Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/acheong08/crystals-go
Browse files Browse the repository at this point in the history
  • Loading branch information
Antonio committed Jul 25, 2023
2 parents 50566a7 + a16082a commit bf59295
Show file tree
Hide file tree
Showing 21 changed files with 174 additions and 170 deletions.
24 changes: 12 additions & 12 deletions dilithium/dilithium3.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ import (
"golang.org/x/crypto/sha3"
)

//KeyGen creates a public and private key pair.
//A 32 byte long seed can be given as argument. If a nil seed is given, the seed is generated using Go crypto's random number generator.
//The keys returned are packed into byte arrays.
// KeyGen creates a public and private key pair.
// A 32 byte long seed can be given as argument. If a nil seed is given, the seed is generated using Go crypto's random number generator.
// The keys returned are packed into byte arrays.
func (d *Dilithium) KeyGen(seed []byte) ([]byte, []byte) {

if seed == nil || len(seed) != SEEDBYTES {
Expand Down Expand Up @@ -62,10 +62,10 @@ func (d *Dilithium) KeyGen(seed []byte) ([]byte, []byte) {
return d.PackPK(PublicKey{T1: t1, Rho: rho}), d.PackSK(PrivateKey{Rho: rho, Key: key, Tr: tr, S1: s1, S2: s2, T0: t0})
}

//Sign produces a signature on the given msg using the secret signing key.
//The signing key must be given as packed byte array.
//The message should also be a byte array.
//The returned signature is packed into a byte array. If an error occurs during the signature process, a nil signature is returned.
// Sign produces a signature on the given msg using the secret signing key.
// The signing key must be given as packed byte array.
// The message should also be a byte array.
// The returned signature is packed into a byte array. If an error occurs during the signature process, a nil signature is returned.
func (d *Dilithium) Sign(packedSK, msg []byte) []byte {
if len(packedSK) != d.SIZESK() {
println("Cannot sign with this key.")
Expand Down Expand Up @@ -188,11 +188,11 @@ rej:
return d.PackSig(z, h, hc[:])
}

//Verify uses the verification key to verify a signature given a msg.
//The public key and signature must be given as packed byte arrays.
//The message should be a byte array.
//The result of the verificatino is returned as a boolean, true is the verificatino succeeded, false otherwise.
//If an error occurs during the verification, a false is returned.
// Verify uses the verification key to verify a signature given a msg.
// The public key and signature must be given as packed byte arrays.
// The message should be a byte array.
// The result of the verificatino is returned as a boolean, true is the verificatino succeeded, false otherwise.
// If an error occurs during the verification, a false is returned.
func (d *Dilithium) Verify(packedPK, msg, sig []byte) bool {
if len(sig) != d.SIZESIG() || len(packedPK) != d.SIZEPK() {
return false
Expand Down
2 changes: 1 addition & 1 deletion dilithium/dilithium3_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func TestSign(t *testing.T) {
}
}

//Used for FA
// Used for FA
func TestManySign(t *testing.T) {
d := NewDilithium2(false)
var seed [32]byte
Expand Down
24 changes: 12 additions & 12 deletions dilithium/internal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,34 +4,34 @@ import (
"golang.org/x/crypto/sha3"
)

//reduce32 maps a to the [-Q, Q] domain
// reduce32 maps a to the [-Q, Q] domain
func reduce32(a int32) int32 {
t := (a + (1 << 22)) >> 23
t = a - t*q
return t
}

//addQ maps a to a "positive" representation in constant time
// addQ maps a to a "positive" representation in constant time
func addQ(a int32) int32 {
a += (a >> 31) & q
return a
}

//freeze maps a to the [0, Q] domain
// freeze maps a to the [0, Q] domain
func freeze(a int32) int32 {
a = reduce32(a)
a = addQ(a)
return a
}

//power2Round returns a1 and a0+Q such that a = a1*2^D+a0
// power2Round returns a1 and a0+Q such that a = a1*2^D+a0
func power2Round(a int32) (int32, int32) {
a1 := (a + (1 << (d - 1)) - 1) >> d
a0 := a - (a1 << d)
return a1, a0
}

//decompose returns a1 and a0+Q such that a = a1*alpha + a0
// decompose returns a1 and a0+Q such that a = a1*alpha + a0
func decompose(a int32, GAMMA2 int32) (int32, int32) {
a1 := (a + 127) >> 7

Expand All @@ -48,15 +48,15 @@ func decompose(a int32, GAMMA2 int32) (int32, int32) {
return a1, a0
}

//makeHint returns 1 iff a0 overflows a1
// makeHint returns 1 iff a0 overflows a1
func makeHint(a1, a0 int32, GAMMA2 int32) int32 {
if a0 > GAMMA2 || a0 < -GAMMA2 || (a0 == -GAMMA2 && a1 != 0) {
return 1
}
return 0
}

//useHint computes the real high bits of a
// useHint computes the real high bits of a
func useHint(a int32, hint int32, GAMMA2 int32) int32 {
a1, a0 := decompose(a, GAMMA2)
if hint == 0 {
Expand All @@ -80,10 +80,10 @@ func useHint(a int32, hint int32, GAMMA2 int32) int32 {
return a1 - 1
}

//Mat is used to hold the matrix A
// Mat is used to hold the matrix A
type Mat []Vec

//expandSeed uses rho to create A, a KxL matrix of uniform polynomials
// expandSeed uses rho to create A, a KxL matrix of uniform polynomials
func expandSeed(rho [SEEDBYTES]byte, K, L int) Mat {
A := make(Mat, K)
for i := 0; i < K; i++ {
Expand All @@ -95,7 +95,7 @@ func expandSeed(rho [SEEDBYTES]byte, K, L int) Mat {
return A
}

//challenge creates a Poly with exactly T 1's and the rest 0's
// challenge creates a Poly with exactly T 1's and the rest 0's
func challenge(hc []byte, T int) Poly {
var c Poly
var outbuf [shake256Rate]byte
Expand Down Expand Up @@ -129,15 +129,15 @@ func challenge(hc []byte, T int) Poly {
return c
}

//Computes the integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q
// Computes the integer in {-(q-1)/2,...,(q-1)/2} congruent to a modulo q
func barretReduce(a int32) int32 {
v := int32(((uint32(1) << 26) + uint32(q/2)) / uint32(q))
t := int32(v) * int32(a) >> 26
t *= int32(q)
return a - t
}

//montgomeryReduce is used to reduce a montgomery coefficient [0, RQ]
// montgomeryReduce is used to reduce a montgomery coefficient [0, RQ]
func montgomeryReduce(a int64) int32 {
t := int32(a * qInv)
t = int32((a - int64(t)*q) >> 32)
Expand Down
18 changes: 9 additions & 9 deletions dilithium/keys.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ package dilithium

import "crypto/subtle"

//PublicKey holds the pk strct
// PublicKey holds the pk strct
type PublicKey struct {
T1 Vec //K
Rho [SEEDBYTES]byte
}

//PrivateKey holds the sk struct
// PrivateKey holds the sk struct
type PrivateKey struct {
S1 Vec //L
S2 Vec //K
Expand All @@ -18,38 +18,38 @@ type PrivateKey struct {
T0 Vec //K
}

//SIZEPK returns the size in bytes of the public key of a dilithium instance
// SIZEPK returns the size in bytes of the public key of a dilithium instance
func (d *Dilithium) SIZEPK() int {
return d.params.SIZEPK
}

//SIZESK returns the size in bytes of the secret key of a dilithium instance
// SIZESK returns the size in bytes of the secret key of a dilithium instance
func (d *Dilithium) SIZESK() int {
return d.params.SIZESK
}

//SIZESIG returns the size in bytes of the signature of a dilithium instance
// SIZESIG returns the size in bytes of the signature of a dilithium instance
func (d *Dilithium) SIZESIG() int {
return d.params.SIZESIG
}

//PackPK packs a PublicKey into an array of bytes
// PackPK packs a PublicKey into an array of bytes
func (d *Dilithium) PackPK(pk PublicKey) []byte {
packedPK := make([]byte, d.params.SIZEPK)
copy(packedPK[:SEEDBYTES], pk.Rho[:])
copy(packedPK[SEEDBYTES:], packT1(pk.T1, d.params.K))
return packedPK
}

//UnpackPK reverses the packing operation and outputs a PublicKey struct
// UnpackPK reverses the packing operation and outputs a PublicKey struct
func (d *Dilithium) UnpackPK(packedPK []byte) PublicKey {
var pk PublicKey
copy(pk.Rho[:], packedPK[:SEEDBYTES])
pk.T1 = unpackT1(packedPK[SEEDBYTES:], d.params.K)
return pk
}

//PackSK packs a PrivateKey into a byte array
// PackSK packs a PrivateKey into a byte array
func (d *Dilithium) PackSK(sk PrivateKey) []byte {
packedSK := make([]byte, d.params.SIZESK)
id := 0
Expand All @@ -71,7 +71,7 @@ func (d *Dilithium) PackSK(sk PrivateKey) []byte {
return packedSK
}

//UnpackSK reverses the packing operation and outputs a PrivateKey struct
// UnpackSK reverses the packing operation and outputs a PrivateKey struct
func (d *Dilithium) UnpackSK(packedSK []byte) PrivateKey {
var sk PrivateKey
id := 0
Expand Down
8 changes: 4 additions & 4 deletions dilithium/ntt.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ var zetas = [n]int32{

var f = int32(41978) //int32(((uint64(MONT) * MONT % Q) * (Q - 1) % Q) * ((Q - 1) >> 8) % Q)

//ntt performs in place forward NTT
// ntt performs in place forward NTT
func (p *Poly) ntt() {
var len, start, j, k uint
var zeta, t int32
Expand All @@ -56,7 +56,7 @@ func (p *Poly) ntt() {
}
}

//invntt perfors in place backward NTT and multiplication by Montgomery factor 2^32.
// invntt perfors in place backward NTT and multiplication by Montgomery factor 2^32.
func (p *Poly) invntt() {
var len, start, j, k uint
var zeta, t int32
Expand All @@ -80,14 +80,14 @@ func (p *Poly) invntt() {
}
}

