(views[n].s); ++ oqs_sig_picnic_mzd_local_free_multiple(views[n].s); + } + } + free(views); + free(rvec); +- mzd_local_free_multiple(shared_key); +- mzd_local_free_multiple(in_out_shares[0].s); +- mzd_local_free_multiple(in_out_shares[1].s); ++ oqs_sig_picnic_mzd_local_free_multiple(shared_key); ++ oqs_sig_picnic_mzd_local_free_multiple(in_out_shares[0].s); ++ oqs_sig_picnic_mzd_local_free_multiple(in_out_shares[1].s); + proof_free(prf); + + END_TIMING(timing_and_size->sign.challenge); +@@ -528,12 +528,12 @@ static bool verify_impl(const picnic_instance_t* pp, const uint8_t* plaintext, m + } + + in_out_shares_t in_out_shares[2]; +- mzd_local_init_multiple_ex(in_out_shares[0].s, SC_VERIFY, 1, lowmc_k, false); +- mzd_local_init_multiple_ex(in_out_shares[1].s, SC_PROOF, 1, lowmc_n, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(in_out_shares[0].s, SC_VERIFY, 1, lowmc_k, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(in_out_shares[1].s, SC_PROOF, 1, lowmc_n, false); + view_t* views = calloc(sizeof(view_t), view_count); + if (lowmc->m != 10) { + for (size_t i = 0; i < view_count; ++i) { +- mzd_local_init_multiple_ex(views[i].s, SC_VERIFY, 1, lowmc_n, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(views[i].s, SC_VERIFY, 1, lowmc_n, false); + } + } + +@@ -542,7 +542,7 @@ static bool verify_impl(const picnic_instance_t* pp, const uint8_t* plaintext, m + rvec_t* rvec = calloc(sizeof(rvec_t), lowmc_r); // random tapes for and-gates + if (lowmc->m != 10) { + for (unsigned int i = 0; i < lowmc_r; ++i) { +- mzd_local_init_multiple_ex(rvec[i].s, SC_VERIFY, 1, lowmc_n, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(rvec[i].s, SC_VERIFY, 1, lowmc_n, false); + } + } + uint8_t* tape_bytes = malloc(view_size); +@@ -566,8 +566,8 @@ static bool verify_impl(const picnic_instance_t* pp, const uint8_t* plaintext, m + kdf_shake_get_randomness(&kdfs[1], round->input_shares[1], input_size); + } + +- mzd_from_char_array(in_out_shares[0].s[0], round->input_shares[0], input_size); +- mzd_from_char_array(in_out_shares[0].s[1], round->input_shares[1], input_size); ++ oqs_sig_picnic_mzd_from_char_array(in_out_shares[0].s[0], round->input_shares[0], input_size); ++ oqs_sig_picnic_mzd_from_char_array(in_out_shares[0].s[1], round->input_shares[1], input_size); + + // compute random tapes + for (unsigned int j = 0; j < SC_VERIFY; ++j) { +@@ -590,10 +590,10 @@ static bool verify_impl(const picnic_instance_t* pp, const uint8_t* plaintext, m + mzd_unshare(in_out_shares[1].s[2], ys); + + for (unsigned int j = 0; j < SC_VERIFY; ++j) { +- mzd_to_char_array(round->output_shares[j], in_out_shares[1].s[j], output_size); ++ oqs_sig_picnic_mzd_to_char_array(round->output_shares[j], in_out_shares[1].s[j], output_size); + hash_commitment(pp, round, j); + } +- mzd_to_char_array(round->output_shares[SC_VERIFY], in_out_shares[1].s[SC_VERIFY], output_size); ++ oqs_sig_picnic_mzd_to_char_array(round->output_shares[SC_VERIFY], in_out_shares[1].s[SC_VERIFY], output_size); + + if (transform == TRANSFORM_UR) { + for (unsigned int j = 0; j < SC_VERIFY; ++j) { +@@ -611,16 +611,16 @@ static bool verify_impl(const picnic_instance_t* pp, const uint8_t* plaintext, m + free(tape_bytes); + if (lowmc->m != 10) { + for (unsigned n = 0; n < view_count; ++n) { +- mzd_local_free_multiple(rvec[n].s); ++ oqs_sig_picnic_mzd_local_free_multiple(rvec[n].s); + } + for (unsigned n = 0; n < view_count; ++n) { +- mzd_local_free_multiple(views[n].s); ++ oqs_sig_picnic_mzd_local_free_multiple(views[n].s); + } + } + free(views); + free(rvec); +- mzd_local_free_multiple(in_out_shares[0].s); +- mzd_local_free_multiple(in_out_shares[1].s); ++ oqs_sig_picnic_mzd_local_free_multiple(in_out_shares[0].s); ++ oqs_sig_picnic_mzd_local_free_multiple(in_out_shares[1].s); + + proof_free(prf); + +@@ -777,42 +777,42 @@ err: + return NULL; + } + +-bool fis_sign(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* private_key, ++bool oqs_sig_picnic_fis_sign(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* private_key, + const uint8_t* public_key, const uint8_t* msg, size_t msglen, uint8_t* sig, + size_t* siglen) { +- mzd_local_t* m_plaintext = mzd_local_init_ex(1, pp->lowmc.n, false); +- mzd_local_t* m_privatekey = mzd_local_init_ex(1, pp->lowmc.k, false); ++ mzd_local_t* m_plaintext = oqs_sig_picnic_mzd_local_init_ex(1, pp->lowmc.n, false); ++ mzd_local_t* m_privatekey = oqs_sig_picnic_mzd_local_init_ex(1, pp->lowmc.k, false); + +- mzd_from_char_array(m_plaintext, plaintext, pp->output_size); +- mzd_from_char_array(m_privatekey, private_key, pp->input_size); ++ oqs_sig_picnic_mzd_from_char_array(m_plaintext, plaintext, pp->output_size); ++ oqs_sig_picnic_mzd_from_char_array(m_privatekey, private_key, pp->input_size); + + const bool result = sign_impl(pp, private_key, m_privatekey, plaintext, m_plaintext, public_key, + msg, msglen, sig, siglen); + +- mzd_local_free(m_privatekey); +- mzd_local_free(m_plaintext); ++ oqs_sig_picnic_mzd_local_free(m_privatekey); ++ oqs_sig_picnic_mzd_local_free(m_plaintext); + + return result; + } + +-bool fis_verify(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* public_key, ++bool oqs_sig_picnic_fis_verify(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* public_key, + const uint8_t* msg, size_t msglen, const uint8_t* sig, size_t siglen) { +- mzd_local_t* m_plaintext = mzd_local_init_ex(1, pp->lowmc.n, false); +- mzd_local_t* m_publickey = mzd_local_init_ex(1, pp->lowmc.n, false); ++ mzd_local_t* m_plaintext = oqs_sig_picnic_mzd_local_init_ex(1, pp->lowmc.n, false); ++ mzd_local_t* m_publickey = oqs_sig_picnic_mzd_local_init_ex(1, pp->lowmc.n, false); + +- mzd_from_char_array(m_plaintext, plaintext, pp->output_size); +- mzd_from_char_array(m_publickey, public_key, pp->output_size); ++ oqs_sig_picnic_mzd_from_char_array(m_plaintext, plaintext, pp->output_size); ++ oqs_sig_picnic_mzd_from_char_array(m_publickey, public_key, pp->output_size); + + const bool result = + verify_impl(pp, plaintext, m_plaintext, public_key, m_publickey, msg, msglen, sig, siglen); + +- mzd_local_free(m_publickey); +- mzd_local_free(m_plaintext); ++ oqs_sig_picnic_mzd_local_free(m_publickey); ++ oqs_sig_picnic_mzd_local_free(m_plaintext); + + return result; + } + +-void visualize_signature(FILE* out, const picnic_instance_t* pp, const uint8_t* msg, size_t msglen, ++void oqs_sig_picnic_visualize_signature(FILE* out, const picnic_instance_t* pp, const uint8_t* msg, size_t msglen, + const uint8_t* sig, size_t siglen) { + const size_t digest_size = pp->digest_size; + const size_t seed_size = pp->seed_size; +@@ -894,14 +894,14 @@ void hash_commitment(const picnic_instance_t* pp, proof_round_t* prf_round, unsi + hash_context ctx; + + // hash the seed +- hash_init(&ctx, pp); ++ oqs_sig_picnic_hash_init(&ctx, pp); + hash_update(&ctx, &HASH_PREFIX_4, sizeof(HASH_PREFIX_4)); + hash_update(&ctx, prf_round->seeds[vidx], pp->seed_size); + hash_final(&ctx); + hash_squeeze(tmp, hashlen, &ctx); + + // compute H_0(H_4(seed), view) +- hash_init(&ctx, pp); ++ oqs_sig_picnic_hash_init(&ctx, pp); + hash_update(&ctx, &HASH_PREFIX_0, sizeof(HASH_PREFIX_0)); + hash_update(&ctx, tmp, hashlen); + // hash input share +@@ -925,7 +925,7 @@ static void H3_compute(const picnic_instance_t* pp, uint8_t* hash, uint8_t* ch) + while (ch < eof) { + if (bit_idx >= digest_size_bits) { + hash_context ctx; +- hash_init(&ctx, pp); ++ oqs_sig_picnic_hash_init(&ctx, pp); + hash_update(&ctx, &HASH_PREFIX_1, sizeof(HASH_PREFIX_1)); + hash_update(&ctx, hash, digest_size); + hash_final(&ctx); +@@ -948,7 +948,7 @@ void fs_H3_verify(const picnic_instance_t* pp, sig_proof_t* prf, const uint8_t* + const size_t output_size = pp->output_size; + + hash_context ctx; +- hash_init(&ctx, pp); ++ oqs_sig_picnic_hash_init(&ctx, pp); + hash_update(&ctx, &HASH_PREFIX_1, sizeof(HASH_PREFIX_1)); + + // hash output shares +@@ -1048,7 +1048,7 @@ void fs_H3(const picnic_instance_t* pp, sig_proof_t* prf, const uint8_t* circuit + const size_t num_rounds = pp->num_rounds; + + hash_context ctx; +- hash_init(&ctx, pp); ++ oqs_sig_picnic_hash_init(&ctx, pp); + hash_update(&ctx, &HASH_PREFIX_1, sizeof(HASH_PREFIX_1)); + + // hash output shares +@@ -1084,7 +1084,7 @@ void unruh_G(const picnic_instance_t* pp, proof_round_t* prf_round, unsigned vid + const size_t seedlen = pp->seed_size; + + /* Hash the seed with H_5, store digest in output */ +- hash_init(&ctx, pp); ++ oqs_sig_picnic_hash_init(&ctx, pp); + hash_update(&ctx, &HASH_PREFIX_5, sizeof(HASH_PREFIX_5)); + hash_update(&ctx, prf_round->seeds[vidx], seedlen); + hash_final(&ctx); +@@ -1093,7 +1093,7 @@ void unruh_G(const picnic_instance_t* pp, proof_round_t* prf_round, unsigned vid + hash_squeeze(tmp, digest_size, &ctx); + + /* Hash H_5(seed), the view, and the length */ +- hash_init(&ctx, pp); ++ oqs_sig_picnic_hash_init(&ctx, pp); + hash_update(&ctx, tmp, digest_size); + if (include_is) { + hash_update(&ctx, prf_round->input_shares[vidx], pp->input_size); +@@ -1181,14 +1181,14 @@ static bool create_instance(picnic_instance_t* pp, picnic_params_t param, uint32 + } + #endif + if (!have_instance) { +- have_instance = lowmc_init(&pp->lowmc, m, n, r, k); ++ have_instance = oqs_sig_picnic_lowmc_init(&pp->lowmc, m, n, r, k); + } + if (!have_instance) { + return false; + } + +- pp->lowmc_impl = get_lowmc_implementation(&pp->lowmc); +- pp->lowmc_verify_impl = get_lowmc_verify_implementation(&pp->lowmc); ++ pp->lowmc_impl = oqs_sig_picnic_get_lowmc_implementation(&pp->lowmc); ++ pp->lowmc_verify_impl = oqs_sig_picnic_get_lowmc_verify_implementation(&pp->lowmc); + + pp->params = param; + pp->transform = param_to_transform(param); +@@ -1227,10 +1227,10 @@ static bool create_instance(picnic_instance_t* pp, picnic_params_t param, uint32 + } + + static void destroy_instance(picnic_instance_t* pp) { +- lowmc_clear(&pp->lowmc); ++ oqs_sig_picnic_lowmc_clear(&pp->lowmc); + } + +-picnic_instance_t* get_instance(picnic_params_t param) { ++picnic_instance_t* oqs_sig_picnic_get_instance(picnic_params_t param) { + if (param <= PARAMETER_SET_INVALID || param >= PARAMETER_SET_MAX_INDEX) { + return NULL; + } +@@ -1262,8 +1262,8 @@ static void collapse_challenge(uint8_t* collapsed, const picnic_instance_t* pp, + bs.position = 0; + + for (unsigned int i = 0; i < pp->num_rounds; ++i) { +- bitstream_put_bits(&bs, challenge[i] & 1, 1); +- bitstream_put_bits(&bs, (challenge[i] >> 1) & 1, 1); ++ oqs_sig_picnic_bitstream_put_bits(&bs, challenge[i] & 1, 1); ++ oqs_sig_picnic_bitstream_put_bits(&bs, (challenge[i] >> 1) & 1, 1); + } + } + +@@ -1274,8 +1274,8 @@ static bool expand_challenge(uint8_t* challenge, const picnic_instance_t* pp, + bs.position = 0; + + for (unsigned int i = 0; i < pp->num_rounds; ++i) { +- uint8_t ch = bitstream_get_bits(&bs, 1); +- ch |= bitstream_get_bits(&bs, 1) << 1; ++ uint8_t ch = oqs_sig_picnic_bitstream_get_bits(&bs, 1); ++ ch |= oqs_sig_picnic_bitstream_get_bits(&bs, 1) << 1; + if (ch == 3) { + return false; + } +@@ -1283,7 +1283,7 @@ static bool expand_challenge(uint8_t* challenge, const picnic_instance_t* pp, + } + + size_t remaining_bits = (pp->collapsed_challenge_size << 3) - bs.position; +- if (remaining_bits && bitstream_get_bits(&bs, remaining_bits)) { ++ if (remaining_bits && oqs_sig_picnic_bitstream_get_bits(&bs, remaining_bits)) { + return false; + } + +diff --git a/picnic_impl.h b/picnic_impl.h +index dcc3747..18bfde5 100644 +--- a/picnic_impl.h ++++ b/picnic_impl.h +@@ -42,17 +42,17 @@ typedef struct { + transform_t transform; + } picnic_instance_t; + +-picnic_instance_t* get_instance(picnic_params_t param); ++picnic_instance_t* oqs_sig_picnic_get_instance(picnic_params_t param); + const picnic_instance_t* picnic_instance_get(picnic_params_t param); + +-bool fis_sign(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* private_key, ++bool oqs_sig_picnic_fis_sign(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* private_key, + const uint8_t* public_key, const uint8_t* msg, size_t msglen, uint8_t* sig, + size_t* siglen); + +-bool fis_verify(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* public_key, ++bool oqs_sig_picnic_fis_verify(const picnic_instance_t* pp, const uint8_t* plaintext, const uint8_t* public_key, + const uint8_t* msg, size_t msglen, const uint8_t* sig, size_t siglen); + +-void visualize_signature(FILE* out, const picnic_instance_t* pp, const uint8_t* msg, size_t msglen, ++void oqs_sig_picnic_visualize_signature(FILE* out, const picnic_instance_t* pp, const uint8_t* msg, size_t msglen, + const uint8_t* sig, size_t siglen); + + PICNIC_EXPORT size_t PICNIC_CALLING_CONVENTION picnic_get_private_key_size(picnic_params_t param); +diff --git a/sha3/KeccakHash.c b/sha3/KeccakHash.c +index bcfd1e9..6c7a0e6 100644 +--- a/sha3/KeccakHash.c ++++ b/sha3/KeccakHash.c +@@ -18,7 +18,7 @@ http://creativecommons.org/publicdomain/zero/1.0/ + + /* ---------------------------------------------------------------- */ + +-HashReturn Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix) ++HashReturn oqs_sig_picnic_Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix) + { + HashReturn result; + +@@ -34,7 +34,7 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *instance, unsigned int rat + + /* ---------------------------------------------------------------- */ + +-HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, BitLength databitlen) ++HashReturn oqs_sig_picnic_Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *data, BitLength databitlen) + { + if ((databitlen % 8) == 0) + return (HashReturn)KeccakWidth1600_SpongeAbsorb(&instance->sponge, data, databitlen/8); +@@ -61,7 +61,7 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *instance, const BitSequence *d + + /* ---------------------------------------------------------------- */ + +-HashReturn Keccak_HashFinal(Keccak_HashInstance *instance, BitSequence *hashval) ++HashReturn oqs_sig_picnic_Keccak_HashFinal(Keccak_HashInstance *instance, BitSequence *hashval) + { + HashReturn ret = (HashReturn)KeccakWidth1600_SpongeAbsorbLastFewBits(&instance->sponge, instance->delimitedSuffix); + if (ret == SUCCESS) +@@ -72,7 +72,7 @@ HashReturn Keccak_HashFinal(Keccak_HashInstance *instance, BitSequence *hashval) + + /* ---------------------------------------------------------------- */ + +-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, BitLength databitlen) ++HashReturn oqs_sig_picnic_Keccak_HashSqueeze(Keccak_HashInstance *instance, BitSequence *data, BitLength databitlen) + { + if ((databitlen % 8) != 0) + return FAIL; +diff --git a/sha3/KeccakHash.h b/sha3/KeccakHash.h +index 99347d6..1ba03a0 100644 +--- a/sha3/KeccakHash.h ++++ b/sha3/KeccakHash.h +@@ -51,31 +51,31 @@ typedef struct { + * @pre One must have r+c=1600 and the rate a multiple of 8 bits in this implementation. + * @return SUCCESS if successful, FAIL otherwise. + */ +-HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix); ++HashReturn oqs_sig_picnic_Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int rate, unsigned int capacity, unsigned int hashbitlen, unsigned char delimitedSuffix); + + /** Macro to initialize a SHAKE128 instance as specified in the FIPS 202 standard. + */ +-#define Keccak_HashInitialize_SHAKE128(hashInstance) Keccak_HashInitialize(hashInstance, 1344, 256, 0, 0x1F) ++#define Keccak_HashInitialize_SHAKE128(hashInstance) oqs_sig_picnic_Keccak_HashInitialize(hashInstance, 1344, 256, 0, 0x1F) + + /** Macro to initialize a SHAKE256 instance as specified in the FIPS 202 standard. + */ +-#define Keccak_HashInitialize_SHAKE256(hashInstance) Keccak_HashInitialize(hashInstance, 1088, 512, 0, 0x1F) ++#define Keccak_HashInitialize_SHAKE256(hashInstance) oqs_sig_picnic_Keccak_HashInitialize(hashInstance, 1088, 512, 0, 0x1F) + + /** Macro to initialize a SHA3-224 instance as specified in the FIPS 202 standard. + */ +-#define Keccak_HashInitialize_SHA3_224(hashInstance) Keccak_HashInitialize(hashInstance, 1152, 448, 224, 0x06) ++#define Keccak_HashInitialize_SHA3_224(hashInstance) oqs_sig_picnic_Keccak_HashInitialize(hashInstance, 1152, 448, 224, 0x06) + + /** Macro to initialize a SHA3-256 instance as specified in the FIPS 202 standard. + */ +-#define Keccak_HashInitialize_SHA3_256(hashInstance) Keccak_HashInitialize(hashInstance, 1088, 512, 256, 0x06) ++#define Keccak_HashInitialize_SHA3_256(hashInstance) oqs_sig_picnic_Keccak_HashInitialize(hashInstance, 1088, 512, 256, 0x06) + + /** Macro to initialize a SHA3-384 instance as specified in the FIPS 202 standard. + */ +-#define Keccak_HashInitialize_SHA3_384(hashInstance) Keccak_HashInitialize(hashInstance, 832, 768, 384, 0x06) ++#define Keccak_HashInitialize_SHA3_384(hashInstance) oqs_sig_picnic_Keccak_HashInitialize(hashInstance, 832, 768, 384, 0x06) + + /** Macro to initialize a SHA3-512 instance as specified in the FIPS 202 standard. + */ +-#define Keccak_HashInitialize_SHA3_512(hashInstance) Keccak_HashInitialize(hashInstance, 576, 1024, 512, 0x06) ++#define Keccak_HashInitialize_SHA3_512(hashInstance) oqs_sig_picnic_Keccak_HashInitialize(hashInstance, 576, 1024, 512, 0x06) + + /** + * Function to give input data to be absorbed. +@@ -87,7 +87,7 @@ HashReturn Keccak_HashInitialize(Keccak_HashInstance *hashInstance, unsigned int + * @pre In the previous call to Keccak_HashUpdate(), databitlen was a multiple of 8. + * @return SUCCESS if successful, FAIL otherwise. + */ +-HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, BitLength databitlen); ++HashReturn oqs_sig_picnic_Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequence *data, BitLength databitlen); + + /** + * Function to call after all input blocks have been input and to get +@@ -100,7 +100,7 @@ HashReturn Keccak_HashUpdate(Keccak_HashInstance *hashInstance, const BitSequenc + * @param hashval Pointer to the buffer where to store the output data. + * @return SUCCESS if successful, FAIL otherwise. + */ +-HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hashval); ++HashReturn oqs_sig_picnic_Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hashval); + + /** + * Function to squeeze output data. +@@ -111,7 +111,7 @@ HashReturn