Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateKey(rand io.Reader) (*PublicKey, *PrivateKey, error)
- func NewKeyFromExpandedSeed(seed *[96]byte) (*PublicKey, *PrivateKey)
- func NewKeyFromSeed(seed *[common.SeedSize]byte) (*PublicKey, *PrivateKey)
- func PolyDeriveUniform(p *common.Poly, seed *[32]byte, nonce uint16)
- func PolyDeriveUniformB60(p *common.Poly, seed *[48]byte, w1 *VecK)
- func PolyDeriveUniformB60X4(ps [4]*common.Poly, seed *[48]byte, w1 [4]*VecK)
- func PolyDeriveUniformLeGamma1(p *common.Poly, seed *[48]byte, nonce uint16)
- func PolyDeriveUniformLeGamma1X4(ps [4]*common.Poly, seed *[48]byte, nonces [4]uint16)
- func PolyDeriveUniformLeqEta(p *common.Poly, seed *[32]byte, nonce uint16)
- func PolyDeriveUniformX4(ps [4]*common.Poly, seed *[32]byte, nonces [4]uint16)
- func PolyDotHat(p *common.Poly, a, b *VecL)
- func PolyPackLeqEta(p *common.Poly, buf []byte)
- func PolyUnpackLeqEta(p *common.Poly, buf []byte)
- func SignTo(sk *PrivateKey, msg []byte, signature []byte)
- func VecLDeriveUniformLeGamma1(v *VecL, seed *[48]byte, nonce uint16)
- func Verify(pk *PublicKey, msg []byte, signature []byte) bool
- type Mat
- type PrivateKey
- type PublicKey
- type VecK
- func (v *VecK) Add(w, u *VecK)
- func (v *VecK) Decompose(v0PlusQ, v1 *VecK)
- func (v *VecK) Exceeds(bound uint32) bool
- func (v *VecK) InvNTT()
- func (v *VecK) MakeHint(v0, v1 *VecK) (pop uint32)
- func (v *VecK) MulBy2toD(w *VecK)
- func (v *VecK) NTT()
- func (v *VecK) Normalize()
- func (v *VecK) NormalizeAssumingLe2Q()
- func (v *VecK) PackHint(buf []byte)
- func (v *VecK) PackLe16(buf []byte)
- func (v *VecK) PackLeqEta(buf []byte)
- func (v *VecK) PackT0(buf []byte)
- func (v *VecK) PackT1(buf []byte)
- func (v *VecK) Power2Round(v0PlusQ, v1 *VecK)
- func (v *VecK) ReduceLe2Q()
- func (v *VecK) Sub(a, b *VecK)
- func (v *VecK) UnpackHint(buf []byte) bool
- func (v *VecK) UnpackLeqEta(buf []byte)
- func (v *VecK) UnpackT0(buf []byte)
- func (v *VecK) UnpackT1(buf []byte)
- func (v *VecK) UseHint(q, hint *VecK) *VecK
- type VecL
- func (v *VecL) Add(w, u *VecL)
- func (v *VecL) Decompose(v0PlusQ, v1 *VecL)
- func (v *VecL) Exceeds(bound uint32) bool
- func (v *VecL) NTT()
- func (v *VecL) Normalize()
- func (v *VecL) NormalizeAssumingLe2Q()
- func (v *VecL) PackLeGamma1(buf []byte)
- func (v *VecL) PackLeqEta(buf []byte)
- func (v *VecL) Power2Round(v0PlusQ, v1 *VecL)
- func (v *VecL) UnpackLeGamma1(buf []byte)
- func (v *VecL) UnpackLeqEta(buf []byte)
Constants ¶
const ( Name = "Dilithium4-AES" UseAES = true PublicKeySize = 1760 PrivateKeySize = 3856 SignatureSize = 3366 K = 6 L = 5 Eta = 3 DoubleEtaBits = 3 Beta = 175 Omega = 120 )
const ( // Size of a packed polynomial of norm ≤η. // (Note that the formula is not valid in general.) PolyLeqEtaSize = (common.N * DoubleEtaBits) / 8 )
Variables ¶
var DeriveX4Available = keccakf1600.IsEnabledX4() && !UseAES
DeriveX4Available indicates whether the system supports the quick fourway sampling variants like PolyDeriveUniformX4.
Functions ¶
func GenerateKey ¶
func GenerateKey(rand io.Reader) (*PublicKey, *PrivateKey, error)
GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.
func NewKeyFromExpandedSeed ¶
func NewKeyFromExpandedSeed(seed *[96]byte) (*PublicKey, *PrivateKey)
NewKeyFromExpandedSeed derives a public/private key pair using the given expanded seed.
Use NewKeyFromSeed instead of this function. This function is only exposed to generate the NIST KAT test vectors.
func NewKeyFromSeed ¶
func NewKeyFromSeed(seed *[common.SeedSize]byte) (*PublicKey, *PrivateKey)
NewKeyFromSeed derives a public/private key pair using the given seed.
func PolyDeriveUniformB60 ¶
Samples p uniformly with 60 non-zero coefficients in {q-1,1}.
The polynomial p will be normalized.
func PolyDeriveUniformB60X4 ¶
For each i, sample ps[i] uniformly with 60 non-zero coefficients in {q-1,1} using the the given seed and w1[i]. ps[i] may be nil and is ignored in that case. ps[i] will be normalized.
Can only be called when DeriveX4Available is true.
This function is currently not used (yet).
func PolyDeriveUniformLeGamma1 ¶
Sample p uniformly with coefficients of norm less than γ₁ using the given seed and nonce.
p will not be normalized, but have coefficients in the interval (q-γ₁,q+γ₁).
func PolyDeriveUniformLeGamma1X4 ¶
For each i, sample ps[i] uniformly with coefficients of norm less than γ₁ using the the given seed and nonces[i]. ps[i] may be nil and is ignored in that case. ps[i] will not be normalized, but have coefficients in the interval (q-γ₁,q+γ₁).
Can only be called when DeriveX4Available is true.
func PolyDeriveUniformLeqEta ¶
Sample p uniformly with coefficients of norm less than or equal η, using the given seed and nonce.
p will not be normalized, but will have coefficients in [q-η,q+η].
func PolyDeriveUniformX4 ¶
For each i, sample ps[i] uniformly from the given seed and nonces[i]. ps[i] may be nil and is ignored in that case.
Can only be called when DeriveX4Available is true.
func PolyDotHat ¶
Set p to the inner product of a and b using pointwise multiplication.
Assumes a and b are in Montgomery form and their coefficients are pairwise sufficiently small to add, see Poly.MulHat(). Resulting coefficients are bounded by 2Lq.
func PolyPackLeqEta ¶
Writes p with norm less than or equal η into buf, which must be of size PolyLeqEtaSize.
Assumes coefficients of p are not normalized, but in [q-η,q+η].
func PolyUnpackLeqEta ¶
Sets p to the polynomial of norm less than or equal η encoded in the given buffer of size PolyLeqEtaSize.
Output coefficients of p are not normalized, but in [q-η,q+η] provided buf was created using PackLeqEta.
Beware, for arbitrary buf the coefficients of p might en up in the interval [q-2^b,q+2^b] where b is the least b with η≤2^b.
func SignTo ¶
func SignTo(sk *PrivateKey, msg []byte, signature []byte)
SignTo signs the given message and writes the signature into signature.
func VecLDeriveUniformLeGamma1 ¶
Sample v[i] uniformly with coefficients of norm less than γ₁ using the given seed and nonce+i
v[i] will not be normalized, but have coefficients in the interval (q-γ₁,q+γ₁).
Types ¶
type PrivateKey ¶
type PrivateKey struct { // Cached values A Mat // ExpandA(ρ) // contains filtered or unexported fields }
PrivateKey is the type of Dilithium private keys.
func (*PrivateKey) Equal ¶
func (sk *PrivateKey) Equal(other *PrivateKey) bool
Equal returns whether the two private keys are equal
func (*PrivateKey) Pack ¶
func (sk *PrivateKey) Pack(buf *[PrivateKeySize]byte)
Packs the private key into buf.
func (*PrivateKey) Public ¶
func (sk *PrivateKey) Public() *PublicKey
Computes the public key corresponding to this private key.
func (*PrivateKey) Unpack ¶
func (sk *PrivateKey) Unpack(buf *[PrivateKeySize]byte)
Sets sk to the private key encoded in buf.
type PublicKey ¶
type PublicKey struct { A *Mat // contains filtered or unexported fields }
PublicKey is the type of Dilithium public keys.
func (*PublicKey) Pack ¶
func (pk *PublicKey) Pack(buf *[PublicKeySize]byte)
Packs the public key into buf.
func (*PublicKey) Unpack ¶
func (pk *PublicKey) Unpack(buf *[PublicKeySize]byte)
Sets pk to the public key encoded in buf.
type VecK ¶
A vector of K polynomials.
func (*VecK) Decompose ¶
Applies Poly.Decompose componentwise.
Requires the vector to be normalized.
func (*VecK) Exceeds ¶
Checks whether any of the coefficients exceeds the given bound in supnorm
Requires the vector to be normalized.
func (*VecK) InvNTT ¶
func (v *VecK) InvNTT()
Applies InvNTT componentwise. See Poly.InvNTT() for details.
func (*VecK) MakeHint ¶
Sets v to the hint vector for v0 the modified low bits and v1 the unmodified high bits --- see makeHint().
Returns the number of ones in the hint vector.
func (*VecK) NormalizeAssumingLe2Q ¶
func (v *VecK) NormalizeAssumingLe2Q()
Normalize the polynomials in this vector assuming their coefficients are already bounded by 2q.
func (*VecK) PackHint ¶
Writes v with coefficients in {0, 1} of which at most ω non-zero to buf, which must have length ω+k.
func (*VecK) PackLeqEta ¶
Sequentially packs each polynomial using Poly.PackLeqEta().
func (*VecK) Power2Round ¶
Applies Poly.Power2Round componentwise.
Requires the vector to be normalized.
func (*VecK) Sub ¶
Sets v to a - b.
Warning: assumes coefficients of the polynomials of b are less than 2q.
func (*VecK) UnpackHint ¶
Sets v to the vector encoded using VecK.PackHint()
Returns whether unpacking was successful.
func (*VecK) UnpackLeqEta ¶
Sets v to the polynomials packed in buf using VecK.PackLeqEta().
type VecL ¶
A vector of L polynomials.
func (*VecL) Decompose ¶
Applies Poly.Decompose componentwise.
Requires the vector to be normalized.
func (*VecL) Exceeds ¶
Checks whether any of the coefficients exceeds the given bound in supnorm
Requires the vector to be normalized.
func (*VecL) NormalizeAssumingLe2Q ¶
func (v *VecL) NormalizeAssumingLe2Q()
Normalize the polynomials in this vector assuming their coefficients are already bounded by 2q.
func (*VecL) PackLeGamma1 ¶
Sequentially packs each polynomial using Poly.PackLeGamma1().
func (*VecL) PackLeqEta ¶
Sequentially packs each polynomial using Poly.PackLeqEta().
func (*VecL) Power2Round ¶
Applies Poly.Power2Round componentwise.
Requires the vector to be normalized.
func (*VecL) UnpackLeGamma1 ¶
Sets v to the polynomials packed in buf using VecL.PackLeGamma1().
func (*VecL) UnpackLeqEta ¶
Sets v to the polynomials packed in buf using VecL.PackLeqEta().