internal

package
v0.0.0-...-0310684 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 23, 2020 License: BSD-3-Clause Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Name           = "Dilithium1-AES"
	UseAES         = true
	PublicKeySize  = 896
	PrivateKeySize = 2096
	SignatureSize  = 1387
	K              = 3
	L              = 2
	Eta            = 7
	DoubleEtaBits  = 4
	Beta           = 375
	Omega          = 64
)
View Source
const (
	// Size of a packed polynomial of norm ≤η.
	// (Note that the  formula is not valid in general.)
	PolyLeqEtaSize = (common.N * DoubleEtaBits) / 8
)

Variables

View Source
var DeriveX4Available = keccakf1600.IsEnabledX4() && !UseAES

DeriveX4Available indicates whether the system supports the quick fourway sampling variants like PolyDeriveUniformX4.

Functions

func GenerateKey

func GenerateKey(rand io.Reader) (*PublicKey, *PrivateKey, error)

GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.

func NewKeyFromExpandedSeed

func NewKeyFromExpandedSeed(seed *[96]byte) (*PublicKey, *PrivateKey)

NewKeyFromExpandedSeed derives a public/private key pair using the given expanded seed.

Use NewKeyFromSeed instead of this function. This function is only exposed to generate the NIST KAT test vectors.

func NewKeyFromSeed

func NewKeyFromSeed(seed *[common.SeedSize]byte) (*PublicKey, *PrivateKey)

NewKeyFromSeed derives a public/private key pair using the given seed.

func PolyDeriveUniform

func PolyDeriveUniform(p *common.Poly, seed *[32]byte, nonce uint16)

Sample p uniformly from the given seed and nonce.

p will be normalized.

func PolyDeriveUniformB60

func PolyDeriveUniformB60(p *common.Poly, seed *[48]byte, w1 *VecK)

Samples p uniformly with 60 non-zero coefficients in {q-1,1}.

The polynomial p will be normalized.

func PolyDeriveUniformB60X4

func PolyDeriveUniformB60X4(ps [4]*common.Poly, seed *[48]byte,
	w1 [4]*VecK)

For each i, sample ps[i] uniformly with 60 non-zero coefficients in {q-1,1} using the the given seed and w1[i]. ps[i] may be nil and is ignored in that case. ps[i] will be normalized.

Can only be called when DeriveX4Available is true.

This function is currently not used (yet).

func PolyDeriveUniformLeGamma1

func PolyDeriveUniformLeGamma1(p *common.Poly, seed *[48]byte, nonce uint16)

Sample p uniformly with coefficients of norm less than γ₁ using the given seed and nonce.

p will not be normalized, but have coefficients in the interval (q-γ₁,q+γ₁).

func PolyDeriveUniformLeGamma1X4

func PolyDeriveUniformLeGamma1X4(ps [4]*common.Poly, seed *[48]byte,
	nonces [4]uint16)

For each i, sample ps[i] uniformly with coefficients of norm less than γ₁ using the the given seed and nonces[i]. ps[i] may be nil and is ignored in that case. ps[i] will not be normalized, but have coefficients in the interval (q-γ₁,q+γ₁).

Can only be called when DeriveX4Available is true.

func PolyDeriveUniformLeqEta

func PolyDeriveUniformLeqEta(p *common.Poly, seed *[32]byte, nonce uint16)

Sample p uniformly with coefficients of norm less than or equal η, using the given seed and nonce.

p will not be normalized, but will have coefficients in [q-η,q+η].

func PolyDeriveUniformX4

func PolyDeriveUniformX4(ps [4]*common.Poly, seed *[32]byte, nonces [4]uint16)

For each i, sample ps[i] uniformly from the given seed and nonces[i]. ps[i] may be nil and is ignored in that case.

Can only be called when DeriveX4Available is true.

func PolyDotHat

func PolyDotHat(p *common.Poly, a, b *VecL)

Set p to the inner product of a and b using pointwise multiplication.

Assumes a and b are in Montgomery form and their coefficients are pairwise sufficiently small to add, see Poly.MulHat(). Resulting coefficients are bounded by 2Lq.

func PolyPackLeqEta

func PolyPackLeqEta(p *common.Poly, buf []byte)

Writes p with norm less than or equal η into buf, which must be of size PolyLeqEtaSize.