Keccak_HashFinal(Keccak_HashInstance *hashInstance, BitSequence *hash + * @pre @a databitlen is a multiple of 8. + * @return SUCCESS if successful, FAIL otherwise. + */ +-HashReturn Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, BitLength databitlen); ++HashReturn oqs_sig_picnic_Keccak_HashSqueeze(Keccak_HashInstance *hashInstance, BitSequence *data, BitLength databitlen); + + #endif + +diff --git a/tests/bitstream_test.c b/tests/bitstream_test.c +index 620bcc6..7bc11e4 100644 +--- a/tests/bitstream_test.c ++++ b/tests/bitstream_test.c +@@ -16,12 +16,12 @@ static int simple_test(void) { + bitstream_t bsw; + bsw.buffer = buffer; + bsw.position = 0; +- bitstream_put_bits(&bsw, v, i); ++ oqs_sig_picnic_bitstream_put_bits(&bsw, v, i); + + bitstream_t bsr; + bsr.buffer = buffer; + bsr.position = 0; +- const uint64_t r = bitstream_get_bits(&bsr, i); ++ const uint64_t r = oqs_sig_picnic_bitstream_get_bits(&bsr, i); + if (r != v) { + printf("simple_test: expected %016" PRIx64 ", got %016" PRIx64 "\n", v, r); + ret = -1; +@@ -49,19 +49,19 @@ static int test_30(void) { + bitstream_t bsw; + bsw.buffer = buffer; + bsw.position = 0; +- bitstream_put_bits(&bsw, v, 30); ++ oqs_sig_picnic_bitstream_put_bits(&bsw, v, 30); + + bitstream_t bsw2; + bsw2.buffer = buffer2; + bsw2.position = 0; + for (unsigned int i = 0; i < 30; ++i) { +- bitstream_put_bits(&bsw2, v >> (30 - i - 1), 1); ++ oqs_sig_picnic_bitstream_put_bits(&bsw2, v >> (30 - i - 1), 1); + } + + bitstream_t bsr; + bsr.buffer = buffer; + bsr.position = 0; +- uint64_t r = bitstream_get_bits(&bsr, 30); ++ uint64_t r = oqs_sig_picnic_bitstream_get_bits(&bsr, 30); + if (r != v) { + printf("test_30: expected %016" PRIx64 ", got %016" PRIx64 "\n", v, r); + ret = -1; +@@ -71,7 +71,7 @@ static int test_30(void) { + bsr2.buffer = buffer2; + bsr2.position = 0; + for (unsigned int i = 0; i < 30; ++i) { +- r = bitstream_get_bits(&bsr2, 1); ++ r = oqs_sig_picnic_bitstream_get_bits(&bsr2, 1); + const uint64_t e = (v >> (30 - i - 1)) & 0x1; + if (e != r) { + printf("test_30: expected2 %016" PRIx64 ", got %016" PRIx64 "\n", e, r); +@@ -105,18 +105,18 @@ static int test_multiple_30(void) { + bitstream_t bsw; + bsw.buffer = buffer; + bsw.position = 0; +- bitstream_put_bits(&bsw, v, 30); +- bitstream_put_bits(&bsw, v2, 30); ++ oqs_sig_picnic_bitstream_put_bits(&bsw, v, 30); ++ oqs_sig_picnic_bitstream_put_bits(&bsw, v2, 30); + + bitstream_t bsr; + bsr.buffer = buffer; + bsr.position = 0; +- uint64_t r = bitstream_get_bits(&bsr, 30); ++ uint64_t r = oqs_sig_picnic_bitstream_get_bits(&bsr, 30); + if (r != v) { + printf("test_multiple_30: expected %016" PRIx64 ", got %016" PRIx64 "\n", v, r); + ret = -1; + } +- r = bitstream_get_bits(&bsr, 30); ++ r = oqs_sig_picnic_bitstream_get_bits(&bsr, 30); + if (r != v2) { + printf("test_multiple_30: expected %016" PRIx64 ", got %016" PRIx64 "\n", v2, r); + ret = -1; +diff --git a/tests/lowmc_test.c b/tests/lowmc_test.c +index 753fe8a..0288c5d 100644 +--- a/tests/lowmc_test.c ++++ b/tests/lowmc_test.c +@@ -13,7 +13,7 @@ + + static int lowmc_enc_str(const picnic_params_t param, const char* key, const char* plaintext, + const char* expected) { +- picnic_instance_t* pp = get_instance(param); ++ picnic_instance_t* pp = oqs_sig_picnic_get_instance(param); + if (!pp) { + return -1; + } +@@ -27,21 +27,21 @@ static int lowmc_enc_str(const picnic_params_t param, const char* key, const cha + mzd_local_t* ctl = mzd_convert(ct); + + int ret = 0; +- mzd_local_t* ctr = lowmc_call(&pp->lowmc, skl, ptl); ++ mzd_local_t* ctr = oqs_sig_picnic_lowmc_call(&pp->lowmc, skl, ptl); + if (!ctr) { + ret = 1; + goto end; + } + +- if (!mzd_local_equal(ctr, ctl)) { ++ if (!oqs_sig_picnic_mzd_local_equal(ctr, ctl)) { + ret = 2; + } + + end: +- mzd_local_free(ctr); +- mzd_local_free(ctl); +- mzd_local_free(ptl); +- mzd_local_free(skl); ++ oqs_sig_picnic_mzd_local_free(ctr); ++ oqs_sig_picnic_mzd_local_free(ctl); ++ oqs_sig_picnic_mzd_local_free(ptl); ++ oqs_sig_picnic_mzd_local_free(skl); + mzd_free(ct); + mzd_free(pt); + mzd_free(sk); +@@ -51,35 +51,35 @@ end: + + static int lowmc_enc(const picnic_params_t param, const uint8_t* key, const uint8_t* plaintext, + const uint8_t* expected) { +- picnic_instance_t* pp = get_instance(param); ++ picnic_instance_t* pp = oqs_sig_picnic_get_instance(param); + if (!pp) { + return -1; + } + +- mzd_local_t* sk = mzd_local_init(1, pp->lowmc.k); +- mzd_local_t* pt = mzd_local_init(1, pp->lowmc.n); +- mzd_local_t* ct = mzd_local_init(1, pp->lowmc.n); ++ mzd_local_t* sk = oqs_sig_picnic_mzd_local_init(1, pp->lowmc.k); ++ mzd_local_t* pt = oqs_sig_picnic_mzd_local_init(1, pp->lowmc.n); ++ mzd_local_t* ct = oqs_sig_picnic_mzd_local_init(1, pp->lowmc.n); + +- mzd_from_char_array(sk, key, pp->input_size); +- mzd_from_char_array(pt, plaintext, pp->output_size); +- mzd_from_char_array(ct, expected, pp->output_size); ++ oqs_sig_picnic_mzd_from_char_array(sk, key, pp->input_size); ++ oqs_sig_picnic_mzd_from_char_array(pt, plaintext, pp->output_size); ++ oqs_sig_picnic_mzd_from_char_array(ct, expected, pp->output_size); + + int ret = 0; +- mzd_local_t* ctr = lowmc_call(&pp->lowmc, sk, pt); ++ mzd_local_t* ctr = oqs_sig_picnic_lowmc_call(&pp->lowmc, sk, pt); + if (!ctr) { + ret = 1; + goto end; + } + +- if (!mzd_local_equal(ctr, ct)) { ++ if (!oqs_sig_picnic_mzd_local_equal(ctr, ct)) { + ret = 2; + } + + end: +- mzd_local_free(ctr); +- mzd_local_free(ct); +- mzd_local_free(pt); +- mzd_local_free(sk); ++ oqs_sig_picnic_mzd_local_free(ctr); ++ oqs_sig_picnic_mzd_local_free(ct); ++ oqs_sig_picnic_mzd_local_free(pt); ++ oqs_sig_picnic_mzd_local_free(sk); + + return ret; + } +diff --git a/tests/mpc_test.c b/tests/mpc_test.c +index 57d5fda..de06da3 100644 +--- a/tests/mpc_test.c ++++ b/tests/mpc_test.c +@@ -11,34 +11,34 @@ + + static mzd_local_t** mpc_init_empty_share_vector(uint32_t n, unsigned sc) { + mzd_local_t** s = malloc(sc * sizeof(mzd_local_t*)); +- mzd_local_init_multiple(s, sc, 1, n); ++ oqs_sig_picnic_mzd_local_init_multiple(s, sc, 1, n); + return s; + } + + static mzd_local_t* mpc_reconstruct_from_share(mzd_local_t* dst, mzd_local_t** shared_vec) { + if (!dst) { +- dst = mzd_local_init_ex(shared_vec[0]->nrows, shared_vec[0]->ncols, false); ++ dst = oqs_sig_picnic_mzd_local_init_ex(shared_vec[0]->nrows, shared_vec[0]->ncols, false); + } + +- mzd_xor(dst, shared_vec[0], shared_vec[1]); +- return mzd_xor(dst, dst, shared_vec[2]); ++ oqs_sig_picnic_mzd_xor(dst, shared_vec[0], shared_vec[1]); ++ return oqs_sig_picnic_mzd_xor(dst, dst, shared_vec[2]); + } + + static mzd_local_t* mzd_init_random_vector(rci_t n) { +- mzd_local_t* a = mzd_local_init(1, n); ++ mzd_local_t* a = oqs_sig_picnic_mzd_local_init(1, n); + mzd_randomize_ssl(a); + return a; + } + + static mzd_local_t** mpc_init_share_vector(mzd_local_t const* v) { + mzd_local_t** s = malloc(3 * sizeof(mzd_local_t*)); +- mzd_local_init_multiple_ex(s, 3, 1, v->ncols, false); ++ oqs_sig_picnic_mzd_local_init_multiple_ex(s, 3, 1, v->ncols, false); + + mzd_randomize_ssl(s[0]); + mzd_randomize_ssl(s[1]); + +- mzd_xor(s[2], s[0], s[1]); +- mzd_xor(s[2], s[2], v); ++ oqs_sig_picnic_mzd_xor(s[2], s[0], s[1]); ++ oqs_sig_picnic_mzd_xor(s[2], s[2], v); + + return s; + } +@@ -48,37 +48,37 @@ static void test_mpc_share(void) { + mzd_local_t** s1 = mpc_init_share_vector(t1); + mzd_local_t* t1cmb = mpc_reconstruct_from_share(NULL, s1); + +- if (mzd_local_equal(t1, t1cmb)) ++ if (oqs_sig_picnic_mzd_local_equal(t1, t1cmb)) + printf("Share test successful.\n"); + +- mzd_local_free(t1); +- mzd_local_free_multiple(s1); +- mzd_local_free(t1cmb); ++ oqs_sig_picnic_mzd_local_free(t1); ++ oqs_sig_picnic_mzd_local_free_multiple(s1); ++ oqs_sig_picnic_mzd_local_free(t1cmb); + } + + static void test_mpc_add(void) { + mzd_local_t* t1 = mzd_init_random_vector(10); + mzd_local_t* t2 = mzd_init_random_vector(10); +- mzd_local_t* res = mzd_local_init(1, 10); +- mzd_xor(res, t1, t2); ++ mzd_local_t* res = oqs_sig_picnic_mzd_local_init(1, 10); ++ oqs_sig_picnic_mzd_xor(res, t1, t2); + + mzd_local_t** s1 = mpc_init_share_vector(t1); + mzd_local_t** s2 = mpc_init_share_vector(t2); + mzd_local_t** ress = mpc_init_empty_share_vector(10, 3); +- mpc_xor(ress, s1, s2, 3); ++ oqs_sig_picnic_mpc_xor(ress, s1, s2, 3); + + mzd_local_t* cmp = mpc_reconstruct_from_share(NULL, ress); + +- if (mzd_local_equal(res, cmp)) ++ if (oqs_sig_picnic_mzd_local_equal(res, cmp)) + printf("Shared add test successful.\n"); + +- mzd_local_free(t1); +- mzd_local_free(t2); +- mzd_local_free(res); +- mzd_local_free_multiple(s1); +- mzd_local_free_multiple(s2); +- mzd_local_free_multiple(ress); +- mzd_local_free(cmp); ++ oqs_sig_picnic_mzd_local_free(t1); ++ oqs_sig_picnic_mzd_local_free(t2); ++ oqs_sig_picnic_mzd_local_free(res); ++ oqs_sig_picnic_mzd_local_free_multiple(s1); ++ oqs_sig_picnic_mzd_local_free_multiple(s2); ++ oqs_sig_picnic_mzd_local_free_multiple(ress); ++ oqs_sig_picnic_mzd_local_free(cmp); + } + + void run_tests(void) { +diff --git a/tests/mzd_test.c b/tests/mzd_test.c +index e1243d2..264edde 100644 +--- a/tests/mzd_test.c ++++ b/tests/mzd_test.c +@@ -5,21 +5,21 @@ + + static void test_mzd_local_equal(void) { + for (unsigned int i = 0; i < 10; ++i) { +- mzd_local_t* a = mzd_local_init(1, (i + 1) * 64); ++ mzd_local_t* a = oqs_sig_picnic_mzd_local_init(1, (i + 1) * 64); + mzd_randomize_ssl(a); +- mzd_local_t* b = mzd_local_copy(NULL, a); ++ mzd_local_t* b = oqs_sig_picnic_mzd_local_copy(NULL, a); + +- if (mzd_local_equal(a, b)) { ++ if (oqs_sig_picnic_mzd_local_equal(a, b)) { + printf("equal: ok [%u]\n", (i + 1) * 64); + } + +- b = mzd_xor(b, b, a); +- if (mzd_local_equal(a, b)) { ++ b = oqs_sig_picnic_mzd_xor(b, b, a); ++ if (oqs_sig_picnic_mzd_local_equal(a, b)) { + printf("equal: ok [%u]\n", (i + 1) * 64); + } + +- mzd_local_free(a); +- mzd_local_free(b); ++ oqs_sig_picnic_mzd_local_free(a); ++ oqs_sig_picnic_mzd_local_free(b); + } + } + +@@ -44,27 +44,27 @@ static int test_mzd_mul_avx(void) { + for (unsigned int k = 0; k < 3; ++k) { + + mzd_t* r = mzd_mul_naive(c, v, A); +- mzd_local_t* rl = mzd_mul_v_avx(c2, vl, Al); ++ mzd_local_t* rl = oqs_sig_picnic_mzd_mul_v_avx(c2, vl, Al); + + mzd_local_t* rc = mzd_convert(r); + +- if (!mzd_local_equal(rc, rl)) { ++ if (!oqs_sig_picnic_mzd_local_equal(rc, rl)) { + printf("mul: fail [%u x %u]\n", size, size); + ret = -1; + } else { + printf("mul: ok [%u x %u]\n", size, size); + } + +- mzd_local_free(rc); ++ oqs_sig_picnic_mzd_local_free(rc); + } + + mzd_free(A); + mzd_free(v); + mzd_free(c); + +- mzd_local_free(c2); +- mzd_local_free(Al); +- mzd_local_free(vl); ++ oqs_sig_picnic_mzd_local_free(c2); ++ oqs_sig_picnic_mzd_local_free(Al); ++ oqs_sig_picnic_mzd_local_free(vl); + #endif + + return ret; +@@ -82,18 +82,18 @@ static void test_mzd_mul_vl_neon_192(void) { + mzd_randomize(v); + mzd_randomize(c); + +- mzd_local_t* Al = mzd_local_copy(NULL, A); +- mzd_local_t* All = mzd_precompute_matrix_lookup(Al); +- mzd_local_t* vl = mzd_local_copy(NULL, v); ++ mzd_local_t* Al = oqs_sig_picnic_mzd_local_copy(NULL, A); ++ mzd_local_t* All = oqs_sig_picnic_mzd_precompute_matrix_lookup(Al); ++ mzd_local_t* vl = oqs_sig_picnic_mzd_local_copy(NULL, v); + +- mzd_local_t* c2 = mzd_local_copy(NULL, c); ++ mzd_local_t* c2 = oqs_sig_picnic_mzd_local_copy(NULL, c); + + for (unsigned int k = 0; k < 3; ++k) { + + mzd_local_t* r = mzd_mul_naive(c, v, A); + mzd_local_t* rl = mzd_mul_vl_neon_multiple_of_128(c2, vl, All); + +- if (!mzd_local_equal(r, rl)) { ++ if (!oqs_sig_picnic_mzd_local_equal(r, rl)) { + printf("mul: fail [%u x %u]\n", size, size); + printf("r = "); + mzd_print(r); +@@ -108,9 +108,9 @@ static void test_mzd_mul_vl_neon_192(void) { + mzd_free(v); + mzd_free(c); + +- mzd_local_free(c2); +- mzd_local_free(Al); +- mzd_local_free(vl); ++ oqs_sig_picnic_mzd_local_free(c2); ++ oqs_sig_picnic_mzd_local_free(Al); ++ oqs_sig_picnic_mzd_local_free(vl); + } + + static void test_mzd_mul_vl_neon_256(void) { +@@ -124,18 +124,18 @@ static void test_mzd_mul_vl_neon_256(void) { + mzd_randomize(v); + mzd_randomize(c); + +- mzd_local_t* Al = mzd_local_copy(NULL, A); +- mzd_local_t* All = mzd_precompute_matrix_lookup(Al); +- mzd_local_t* vl = mzd_local_copy(NULL, v); ++ mzd_local_t* Al = oqs_sig_picnic_mzd_local_copy(NULL, A); ++ mzd_local_t* All = oqs_sig_picnic_mzd_precompute_matrix_lookup(Al); ++ mzd_local_t* vl = oqs_sig_picnic_mzd_local_copy(NULL, v); + +- mzd_local_t* c2 = mzd_local_copy(NULL, c); ++ mzd_local_t* c2 = oqs_sig_picnic_mzd_local_copy(NULL, c); + + for (unsigned int k = 0; k < 3; ++k) { + + mzd_local_t* r = mzd_mul_naive(c, v, A); + mzd_local_t* rl = mzd_mul_vl_neon_multiple_of_128(c2, vl, All); + +- if (!mzd_local_equal(r, rl)) { ++ if (!oqs_sig_picnic_mzd_local_equal(r, rl)) { + printf("mul: fail [%u x %u]\n", size, size); + printf("r = "); + mzd_print(r); +@@ -150,9 +150,9 @@ static void test_mzd_mul_vl_neon_256(void) { + mzd_free(v); + mzd_free(c); + +- mzd_local_free(c2); +- mzd_local_free(Al); +- mzd_local_free(vl); ++ oqs_sig_picnic_mzd_local_free(c2); ++ oqs_sig_picnic_mzd_local_free(Al); ++ oqs_sig_picnic_mzd_local_free(vl); + } + + static void test_mzd_addmul_vl_neon_192(void) { +@@ -166,19 +166,19 @@ static void test_mzd_addmul_vl_neon_192(void) { + mzd_randomize(v); + mzd_randomize(c); + +- mzd_local_t* Al = mzd_local_copy(NULL, A); +- mzd_local_t* All = mzd_precompute_matrix_lookup(Al); +- mzd_local_t* vl = mzd_local_copy(NULL, v); ++ mzd_local_t* Al = oqs_sig_picnic_mzd_local_copy(NULL, A); ++ mzd_local_t* All = oqs_sig_picnic_mzd_precompute_matrix_lookup(Al); ++ mzd_local_t* vl = oqs_sig_picnic_mzd_local_copy(NULL, v); + +- mzd_local_t* c2 = mzd_local_copy(NULL, c); +- mzd_local_t* c3 = mzd_local_copy(NULL, c); ++ mzd_local_t* c2 = oqs_sig_picnic_mzd_local_copy(NULL, c); ++ mzd_local_t* c3 = oqs_sig_picnic_mzd_local_copy(NULL, c); + + for (unsigned int k = 0; k < 3; ++k) { + + mzd_local_t* r = mzd_addmul_naive(c, v, A); + mzd_local_t* rl2 = mzd_addmul_vl_neon(c3, vl, All); + +- if (!mzd_local_equal(r, rl2)) { ++ if (!oqs_sig_picnic_mzd_local_equal(r, rl2)) { + printf("addmul2: fail [%u x %u]\n", size, size); + printf("r = "); + mzd_print(r); +@@ -193,9 +193,9 @@ static void test_mzd_addmul_vl_neon_192(void) { + mzd_free(v); + mzd_free(c); + +- mzd_local_free(c2); +- mzd_local_free(Al); +- mzd_local_free(vl); ++ oqs_sig_picnic_mzd_local_free(c2); ++ oqs_sig_picnic_mzd_local_free(Al); ++ oqs_sig_picnic_mzd_local_free(vl); + } + + static void test_mzd_addmul_vl_neon_256(void) { +@@ -209,19 +209,19 @@ static void test_mzd_addmul_vl_neon_256(void) { + mzd_randomize(v); + mzd_randomize(c); + +- mzd_local_t* Al = mzd_local_copy(NULL, A); +- mzd_local_t* All = mzd_precompute_matrix_lookup(Al); +- mzd_local_t* vl = mzd_local_copy(NULL, v); ++ mzd_local_t* Al = oqs_sig_picnic_mzd_local_copy(NULL, A); ++ mzd_local_t* All = oqs_sig_picnic_mzd_precompute_matrix_lookup(Al); ++ mzd_local_t* vl = oqs_sig_picnic_mzd_local_copy(NULL, v); + +- mzd_local_t* c2 = mzd_local_copy(NULL, c); +- mzd_local_t* c3 = mzd_local_copy(NULL, c); ++ mzd_local_t* c2 = oqs_sig_picnic_mzd_local_copy(NULL, c); ++ mzd_local_t* c3 = oqs_sig_picnic_mzd_local_copy(NULL, c); + + for (unsigned int k = 0; k < 3; ++k) { + + mzd_local_t* r = mzd_addmul_naive(c, v, A); + mzd_local_t* rl2 = mzd_addmul_vl_neon(c3, vl, All); + +- if (!mzd_local_equal(r, rl2)) { ++ if (!oqs_sig_picnic_mzd_local_equal(r, rl2)) { + printf("addmul2: fail [%u x %u]\n", size, size); + printf("r = "); + mzd_print(r); +@@ -236,9 +236,9 @@ static void test_mzd_addmul_vl_neon_256(void) { + mzd_free(v); + mzd_free(c); + +- mzd_local_free(c2); +- mzd_local_free(Al); +- mzd_local_free(vl); ++ oqs_sig_picnic_mzd_local_free(c2); ++ oqs_sig_picnic_mzd_local_free(Al); ++ oqs_sig_picnic_mzd_local_free(vl); + } + + #endif +@@ -255,7 +255,7 @@ static void test_mzd_mul(void) { + mzd_randomize(c); + + mzd_local_t* Al = mzd_convert(A); +- mzd_local_t* All = mzd_precompute_matrix_lookup(Al); ++ mzd_local_t* All = oqs_sig_picnic_mzd_precompute_matrix_lookup(Al); + mzd_local_t* vl = mzd_convert(v); + mzd_local_t* cl = mzd_convert(c); + mzd_local_t* cll = mzd_convert(c); +@@ -266,20 +266,20 @@ static void test_mzd_mul(void) { + mzd_t* c3 = mzd_transpose(NULL, c); + + for (unsigned int k = 0; k < 3; ++k) { +- mzd_local_t* r = mzd_mul_v(cl, vl, Al); +- mzd_local_t* rl = mzd_mul_vl(cll, vl, All); ++ mzd_local_t* r = oqs_sig_picnic_mzd_mul_v(cl, vl, Al); ++ mzd_local_t* rl = oqs_sig_picnic_mzd_mul_vl(cll, vl, All); + mzd_t* r2 = mzd_mul(c2, v, A, __M4RI_STRASSEN_MUL_CUTOFF); + mzd_t* r3 = mzd_mul(c3, At, vt, __M4RI_STRASSEN_MUL_CUTOFF); + +- if (!mzd_local_equal(r, rl)) { ++ if (!oqs_sig_picnic_mzd_local_equal(r, rl)) { + printf("mul: fail [%u x %u]\n", i * 64, j * 64); + } + + mzd_local_t* rc = mzd_convert(r2); +- if (!mzd_local_equal(r, rc)) { ++ if (!oqs_sig_picnic_mzd_local_equal(r, rc)) { + printf("mul: fail [%u x %u]\n", i * 64, j * 64); + } +- mzd_local_free(rc); ++ oqs_sig_picnic_mzd_local_free(rc); + + mzd_t* r4 = mzd_transpose(NULL, r3); + if (mzd_cmp(r4, r2) != 0) { +@@ -297,11 +297,11 @@ static void test_mzd_mul(void) { + mzd_free(c2); + mzd_free(c3); + +- mzd_local_free(All); +- mzd_local_free(Al); +- mzd_local_free(cll); +- mzd_local_free(cl); +- mzd_local_free(vl); ++ oqs_sig_picnic_mzd_local_free(All); ++ oqs_sig_picnic_mzd_local_free(Al); ++ oqs_sig_picnic_mzd_local_free(cll); ++ oqs_sig_picnic_mzd_local_free(cl); ++ oqs_sig_picnic_mzd_local_free(vl); + } + } + } +@@ -310,14 +310,14 @@ static void test_mzd_shift(void) { + #ifdef WITH_OPT + #ifdef WITH_SSE2 + if (CPU_SUPPORTS_SSE2) { +- mzd_local_t* v = mzd_local_init(1, 128); +- mzd_local_t* w = mzd_local_copy(NULL, v); +- mzd_local_t* r = mzd_local_copy(NULL, v); ++ mzd_local_t* v = oqs_sig_picnic_mzd_local_init(1, 128); ++ mzd_local_t* w = oqs_sig_picnic_mzd_local_copy(NULL, v); ++ mzd_local_t* r = oqs_sig_picnic_mzd_local_copy(NULL, v); + __m128i* wr = __builtin_assume_aligned(FIRST_ROW(w), 16); + + for (unsigned int i = 0; i < 32; ++i) { + mzd_randomize_ssl(v); +- mzd_local_copy(w, v); ++ oqs_sig_picnic_mzd_local_copy(w, v); + + mzd_shift_left(r, v, i); + *wr = mm128_shift_left(*wr, i); +@@ -329,7 +329,7 @@ static void test_mzd_shift(void) { + + for (unsigned int i = 0; i < 32; ++i) { + mzd_randomize_ssl(v); +- mzd_local_copy(w, v); ++ oqs_sig_picnic_mzd_local_copy(w, v); + + mzd_shift_right(r, v, i); + *wr = mm128_shift_right(*wr, i); +@@ -339,21 +339,21 @@ static void test_mzd_shift(void) { + } + } + +- mzd_local_free(w); +- mzd_local_free(v); +- mzd_local_free(r); ++ oqs_sig_picnic_mzd_local_free(w); ++ oqs_sig_picnic_mzd_local_free(v); ++ oqs_sig_picnic_mzd_local_free(r); + } + #endif + #ifdef WITH_AVX2 + if (CPU_SUPPORTS_AVX2) { +- mzd_local_t* v = mzd_local_init(1, 256); +- mzd_local_t* w = mzd_local_copy(NULL, v); +- mzd_local_t* r = mzd_local_copy(NULL, v); ++ mzd_local_t* v = oqs_sig_picnic_mzd_local_init(1, 256); ++ mzd_local_t* w = oqs_sig_picnic_mzd_local_copy(NULL, v); ++ mzd_local_t* r = oqs_sig_picnic_mzd_local_copy(NULL, v); + __m256i* wr = __builtin_assume_aligned(FIRST_ROW(w), 32); + + for (unsigned int i = 0; i < 32; ++i) { + mzd_randomize_ssl(v); +- mzd_local_copy(w, v); ++ oqs_sig_picnic_mzd_local_copy(w, v); + + mzd_shift_left(r, v, i); + *wr = mm256_shift_left(*wr, i); +@@ -365,7 +365,7 @@ static void test_mzd_shift(void) { + + for (unsigned int i = 0; i < 32; ++i) { + mzd_randomize_ssl(v); +- mzd_local_copy(w, v); ++ oqs_sig_picnic_mzd_local_copy(w, v); + + mzd_shift_right(r, v, i); + mm512_shift_right_avx(wr, wr, i); +@@ -375,21 +375,21 @@ static void test_mzd_shift(void) { + } + } + +- mzd_local_free(w); +- mzd_local_free(v); +- mzd_local_free(r); ++ oqs_sig_picnic_mzd_local_free(w); ++ oqs_sig_picnic_mzd_local_free(v); ++ oqs_sig_picnic_mzd_local_free(r); + } + #endif + #ifdef WITH_NEON + if (CPU_SUPPORTS_NEON) { +- mzd_local_t* v = mzd_local_init(1, 384); +- mzd_local_t* w = mzd_local_copy(NULL, v); +- mzd_local_t* r = mzd_local_copy(NULL, v); ++ mzd_local_t* v = oqs_sig_picnic_mzd_local_init(1, 384); ++ mzd_local_t* w = oqs_sig_picnic_mzd_local_copy(NULL, v); ++ mzd_local_t* r = oqs_sig_picnic_mzd_local_copy(NULL, v); + uint32x4_t* wr = __builtin_assume_aligned(FIRST_ROW(w), alignof(uint32x4_t)); + + for (unsigned int i = 0; i < 32; ++i) { + mzd_randomize_ssl(v); +- mzd_local_copy(w, v); ++ oqs_sig_picnic_mzd_local_copy(w, v); + + mzd_shift_left(r, v, i); + mm384_shift_left(wr, wr, i); +@@ -406,7 +406,7 @@ static void test_mzd_shift(void) { + + for (unsigned int i = 0; i < 32; ++i) { + mzd_randomize_ssl(v); +- mzd_local_copy(w, v); ++ oqs_sig_picnic_mzd_local_copy(w, v); + + mzd_shift_right(r, v, i); + mm384_shift_right(wr, wr, i); +@@ -421,9 +421,9 @@ static void test_mzd_shift(void) { + } + } + +- mzd_local_free(w); +- mzd_local_free(v); +- mzd_local_free(r); ++ oqs_sig_picnic_mzd_local_free(w); ++ oqs_sig_picnic_mzd_local_free(v); ++ oqs_sig_picnic_mzd_local_free(r); + } + #endif + #endif +diff --git a/tests/utils.c.i b/tests/utils.c.i +index 558180a..69b18af 100644 +--- a/tests/utils.c.i ++++ b/tests/utils.c.i +@@ -8,7 +8,7 @@ void mzd_randomize_ssl(mzd_local_t* val) { + } + + mzd_local_t* mzd_convert(const mzd_t* v) { +- mzd_local_t* r = mzd_local_init(v->nrows, v->ncols); ++ mzd_local_t* r = oqs_sig_picnic_mzd_local_init(v->nrows, v->ncols); + + for (rci_t i = 0; i < v->nrows; ++i) { + memcpy(ROW(r, i), v->rows[i], v->width * sizeof(word)); diff --git a/src/sig_picnic/sig_picnic.c b/src/sig_picnic/sig_picnic.c index ccd8375f0..3c7be8b72 100644 --- a/src/sig_picnic/sig_picnic.c +++ b/src/sig_picnic/sig_picnic.c @@ -1,4 +1,4 @@ -#if defined(ENABLE_PICNIC) +#ifdef ENABLE_SIG_PICNIC #if defined(WINDOWS) #define UNUSED #else @@ -12,25 +12,36 @@ #include "sig_picnic.h" #include "picnic.h" -#define SERIALIZED_PUB_KEY_LEN (PICNIC_MAX_PUBLICKEY_SIZE + 1) -#define SERIALIZED_PRIV_KEY_LEN (PICNIC_MAX_PRIVATEKEY_SIZE + 1 + SERIALIZED_PUB_KEY_LEN) - -static char *Picnic_42_14_FS = "Picnic_42_14_FS"; -static char *Picnic_42_14_UR = "Picnic_42_14_UR"; -static char *Picnic_1_316_FS = "Picnic_1_316_FS"; -static char *Picnic_1_316_UR = "Picnic_1_316_UR"; -static char *Picnic_10_38_FS = "Picnic_10_38_FS"; -static char *Picnic_10_38_UR = "Picnic_10_38_UR"; - -// This flag indicates if OpenSSL is used by OQS (or an app including OQS, such -// as OpenSSL itself). If so, then Picnic skips the initialization and shutdown -// of OpenSSL, not to interfere with the containing app. -static int USES_OPENSSL = -#if USE_OPENSSL - 1; -#else - 0; -#endif +static char *Picnic_L1_FS_name = "Picnic_L1_FS"; +static char *Picnic_L1_UR_name = "Picnic_L1_UR"; +static char *Picnic_L3_FS_name = "Picnic_L3_FS"; +static char *Picnic_L3_UR_name = "Picnic_L3_UR"; +static char *Picnic_L5_FS_name = "Picnic_L5_FS"; +static char *Picnic_L5_UR_name = "Picnic_L5_UR"; +static size_t PRIV_KEY_LEN[] = { + 0, + PICNIC_PRIVATE_KEY_SIZE(Picnic_L1_FS), + PICNIC_PRIVATE_KEY_SIZE(Picnic_L1_UR), + PICNIC_PRIVATE_KEY_SIZE(Picnic_L3_FS), + PICNIC_PRIVATE_KEY_SIZE(Picnic_L3_UR), + PICNIC_PRIVATE_KEY_SIZE(Picnic_L5_FS), + PICNIC_PRIVATE_KEY_SIZE(Picnic_L5_UR)}; +static size_t PUB_KEY_LEN[] = { + 0, + PICNIC_PUBLIC_KEY_SIZE(Picnic_L1_FS), + PICNIC_PUBLIC_KEY_SIZE(Picnic_L1_UR), + PICNIC_PUBLIC_KEY_SIZE(Picnic_L3_FS), + PICNIC_PUBLIC_KEY_SIZE(Picnic_L3_UR), + PICNIC_PUBLIC_KEY_SIZE(Picnic_L5_FS), + PICNIC_PUBLIC_KEY_SIZE(Picnic_L5_UR)}; +static size_t SIG_LEN[] = { + 0, + PICNIC_SIGNATURE_SIZE_Picnic_L1_FS, + PICNIC_SIGNATURE_SIZE_Picnic_L1_UR, + PICNIC_SIGNATURE_SIZE_Picnic_L3_FS, + PICNIC_SIGNATURE_SIZE_Picnic_L3_UR, + PICNIC_SIGNATURE_SIZE_Picnic_L5_FS, + PICNIC_SIGNATURE_SIZE_Picnic_L5_UR}; typedef struct PICNIC_CTX { picnic_params_t params; @@ -40,63 +51,65 @@ int OQS_SIG_picnic_get(OQS_SIG *s, enum OQS_SIG_algid algid) { if (s == NULL) { return OQS_ERROR; } - // init the alg - picnic_params_t params; - char *name; - switch (algid) { - case OQS_SIG_picnic_42_14_FS: - params = LowMC_256_256_42_14_FS; - name = Picnic_42_14_FS; - break; - case OQS_SIG_picnic_42_14_UR: - params = LowMC_256_256_42_14_UR; - name = Picnic_42_14_UR; - break; - case OQS_SIG_picnic_1_316_FS: - params = LowMC_256_256_1_316_FS; - name = Picnic_1_316_FS; - break; - case OQS_SIG_picnic_1_316_UR: - params = LowMC_256_256_1_316_UR; - name = Picnic_1_316_UR; - break; - case OQS_SIG_picnic_default: - case OQS_SIG_picnic_10_38_FS: - params = LowMC_256_256_10_38_FS; - name = Picnic_10_38_FS; - break; - case OQS_SIG_picnic_10_38_UR: - params = LowMC_256_256_10_38_UR; - name = Picnic_10_38_UR; - break; - default: - return OQS_ERROR; - } + PICNIC_CTX *pctx = malloc(sizeof(PICNIC_CTX)); if (pctx == NULL) { return OQS_ERROR; } - pctx->params = params; - // read the path to the picnic params (if undefined, NULL is - // returned and passed to picnic_init, and the default is used). - const char *params_path = getenv("PICNIC_PARAMS_PATH"); - if (picnic_init(params, params_path, USES_OPENSSL) != 0) { - free(pctx); + + // set the scheme-specific alg values + // NOTE: the key and sig len values use macros, so we can't + // parametrized with pctx->params to shorten the code. + switch (algid) { + case OQS_SIG_picnic_default: + case OQS_SIG_picnic_L1_FS: + pctx->params = Picnic_L1_FS; + s->method_name = Picnic_L1_FS_name; + s->estimated_classical_security = 128; + s->estimated_quantum_security = 64; + break; + case OQS_SIG_picnic_L1_UR: + pctx->params = Picnic_L1_UR; + s->method_name = Picnic_L1_UR_name; + s->estimated_classical_security = 128; + s->estimated_quantum_security = 64; + break; + case OQS_SIG_picnic_L3_FS: + pctx->params = Picnic_L3_FS; + s->method_name = Picnic_L3_FS_name; + s->estimated_classical_security = 192; + s->estimated_quantum_security = 96; + break; + case OQS_SIG_picnic_L3_UR: + pctx->params = Picnic_L3_UR; + s->method_name = Picnic_L3_UR_name; + s->estimated_classical_security = 192; + s->estimated_quantum_security = 96; + break; + case OQS_SIG_picnic_L5_FS: + pctx->params = Picnic_L5_FS; + s->method_name = Picnic_L5_FS_name; + s->estimated_classical_security = 256; + s->estimated_quantum_security = 128; + break; + case OQS_SIG_picnic_L5_UR: + pctx->params = Picnic_L5_UR; + s->method_name = Picnic_L5_UR_name; + s->estimated_classical_security = 256; + s->estimated_quantum_security = 128; + break; + default: return OQS_ERROR; } - - // set the scheme values - s->method_name = name; - s->estimated_classical_security = 256; - s->estimated_quantum_security = 128; - s->priv_key_len = SERIALIZED_PRIV_KEY_LEN; - s->pub_key_len = SERIALIZED_PUB_KEY_LEN; - s->max_sig_len = PICNIC_MAX_SIGNATURE_SIZE; + // set the ctx, sizes, and API functions + s->ctx = pctx; + s->priv_key_len = PRIV_KEY_LEN[pctx->params] + PUB_KEY_LEN[pctx->params]; // priv key also contains pub key + s->pub_key_len = PUB_KEY_LEN[pctx->params]; + s->max_sig_len = SIG_LEN[pctx->params]; s->keygen = &OQS_SIG_picnic_keygen; s->sign = &OQS_SIG_picnic_sign; s->verify = &OQS_SIG_picnic_verify; - s->shutdown = &OQS_SIG_picnic_shutdown; - s->ctx = pctx; + return OQS_SUCCESS; } @@ -112,14 +125,14 @@ int OQS_SIG_picnic_keygen(const OQS_SIG *s, uint8_t *priv, uint8_t *pub) { return OQS_ERROR; } // serialize the public key - if (picnic_write_public_key(&pk, pub, SERIALIZED_PUB_KEY_LEN) != SERIALIZED_PUB_KEY_LEN) { + int pk_len = picnic_write_public_key(&pk, pub, PUB_KEY_LEN[parameters]); + if ((size_t) pk_len != PUB_KEY_LEN[parameters]) { return OQS_ERROR; } + // serialize the private key - // 1. prepend the public key - memcpy(priv, pub, SERIALIZED_PUB_KEY_LEN); - // 2. write the private key - if (picnic_write_private_key(&sk, priv + SERIALIZED_PUB_KEY_LEN, SERIALIZED_PRIV_KEY_LEN) != (PICNIC_MAX_PRIVATEKEY_SIZE + 1)) { + int sk_len = picnic_write_private_key(&sk, priv, PRIV_KEY_LEN[parameters]); + if ((size_t) sk_len != PRIV_KEY_LEN[parameters]) { return OQS_ERROR; } // wipe the private key @@ -132,14 +145,9 @@ int OQS_SIG_picnic_sign(const OQS_SIG *s, const uint8_t *priv, const uint8_t *ms return OQS_ERROR; } picnic_privatekey_t sk; - picnic_publickey_t pk; + picnic_params_t parameters = ((PICNIC_CTX *) s->ctx)->params; // deserialize the private key - // 1. read the prepended public key - if (picnic_read_public_key(&pk, priv, SERIALIZED_PUB_KEY_LEN) != 0) { - return OQS_ERROR; - } - // 2. read the private key - if (picnic_read_private_key(&sk, priv + SERIALIZED_PUB_KEY_LEN, SERIALIZED_PRIV_KEY_LEN, &pk) != 0) { + if (picnic_read_private_key(&sk, priv, PRIV_KEY_LEN[parameters]) != 0) { return OQS_ERROR; } if (picnic_sign(&sk, msg, msg_len, sig, sig_len) != 0) { @@ -153,8 +161,9 @@ int OQS_SIG_picnic_verify(UNUSED const OQS_SIG *s, const uint8_t *pub, const uin return OQS_ERROR; } picnic_publickey_t pk; - // deserialize the private key - if (picnic_read_public_key(&pk, pub, SERIALIZED_PUB_KEY_LEN) != 0) { + // deserialize the public key + picnic_params_t parameters = ((PICNIC_CTX *) s->ctx)->params; + if (picnic_read_public_key(&pk, pub, PUB_KEY_LEN[parameters]) != 0) { return OQS_ERROR; } if (picnic_verify(&pk, msg, msg_len, sig, sig_len) != 0) { @@ -162,13 +171,4 @@ int OQS_SIG_picnic_verify(UNUSED const OQS_SIG *s, const uint8_t *pub, const uin } return OQS_SUCCESS; } - -int OQS_SIG_picnic_shutdown(OQS_SIG *s) { - if (s == NULL) { - return OQS_ERROR; - } - picnic_shutdown(USES_OPENSSL); - free(s->ctx); - return OQS_SUCCESS; -} -#endif // ENABLE_PICNIC +#endif diff --git a/src/sig_picnic/sig_picnic.h b/src/sig_picnic/sig_picnic.h index 9fa39d062..8ffa5fd2c 100644 --- a/src/sig_picnic/sig_picnic.h +++ b/src/sig_picnic/sig_picnic.h @@ -2,10 +2,10 @@ * \file sig_picnic.h * \brief Header for the Microsoft Picnic library */ - #ifndef __OQS_SIG_PICNIC_H #define __OQS_SIG_PICNIC_H +#ifdef ENABLE_SIG_PICNIC #include #include @@ -16,5 +16,5 @@ int OQS_SIG_picnic_get(OQS_SIG *sig, enum OQS_SIG_algid algid); int OQS_SIG_picnic_keygen(const OQS_SIG *s, uint8_t *priv, uint8_t *pub); int OQS_SIG_picnic_sign(const OQS_SIG *s, const uint8_t *priv, const uint8_t *msg, const size_t msg_len, uint8_t *sig, size_t *sig_len); int OQS_SIG_picnic_verify(const OQS_SIG *s, const uint8_t *pub, const uint8_t *msg, const size_t msg_len, const uint8_t *sig, const size_t sig_len); -int OQS_SIG_picnic_shutdown(OQS_SIG *sig); +#endif #endif