sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-04 00:02:01 -04:00
Code Issues Projects Releases Wiki Activity

Update to Picnic 3.0.9 (#1167)

Browse Source 
* Update to Picnic 3.0.10 (fixes #1165)

* Disable Picnic SIMD optimizations on Cygwin (fixes #1163)

* Set WITH_OPT only if required

* Revert "remove picnic from cygwin build (#1171)"

This reverts commit 5608b465748281c8f84a97858dbd9887e77d6bd3.

* Update supported CPU extensions for Picnic
This commit is contained in:
Sebastian Ramacher 2022-01-09 17:28:56 +01:00 committed by GitHub
parent 2af8ad71e2
commit 9227b2a233
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 162 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.CMake/alg_support.cmake
View File

@ -74,13 +74,13 @@ cmake_dependent_option(OQS_ENABLE_SIG_picnic3_L1 "" ON "OQS_ENABLE_SIG_PICNIC" O
cmake_dependent_option(OQS_ENABLE_SIG_picnic3_L3 "" ON "OQS_ENABLE_SIG_PICNIC" OFF)
cmake_dependent_option(OQS_ENABLE_SIG_picnic3_L5 "" ON "OQS_ENABLE_SIG_PICNIC" OFF)
if(OQS_DIST_X86_64_BUILD OR OQS_USE_SSE2_INSTRUCTIONS)
if((OQS_DIST_X86_64_BUILD OR OQS_USE_SSE2_INSTRUCTIONS) AND NOT CYGWIN)
cmake_dependent_option(OQS_ENABLE_SIG_picnic_sse2 "" ON "OQS_ENABLE_SIG_PICNIC" OFF)
endif()
if(OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS))
if((OQS_DIST_X86_64_BUILD OR (OQS_USE_AVX2_INSTRUCTIONS AND OQS_USE_BMI2_INSTRUCTIONS)) AND NOT CYGWIN)
cmake_dependent_option(OQS_ENABLE_SIG_picnic_avx2 "" ON "OQS_ENABLE_SIG_PICNIC" OFF)
endif()
if(OQS_DIST_ARM64_V8_BUILD OR OQS_USE_ARM_NEON_INSTRUCTIONS)
if((OQS_DIST_ARM64_V8_BUILD OR OQS_USE_ARM_NEON_INSTRUCTIONS) AND NOT CYGWIN)
cmake_dependent_option(OQS_ENABLE_SIG_picnic_neon "" ON "OQS_ENABLE_SIG_PICNIC" OFF)
endif()

2
appveyor_build.bat
View File

@ -2,7 +2,7 @@
IF %COMPILER%==cygwin (
@echo on
SET "PATH=C:\cywin64\bin;c:\cygwin64;%PATH%"
c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P ninja -P cmake -P gcc && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && mkdir build && cd build && cmake .. -GNinja -DCMAKE_C_COMPILER=gcc -DOQS_DIST_BUILD=ON -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_ENABLE_SIG_RAINBOW=OFF -DOQS_ENABLE_SIG_PICNIC=OFF -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL% && ninja "
c:\cygwin64\bin\bash.exe -lc "setup-x86_64.exe -qnNdO -R C:/cygwin64 -l C:/cygwin/var/cache/setup -P openssl -P libssl-devel -P ninja -P cmake -P gcc && cd ${APPVEYOR_BUILD_FOLDER} && openssl version && cygcheck -c && pwd && mkdir build && cd build && cmake .. -GNinja -DCMAKE_C_COMPILER=gcc -DOQS_DIST_BUILD=ON -DOQS_ENABLE_SIG_SPHINCS=OFF -DOQS_ENABLE_SIG_RAINBOW=OFF -DBUILD_SHARED_LIBS=%BUILD_SHARED% -DOQS_USE_OPENSSL=%OQS_USE_OPENSSL% && ninja "
)
IF %COMPILER%==msys2 (
@echo on