Assumes coefficients of p are not normalized, but in [q-η,q+η].

func PolyUnpackLeqEta

func PolyUnpackLeqEta(p *common.Poly, buf []byte)

Sets p to the polynomial of norm less than or equal η encoded in the given buffer of size PolyLeqEtaSize.

Output coefficients of p are not normalized, but in [q-η,q+η] provided buf was created using PackLeqEta.

Beware, for arbitrary buf the coefficients of p might en up in the interval [q-2^b,q+2^b] where b is the least b with η≤2^b.

func SignTo

func SignTo(sk *PrivateKey, msg []byte, signature []byte)

SignTo signs the given message and writes the signature into signature.

func VecLDeriveUniformLeGamma1

func VecLDeriveUniformLeGamma1(v *VecL, seed *[48]byte, nonce uint16)

Sample v[i] uniformly with coefficients of norm less than γ₁ using the given seed and nonce+i

v[i] will not be normalized, but have coefficients in the interval (q-γ₁,q+γ₁).

func Verify

func Verify(pk *PublicKey, msg []byte, signature []byte) bool

Verify checks whether the given signature by pk on msg is valid.

Types

type Mat

type Mat [K]VecL

A k by l matrix of polynomials.

func (*Mat) Derive

func (m *Mat) Derive(seed *[32]byte)

Expands the given seed to a complete matrix.

This function is called ExpandA in the specification.

type PrivateKey

type PrivateKey struct {

	// Cached values
	A Mat // ExpandA(ρ)
	// contains filtered or unexported fields
}

PrivateKey is the type of Dilithium private keys.

func (*PrivateKey) Equal

func (sk *PrivateKey) Equal(other *PrivateKey) bool

Equal returns whether the two private keys are equal

func (*PrivateKey) Pack

func (sk *PrivateKey) Pack(buf *[PrivateKeySize]byte)

Packs the private key into buf.

func (*PrivateKey) Public

func (sk *PrivateKey) Public() *PublicKey

Computes the public key corresponding to this private key.

func (*PrivateKey) Unpack

func (sk *PrivateKey) Unpack(buf *[PrivateKeySize]byte)

Sets sk to the private key encoded in buf.

type PublicKey

type PublicKey struct {
	A *Mat
	// contains filtered or unexported fields
}

PublicKey is the type of Dilithium public keys.

func (*PublicKey) Equal

func (pk *PublicKey) Equal(other *PublicKey) bool

Equal returns whether the two public keys are equal

func (*PublicKey) Pack

func (pk *PublicKey) Pack(buf *[PublicKeySize]byte)

Packs the public key into buf.

func (*PublicKey) Unpack

func (pk *PublicKey) Unpack(buf *[PublicKeySize]byte)

Sets pk to the public key encoded in buf.

type VecK

type VecK [K]common.Poly

A vector of K polynomials.

func (*VecK) Add

func (v *VecK) Add(w, u *VecK)

Sets v to w + u. Does not normalize.

func (*VecK) Decompose

func (v *VecK) Decompose(v0PlusQ, v1 *VecK)

Applies Poly.Decompose componentwise.

Requires the vector to be normalized.

func (*VecK) Exceeds

func (v *VecK) Exceeds(bound uint32) bool

Checks whether any of the coefficients exceeds the given bound in supnorm

Requires the vector to be normalized.

func (*VecK) InvNTT

func (v *VecK) InvNTT()

Applies InvNTT componentwise. See Poly.InvNTT() for details.

func (*VecK) MakeHint

func (v *VecK) MakeHint(v0, v1 *VecK) (pop uint32)

Sets v to the hint vector for v0 the modified low bits and v1 the unmodified high bits --- see makeHint().

Returns the number of ones in the hint vector.

func (*VecK) MulBy2toD

func (v *VecK) MulBy2toD(w *VecK)

Sets v to 2ᵈ w without reducing.

func (*VecK) NTT

func (v *VecK) NTT()

Applies NTT componentwise. See Poly.NTT() for details.

func (*VecK) Normalize

func (v *VecK) Normalize()

Normalize the polynomials in this vector.

func (*VecK) NormalizeAssumingLe2Q

func (v *VecK) NormalizeAssumingLe2Q()

Normalize the polynomials in this vector assuming their coefficients are already bounded by 2q.

func (*VecK) PackHint

func (v *VecK) PackHint(buf []byte)

Writes v with coefficients in {0, 1} of which at most ω non-zero to buf, which must have length ω+k.

func (*VecK) PackLe16

func (v *VecK) PackLe16(buf []byte)

Sequentially packs each polynomial using Poly.PackLe16().

func (*VecK) PackLeqEta

func (v *VecK) PackLeqEta(buf []byte)

Sequentially packs each polynomial using Poly.PackLeqEta().

func (*VecK) PackT0

func (v *VecK) PackT0(buf []byte)

Sequentially packs each polynomial using Poly.PackT0().

func (*VecK) PackT1

func (v *VecK) PackT1(buf []byte)

Sequentially packs each polynomial using Poly.PackT1().

func (*VecK) Power2Round

func (v *VecK) Power2Round(v0PlusQ, v1 *VecK)

Applies Poly.Power2Round componentwise.

Requires the vector to be normalized.

func (*VecK) ReduceLe2Q

func (v *VecK) ReduceLe2Q()

Applies Poly.ReduceLe2Q() componentwise.

func (*VecK) Sub

func (v *VecK) Sub(a, b *VecK)

Sets v to a - b.

Warning: assumes coefficients of the polynomials of b are less than 2q.

func (*VecK) UnpackHint

func (v *VecK) UnpackHint(buf []byte) bool

Sets v to the vector encoded using VecK.PackHint()

Returns whether unpacking was successful.

func (*VecK) UnpackLeqEta

func (v *VecK) UnpackLeqEta(buf []byte)

Sets v to the polynomials packed in buf using VecK.PackLeqEta().

func (*VecK) UnpackT0

func (v *VecK) UnpackT0(buf []byte)

Sets v to the vector packed into buf by PackT0().

func (*VecK) UnpackT1

func (v *VecK) UnpackT1(buf []byte)

Sets v to the vector packed into buf by PackT1().

func (*VecK) UseHint

func (v *VecK) UseHint(q, hint *VecK) *VecK

Computes corrections to the high bits of the polynomials in the vector w using the hints in h and sets v to the corrected high bits. Returns v. See useHint().

type VecL

type VecL [L]common.Poly

A vector of L polynomials.

func (*VecL) Add

func (v *VecL) Add(w, u *VecL)

Sets v to w + u. Does not normalize.

func (*VecL) Decompose

func (v *VecL) Decompose(v0PlusQ, v1 *VecL)

Applies Poly.Decompose componentwise.

Requires the vector to be normalized.

func (*VecL) Exceeds

func (v *VecL) Exceeds(bound uint32) bool

Checks whether any of the coefficients exceeds the given bound in supnorm

Requires the vector to be normalized.

func (*VecL) NTT

func (v *VecL) NTT()

Applies NTT componentwise. See Poly.NTT() for details.

func (*VecL) Normalize

func (v *VecL) Normalize()

Normalize the polynomials in this vector.

func (*VecL) NormalizeAssumingLe2Q

func (v *VecL) NormalizeAssumingLe2Q()

Normalize the polynomials in this vector assuming their coefficients are already bounded by 2q.

func (*VecL) PackLeGamma1

func (v *VecL) PackLeGamma1(buf []byte)

Sequentially packs each polynomial using Poly.PackLeGamma1().

func (*VecL) PackLeqEta

func (v *VecL) PackLeqEta(buf []byte)

Sequentially packs each polynomial using Poly.PackLeqEta().

func (*VecL) Power2Round

func (v *VecL) Power2Round(v0PlusQ, v1 *VecL)

Applies Poly.Power2Round componentwise.

Requires the vector to be normalized.

func (*VecL) UnpackLeGamma1

func (v *VecL) UnpackLeGamma1(buf []byte)

Sets v to the polynomials packed in buf using VecL.PackLeGamma1().

func (*VecL) UnpackLeqEta

func (v *VecL) UnpackLeqEta(buf []byte)

Sets v to the polynomials packed in buf using VecL.PackLeqEta().

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL