RubyGems - pq_crypto - Versions diffs - 0.4.2 → 0.5.0 - Mend

pq_crypto 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (408) hide show

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/indcpa.c DELETED Viewed

@@ -1,327 +0,0 @@
-#include "indcpa.h"
-#include "ntt.h"
-#include "params.h"
-#include "poly.h"
-#include "polyvec.h"
-#include "randombytes.h"
-#include "symmetric.h"
-#include <stddef.h>
-#include <stdint.h>
-#include <string.h>
-/*************************************************
-* Name:        pack_pk
-*
-* Description: Serialize the public key as concatenation of the
-*              serialized vector of polynomials pk
-*              and the public seed used to generate the matrix A.
-*
-* Arguments:   uint8_t *r: pointer to the output serialized public key
-*              polyvec *pk: pointer to the input public-key polyvec
-*              const uint8_t *seed: pointer to the input public seed
-**************************************************/
-static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
-                    polyvec *pk,
-                    const uint8_t seed[KYBER_SYMBYTES]) {
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_tobytes(r, pk);
-    memcpy(r + KYBER_POLYVECBYTES, seed, KYBER_SYMBYTES);
-}
-/*************************************************
-* Name:        unpack_pk
-*
-* Description: De-serialize public key from a byte array;
-*              approximate inverse of pack_pk
-*
-* Arguments:   - polyvec *pk: pointer to output public-key polynomial vector
-*              - uint8_t *seed: pointer to output seed to generate matrix A
-*              - const uint8_t *packedpk: pointer to input serialized public key
-**************************************************/
-static void unpack_pk(polyvec *pk,
-                      uint8_t seed[KYBER_SYMBYTES],
-                      const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_frombytes(pk, packedpk);
-    memcpy(seed, packedpk + KYBER_POLYVECBYTES, KYBER_SYMBYTES);
-}
-/*************************************************
-* Name:        pack_sk
-*
-* Description: Serialize the secret key
-*
-* Arguments:   - uint8_t *r: pointer to output serialized secret key
-*              - polyvec *sk: pointer to input vector of polynomials (secret key)
-**************************************************/
-static void pack_sk(uint8_t r[KYBER_INDCPA_SECRETKEYBYTES], polyvec *sk) {
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_tobytes(r, sk);
-}
-/*************************************************
-* Name:        unpack_sk
-*
-* Description: De-serialize the secret key; inverse of pack_sk
-*
-* Arguments:   - polyvec *sk: pointer to output vector of polynomials (secret key)
-*              - const uint8_t *packedsk: pointer to input serialized secret key
-**************************************************/
-static void unpack_sk(polyvec *sk, const uint8_t packedsk[KYBER_INDCPA_SECRETKEYBYTES]) {
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_frombytes(sk, packedsk);
-}
-/*************************************************
-* Name:        pack_ciphertext
-*
-* Description: Serialize the ciphertext as concatenation of the
-*              compressed and serialized vector of polynomials b
-*              and the compressed and serialized polynomial v
-*
-* Arguments:   uint8_t *r: pointer to the output serialized ciphertext
-*              poly *pk: pointer to the input vector of polynomials b
-*              poly *v: pointer to the input polynomial v
-**************************************************/
-static void pack_ciphertext(uint8_t r[KYBER_INDCPA_BYTES], polyvec *b, poly *v) {
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_compress(r, b);
-    PQCLEAN_MLKEM1024_CLEAN_poly_compress(r + KYBER_POLYVECCOMPRESSEDBYTES, v);
-}
-/*************************************************
-* Name:        unpack_ciphertext
-*
-* Description: De-serialize and decompress ciphertext from a byte array;
-*              approximate inverse of pack_ciphertext
-*
-* Arguments:   - polyvec *b: pointer to the output vector of polynomials b
-*              - poly *v: pointer to the output polynomial v