150
docs/algorithms/sig/picnic.md
View File

@ -4,8 +4,8 @@
- **Main cryptographic assumption**: hash function security (ROM/QROM), key recovery attacks on the lowMC block cipher.
- **Principal submitters**: Greg Zaverucha, Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Jonathan Katz, Xiao Wang, Vladmir Kolesnikov.
- **Authors' website**: https://microsoft.github.io/Picnic/
- **Specification version**: 3.0.8.
- **Implementation source**: https://github.com/IAIK/Picnic/tree/v3.0.8
- **Specification version**: 3.0.10.
- **Implementation source**: https://github.com/IAIK/Picnic/tree/v3.0.10
- **Implementation license (SPDX-Identifier)**: MIT.
## Parameter set summary
@ -27,126 +27,126 @@
## picnic\_L1\_FS implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage?‡ |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
‡For an explanation of what this denotes, consult the [Explanation of Terms](#explanation-of-terms) section at the end of this file.
## picnic\_L1\_UR implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L1\_full implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows (except cygwin) | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L3\_FS implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L3\_UR implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L3\_full implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows (except cygwin) | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L5\_FS implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L5\_UR implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic\_L5\_full implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows (except cygwin) | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic3\_L1 implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic3\_L3 implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## picnic3\_L5 implementation characteristics
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:--------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:---------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux | AVX2,SSE2 | True | True | False |
| master | x86\_64 | Darwin,Windows | SSE2 | True | True | False |
| Identifier in upstream | Supported architecture(s) | Supported operating system(s) | CPU extension(s) used | No branching-on-secrets claimed? | No branching-on-secrets checked by valgrind? | Large stack usage? |
|:------------------------:|:----------------------------|:-------------------------------------|:------------------------|:-----------------------------------|:-----------------------------------------------|:----------------------|
| master | All | All | None | True | True | False |
| master | x86\_64 | Linux,Darwin,Windows (except Cygwin) | AVX2,SSE2 | True | True | False |
| master | arm64 | Linux,Darwin | NEON | True | True | False |
Are implementations chosen based on runtime CPU feature detection? **No**.
Are implementations chosen based on runtime CPU feature detection? **Yes**.
## Explanation of Terms
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.
- **Large Stack Usage**: Implementations identified as having such may cause failures when running in threads or in constrained environments.

10
docs/algorithms/sig/picnic.yml
View File

@ -16,9 +16,9 @@ crypto-assumption: hash function security (ROM/QROM), key recovery attacks on th
lowMC block cipher
website: https://microsoft.github.io/Picnic/
nist-round: 3
spec-version: 3.0.8
spec-version: 3.0.10
spdx-license-identifier: MIT
upstream: https://github.com/IAIK/Picnic/tree/v3.0.8
upstream: https://github.com/IAIK/Picnic/tree/v3.0.10
parameter-sets:
- name: picnic_L1_FS
claimed-nist-level: 1
@ -114,7 +114,7 @@ parameter-sets:
- architecture: x86_64
operating_systems:
- Darwin
- Windows (except cygwin)
- Windows
required_flags:
- sse2
common-crypto:
@ -216,7 +216,7 @@ parameter-sets:
- architecture: x86_64
operating_systems:
- Darwin
- Windows (except cygwin)
- Windows
required_flags:
- sse2
common-crypto:
@ -318,7 +318,7 @@ parameter-sets:
- architecture: x86_64
operating_systems:
- Darwin
- Windows (except cygwin)
- Windows
required_flags:
- sse2
common-crypto:

6
src/sig/picnic/CMakeLists.txt
View File

@ -48,9 +48,11 @@ target_compile_definitions(picnic PRIVATE OQS
WITH_LOWMC_256_256_38
WITH_LOWMC_129_129_4
WITH_LOWMC_192_192_4
WITH_LOWMC_255_255_4
WITH_OPT)
WITH_LOWMC_255_255_4)
if(OQS_ENABLE_SIG_picnic_avx2 OR OQS_ENABLE_SIG_picnic_sse2 OR OQS_ENABLE_SIG_picnic_neon)
target_compile_definitions(picnic PRIVATE WITH_OPT)
endif()
if(OQS_ENABLE_SIG_picnic_sse2)
target_compile_definitions(picnic PRIVATE WITH_SSE2)
endif()

11
src/sig/picnic/external/CHANGELOG.md vendored
View File

@ -1,3 +1,14 @@
Version 3.0.10 -- 2022-01-08
----------------------------
* Fix build with llvm on ARM with NEON enabled
Version 3.0.9 -- 2021-12-22
---------------------------
* Unbreak x86-32 build.
* Fix build on M1 with NEON enabled.
Version 3.0.8 -- 2021-12-18
---------------------------