//ntt performs in place NTT
// ntt performs in place NTT
func (v Vec) ntt(L int) {
for i := 0; i < L; i++ {
v[i].ntt()
}
}

//fqmul performs a multiplication in the Montgomery domain
// fqmul performs a multiplication in the Montgomery domain
func fqmul(a, b int32) int32 {
return montgomeryReduce(int64(a) * int64(b))
}
26 changes: 13 additions & 13 deletions dilithium/pack.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package dilithium

//packT1 returns the byte representation of v
// packT1 returns the byte representation of v
func packT1(v Vec, K int) []byte {
r := make([]byte, K*polySizeT1)

Expand All @@ -16,7 +16,7 @@ func packT1(v Vec, K int) []byte {
return r
}

//pnpackT1 reverses the packing operation
// pnpackT1 reverses the packing operation
func unpackT1(r []byte, K int) Vec {
v := make(Vec, K)
for j := 0; j < K; j++ {
Expand All @@ -30,7 +30,7 @@ func unpackT1(r []byte, K int) Vec {
return v
}

//packT0 packs t0
// packT0 packs t0
func packT0(v Vec, K int) []byte {
r := make([]byte, K*polySizeT0)
t := make([]uint32, 8)
Expand Down Expand Up @@ -70,7 +70,7 @@ func packT0(v Vec, K int) []byte {
return r
}

//unpackT0 reverses the packing operation
// unpackT0 reverses the packing operation
func unpackT0(a []byte, K int) Vec {
v := make(Vec, K)
for j := 0; j < K; j++ {
Expand All @@ -97,7 +97,7 @@ func unpackT0(a []byte, K int) Vec {
return v
}

//packW1 packs a w1 poly
// packW1 packs a w1 poly
func packW1(v Vec, L, POLYSIZEW1 int, GAMMA2 int32) []byte {
r := make([]byte, L*POLYSIZEW1)
if GAMMA2 == (q-1)/88 {
Expand All @@ -118,7 +118,7 @@ func packW1(v Vec, L, POLYSIZEW1 int, GAMMA2 int32) []byte {
return r
}

//packS packs a S vec
// packS packs a S vec
func packS(v Vec, L, POLYSIZES int, ETA int32) []byte {
r := make([]byte, L*POLYSIZES)
if ETA == 4 {
Expand Down Expand Up @@ -153,7 +153,7 @@ func packS(v Vec, L, POLYSIZES int, ETA int32) []byte {
return r
}

//unpackS reverses the packing of an S vec
// unpackS reverses the packing of an S vec
func unpackS(r []byte, L, POLYSIZES int, ETA int32) Vec {
v := make(Vec, L)
if ETA == 4 {
Expand Down Expand Up @@ -183,7 +183,7 @@ func unpackS(r []byte, L, POLYSIZES int, ETA int32) Vec {
return v
}

//packZ packs a Z vec
// packZ packs a Z vec
func packZ(v Vec, L, POLYSIZEZ int, GAMMA1 int32) []byte {
r := make([]byte, L*POLYSIZEZ)
if GAMMA1 == (1 << 17) {
Expand Down Expand Up @@ -224,7 +224,7 @@ func packZ(v Vec, L, POLYSIZEZ int, GAMMA1 int32) []byte {
return r
}

//unpackZ reverses the packing operation
// unpackZ reverses the packing operation
func unpackZ(buf []byte, L, POLYSIZEZ int, GAMMA1 int32) Vec {
v := make(Vec, L)
if GAMMA1 == (1 << 17) {
Expand Down Expand Up @@ -254,7 +254,7 @@ func unpackZ(buf []byte, L, POLYSIZEZ int, GAMMA1 int32) Vec {
return v
}

//packH packs an H vec
// packH packs an H vec
func packH(v Vec, K int, OMEGA int) []byte {
buf := make([]byte, OMEGA+K)
off := 0
Expand All @@ -270,7 +270,7 @@ func packH(v Vec, K int, OMEGA int) []byte {
return buf[:]
}

//unpackH reverses the packing operation
// unpackH reverses the packing operation
func unpackH(buf []byte, L int, OMEGA int) Vec {
v := make(Vec, L)
k := uint8(0)
Expand All @@ -295,7 +295,7 @@ func unpackH(buf []byte, L int, OMEGA int) Vec {
return v
}

//PackSig packs a dilithium signature into a byte array
// PackSig packs a dilithium signature into a byte array
func (d *Dilithium) PackSig(z Vec, h Vec, hc []byte) []byte {
K := d.params.K
L := d.params.L
Expand All @@ -308,7 +308,7 @@ func (d *Dilithium) PackSig(z Vec, h Vec, hc []byte) []byte {
return sigP[:]
}

//UnpackSig unpacks a byte array into a signature. If the format is incorrect, nil objects are returned.
// UnpackSig unpacks a byte array into a signature. If the format is incorrect, nil objects are returned.
func (d *Dilithium) UnpackSig(sig []byte) (Vec, Vec, []byte) {
K := d.params.K
L := d.params.L
Expand Down
Loading

0 comments on commit bf59295

Please sign in to comment.