Skip to content
Snippets Groups Projects
Commit 986694ff authored by dmitriy.gerasimov's avatar dmitriy.gerasimov
Browse files

Merge branch 'Feature-2321-WIN' into 'master' 

sig_dilithium def fixed

See merge request !5
parents 70bfa60b 6f9f6bc7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/sig_dilithium/dilithium_packing.c
+ 7
7
View file @ 986694ff
......@@ -107,7 +107,7 @@ void dilithium_pack_sig(unsigned char sig[], const polyvecl *z, const polyveck *
k = 0;
for(i = 0; i < p->PARAM_K; ++i)
{
for(j = 0; j < N; ++j)
for(j = 0; j < NN; ++j)
if(h->vec[i].coeffs[j] != 0)
sig[k++] = j;
......@@ -119,7 +119,7 @@ void dilithium_pack_sig(unsigned char sig[], const polyvecl *z, const polyveck *
/* Encode c */
signs = 0;
mask = 1;
for(i = 0; i < N/8; ++i)
for(i = 0; i < NN/8; ++i)
{
sig[i] = 0;
for(j = 0; j < 8; ++j)
......@@ -132,7 +132,7 @@ void dilithium_pack_sig(unsigned char sig[], const polyvecl *z, const polyveck *
}
}
}
sig += N/8;
sig += NN/8;
for(i = 0; i < 8; ++i)
sig[i] = signs >> 8*i;
}
......@@ -152,7 +152,7 @@ int dilithium_unpack_sig(polyvecl *z, polyveck *h, poly *c,
k = 0;
for(i = 0; i < p->PARAM_K; ++i)
{
for(j = 0; j < N; ++j)
for(j = 0; j < NN; ++j)
h->vec[i].coeffs[j] = 0;
if(sig[p->PARAM_OMEGA + i] < k || sig[p->PARAM_OMEGA + i] > p->PARAM_OMEGA)
......@@ -174,18 +174,18 @@ int dilithium_unpack_sig(polyvecl *z, polyveck *h, poly *c,
sig += p->PARAM_OMEGA + p->PARAM_K;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
c->coeffs[i] = 0;
signs = 0;
for(i = 0; i < 8; ++i)
signs |= (uint64_t)sig[N/8+i] << 8*i;
signs |= (uint64_t)sig[NN/8+i] << 8*i;
if(signs >> 60)
return 1;
mask = 1;
for(i = 0; i < N/8; ++i) {
for(i = 0; i < NN/8; ++i) {
for(j = 0; j < 8; ++j) {
if((sig[i] >> j) & 0x01) {
c->coeffs[8*i+j] = (signs & mask) ? Q - 1 : 1;
......
src/sig_dilithium/dilithium_params.h
+ 14
7
View file @ 986694ff
......@@ -7,17 +7,24 @@
#include <stdio.h>
#include "dap_crypto_common.h"
#define SEEDBYTES 32U
#define CRHBYTES 48U
#define N 256U
#define Q 8380417U
#define QBITS 23U
#define ROOT_OF_UNITY 1753U
#define D 14U
#define SEEDBYTES 32U
#define CRHBYTES 48U
//#ifdef N
//#error N defined
//#endif
#define NN 256U
#define Q 8380417U
#define QBITS 23U
#define ROOT_OF_UNITY 1753U
#define D 14U
#define GAMMA1 ((Q - 1U)/16U)
#define GAMMA2 (GAMMA1/2U)
#define ALPHA (2U*GAMMA2)
///========================================================================
/* Names for the four varieties of Dilithium */
typedef enum { MODE_0, MODE_1, MODE_2, MODE_3 } dilithium_kind_t;
......