2
src/sig/picnic/external/macros.h vendored
View File

@ -172,7 +172,7 @@
#if defined(__GNUC__) || __has_attribute(target)
#define ATTR_TARGET(x) __attribute__((target((x))))
#define ATTR_TARGET_AVX2 __attribute__((target("avx2,bmi2")))
#define ATTR_TARGET_SSE2 __attribute__((target("sse")))
#define ATTR_TARGET_SSE2 __attribute__((target("sse2")))
#else
#define ATTR_TARGET(x)
#define ATTR_TARGET_AVX2

14
src/sig/picnic/external/mpc_lowmc.c vendored
View File

@ -464,6 +464,13 @@ static void mpc_sbox_verify_uint64_lowmc_255_255_4(mzd_local_t* out, const mzd_l
#endif /* NO_UINT_FALLBACK */
#if defined(WITH_OPT)
#define NROLR(a, b, c) \
do { \
(void)a; \
(void)b; \
(void)c; \
} while (0)
/* requires IN and RVEC to be defined */
#define bitsliced_mm_step_1(sc, type, AND, ROL, MASK_A, MASK_B, MASK_C) \
type r0m[sc] ATTR_ALIGNED(alignof(type)); \
@ -661,8 +668,7 @@ static inline void mpc_sbox_prove_s128_256(mzd_local_t* out, const mzd_local_t*
mask_a->w128, mask_b->w128, mask_c->w128);
// a & b
mpc_mm_multiple_and_def(word128, 2, mm128_and_256, mm128_xor_256, mm128_shift_right_256, r0m, x0s,
x1s, r2m, 0);
mpc_mm_multiple_and_def(word128, 2, mm128_and_256, mm128_xor_256, NROLR, r0m, x0s, x1s, r2m, 0);
// b & c
mpc_mm_multiple_and_def(word128, 2, mm128_and_256, mm128_xor_256, mm128_shift_right_256, r2m, x1s,
x2m, r1s, 1);
@ -681,8 +687,8 @@ static inline void mpc_sbox_verify_s128_256(mzd_local_t* out, const mzd_local_t*
mask_a->w128, mask_b->w128, mask_c->w128);
// a & b
mpc_mm_multiple_and_verify_def(word128, 2, mm128_and_256, mm128_xor_256, mm128_shift_left_256,
mm128_shift_right_256, r0m, x0s, x1s, r2m, mask_c->w128, 0);
mpc_mm_multiple_and_verify_def(word128, 2, mm128_and_256, mm128_xor_256, NROLR, NROLR, r0m, x0s,
x1s, r2m, mask_c->w128, 0);
// b & c
mpc_mm_multiple_and_verify_def(word128, 2, mm128_and_256, mm128_xor_256, mm128_shift_left_256,
mm128_shift_right_256, r2m, x1s, x2m, r1s, mask_c->w128, 1);

4
src/sig/picnic/external/picnic_impl.c vendored
View File

@ -674,7 +674,7 @@ static void H3_verify(const picnic_instance_t* pp, sig_proof_t* prf,
H3_public_key_message(&ctx, pp, prf->salt, context);
hash_final(&ctx);
uint8_t hash[MAX_DIGEST_SIZE];
uint8_t hash[MAX_DIGEST_SIZE] = {0};
hash_squeeze(&ctx, hash, digest_size);
hash_clear(&ctx);
H3_compute(pp, hash, ch);
@ -704,7 +704,7 @@ static void H3(const picnic_instance_t* pp, sig_proof_t* prf, const picnic_conte
H3_public_key_message(&ctx, pp, prf->salt, context);
hash_final(&ctx);
uint8_t hash[MAX_DIGEST_SIZE];
uint8_t hash[MAX_DIGEST_SIZE] = {0};
hash_squeeze(&ctx, hash, pp->digest_size);
hash_clear(&ctx);
/* parts of this hash will be published as challenge so is public anyway */

68
src/sig/picnic/external/simd.h vendored
View File

@ -112,9 +112,11 @@ typedef __m256i word256;
/* !l & r */
#define mm256_nand(l, r) _mm256_andnot_si256((l), (r))
// clang-format off
apply_region(mm256_xor_region, word256, mm256_xor, FN_ATTRIBUTES_AVX2)
apply_mask_region(mm256_xor_mask_region, word256, mm256_xor, mm256_and, FN_ATTRIBUTES_AVX2)
apply_mask(mm256_xor_mask, word256, mm256_xor, mm256_and, FN_ATTRIBUTES_AVX2_CONST)
// clang-format on
#define mm256_shift_left(data, count) \
_mm256_or_si256(_mm256_slli_epi64(data, count), \
@ -153,11 +155,13 @@ typedef __m128i word128;
#define mm128_sl_u64(x, s) _mm_slli_epi64((x), (s))
#define mm128_sr_u64(x, s) _mm_srli_epi64((x), (s))
// clang-format off
apply_region(mm128_xor_region, word128, mm128_xor, FN_ATTRIBUTES_SSE2)
apply_mask_region(mm128_xor_mask_region, word128, mm128_xor, mm128_and, FN_ATTRIBUTES_SSE2)
apply_mask(mm128_xor_mask, word128, mm128_xor, mm128_and, FN_ATTRIBUTES_SSE2_CONST)
apply_array(mm128_xor_256, word128, mm128_xor, 2, FN_ATTRIBUTES_SSE2)
apply_array(mm128_and_256, word128, mm128_and, 2, FN_ATTRIBUTES_SSE2)
// clang-format on
#define mm128_shift_left(data, count) \
_mm_or_si128(_mm_slli_epi64(data, count), _mm_srli_epi64(_mm_bslli_si128(data, 8), 64 - count))
@ -235,15 +239,19 @@ typedef uint64x2_t word128;
#define mm128_nand(l, r) vbicq_u64((r), (l))
#define mm128_broadcast_u64(x) vdupq_n_u64((x))
#define mm128_sl_u64(x, s) \
(__builtin_constant_p(s) ? vshlq_n_u64((x), (s)) : vshlq_u64((x), vdupq_n_s64(s)))
__builtin_choose_expr(__builtin_constant_p(s), vshlq_n_u64((x), (s)), \
vshlq_u64((x), vdupq_n_s64(s)))
#define mm128_sr_u64(x, s) \
(__builtin_constant_p(s) ? vshrq_n_u64((x), (s)) : vshlq_u64((x), vdupq_n_s64(-(int64_t)(s))))
__builtin_choose_expr(__builtin_constant_p(s), vshrq_n_u64((x), (s)), \
vshlq_u64((x), vdupq_n_s64(-(int64_t)(s))))
// clang-format off
apply_region(mm128_xor_region, word128, mm128_xor, FN_ATTRIBUTES_NEON)
apply_mask_region(mm128_xor_mask_region, word128, mm128_xor, mm128_and, FN_ATTRIBUTES_NEON)
apply_mask(mm128_xor_mask, word128, mm128_xor, mm128_and, FN_ATTRIBUTES_NEON_CONST)
apply_array(mm128_xor_256, word128, mm128_xor, 2, FN_ATTRIBUTES_NEON)
apply_array(mm128_and_256, word128, mm128_and, 2, FN_ATTRIBUTES_NEON)
// clang-format on
/* shift left by 64 to 127 bits */
#define mm128_shift_left_64_127(data, count) \
@ -264,37 +272,37 @@ apply_array(mm128_and_256, word128, mm128_and, 2, FN_ATTRIBUTES_NEON)
#define mm128_rotate_right(data, count) \
vorrq_u64(mm128_shift_right(data, count), mm128_shift_left_64_127(data, 128 - count))
static inline void FN_ATTRIBUTES_NEON mm128_shift_left_256(word128 res[2], word128 const data[2],
const unsigned int count) {
res[1] =
vorrq_u64(mm128_shift_left(data[1], count), mm128_shift_right_64_127(data[0], 128 - count));
res[0] = mm128_shift_left(data[0], count);
}
#define mm128_shift_left_256(res, data, count) \
do { \
res[1] = vorrq_u64(mm128_shift_left(data[1], count), \
mm128_shift_right_64_127(data[0], 128 - count)); \
res[0] = mm128_shift_left(data[0], count); \
} while (0)
static inline void FN_ATTRIBUTES_NEON mm128_shift_right_256(word128 res[2], word128 const data[2],
const unsigned int count) {
res[0] =
vorrq_u64(mm128_shift_right(data[0], count), mm128_shift_left_64_127(data[1], 128 - count));
res[1] = mm128_shift_right(data[1], count);
}
#define mm128_shift_right_256(res, data, count) \
do { \
res[0] = vorrq_u64(mm128_shift_right(data[0], count), \
mm128_shift_left_64_127(data[1], 128 - count)); \
res[1] = mm128_shift_right(data[1], count); \
} while (0)
static inline void FN_ATTRIBUTES_NEON mm128_rotate_left_256(word128 res[2], word128 const data[2],
const unsigned int count) {
const word128 carry = mm128_shift_right_64_127(data[1], 128 - count);
#define mm128_rotate_left_256(res, data, count) \
do { \
const word128 carry = mm128_shift_right_64_127(data[1], 128 - count); \
\
res[1] = vorrq_u64(mm128_shift_left(data[1], count), \
mm128_shift_right_64_127(data[0], 128 - count)); \
res[0] = vorrq_u64(mm128_shift_left(data[0], count), carry); \
} while (0)
res[1] =
vorrq_u64(mm128_shift_left(data[1], count), mm128_shift_right_64_127(data[0], 128 - count));
res[0] = vorrq_u64(mm128_shift_left(data[0], count), carry);
}
static inline void FN_ATTRIBUTES_NEON mm128_rotate_right_256(word128 res[2], word128 const data[2],
const unsigned int count) {
const word128 carry = mm128_shift_left_64_127(data[0], 128 - count);
res[0] =
vorrq_u64(mm128_shift_right(data[0], count), mm128_shift_left_64_127(data[1], 128 - count));
res[1] = vorrq_u64(mm128_shift_right(data[1], count), carry);
}
#define mm128_rotate_right_256(res, data, count) \
do { \
const word128 carry = mm128_shift_left_64_127(data[0], 128 - count); \
\
res[0] = vorrq_u64(mm128_shift_right(data[0], count), \
mm128_shift_left_64_127(data[1], 128 - count)); \
res[1] = vorrq_u64(mm128_shift_right(data[1], count), carry); \
} while (0)
#endif
#if defined(_MSC_VER)

24
src/sig/picnic/sig_picnic.c
View File

@ -125,7 +125,7 @@ OQS_SIG *OQS_SIG_picnic_L1_FS_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L1_FS;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 1;
sig->euf_cma = true;
@ -164,7 +164,7 @@ OQS_SIG *OQS_SIG_picnic_L1_UR_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L1_UR;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 1;
sig->euf_cma = true;
@ -203,7 +203,7 @@ OQS_SIG *OQS_SIG_picnic_L1_full_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L1_full;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 1;
sig->euf_cma = true;
@ -242,7 +242,7 @@ OQS_SIG *OQS_SIG_picnic_L3_FS_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L3_FS;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 3;
sig->euf_cma = true;
@ -281,7 +281,7 @@ OQS_SIG *OQS_SIG_picnic_L3_UR_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L3_UR;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 3;
sig->euf_cma = true;
@ -320,7 +320,7 @@ OQS_SIG *OQS_SIG_picnic_L3_full_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L3_full;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 3;
sig->euf_cma = true;
@ -359,7 +359,7 @@ OQS_SIG *OQS_SIG_picnic_L5_FS_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L5_FS;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 5;
sig->euf_cma = true;
@ -399,7 +399,7 @@ OQS_SIG *OQS_SIG_picnic_L5_UR_new() {
}
sig->method_name = OQS_SIG_alg_picnic_L5_UR;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 5;
sig->euf_cma = true;
@ -438,7 +438,7 @@ OQS_SIG *OQS_SIG_picnic_L5_full_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic_L5_full;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 5;
sig->euf_cma = true;
@ -475,7 +475,7 @@ OQS_SIG *OQS_SIG_picnic3_L1_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic3_L1;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 1;
sig->euf_cma = true;
@ -513,7 +513,7 @@ OQS_SIG *OQS_SIG_picnic3_L3_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic3_L3;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 3;
sig->euf_cma = true;
@ -551,7 +551,7 @@ OQS_SIG *OQS_SIG_picnic3_L5_new() {
return NULL;
}
sig->method_name = OQS_SIG_alg_picnic3_L5;
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.8";
sig->alg_version = "https://github.com/IAIK/Picnic/tree/v3.0.10";
sig->claimed_nist_level = 5;
sig->euf_cma = true;