-*              - const uint8_t *c: pointer to the input serialized ciphertext
-**************************************************/
-static void unpack_ciphertext(polyvec *b, poly *v, const uint8_t c[KYBER_INDCPA_BYTES]) {
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_decompress(b, c);
-    PQCLEAN_MLKEM1024_CLEAN_poly_decompress(v, c + KYBER_POLYVECCOMPRESSEDBYTES);
-}
-/*************************************************
-* Name:        rej_uniform
-*
-* Description: Run rejection sampling on uniform random bytes to generate
-*              uniform random integers mod q
-*
-* Arguments:   - int16_t *r: pointer to output buffer
-*              - unsigned int len: requested number of 16-bit integers (uniform mod q)
-*              - const uint8_t *buf: pointer to input buffer (assumed to be uniformly random bytes)
-*              - unsigned int buflen: length of input buffer in bytes
-*
-* Returns number of sampled 16-bit integers (at most len)
-**************************************************/
-static unsigned int rej_uniform(int16_t *r,
-                                unsigned int len,
-                                const uint8_t *buf,
-                                unsigned int buflen) {
-    unsigned int ctr, pos;
-    uint16_t val0, val1;
-    ctr = pos = 0;
-    while (ctr < len && pos + 3 <= buflen) {
-        val0 = ((buf[pos + 0] >> 0) | ((uint16_t)buf[pos + 1] << 8)) & 0xFFF;
-        val1 = ((buf[pos + 1] >> 4) | ((uint16_t)buf[pos + 2] << 4)) & 0xFFF;
-        pos += 3;
-        if (val0 < KYBER_Q) {
-            r[ctr++] = val0;
-        }
-        if (ctr < len && val1 < KYBER_Q) {
-            r[ctr++] = val1;
-        }
-    }
-    return ctr;
-}
-#define gen_a(A,B)  PQCLEAN_MLKEM1024_CLEAN_gen_matrix(A,B,0)
-#define gen_at(A,B) PQCLEAN_MLKEM1024_CLEAN_gen_matrix(A,B,1)
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_gen_matrix
-*
-* Description: Deterministically generate matrix A (or the transpose of A)
-*              from a seed. Entries of the matrix are polynomials that look
-*              uniformly random. Performs rejection sampling on output of
-*              a XOF
-*
-* Arguments:   - polyvec *a: pointer to ouptput matrix A
-*              - const uint8_t *seed: pointer to input seed
-*              - int transposed: boolean deciding whether A or A^T is generated
-**************************************************/
-#define GEN_MATRIX_NBLOCKS ((12*KYBER_N/8*(1 << 12)/KYBER_Q + XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
-// Not static for benchmarking
-void PQCLEAN_MLKEM1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
-    unsigned int ctr, i, j;
-    unsigned int buflen;
-    uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES];
-    xof_state state;
-    for (i = 0; i < KYBER_K; i++) {
-        for (j = 0; j < KYBER_K; j++) {
-            if (transposed) {
-                xof_absorb(&state, seed, (uint8_t)i, (uint8_t)j);
-            } else {
-                xof_absorb(&state, seed, (uint8_t)j, (uint8_t)i);
-            }
-            xof_squeezeblocks(buf, GEN_MATRIX_NBLOCKS, &state);
-            buflen = GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES;
-            ctr = rej_uniform(a[i].vec[j].coeffs, KYBER_N, buf, buflen);
-            while (ctr < KYBER_N) {
-                xof_squeezeblocks(buf, 1, &state);
-                buflen = XOF_BLOCKBYTES;
-                ctr += rej_uniform(a[i].vec[j].coeffs + ctr, KYBER_N - ctr, buf, buflen);
-            }
-            xof_ctx_release(&state);
-        }
-    }
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_indcpa_keypair_derand
-*
-* Description: Generates public and private key for the CPA-secure
-*              public-key encryption scheme underlying Kyber
-*
-* Arguments:   - uint8_t *pk: pointer to output public key
-*                             (of length KYBER_INDCPA_PUBLICKEYBYTES bytes)
-*              - uint8_t *sk: pointer to output private key
-*                             (of length KYBER_INDCPA_SECRETKEYBYTES bytes)
-*              - const uint8_t *coins: pointer to input randomness
-*                             (of length KYBER_SYMBYTES bytes)
-**************************************************/
-void PQCLEAN_MLKEM1024_CLEAN_indcpa_keypair_derand(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
-        uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES],
-        const uint8_t coins[KYBER_SYMBYTES]) {
-    unsigned int i;
-    uint8_t buf[2 * KYBER_SYMBYTES];
-    const uint8_t *publicseed = buf;
-    const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
-    uint8_t nonce = 0;
-    polyvec a[KYBER_K], e, pkpv, skpv;
-    memcpy(buf, coins, KYBER_SYMBYTES);
-    buf[KYBER_SYMBYTES] = KYBER_K;
-    hash_g(buf, buf, KYBER_SYMBYTES + 1);
-    gen_a(a, publicseed);
-    for (i = 0; i < KYBER_K; i++) {
-        PQCLEAN_MLKEM1024_CLEAN_poly_getnoise_eta1(&skpv.vec[i], noiseseed, nonce++);
-    }
-    for (i = 0; i < KYBER_K; i++) {
-        PQCLEAN_MLKEM1024_CLEAN_poly_getnoise_eta1(&e.vec[i], noiseseed, nonce++);
-    }
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_ntt(&skpv);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_ntt(&e);
-    // matrix-vector multiplication
-    for (i = 0; i < KYBER_K; i++) {
-        PQCLEAN_MLKEM1024_CLEAN_polyvec_basemul_acc_montgomery(&pkpv.vec[i], &a[i], &skpv);
-        PQCLEAN_MLKEM1024_CLEAN_poly_tomont(&pkpv.vec[i]);
-    }
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_add(&pkpv, &pkpv, &e);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_reduce(&pkpv);
-    pack_sk(sk, &skpv);
-    pack_pk(pk, &pkpv, publicseed);
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_indcpa_enc
-*
-* Description: Encryption function of the CPA-secure
-*              public-key encryption scheme underlying Kyber.
-*
-* Arguments:   - uint8_t *c: pointer to output ciphertext
-*                            (of length KYBER_INDCPA_BYTES bytes)
-*              - const uint8_t *m: pointer to input message
-*                                  (of length KYBER_INDCPA_MSGBYTES bytes)
-*              - const uint8_t *pk: pointer to input public key
-*                                   (of length KYBER_INDCPA_PUBLICKEYBYTES)
-*              - const uint8_t *coins: pointer to input random coins used as seed
-*                                      (of length KYBER_SYMBYTES) to deterministically
-*                                      generate all randomness
-**************************************************/
-void PQCLEAN_MLKEM1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
-                                        const uint8_t m[KYBER_INDCPA_MSGBYTES],
-                                        const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
-                                        const uint8_t coins[KYBER_SYMBYTES]) {
-    unsigned int i;
-    uint8_t seed[KYBER_SYMBYTES];
-    uint8_t nonce = 0;
-    polyvec sp, pkpv, ep, at[KYBER_K], b;
-    poly v, k, epp;
-    unpack_pk(&pkpv, seed, pk);
-    PQCLEAN_MLKEM1024_CLEAN_poly_frommsg(&k, m);
-    gen_at(at, seed);
-    for (i = 0; i < KYBER_K; i++) {
-        PQCLEAN_MLKEM1024_CLEAN_poly_getnoise_eta1(sp.vec + i, coins, nonce++);
-    }
-    for (i = 0; i < KYBER_K; i++) {
-        PQCLEAN_MLKEM1024_CLEAN_poly_getnoise_eta2(ep.vec + i, coins, nonce++);
-    }
-    PQCLEAN_MLKEM1024_CLEAN_poly_getnoise_eta2(&epp, coins, nonce++);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_ntt(&sp);
-    // matrix-vector multiplication
-    for (i = 0; i < KYBER_K; i++) {
-        PQCLEAN_MLKEM1024_CLEAN_polyvec_basemul_acc_montgomery(&b.vec[i], &at[i], &sp);
-    }
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_basemul_acc_montgomery(&v, &pkpv, &sp);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_invntt_tomont(&b);
-    PQCLEAN_MLKEM1024_CLEAN_poly_invntt_tomont(&v);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_add(&b, &b, &ep);
-    PQCLEAN_MLKEM1024_CLEAN_poly_add(&v, &v, &epp);
-    PQCLEAN_MLKEM1024_CLEAN_poly_add(&v, &v, &k);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_reduce(&b);
-    PQCLEAN_MLKEM1024_CLEAN_poly_reduce(&v);
-    pack_ciphertext(c, &b, &v);
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_indcpa_dec
-*
-* Description: Decryption function of the CPA-secure
-*              public-key encryption scheme underlying Kyber.
-*
-* Arguments:   - uint8_t *m: pointer to output decrypted message
-*                            (of length KYBER_INDCPA_MSGBYTES)
-*              - const uint8_t *c: pointer to input ciphertext
-*                                  (of length KYBER_INDCPA_BYTES)
-*              - const uint8_t *sk: pointer to input secret key
-*                                   (of length KYBER_INDCPA_SECRETKEYBYTES)
-**************************************************/
-void PQCLEAN_MLKEM1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
-                                        const uint8_t c[KYBER_INDCPA_BYTES],
-                                        const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
-    polyvec b, skpv;
-    poly v, mp;
-    unpack_ciphertext(&b, &v, c);
-    unpack_sk(&skpv, sk);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_ntt(&b);
-    PQCLEAN_MLKEM1024_CLEAN_polyvec_basemul_acc_montgomery(&mp, &skpv, &b);
-    PQCLEAN_MLKEM1024_CLEAN_poly_invntt_tomont(&mp);
-    PQCLEAN_MLKEM1024_CLEAN_poly_sub(&mp, &v, &mp);
-    PQCLEAN_MLKEM1024_CLEAN_poly_reduce(&mp);
-    PQCLEAN_MLKEM1024_CLEAN_poly_tomsg(m, &mp);
-}

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/indcpa.h DELETED Viewed

@@ -1,22 +0,0 @@
-#ifndef PQCLEAN_MLKEM1024_CLEAN_INDCPA_H
-#define PQCLEAN_MLKEM1024_CLEAN_INDCPA_H
-#include "params.h"
-#include "polyvec.h"
-#include <stdint.h>
-void PQCLEAN_MLKEM1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
-void PQCLEAN_MLKEM1024_CLEAN_indcpa_keypair_derand(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
-        uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES],
-        const uint8_t coins[KYBER_SYMBYTES]);
-void PQCLEAN_MLKEM1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
-                                        const uint8_t m[KYBER_INDCPA_MSGBYTES],
-                                        const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
-                                        const uint8_t coins[KYBER_SYMBYTES]);
-void PQCLEAN_MLKEM1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
-                                        const uint8_t c[KYBER_INDCPA_BYTES],
-                                        const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
-#endif

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/kem.c DELETED Viewed

@@ -1,164 +0,0 @@
-#include "indcpa.h"
-#include "kem.h"
-#include "params.h"
-#include "randombytes.h"
-#include "symmetric.h"
-#include "verify.h"
-#include <stddef.h>
-#include <stdint.h>
-#include <string.h>
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair_derand
-*
-* Description: Generates public and private key
-*              for CCA-secure Kyber key encapsulation mechanism
-*
-* Arguments:   - uint8_t *pk: pointer to output public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*              - uint8_t *sk: pointer to output private key
-*                (an already allocated array of KYBER_SECRETKEYBYTES bytes)
-*              - uint8_t *coins: pointer to input randomness
-*                (an already allocated array filled with 2*KYBER_SYMBYTES random bytes)
-**
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair_derand(uint8_t *pk,
-        uint8_t *sk,
-        const uint8_t *coins) {
-    PQCLEAN_MLKEM1024_CLEAN_indcpa_keypair_derand(pk, sk, coins);
-    memcpy(sk + KYBER_INDCPA_SECRETKEYBYTES, pk, KYBER_PUBLICKEYBYTES);
-    hash_h(sk + KYBER_SECRETKEYBYTES - 2 * KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
-    /* Value z for pseudo-random output on reject */
-    memcpy(sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, coins + KYBER_SYMBYTES, KYBER_SYMBYTES);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair
-*
-* Description: Generates public and private key
-*              for CCA-secure Kyber key encapsulation mechanism
-*
-* Arguments:   - uint8_t *pk: pointer to output public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*              - uint8_t *sk: pointer to output private key
-*                (an already allocated array of KYBER_SECRETKEYBYTES bytes)
-*
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair(uint8_t *pk,
-        uint8_t *sk) {
-    uint8_t coins[2 * KYBER_SYMBYTES];
-    randombytes(coins, 2 * KYBER_SYMBYTES);
-    PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair_derand(pk, sk, coins);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc_derand
-*
-* Description: Generates cipher text and shared
-*              secret for given public key
-*
-* Arguments:   - uint8_t *ct: pointer to output cipher text
-*                (an already allocated array of KYBER_CIPHERTEXTBYTES bytes)
-*              - uint8_t *ss: pointer to output shared secret
-*                (an already allocated array of KYBER_SSBYTES bytes)
-*              - const uint8_t *pk: pointer to input public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*              - const uint8_t *coins: pointer to input randomness
-*                (an already allocated array filled with KYBER_SYMBYTES random bytes)
-**
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc_derand(uint8_t *ct,
-        uint8_t *ss,
-        const uint8_t *pk,
-        const uint8_t *coins) {
-    uint8_t buf[2 * KYBER_SYMBYTES];
-    /* Will contain key, coins */
-    uint8_t kr[2 * KYBER_SYMBYTES];
-    memcpy(buf, coins, KYBER_SYMBYTES);
-    /* Multitarget countermeasure for coins + contributory KEM */
-    hash_h(buf + KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
-    hash_g(kr, buf, 2 * KYBER_SYMBYTES);
-    /* coins are in kr+KYBER_SYMBYTES */
-    PQCLEAN_MLKEM1024_CLEAN_indcpa_enc(ct, buf, pk, kr + KYBER_SYMBYTES);
-    memcpy(ss, kr, KYBER_SYMBYTES);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc
-*
-* Description: Generates cipher text and shared
-*              secret for given public key
-*
-* Arguments:   - uint8_t *ct: pointer to output cipher text
-*                (an already allocated array of KYBER_CIPHERTEXTBYTES bytes)
-*              - uint8_t *ss: pointer to output shared secret
-*                (an already allocated array of KYBER_SSBYTES bytes)
-*              - const uint8_t *pk: pointer to input public key
-*                (an already allocated array of KYBER_PUBLICKEYBYTES bytes)
-*
-* Returns 0 (success)
-**************************************************/
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc(uint8_t *ct,
-        uint8_t *ss,
-        const uint8_t *pk) {
-    uint8_t coins[KYBER_SYMBYTES];
-    randombytes(coins, KYBER_SYMBYTES);
-    PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc_derand(ct, ss, pk, coins);
-    return 0;
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_crypto_kem_dec
-*
-* Description: Generates shared secret for given
-*              cipher text and private key
-*
-* Arguments:   - uint8_t *ss: pointer to output shared secret
-*                (an already allocated array of KYBER_SSBYTES bytes)
-*              - const uint8_t *ct: pointer to input cipher text
-*                (an already allocated array of KYBER_CIPHERTEXTBYTES bytes)
-*              - const uint8_t *sk: pointer to input private key
-*                (an already allocated array of KYBER_SECRETKEYBYTES bytes)
-*
-* Returns 0.
-*
-* On failure, ss will contain a pseudo-random value.
-**************************************************/
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_dec(uint8_t *ss,
-        const uint8_t *ct,
-        const uint8_t *sk) {
-    int fail;
-    uint8_t buf[2 * KYBER_SYMBYTES];
-    /* Will contain key, coins */
-    uint8_t kr[2 * KYBER_SYMBYTES];
-    uint8_t cmp[KYBER_CIPHERTEXTBYTES + KYBER_SYMBYTES];
-    const uint8_t *pk = sk + KYBER_INDCPA_SECRETKEYBYTES;
-    PQCLEAN_MLKEM1024_CLEAN_indcpa_dec(buf, ct, sk);
-    /* Multitarget countermeasure for coins + contributory KEM */
-    memcpy(buf + KYBER_SYMBYTES, sk + KYBER_SECRETKEYBYTES - 2 * KYBER_SYMBYTES, KYBER_SYMBYTES);
-    hash_g(kr, buf, 2 * KYBER_SYMBYTES);
-    /* coins are in kr+KYBER_SYMBYTES */
-    PQCLEAN_MLKEM1024_CLEAN_indcpa_enc(cmp, buf, pk, kr + KYBER_SYMBYTES);
-    fail = PQCLEAN_MLKEM1024_CLEAN_verify(ct, cmp, KYBER_CIPHERTEXTBYTES);
-    /* Compute rejection key */
-    rkprf(ss, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, ct);
-    /* Copy true key to return buffer if fail is false */
-    PQCLEAN_MLKEM1024_CLEAN_cmov(ss, kr, KYBER_SYMBYTES, (uint8_t) (1 - fail));
-    return 0;
-}

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/kem.h DELETED Viewed

@@ -1,23 +0,0 @@
-#ifndef PQCLEAN_MLKEM1024_CLEAN_KEM_H
-#define PQCLEAN_MLKEM1024_CLEAN_KEM_H
-#include "params.h"
-#include <stdint.h>
-#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_SECRETKEYBYTES  KYBER_SECRETKEYBYTES
-#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_PUBLICKEYBYTES  KYBER_PUBLICKEYBYTES
-#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_CIPHERTEXTBYTES KYBER_CIPHERTEXTBYTES
-#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_BYTES           KYBER_SSBYTES
-#define PQCLEAN_MLKEM1024_CLEAN_CRYPTO_ALGNAME "ML-KEM-1024"
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair_derand(uint8_t *pk, uint8_t *sk, const uint8_t *coins);
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_keypair(uint8_t *pk, uint8_t *sk);
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc_derand(uint8_t *ct, uint8_t *ss, const uint8_t *pk, const uint8_t *coins);
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_t *pk);
-int PQCLEAN_MLKEM1024_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
-#endif

data/ext/pqcrypto/vendor/pqclean/crypto_kem/ml-kem-1024/clean/ntt.c DELETED Viewed

@@ -1,146 +0,0 @@
-#include "ntt.h"
-#include "params.h"
-#include "reduce.h"
-#include <stdint.h>
-/* Code to generate PQCLEAN_MLKEM1024_CLEAN_zetas and zetas_inv used in the number-theoretic transform:
-#define KYBER_ROOT_OF_UNITY 17
-static const uint8_t tree[128] = {
-  0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120,
-  4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124,
-  2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122,
-  6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126,
-  1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121,
-  5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125,
-  3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123,
-  7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127
-};
-void init_ntt() {
-  unsigned int i;
-  int16_t tmp[128];
-  tmp[0] = MONT;
-  for(i=1;i<128;i++)
-    tmp[i] = fqmul(tmp[i-1],MONT*KYBER_ROOT_OF_UNITY % KYBER_Q);
-  for(i=0;i<128;i++) {
-    PQCLEAN_MLKEM1024_CLEAN_zetas[i] = tmp[tree[i]];
-    if(PQCLEAN_MLKEM1024_CLEAN_zetas[i] > KYBER_Q/2)
-      PQCLEAN_MLKEM1024_CLEAN_zetas[i] -= KYBER_Q;
-    if(PQCLEAN_MLKEM1024_CLEAN_zetas[i] < -KYBER_Q/2)
-      PQCLEAN_MLKEM1024_CLEAN_zetas[i] += KYBER_Q;
-  }
-}
-*/
-const int16_t PQCLEAN_MLKEM1024_CLEAN_zetas[128] = {
-    -1044,  -758,  -359, -1517,  1493,  1422,   287,   202,
-    -171,   622,  1577,   182,   962, -1202, -1474,  1468,
-    573, -1325,   264,   383,  -829,  1458, -1602,  -130,
-    -681,  1017,   732,   608, -1542,   411,  -205, -1571,
-    1223,   652,  -552,  1015, -1293,  1491,  -282, -1544,
-    516,    -8,  -320,  -666, -1618, -1162,   126,  1469,
-    -853,   -90,  -271,   830,   107, -1421,  -247,  -951,
-    -398,   961, -1508,  -725,   448, -1065,   677, -1275,
-    -1103,   430,   555,   843, -1251,   871,  1550,   105,
-    422,   587,   177,  -235,  -291,  -460,  1574,  1653,
-    -246,   778,  1159,  -147,  -777,  1483,  -602,  1119,
-    -1590,   644,  -872,   349,   418,   329,  -156,   -75,
-    817,  1097,   603,   610,  1322, -1285, -1465,   384,
-    -1215,  -136,  1218, -1335,  -874,   220, -1187, -1659,
-    -1185, -1530, -1278,   794, -1510,  -854,  -870,   478,
-    -108,  -308,   996,   991,   958, -1460,  1522,  1628
-};
-/*************************************************
-* Name:        fqmul
-*
-* Description: Multiplication followed by Montgomery reduction
-*
-* Arguments:   - int16_t a: first factor
-*              - int16_t b: second factor
-*
-* Returns 16-bit integer congruent to a*b*R^{-1} mod q
-**************************************************/
-static int16_t fqmul(int16_t a, int16_t b) {
-    return PQCLEAN_MLKEM1024_CLEAN_montgomery_reduce((int32_t)a * b);
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_ntt
-*
-* Description: Inplace number-theoretic transform (NTT) in Rq.
-*              input is in standard order, output is in bitreversed order
-*
-* Arguments:   - int16_t r[256]: pointer to input/output vector of elements of Zq
-**************************************************/
-void PQCLEAN_MLKEM1024_CLEAN_ntt(int16_t r[256]) {
-    unsigned int len, start, j, k;
-    int16_t t, zeta;
-    k = 1;
-    for (len = 128; len >= 2; len >>= 1) {
-        for (start = 0; start < 256; start = j + len) {
-            zeta = PQCLEAN_MLKEM1024_CLEAN_zetas[k++];
-            for (j = start; j < start + len; j++) {
-                t = fqmul(zeta, r[j + len]);
-                r[j + len] = r[j] - t;
-                r[j] = r[j] + t;
-            }
-        }
-    }
-}
-/*************************************************
-* Name:        invntt_tomont
-*
-* Description: Inplace inverse number-theoretic transform in Rq and
-*              multiplication by Montgomery factor 2^16.
-*              Input is in bitreversed order, output is in standard order
-*
-* Arguments:   - int16_t r[256]: pointer to input/output vector of elements of Zq
-**************************************************/
-void PQCLEAN_MLKEM1024_CLEAN_invntt(int16_t r[256]) {
-    unsigned int start, len, j, k;
-    int16_t t, zeta;
-    const int16_t f = 1441; // mont^2/128
-    k = 127;
-    for (len = 2; len <= 128; len <<= 1) {
-        for (start = 0; start < 256; start = j + len) {
-            zeta = PQCLEAN_MLKEM1024_CLEAN_zetas[k--];
-            for (j = start; j < start + len; j++) {
-                t = r[j];
-                r[j] = PQCLEAN_MLKEM1024_CLEAN_barrett_reduce(t + r[j + len]);
-                r[j + len] = r[j + len] - t;
-                r[j + len] = fqmul(zeta, r[j + len]);
-            }
-        }
-    }
-    for (j = 0; j < 256; j++) {
-        r[j] = fqmul(r[j], f);
-    }
-}
-/*************************************************
-* Name:        PQCLEAN_MLKEM1024_CLEAN_basemul
-*
-* Description: Multiplication of polynomials in Zq[X]/(X^2-zeta)
-*              used for multiplication of elements in Rq in NTT domain
-*
-* Arguments:   - int16_t r[2]: pointer to the output polynomial
-*              - const int16_t a[2]: pointer to the first factor
-*              - const int16_t b[2]: pointer to the second factor
-*              - int16_t zeta: integer defining the reduction polynomial
-**************************************************/
-void PQCLEAN_MLKEM1024_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
-    r[0]  = fqmul(a[1], b[1]);
-    r[0]  = fqmul(r[0], zeta);
-    r[0] += fqmul(a[0], b[0]);
-    r[1]  = fqmul(a[0], b[1]);
-    r[1] += fqmul(a[1], b[0]);
-}