src/sig_dilithium/dilithium_poly.c
+ 39
39
View file @ 986694ff
......@@ -5,7 +5,7 @@
void poly_reduce(poly *a) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a->coeffs[i] = reduce32(a->coeffs[i]);
}
......@@ -13,7 +13,7 @@ void poly_reduce(poly *a) {
void poly_csubq(poly *a) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a->coeffs[i] = csubq(a->coeffs[i]);
}
......@@ -21,7 +21,7 @@ void poly_csubq(poly *a) {
void poly_freeze(poly *a) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a->coeffs[i] = freeze(a->coeffs[i]);
}
......@@ -29,7 +29,7 @@ void poly_freeze(poly *a) {
void dilithium_poly_add(poly *c, const poly *a, const poly *b) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
c->coeffs[i] = a->coeffs[i] + b->coeffs[i];
}
......@@ -37,7 +37,7 @@ void dilithium_poly_add(poly *c, const poly *a, const poly *b) {
void dilithium_poly_sub(poly *c, const poly *a, const poly *b) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
c->coeffs[i] = a->coeffs[i] + 2*Q - b->coeffs[i];
}
......@@ -45,7 +45,7 @@ void dilithium_poly_sub(poly *c, const poly *a, const poly *b) {
void poly_neg(poly *a) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a->coeffs[i] = Q - a->coeffs[i];
}
......@@ -53,7 +53,7 @@ void poly_neg(poly *a) {
void poly_shiftl(poly *a, unsigned int k) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a->coeffs[i] <<= k;
}
......@@ -73,7 +73,7 @@ void poly_invntt_montgomery(poly *a) {
void poly_pointwise_invmontgomery(poly *c, const poly *a, const poly *b) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
c->coeffs[i] = montgomery_reduce((uint64_t)a->coeffs[i] * b->coeffs[i]);
}
......@@ -81,7 +81,7 @@ void poly_pointwise_invmontgomery(poly *c, const poly *a, const poly *b) {
void poly_power2round(poly *a1, poly *a0, const poly *a) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a1->coeffs[i] = power2round(a->coeffs[i], a0->coeffs+i);
}
......@@ -89,7 +89,7 @@ void poly_power2round(poly *a1, poly *a0, const poly *a) {
void poly_decompose(poly *a1, poly *a0, const poly *a) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a1->coeffs[i] = decompose(a->coeffs[i], a0->coeffs+i);
}
......@@ -97,7 +97,7 @@ void poly_decompose(poly *a1, poly *a0, const poly *a) {
unsigned int poly_make_hint(poly *h, const poly *a, const poly *b) {
unsigned int i, s = 0;
for(i = 0; i < N; ++i) {
for(i = 0; i < NN; ++i) {
h->coeffs[i] = make_hint(a->coeffs[i], b->coeffs[i]);
s += h->coeffs[i];
}
......@@ -108,7 +108,7 @@ unsigned int poly_make_hint(poly *h, const poly *a, const poly *b) {
void poly_use_hint(poly *a, const poly *b, const poly *h) {
unsigned int i;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
a->coeffs[i] = use_hint(b->coeffs[i], h->coeffs[i]);
}
......@@ -117,7 +117,7 @@ int poly_chknorm(const poly *a, uint32_t B) {
unsigned int i;
int32_t t;
for(i = 0; i < N; ++i) {
for(i = 0; i < NN; ++i) {
t = (Q-1)/2 - a->coeffs[i];
t ^= (t >> 31);
t = (Q-1)/2 - t;
......@@ -135,7 +135,7 @@ void dilithium_poly_uniform(poly *a, const unsigned char *buf) {
uint32_t t;
ctr = pos = 0;
while(ctr < N) {
while(ctr < NN) {
t = buf[pos++];
t |= (uint32_t)buf[pos++] << 8;
t |= (uint32_t)buf[pos++] << 16;
......@@ -190,10 +190,10 @@ void poly_uniform_eta(poly *a, const unsigned char seed[SEEDBYTES], unsigned cha
shake256_absorb(state, inbuf, SEEDBYTES + 1);
shake256_squeezeblocks(outbuf, 2, state);
ctr = rej_eta(a->coeffs, N, outbuf, 2*SHAKE256_RATE, p);
if(ctr < N) {
ctr = rej_eta(a->coeffs, NN, outbuf, 2*SHAKE256_RATE, p);
if(ctr < NN) {
shake256_squeezeblocks(outbuf, 1, state);
rej_eta(a->coeffs + ctr, N - ctr, outbuf, SHAKE256_RATE, p);
rej_eta(a->coeffs + ctr, NN - ctr, outbuf, SHAKE256_RATE, p);
}
}
......@@ -244,11 +244,11 @@ void poly_uniform_gamma1m1(poly *a, const unsigned char seed[SEEDBYTES + CRHBYTE
shake256_absorb(state, inbuf, SEEDBYTES + CRHBYTES + 2);
shake256_squeezeblocks(outbuf, 5, state);
ctr = rej_gamma1m1(a->coeffs, N, outbuf, 5*SHAKE256_RATE);
if(ctr < N) {
ctr = rej_gamma1m1(a->coeffs, NN, outbuf, 5*SHAKE256_RATE);
if(ctr < NN) {
shake256_squeezeblocks(outbuf, 1, state);
rej_gamma1m1(a->coeffs + ctr, N - ctr, outbuf, SHAKE256_RATE);
rej_gamma1m1(a->coeffs + ctr, NN - ctr, outbuf, SHAKE256_RATE);
}
}
......@@ -266,7 +266,7 @@ void polyeta_pack(unsigned char *r, const poly *a, dilithium_param_t *p)
if (p->PARAM_ETA <= 3)
{
for(i = 0; i < N/8; ++i)
for(i = 0; i < NN/8; ++i)
{
t[0] = Q + p->PARAM_ETA - a->coeffs[8*i+0];
t[1] = Q + p->PARAM_ETA - a->coeffs[8*i+1];
......@@ -291,7 +291,7 @@ void polyeta_pack(unsigned char *r, const poly *a, dilithium_param_t *p)
}
else
{
for(i = 0; i < N/2; ++i)
for(i = 0; i < NN/2; ++i)
{
t[0] = Q + p->PARAM_ETA - a->coeffs[2*i+0];
t[1] = Q + p->PARAM_ETA - a->coeffs[2*i+1];
......@@ -307,7 +307,7 @@ void polyeta_unpack(poly *r, const unsigned char *a, dilithium_param_t *p)
if (p->PARAM_ETA <= 3)
{
for(i = 0; i < N/8; ++i)
for(i = 0; i < NN/8; ++i)
{
r->coeffs[8*i+0] = a[3*i+0] & 0x07;
r->coeffs[8*i+1] = (a[3*i+0] >> 3) & 0x07;
......@@ -330,7 +330,7 @@ void polyeta_unpack(poly *r, const unsigned char *a, dilithium_param_t *p)
}
else
{
for(i = 0; i < N/2; ++i)
for(i = 0; i < NN/2; ++i)
{
r->coeffs[2*i+0] = a[i] & 0x0F;
r->coeffs[2*i+1] = a[i] >> 4;
......@@ -347,7 +347,7 @@ void polyt1_pack(unsigned char *r, const poly *a) {
#endif
unsigned int i;
for(i = 0; i < N/8; ++i) {
for(i = 0; i < NN/8; ++i) {
r[9*i+0] = a->coeffs[8*i+0] & 0xFF;
r[9*i+1] = (a->coeffs[8*i+0] >> 8) | ((a->coeffs[8*i+1] & 0x7F) << 1);
r[9*i+2] = (a->coeffs[8*i+1] >> 7) | ((a->coeffs[8*i+2] & 0x3F) << 2);
......@@ -364,7 +364,7 @@ void polyt1_pack(unsigned char *r, const poly *a) {
void polyt1_unpack(poly *r, const unsigned char *a) {
unsigned int i;
for(i = 0; i < N/8; ++i) {
for(i = 0; i < NN/8; ++i) {
r->coeffs[8*i+0] = a[9*i+0] | ((uint32_t)(a[9*i+1] & 0x01) << 8);
r->coeffs[8*i+1] = (a[9*i+1] >> 1) | ((uint32_t)(a[9*i+2] & 0x03) << 7);
r->coeffs[8*i+2] = (a[9*i+2] >> 2) | ((uint32_t)(a[9*i+3] & 0x07) << 6);
......@@ -381,7 +381,7 @@ void polyt0_pack(unsigned char *r, const poly *a) {
unsigned int i;
uint32_t t[4];
for(i = 0; i < N/4; ++i) {
for(i = 0; i < NN/4; ++i) {
t[0] = Q + (1 << (D-1)) - a->coeffs[4*i+0];
t[1] = Q + (1 << (D-1)) - a->coeffs[4*i+1];
t[2] = Q + (1 << (D-1)) - a->coeffs[4*i+2];
......@@ -404,7 +404,7 @@ void polyt0_pack(unsigned char *r, const poly *a) {
void polyt0_unpack(poly *r, const unsigned char *a) {
unsigned int i;
for(i = 0; i < N/4; ++i) {
for(i = 0; i < NN/4; ++i) {
r->coeffs[4*i+0] = a[7*i+0];
r->coeffs[4*i+0] |= (uint32_t)(a[7*i+1] & 0x3F) << 8;
......@@ -434,7 +434,7 @@ void polyz_pack(unsigned char *r, const poly *a) {
unsigned int i;
uint32_t t[2];
for(i = 0; i < N/2; ++i) {
for(i = 0; i < NN/2; ++i) {
t[0] = GAMMA1 - 1 - a->coeffs[2*i+0];
t[0] += ((int32_t)t[0] >> 31) & Q;
t[1] = GAMMA1 - 1 - a->coeffs[2*i+1];
......@@ -453,7 +453,7 @@ void polyz_pack(unsigned char *r, const poly *a) {
void polyz_unpack(poly *r, const unsigned char *a) {
unsigned int i;
for(i = 0; i < N/2; ++i) {
for(i = 0; i < NN/2; ++i) {
r->coeffs[2*i+0] = a[5*i+0];
r->coeffs[2*i+0] |= (uint32_t)a[5*i+1] << 8;
r->coeffs[2*i+0] |= (uint32_t)(a[5*i+2] & 0x0F) << 16;
......@@ -473,12 +473,12 @@ void polyz_unpack(poly *r, const unsigned char *a) {
void polyw1_pack(unsigned char *r, const poly *a) {
unsigned int i;
for(i = 0; i < N/2; ++i)
for(i = 0; i < NN/2; ++i)
r[i] = a->coeffs[2*i+0] | (a->coeffs[2*i+1] << 4);
}
/**************************************************/
static const uint32_t zetas[N] = {0, 25847, 5771523, 7861508, 237124, 7602457, 7504169, 466468,
static const uint32_t zetas[NN] = {0, 25847, 5771523, 7861508, 237124, 7602457, 7504169, 466468,
1826347, 2353451, 8021166, 6288512, 3119733, 5495562, 3111497, 2680103,
2725464, 1024112, 7300517, 3585928, 7830929, 7260833, 2619752, 6271868,
6262231, 4520680, 6980856, 5102745, 1757237, 8360995, 4010497, 280005,
......@@ -511,7 +511,7 @@ static const uint32_t zetas[N] = {0, 25847, 5771523, 7861508, 237124, 7602457, 7
5441381, 6144432, 7959518, 6094090, 183443, 7403526, 1612842, 4834730,
7826001, 3919660, 8332111, 7018208, 3937738, 1400424, 7534263, 1976782};
static const uint32_t zetas_inv[N] =
static const uint32_t zetas_inv[NN] =
{6403635, 846154, 6979993, 4442679, 1362209, 48306, 4460757, 554416,
3545687, 6767575, 976891, 8196974, 2286327, 420899, 2235985, 2939036,
3833893, 260646, 1104333, 1667432, 6470041, 1803090, 6656817, 426683,
......@@ -546,7 +546,7 @@ static const uint32_t zetas_inv[N] =
7913949, 876248, 777960, 8143293, 518909, 2608894, 8354570};
/*************************************************/
void dilithium_ntt(uint32_t pp[N])
void dilithium_ntt(uint32_t pp[NN])
{
unsigned int len, start, j, k;
uint32_t zeta, t;
......@@ -554,7 +554,7 @@ void dilithium_ntt(uint32_t pp[N])
k = 1;
for(len = 128; len > 0; len >>= 1)
{
for(start = 0; start < N; start = j + len)
for(start = 0; start < NN; start = j + len)
{
zeta = zetas[k++];
for(j = start; j < start + len; ++j)
......@@ -568,16 +568,16 @@ void dilithium_ntt(uint32_t pp[N])
}
/*************************************************/
void invntt_frominvmont(uint32_t pp[N])
void invntt_frominvmont(uint32_t pp[NN])
{
unsigned int start, len, j, k;
uint32_t t, zeta;
const uint32_t f = (((uint64_t)MONT*MONT % Q) * (Q-1) % Q) * ((Q-1) >> 8) % Q;
k = 0;
for(len = 1; len < N; len <<= 1)
for(len = 1; len < NN; len <<= 1)
{
for(start = 0; start < N; start = j + len)
for(start = 0; start < NN; start = j + len)
{
zeta = zetas_inv[k++];
for(j = start; j < start + len; ++j)
......@@ -590,7 +590,7 @@ void invntt_frominvmont(uint32_t pp[N])
}
}
for(j = 0; j < N; ++j)
for(j = 0; j < NN; ++j)
{
pp[j] = montgomery_reduce((uint64_t)f * pp[j]);
}
......
src/sig_dilithium/dilithium_poly.h
+ 3
3
View file @ 986694ff
......@@ -6,7 +6,7 @@
#include "dilithium_rounding_reduce.h"
typedef struct {
uint32_t coeffs[N];
uint32_t coeffs[NN];
} poly __attribute__((aligned(32)));
void poly_reduce(poly *a);
......@@ -46,7 +46,7 @@ void polyz_unpack(poly *r, const unsigned char *a);
void polyw1_pack(unsigned char *r, const poly *a);
void dilithium_ntt(uint32_t pp[N]);
void invntt_frominvmont(uint32_t pp[N]);
void dilithium_ntt(uint32_t pp[NN]);
void invntt_frominvmont(uint32_t pp[NN]);
#endif
src/sig_dilithium/dilithium_sign.c
+ 4
4
View file @ 986694ff
......@@ -44,7 +44,7 @@ void challenge(poly *c, const unsigned char mu[CRHBYTES], const polyveck *w1, di
pos = 8;
mask = 1;
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
c->coeffs[i] = 0;
for(i = 196; i < 256; ++i) {
......@@ -256,10 +256,10 @@ int dilithium_crypto_sign( dilithium_signature_t *sig, const unsigned char *m, u
unsigned int S = 0;
for(i = 0; i < p->PARAM_K; ++i)
for(j = 0; j < N; ++j)
for(j = 0; j < NN; ++j)
if(tmp.vec[i].coeffs[j] == w1.vec[i].coeffs[j])
S++;
if(S == p->PARAM_K * N){
if(S == p->PARAM_K * NN){
for(i = 0; i < p->PARAM_K; ++i) {
poly_pointwise_invmontgomery(ct0.vec + i, &chat, t0.vec + i);
......@@ -360,7 +360,7 @@ int dilithium_crypto_sign_open( unsigned char *m, unsigned long long mlen, dilit
polyveck_use_hint(&w1, &tmp1, &h, p);
challenge(&cp, mu, &w1, p);
for(i = 0; i < N; ++i)
for(i = 0; i < NN; ++i)
if(c.coeffs[i] != cp.coeffs[i]) {
free(p);
return -1;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment