@theqrl/mldsa87 2.0.1 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/cjs/mldsa87.d.cts +319 -0
- package/dist/cjs/mldsa87.js +7 -0
- package/dist/mjs/mldsa87.d.mts +319 -0
- package/dist/mjs/mldsa87.js +7 -0
- package/package.json +9 -3
- package/src/index.d.ts +115 -0
package/README.md
CHANGED
|
@@ -164,6 +164,7 @@ See [SECURITY.md](../../SECURITY.md) for important information about:
|
|
|
164
164
|
|
|
165
165
|
- JavaScript memory security limitations
|
|
166
166
|
- Constant-time verification
|
|
167
|
+
- **Signing timing variability** — signing is not constant-time due to the algorithm's rejection sampling loop; see SECURITY.md for measured impact and deployment mitigations
|
|
167
168
|
- Secure key handling recommendations
|
|
168
169
|
|
|
169
170
|
## Requirements
|
|
@@ -0,0 +1,319 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TypeScript definitions for @theqrl/mldsa87
|
|
3
|
+
* ML-DSA-87 (FIPS 204) post-quantum digital signature scheme
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
// Constants
|
|
7
|
+
export const Shake128Rate: number;
|
|
8
|
+
export const Shake256Rate: number;
|
|
9
|
+
export const Stream128BlockBytes: number;
|
|
10
|
+
export const Stream256BlockBytes: number;
|
|
11
|
+
export const SeedBytes: number;
|
|
12
|
+
export const CRHBytes: number;
|
|
13
|
+
export const TRBytes: number;
|
|
14
|
+
export const RNDBytes: number;
|
|
15
|
+
export const N: number;
|
|
16
|
+
export const Q: number;
|
|
17
|
+
export const QInv: number;
|
|
18
|
+
export const D: number;
|
|
19
|
+
export const K: number;
|
|
20
|
+
export const L: number;
|
|
21
|
+
export const ETA: number;
|
|
22
|
+
export const TAU: number;
|
|
23
|
+
export const BETA: number;
|
|
24
|
+
export const GAMMA1: number;
|
|
25
|
+
export const GAMMA2: number;
|
|
26
|
+
export const OMEGA: number;
|
|
27
|
+
export const CTILDEBytes: number;
|
|
28
|
+
export const PolyT1PackedBytes: number;
|
|
29
|
+
export const PolyT0PackedBytes: number;
|
|
30
|
+
export const PolyETAPackedBytes: number;
|
|
31
|
+
export const PolyZPackedBytes: number;
|
|
32
|
+
export const PolyVecHPackedBytes: number;
|
|
33
|
+
export const PolyW1PackedBytes: number;
|
|
34
|
+
export const CryptoPublicKeyBytes: number;
|
|
35
|
+
export const CryptoSecretKeyBytes: number;
|
|
36
|
+
export const CryptoBytes: number;
|
|
37
|
+
export const PolyUniformNBlocks: number;
|
|
38
|
+
export const PolyUniformETANBlocks: number;
|
|
39
|
+
export const PolyUniformGamma1NBlocks: number;
|
|
40
|
+
export const zetas: readonly number[];
|
|
41
|
+
|
|
42
|
+
// Core signing functions
|
|
43
|
+
|
|
44
|
+
/**
|
|
45
|
+
* Generate an ML-DSA-87 key pair
|
|
46
|
+
* @param seed - Optional 32-byte seed for deterministic key generation (null for random)
|
|
47
|
+
* @param pk - Output buffer for public key (must be CryptoPublicKeyBytes length)
|
|
48
|
+
* @param sk - Output buffer for secret key (must be CryptoSecretKeyBytes length)
|
|
49
|
+
* @returns The seed used for key generation
|
|
50
|
+
* @throws Error if pk/sk buffers are wrong size or null
|
|
51
|
+
*/
|
|
52
|
+
export function cryptoSignKeypair(
|
|
53
|
+
seed: Uint8Array | null,
|
|
54
|
+
pk: Uint8Array,
|
|
55
|
+
sk: Uint8Array
|
|
56
|
+
): Uint8Array;
|
|
57
|
+
|
|
58
|
+
/**
|
|
59
|
+
* Create a signature for a message
|
|
60
|
+
* @param sig - Output buffer for signature (must be CryptoBytes length minimum)
|
|
61
|
+
* @param m - Message to sign (hex string or Uint8Array; strings are parsed as hex only)
|
|
62
|
+
* @param sk - Secret key
|
|
63
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
64
|
+
* @param ctx - Context string (max 255 bytes)
|
|
65
|
+
* @returns 0 on success
|
|
66
|
+
* @throws Error if sk is wrong size or context too long
|
|
67
|
+
*/
|
|
68
|
+
export function cryptoSignSignature(
|
|
69
|
+
sig: Uint8Array,
|
|
70
|
+
m: Uint8Array | string,
|
|
71
|
+
sk: Uint8Array,
|
|
72
|
+
randomizedSigning: boolean,
|
|
73
|
+
ctx: Uint8Array
|
|
74
|
+
): number;
|
|
75
|
+
|
|
76
|
+
/**
|
|
77
|
+
* Sign a message, returning signature concatenated with message
|
|
78
|
+
* @param msg - Message to sign
|
|
79
|
+
* @param sk - Secret key
|
|
80
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
81
|
+
* @param ctx - Context string (max 255 bytes)
|
|
82
|
+
* @returns Signed message (signature || message)
|
|
83
|
+
* @throws Error if signing fails
|
|
84
|
+
*/
|
|
85
|
+
export function cryptoSign(
|
|
86
|
+
msg: Uint8Array | string,
|
|
87
|
+
sk: Uint8Array,
|
|
88
|
+
randomizedSigning: boolean,
|
|
89
|
+
ctx: Uint8Array
|
|
90
|
+
): Uint8Array;
|
|
91
|
+
|
|
92
|
+
/**
|
|
93
|
+
* Verify a signature
|
|
94
|
+
* @param sig - Signature to verify
|
|
95
|
+
* @param m - Message that was signed (hex string or Uint8Array; strings are parsed as hex only)
|
|
96
|
+
* @param pk - Public key
|
|
97
|
+
* @param ctx - Context string (max 255 bytes)
|
|
98
|
+
* @returns true if signature is valid, false otherwise
|
|
99
|
+
*/
|
|
100
|
+
export function cryptoSignVerify(
|
|
101
|
+
sig: Uint8Array,
|
|
102
|
+
m: Uint8Array | string,
|
|
103
|
+
pk: Uint8Array,
|
|
104
|
+
ctx: Uint8Array
|
|
105
|
+
): boolean;
|
|
106
|
+
|
|
107
|
+
/**
|
|
108
|
+
* Open a signed message (verify and extract message)
|
|
109
|
+
* @param sm - Signed message (signature || message)
|
|
110
|
+
* @param pk - Public key
|
|
111
|
+
* @param ctx - Context string (max 255 bytes)
|
|
112
|
+
* @returns Message if valid, undefined if verification fails
|
|
113
|
+
*/
|
|
114
|
+
export function cryptoSignOpen(
|
|
115
|
+
sm: Uint8Array,
|
|
116
|
+
pk: Uint8Array,
|
|
117
|
+
ctx: Uint8Array
|
|
118
|
+
): Uint8Array | undefined;
|
|
119
|
+
|
|
120
|
+
// Utility functions
|
|
121
|
+
|
|
122
|
+
/**
|
|
123
|
+
* Zero out a buffer (best-effort, see SECURITY.md for limitations)
|
|
124
|
+
* @param buffer - Buffer to zero
|
|
125
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
126
|
+
*/
|
|
127
|
+
export function zeroize(buffer: Uint8Array): void;
|
|
128
|
+
|
|
129
|
+
/**
|
|
130
|
+
* Check if buffer is all zeros using constant-time comparison
|
|
131
|
+
* @param buffer - Buffer to check
|
|
132
|
+
* @returns true if all bytes are zero
|
|
133
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
134
|
+
*/
|
|
135
|
+
export function isZero(buffer: Uint8Array): boolean;
|
|
136
|
+
|
|
137
|
+
// Internal classes (exported but primarily for internal use)
|
|
138
|
+
|
|
139
|
+
export class Poly {
|
|
140
|
+
coeffs: Int32Array;
|
|
141
|
+
constructor();
|
|
142
|
+
copy(poly: Poly): void;
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
export class PolyVecK {
|
|
146
|
+
vec: Poly[];
|
|
147
|
+
constructor();
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
export class PolyVecL {
|
|
151
|
+
vec: Poly[];
|
|
152
|
+
constructor();
|
|
153
|
+
copy(polyVecL: PolyVecL): void;
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
export class KeccakState {
|
|
157
|
+
constructor();
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
// Internal functions (exported but primarily for internal use)
|
|
161
|
+
export function polyNTT(a: Poly): void;
|
|
162
|
+
export function polyInvNTTToMont(a: Poly): void;
|
|
163
|
+
export function polyChallenge(c: Poly, seed: Uint8Array): void;
|
|
164
|
+
export function ntt(a: Int32Array): void;
|
|
165
|
+
export function invNTTToMont(a: Int32Array): void;
|
|
166
|
+
export function montgomeryReduce(a: bigint): bigint;
|
|
167
|
+
export function reduce32(a: number): number;
|
|
168
|
+
export function cAddQ(a: number): number;
|
|
169
|
+
export function decompose(a0: Int32Array, i: number, a: number): number;
|
|
170
|
+
export function power2round(a0: Int32Array, i: number, a: number): number;
|
|
171
|
+
export function makeHint(a0: number, a1: number): number;
|
|
172
|
+
export function useHint(a: number, hint: number): number;
|
|
173
|
+
export function packPk(pk: Uint8Array, rho: Uint8Array, t1: PolyVecK): void;
|
|
174
|
+
export function packSk(
|
|
175
|
+
sk: Uint8Array,
|
|
176
|
+
rho: Uint8Array,
|
|
177
|
+
tr: Uint8Array,
|
|
178
|
+
key: Uint8Array,
|
|
179
|
+
t0: PolyVecK,
|
|
180
|
+
s1: PolyVecL,
|
|
181
|
+
s2: PolyVecK
|
|
182
|
+
): void;
|
|
183
|
+
export function packSig(
|
|
184
|
+
sig: Uint8Array,
|
|
185
|
+
c: Uint8Array,
|
|
186
|
+
z: PolyVecL,
|
|
187
|
+
h: PolyVecK
|
|
188
|
+
): void;
|
|
189
|
+
export function unpackPk(rho: Uint8Array, t1: PolyVecK, pk: Uint8Array): void;
|
|
190
|
+
export function unpackSk(
|
|
191
|
+
rho: Uint8Array,
|
|
192
|
+
tr: Uint8Array,
|
|
193
|
+
key: Uint8Array,
|
|
194
|
+
t0: PolyVecK,
|
|
195
|
+
s1: PolyVecL,
|
|
196
|
+
s2: PolyVecK,
|
|
197
|
+
sk: Uint8Array
|
|
198
|
+
): void;
|
|
199
|
+
export function unpackSig(
|
|
200
|
+
c: Uint8Array,
|
|
201
|
+
z: PolyVecL,
|
|
202
|
+
h: PolyVecK,
|
|
203
|
+
sig: Uint8Array
|
|
204
|
+
): number;
|
|
205
|
+
|
|
206
|
+
// FIPS 202 SHAKE primitives (low-level XOF interface, primarily internal)
|
|
207
|
+
export function shake128Init(state: KeccakState): void;
|
|
208
|
+
export function shake128Absorb(state: KeccakState, input: Uint8Array): void;
|
|
209
|
+
export function shake128Finalize(state: KeccakState): void;
|
|
210
|
+
export function shake128SqueezeBlocks(
|
|
211
|
+
out: Uint8Array,
|
|
212
|
+
outputOffset: number,
|
|
213
|
+
nBlocks: number,
|
|
214
|
+
state: KeccakState
|
|
215
|
+
): void;
|
|
216
|
+
export function shake256Init(state: KeccakState): void;
|
|
217
|
+
export function shake256Absorb(state: KeccakState, input: Uint8Array): void;
|
|
218
|
+
export function shake256Finalize(state: KeccakState): void;
|
|
219
|
+
export function shake256SqueezeBlocks(
|
|
220
|
+
out: Uint8Array,
|
|
221
|
+
outputOffset: number,
|
|
222
|
+
nBlocks: number,
|
|
223
|
+
state: KeccakState
|
|
224
|
+
): void;
|
|
225
|
+
|
|
226
|
+
// ML-DSA-specific stream initializers
|
|
227
|
+
export function mldsaShake128StreamInit(
|
|
228
|
+
state: KeccakState,
|
|
229
|
+
seed: Uint8Array,
|
|
230
|
+
nonce: number
|
|
231
|
+
): void;
|
|
232
|
+
export function mldsaShake256StreamInit(
|
|
233
|
+
state: KeccakState,
|
|
234
|
+
seed: Uint8Array,
|
|
235
|
+
nonce: number
|
|
236
|
+
): void;
|
|
237
|
+
|
|
238
|
+
// Polynomial operations (internal)
|
|
239
|
+
export function polyReduce(a: Poly): void;
|
|
240
|
+
export function polyCAddQ(a: Poly): void;
|
|
241
|
+
export function polyAdd(c: Poly, a: Poly, b: Poly): void;
|
|
242
|
+
export function polySub(c: Poly, a: Poly, b: Poly): void;
|
|
243
|
+
export function polyShiftL(a: Poly): void;
|
|
244
|
+
export function polyPointWiseMontgomery(c: Poly, a: Poly, b: Poly): void;
|
|
245
|
+
export function polyPower2round(a1: Poly, a0: Poly, a: Poly): void;
|
|
246
|
+
export function polyDecompose(a1: Poly, a0: Poly, a: Poly): void;
|
|
247
|
+
export function polyMakeHint(h: Poly, a0: Poly, a1: Poly): number;
|
|
248
|
+
export function polyUseHint(b: Poly, a: Poly, h: Poly): void;
|
|
249
|
+
export function polyChkNorm(a: Poly, b: number): number;
|
|
250
|
+
export function rejUniform(
|
|
251
|
+
a: Int32Array,
|
|
252
|
+
aOffset: number,
|
|
253
|
+
len: number,
|
|
254
|
+
buf: Uint8Array,
|
|
255
|
+
bufLen: number
|
|
256
|
+
): number;
|
|
257
|
+
export function polyUniform(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
258
|
+
export function rejEta(
|
|
259
|
+
a: Int32Array,
|
|
260
|
+
aOffset: number,
|
|
261
|
+
len: number,
|
|
262
|
+
buf: Uint8Array,
|
|
263
|
+
bufLen: number
|
|
264
|
+
): number;
|
|
265
|
+
export function polyUniformEta(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
266
|
+
export function polyZUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
267
|
+
export function polyUniformGamma1(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
268
|
+
export function polyEtaPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
269
|
+
export function polyEtaUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
270
|
+
export function polyT1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
271
|
+
export function polyT1Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
272
|
+
export function polyT0Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
273
|
+
export function polyT0Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
274
|
+
export function polyZPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
275
|
+
export function polyW1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
276
|
+
|
|
277
|
+
// Polynomial vector operations (internal)
|
|
278
|
+
export function polyVecMatrixExpand(mat: PolyVecL[], rho: Uint8Array): void;
|
|
279
|
+
export function polyVecMatrixPointWiseMontgomery(
|
|
280
|
+
t: PolyVecK,
|
|
281
|
+
mat: PolyVecL[],
|
|
282
|
+
v: PolyVecL
|
|
283
|
+
): void;
|
|
284
|
+
export function polyVecLUniformEta(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
285
|
+
export function polyVecLUniformGamma1(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
286
|
+
export function polyVecLReduce(v: PolyVecL): void;
|
|
287
|
+
export function polyVecLAdd(w: PolyVecL, u: PolyVecL, v: PolyVecL): void;
|
|
288
|
+
export function polyVecLNTT(v: PolyVecL): void;
|
|
289
|
+
export function polyVecLInvNTTToMont(v: PolyVecL): void;
|
|
290
|
+
export function polyVecLPointWisePolyMontgomery(
|
|
291
|
+
r: PolyVecL,
|
|
292
|
+
a: Poly,
|
|
293
|
+
v: PolyVecL
|
|
294
|
+
): void;
|
|
295
|
+
export function polyVecLPointWiseAccMontgomery(
|
|
296
|
+
w: Poly,
|
|
297
|
+
u: PolyVecL,
|
|
298
|
+
v: PolyVecL
|
|
299
|
+
): void;
|
|
300
|
+
export function polyVecLChkNorm(v: PolyVecL, bound: number): number;
|
|
301
|
+
export function polyVecKUniformEta(v: PolyVecK, seed: Uint8Array, nonce: number): void;
|
|
302
|
+
export function polyVecKReduce(v: PolyVecK): void;
|
|
303
|
+
export function polyVecKCAddQ(v: PolyVecK): void;
|
|
304
|
+
export function polyVecKAdd(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
305
|
+
export function polyVecKSub(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
306
|
+
export function polyVecKShiftL(v: PolyVecK): void;
|
|
307
|
+
export function polyVecKNTT(v: PolyVecK): void;
|
|
308
|
+
export function polyVecKInvNTTToMont(v: PolyVecK): void;
|
|
309
|
+
export function polyVecKPointWisePolyMontgomery(
|
|
310
|
+
r: PolyVecK,
|
|
311
|
+
a: Poly,
|
|
312
|
+
v: PolyVecK
|
|
313
|
+
): void;
|
|
314
|
+
export function polyVecKChkNorm(v: PolyVecK, bound: number): number;
|
|
315
|
+
export function polyVecKPower2round(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
316
|
+
export function polyVecKDecompose(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
317
|
+
export function polyVecKMakeHint(h: PolyVecK, v0: PolyVecK, v1: PolyVecK): number;
|
|
318
|
+
export function polyVecKUseHint(w: PolyVecK, u: PolyVecK, h: PolyVecK): void;
|
|
319
|
+
export function polyVecKPackW1(r: Uint8Array, w1: PolyVecK): void;
|
package/dist/cjs/mldsa87.js
CHANGED
|
@@ -1356,6 +1356,12 @@ function packSig(sigP, ctilde, z, h) {
|
|
|
1356
1356
|
for (let i = 0; i < K; ++i) {
|
|
1357
1357
|
for (let j = 0; j < N; ++j) {
|
|
1358
1358
|
if (h.vec[i].coeffs[j] !== 0) {
|
|
1359
|
+
if (h.vec[i].coeffs[j] !== 1) {
|
|
1360
|
+
throw new Error('hint coefficients must be binary (0 or 1)');
|
|
1361
|
+
}
|
|
1362
|
+
if (k >= OMEGA) {
|
|
1363
|
+
throw new Error(`hint count exceeds OMEGA (${OMEGA})`);
|
|
1364
|
+
}
|
|
1359
1365
|
sig[sigOffset + k++] = j;
|
|
1360
1366
|
}
|
|
1361
1367
|
}
|
|
@@ -1733,6 +1739,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
|
|
|
1733
1739
|
// rhoPrime = SHAKE256(key || rnd || mu)
|
|
1734
1740
|
const rnd = randomizedSigning ? randomBytes(RNDBytes) : new Uint8Array(RNDBytes);
|
|
1735
1741
|
rhoPrime = shake256.create({}).update(key).update(rnd).update(mu).xof(CRHBytes);
|
|
1742
|
+
zeroize(rnd);
|
|
1736
1743
|
|
|
1737
1744
|
polyVecMatrixExpand(mat, rho);
|
|
1738
1745
|
polyVecLNTT(s1);
|
|
@@ -0,0 +1,319 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TypeScript definitions for @theqrl/mldsa87
|
|
3
|
+
* ML-DSA-87 (FIPS 204) post-quantum digital signature scheme
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
// Constants
|
|
7
|
+
export const Shake128Rate: number;
|
|
8
|
+
export const Shake256Rate: number;
|
|
9
|
+
export const Stream128BlockBytes: number;
|
|
10
|
+
export const Stream256BlockBytes: number;
|
|
11
|
+
export const SeedBytes: number;
|
|
12
|
+
export const CRHBytes: number;
|
|
13
|
+
export const TRBytes: number;
|
|
14
|
+
export const RNDBytes: number;
|
|
15
|
+
export const N: number;
|
|
16
|
+
export const Q: number;
|
|
17
|
+
export const QInv: number;
|
|
18
|
+
export const D: number;
|
|
19
|
+
export const K: number;
|
|
20
|
+
export const L: number;
|
|
21
|
+
export const ETA: number;
|
|
22
|
+
export const TAU: number;
|
|
23
|
+
export const BETA: number;
|
|
24
|
+
export const GAMMA1: number;
|
|
25
|
+
export const GAMMA2: number;
|
|
26
|
+
export const OMEGA: number;
|
|
27
|
+
export const CTILDEBytes: number;
|
|
28
|
+
export const PolyT1PackedBytes: number;
|
|
29
|
+
export const PolyT0PackedBytes: number;
|
|
30
|
+
export const PolyETAPackedBytes: number;
|
|
31
|
+
export const PolyZPackedBytes: number;
|
|
32
|
+
export const PolyVecHPackedBytes: number;
|
|
33
|
+
export const PolyW1PackedBytes: number;
|
|
34
|
+
export const CryptoPublicKeyBytes: number;
|
|
35
|
+
export const CryptoSecretKeyBytes: number;
|
|
36
|
+
export const CryptoBytes: number;
|
|
37
|
+
export const PolyUniformNBlocks: number;
|
|
38
|
+
export const PolyUniformETANBlocks: number;
|
|
39
|
+
export const PolyUniformGamma1NBlocks: number;
|
|
40
|
+
export const zetas: readonly number[];
|
|
41
|
+
|
|
42
|
+
// Core signing functions
|
|
43
|
+
|
|
44
|
+
/**
|
|
45
|
+
* Generate an ML-DSA-87 key pair
|
|
46
|
+
* @param seed - Optional 32-byte seed for deterministic key generation (null for random)
|
|
47
|
+
* @param pk - Output buffer for public key (must be CryptoPublicKeyBytes length)
|
|
48
|
+
* @param sk - Output buffer for secret key (must be CryptoSecretKeyBytes length)
|
|
49
|
+
* @returns The seed used for key generation
|
|
50
|
+
* @throws Error if pk/sk buffers are wrong size or null
|
|
51
|
+
*/
|
|
52
|
+
export function cryptoSignKeypair(
|
|
53
|
+
seed: Uint8Array | null,
|
|
54
|
+
pk: Uint8Array,
|
|
55
|
+
sk: Uint8Array
|
|
56
|
+
): Uint8Array;
|
|
57
|
+
|
|
58
|
+
/**
|
|
59
|
+
* Create a signature for a message
|
|
60
|
+
* @param sig - Output buffer for signature (must be CryptoBytes length minimum)
|
|
61
|
+
* @param m - Message to sign (hex string or Uint8Array; strings are parsed as hex only)
|
|
62
|
+
* @param sk - Secret key
|
|
63
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
64
|
+
* @param ctx - Context string (max 255 bytes)
|
|
65
|
+
* @returns 0 on success
|
|
66
|
+
* @throws Error if sk is wrong size or context too long
|
|
67
|
+
*/
|
|
68
|
+
export function cryptoSignSignature(
|
|
69
|
+
sig: Uint8Array,
|
|
70
|
+
m: Uint8Array | string,
|
|
71
|
+
sk: Uint8Array,
|
|
72
|
+
randomizedSigning: boolean,
|
|
73
|
+
ctx: Uint8Array
|
|
74
|
+
): number;
|
|
75
|
+
|
|
76
|
+
/**
|
|
77
|
+
* Sign a message, returning signature concatenated with message
|
|
78
|
+
* @param msg - Message to sign
|
|
79
|
+
* @param sk - Secret key
|
|
80
|
+
* @param randomizedSigning - If true, use random nonce; if false, deterministic
|
|
81
|
+
* @param ctx - Context string (max 255 bytes)
|
|
82
|
+
* @returns Signed message (signature || message)
|
|
83
|
+
* @throws Error if signing fails
|
|
84
|
+
*/
|
|
85
|
+
export function cryptoSign(
|
|
86
|
+
msg: Uint8Array | string,
|
|
87
|
+
sk: Uint8Array,
|
|
88
|
+
randomizedSigning: boolean,
|
|
89
|
+
ctx: Uint8Array
|
|
90
|
+
): Uint8Array;
|
|
91
|
+
|
|
92
|
+
/**
|
|
93
|
+
* Verify a signature
|
|
94
|
+
* @param sig - Signature to verify
|
|
95
|
+
* @param m - Message that was signed (hex string or Uint8Array; strings are parsed as hex only)
|
|
96
|
+
* @param pk - Public key
|
|
97
|
+
* @param ctx - Context string (max 255 bytes)
|
|
98
|
+
* @returns true if signature is valid, false otherwise
|
|
99
|
+
*/
|
|
100
|
+
export function cryptoSignVerify(
|
|
101
|
+
sig: Uint8Array,
|
|
102
|
+
m: Uint8Array | string,
|
|
103
|
+
pk: Uint8Array,
|
|
104
|
+
ctx: Uint8Array
|
|
105
|
+
): boolean;
|
|
106
|
+
|
|
107
|
+
/**
|
|
108
|
+
* Open a signed message (verify and extract message)
|
|
109
|
+
* @param sm - Signed message (signature || message)
|
|
110
|
+
* @param pk - Public key
|
|
111
|
+
* @param ctx - Context string (max 255 bytes)
|
|
112
|
+
* @returns Message if valid, undefined if verification fails
|
|
113
|
+
*/
|
|
114
|
+
export function cryptoSignOpen(
|
|
115
|
+
sm: Uint8Array,
|
|
116
|
+
pk: Uint8Array,
|
|
117
|
+
ctx: Uint8Array
|
|
118
|
+
): Uint8Array | undefined;
|
|
119
|
+
|
|
120
|
+
// Utility functions
|
|
121
|
+
|
|
122
|
+
/**
|
|
123
|
+
* Zero out a buffer (best-effort, see SECURITY.md for limitations)
|
|
124
|
+
* @param buffer - Buffer to zero
|
|
125
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
126
|
+
*/
|
|
127
|
+
export function zeroize(buffer: Uint8Array): void;
|
|
128
|
+
|
|
129
|
+
/**
|
|
130
|
+
* Check if buffer is all zeros using constant-time comparison
|
|
131
|
+
* @param buffer - Buffer to check
|
|
132
|
+
* @returns true if all bytes are zero
|
|
133
|
+
* @throws TypeError if buffer is not Uint8Array
|
|
134
|
+
*/
|
|
135
|
+
export function isZero(buffer: Uint8Array): boolean;
|
|
136
|
+
|
|
137
|
+
// Internal classes (exported but primarily for internal use)
|
|
138
|
+
|
|
139
|
+
export class Poly {
|
|
140
|
+
coeffs: Int32Array;
|
|
141
|
+
constructor();
|
|
142
|
+
copy(poly: Poly): void;
|
|
143
|
+
}
|
|
144
|
+
|
|
145
|
+
export class PolyVecK {
|
|
146
|
+
vec: Poly[];
|
|
147
|
+
constructor();
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
export class PolyVecL {
|
|
151
|
+
vec: Poly[];
|
|
152
|
+
constructor();
|
|
153
|
+
copy(polyVecL: PolyVecL): void;
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
export class KeccakState {
|
|
157
|
+
constructor();
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
// Internal functions (exported but primarily for internal use)
|
|
161
|
+
export function polyNTT(a: Poly): void;
|
|
162
|
+
export function polyInvNTTToMont(a: Poly): void;
|
|
163
|
+
export function polyChallenge(c: Poly, seed: Uint8Array): void;
|
|
164
|
+
export function ntt(a: Int32Array): void;
|
|
165
|
+
export function invNTTToMont(a: Int32Array): void;
|
|
166
|
+
export function montgomeryReduce(a: bigint): bigint;
|
|
167
|
+
export function reduce32(a: number): number;
|
|
168
|
+
export function cAddQ(a: number): number;
|
|
169
|
+
export function decompose(a0: Int32Array, i: number, a: number): number;
|
|
170
|
+
export function power2round(a0: Int32Array, i: number, a: number): number;
|
|
171
|
+
export function makeHint(a0: number, a1: number): number;
|
|
172
|
+
export function useHint(a: number, hint: number): number;
|
|
173
|
+
export function packPk(pk: Uint8Array, rho: Uint8Array, t1: PolyVecK): void;
|
|
174
|
+
export function packSk(
|
|
175
|
+
sk: Uint8Array,
|
|
176
|
+
rho: Uint8Array,
|
|
177
|
+
tr: Uint8Array,
|
|
178
|
+
key: Uint8Array,
|
|
179
|
+
t0: PolyVecK,
|
|
180
|
+
s1: PolyVecL,
|
|
181
|
+
s2: PolyVecK
|
|
182
|
+
): void;
|
|
183
|
+
export function packSig(
|
|
184
|
+
sig: Uint8Array,
|
|
185
|
+
c: Uint8Array,
|
|
186
|
+
z: PolyVecL,
|
|
187
|
+
h: PolyVecK
|
|
188
|
+
): void;
|
|
189
|
+
export function unpackPk(rho: Uint8Array, t1: PolyVecK, pk: Uint8Array): void;
|
|
190
|
+
export function unpackSk(
|
|
191
|
+
rho: Uint8Array,
|
|
192
|
+
tr: Uint8Array,
|
|
193
|
+
key: Uint8Array,
|
|
194
|
+
t0: PolyVecK,
|
|
195
|
+
s1: PolyVecL,
|
|
196
|
+
s2: PolyVecK,
|
|
197
|
+
sk: Uint8Array
|
|
198
|
+
): void;
|
|
199
|
+
export function unpackSig(
|
|
200
|
+
c: Uint8Array,
|
|
201
|
+
z: PolyVecL,
|
|
202
|
+
h: PolyVecK,
|
|
203
|
+
sig: Uint8Array
|
|
204
|
+
): number;
|
|
205
|
+
|
|
206
|
+
// FIPS 202 SHAKE primitives (low-level XOF interface, primarily internal)
|
|
207
|
+
export function shake128Init(state: KeccakState): void;
|
|
208
|
+
export function shake128Absorb(state: KeccakState, input: Uint8Array): void;
|
|
209
|
+
export function shake128Finalize(state: KeccakState): void;
|
|
210
|
+
export function shake128SqueezeBlocks(
|
|
211
|
+
out: Uint8Array,
|
|
212
|
+
outputOffset: number,
|
|
213
|
+
nBlocks: number,
|
|
214
|
+
state: KeccakState
|
|
215
|
+
): void;
|
|
216
|
+
export function shake256Init(state: KeccakState): void;
|
|
217
|
+
export function shake256Absorb(state: KeccakState, input: Uint8Array): void;
|
|
218
|
+
export function shake256Finalize(state: KeccakState): void;
|
|
219
|
+
export function shake256SqueezeBlocks(
|
|
220
|
+
out: Uint8Array,
|
|
221
|
+
outputOffset: number,
|
|
222
|
+
nBlocks: number,
|
|
223
|
+
state: KeccakState
|
|
224
|
+
): void;
|
|
225
|
+
|
|
226
|
+
// ML-DSA-specific stream initializers
|
|
227
|
+
export function mldsaShake128StreamInit(
|
|
228
|
+
state: KeccakState,
|
|
229
|
+
seed: Uint8Array,
|
|
230
|
+
nonce: number
|
|
231
|
+
): void;
|
|
232
|
+
export function mldsaShake256StreamInit(
|
|
233
|
+
state: KeccakState,
|
|
234
|
+
seed: Uint8Array,
|
|
235
|
+
nonce: number
|
|
236
|
+
): void;
|
|
237
|
+
|
|
238
|
+
// Polynomial operations (internal)
|
|
239
|
+
export function polyReduce(a: Poly): void;
|
|
240
|
+
export function polyCAddQ(a: Poly): void;
|
|
241
|
+
export function polyAdd(c: Poly, a: Poly, b: Poly): void;
|
|
242
|
+
export function polySub(c: Poly, a: Poly, b: Poly): void;
|
|
243
|
+
export function polyShiftL(a: Poly): void;
|
|
244
|
+
export function polyPointWiseMontgomery(c: Poly, a: Poly, b: Poly): void;
|
|
245
|
+
export function polyPower2round(a1: Poly, a0: Poly, a: Poly): void;
|
|
246
|
+
export function polyDecompose(a1: Poly, a0: Poly, a: Poly): void;
|
|
247
|
+
export function polyMakeHint(h: Poly, a0: Poly, a1: Poly): number;
|
|
248
|
+
export function polyUseHint(b: Poly, a: Poly, h: Poly): void;
|
|
249
|
+
export function polyChkNorm(a: Poly, b: number): number;
|
|
250
|
+
export function rejUniform(
|
|
251
|
+
a: Int32Array,
|
|
252
|
+
aOffset: number,
|
|
253
|
+
len: number,
|
|
254
|
+
buf: Uint8Array,
|
|
255
|
+
bufLen: number
|
|
256
|
+
): number;
|
|
257
|
+
export function polyUniform(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
258
|
+
export function rejEta(
|
|
259
|
+
a: Int32Array,
|
|
260
|
+
aOffset: number,
|
|
261
|
+
len: number,
|
|
262
|
+
buf: Uint8Array,
|
|
263
|
+
bufLen: number
|
|
264
|
+
): number;
|
|
265
|
+
export function polyUniformEta(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
266
|
+
export function polyZUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
267
|
+
export function polyUniformGamma1(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
268
|
+
export function polyEtaPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
269
|
+
export function polyEtaUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
270
|
+
export function polyT1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
271
|
+
export function polyT1Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
272
|
+
export function polyT0Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
273
|
+
export function polyT0Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
274
|
+
export function polyZPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
275
|
+
export function polyW1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
276
|
+
|
|
277
|
+
// Polynomial vector operations (internal)
|
|
278
|
+
export function polyVecMatrixExpand(mat: PolyVecL[], rho: Uint8Array): void;
|
|
279
|
+
export function polyVecMatrixPointWiseMontgomery(
|
|
280
|
+
t: PolyVecK,
|
|
281
|
+
mat: PolyVecL[],
|
|
282
|
+
v: PolyVecL
|
|
283
|
+
): void;
|
|
284
|
+
export function polyVecLUniformEta(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
285
|
+
export function polyVecLUniformGamma1(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
286
|
+
export function polyVecLReduce(v: PolyVecL): void;
|
|
287
|
+
export function polyVecLAdd(w: PolyVecL, u: PolyVecL, v: PolyVecL): void;
|
|
288
|
+
export function polyVecLNTT(v: PolyVecL): void;
|
|
289
|
+
export function polyVecLInvNTTToMont(v: PolyVecL): void;
|
|
290
|
+
export function polyVecLPointWisePolyMontgomery(
|
|
291
|
+
r: PolyVecL,
|
|
292
|
+
a: Poly,
|
|
293
|
+
v: PolyVecL
|
|
294
|
+
): void;
|
|
295
|
+
export function polyVecLPointWiseAccMontgomery(
|
|
296
|
+
w: Poly,
|
|
297
|
+
u: PolyVecL,
|
|
298
|
+
v: PolyVecL
|
|
299
|
+
): void;
|
|
300
|
+
export function polyVecLChkNorm(v: PolyVecL, bound: number): number;
|
|
301
|
+
export function polyVecKUniformEta(v: PolyVecK, seed: Uint8Array, nonce: number): void;
|
|
302
|
+
export function polyVecKReduce(v: PolyVecK): void;
|
|
303
|
+
export function polyVecKCAddQ(v: PolyVecK): void;
|
|
304
|
+
export function polyVecKAdd(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
305
|
+
export function polyVecKSub(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
306
|
+
export function polyVecKShiftL(v: PolyVecK): void;
|
|
307
|
+
export function polyVecKNTT(v: PolyVecK): void;
|
|
308
|
+
export function polyVecKInvNTTToMont(v: PolyVecK): void;
|
|
309
|
+
export function polyVecKPointWisePolyMontgomery(
|
|
310
|
+
r: PolyVecK,
|
|
311
|
+
a: Poly,
|
|
312
|
+
v: PolyVecK
|
|
313
|
+
): void;
|
|
314
|
+
export function polyVecKChkNorm(v: PolyVecK, bound: number): number;
|
|
315
|
+
export function polyVecKPower2round(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
316
|
+
export function polyVecKDecompose(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
317
|
+
export function polyVecKMakeHint(h: PolyVecK, v0: PolyVecK, v1: PolyVecK): number;
|
|
318
|
+
export function polyVecKUseHint(w: PolyVecK, u: PolyVecK, h: PolyVecK): void;
|
|
319
|
+
export function polyVecKPackW1(r: Uint8Array, w1: PolyVecK): void;
|
package/dist/mjs/mldsa87.js
CHANGED
|
@@ -977,6 +977,12 @@ function packSig(sigP, ctilde, z, h) {
|
|
|
977
977
|
for (let i = 0; i < K; ++i) {
|
|
978
978
|
for (let j = 0; j < N; ++j) {
|
|
979
979
|
if (h.vec[i].coeffs[j] !== 0) {
|
|
980
|
+
if (h.vec[i].coeffs[j] !== 1) {
|
|
981
|
+
throw new Error('hint coefficients must be binary (0 or 1)');
|
|
982
|
+
}
|
|
983
|
+
if (k >= OMEGA) {
|
|
984
|
+
throw new Error(`hint count exceeds OMEGA (${OMEGA})`);
|
|
985
|
+
}
|
|
980
986
|
sig[sigOffset + k++] = j;
|
|
981
987
|
}
|
|
982
988
|
}
|
|
@@ -1354,6 +1360,7 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
|
|
|
1354
1360
|
// rhoPrime = SHAKE256(key || rnd || mu)
|
|
1355
1361
|
const rnd = randomizedSigning ? randomBytes(RNDBytes) : new Uint8Array(RNDBytes);
|
|
1356
1362
|
rhoPrime = shake256.create({}).update(key).update(rnd).update(mu).xof(CRHBytes);
|
|
1363
|
+
zeroize(rnd);
|
|
1357
1364
|
|
|
1358
1365
|
polyVecMatrixExpand(mat, rho);
|
|
1359
1366
|
polyVecLNTT(s1);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@theqrl/mldsa87",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.4",
|
|
4
4
|
"description": "ML-DSA-87 cryptography",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ml-dsa",
|
|
@@ -44,8 +44,14 @@
|
|
|
44
44
|
},
|
|
45
45
|
"exports": {
|
|
46
46
|
".": {
|
|
47
|
-
"import":
|
|
48
|
-
|
|
47
|
+
"import": {
|
|
48
|
+
"types": "./dist/mjs/mldsa87.d.mts",
|
|
49
|
+
"default": "./dist/mjs/mldsa87.js"
|
|
50
|
+
},
|
|
51
|
+
"require": {
|
|
52
|
+
"types": "./dist/cjs/mldsa87.d.cts",
|
|
53
|
+
"default": "./dist/cjs/mldsa87.js"
|
|
54
|
+
}
|
|
49
55
|
}
|
|
50
56
|
},
|
|
51
57
|
"type": "module",
|
package/src/index.d.ts
CHANGED
|
@@ -202,3 +202,118 @@ export function unpackSig(
|
|
|
202
202
|
h: PolyVecK,
|
|
203
203
|
sig: Uint8Array
|
|
204
204
|
): number;
|
|
205
|
+
|
|
206
|
+
// FIPS 202 SHAKE primitives (low-level XOF interface, primarily internal)
|
|
207
|
+
export function shake128Init(state: KeccakState): void;
|
|
208
|
+
export function shake128Absorb(state: KeccakState, input: Uint8Array): void;
|
|
209
|
+
export function shake128Finalize(state: KeccakState): void;
|
|
210
|
+
export function shake128SqueezeBlocks(
|
|
211
|
+
out: Uint8Array,
|
|
212
|
+
outputOffset: number,
|
|
213
|
+
nBlocks: number,
|
|
214
|
+
state: KeccakState
|
|
215
|
+
): void;
|
|
216
|
+
export function shake256Init(state: KeccakState): void;
|
|
217
|
+
export function shake256Absorb(state: KeccakState, input: Uint8Array): void;
|
|
218
|
+
export function shake256Finalize(state: KeccakState): void;
|
|
219
|
+
export function shake256SqueezeBlocks(
|
|
220
|
+
out: Uint8Array,
|
|
221
|
+
outputOffset: number,
|
|
222
|
+
nBlocks: number,
|
|
223
|
+
state: KeccakState
|
|
224
|
+
): void;
|
|
225
|
+
|
|
226
|
+
// ML-DSA-specific stream initializers
|
|
227
|
+
export function mldsaShake128StreamInit(
|
|
228
|
+
state: KeccakState,
|
|
229
|
+
seed: Uint8Array,
|
|
230
|
+
nonce: number
|
|
231
|
+
): void;
|
|
232
|
+
export function mldsaShake256StreamInit(
|
|
233
|
+
state: KeccakState,
|
|
234
|
+
seed: Uint8Array,
|
|
235
|
+
nonce: number
|
|
236
|
+
): void;
|
|
237
|
+
|
|
238
|
+
// Polynomial operations (internal)
|
|
239
|
+
export function polyReduce(a: Poly): void;
|
|
240
|
+
export function polyCAddQ(a: Poly): void;
|
|
241
|
+
export function polyAdd(c: Poly, a: Poly, b: Poly): void;
|
|
242
|
+
export function polySub(c: Poly, a: Poly, b: Poly): void;
|
|
243
|
+
export function polyShiftL(a: Poly): void;
|
|
244
|
+
export function polyPointWiseMontgomery(c: Poly, a: Poly, b: Poly): void;
|
|
245
|
+
export function polyPower2round(a1: Poly, a0: Poly, a: Poly): void;
|
|
246
|
+
export function polyDecompose(a1: Poly, a0: Poly, a: Poly): void;
|
|
247
|
+
export function polyMakeHint(h: Poly, a0: Poly, a1: Poly): number;
|
|
248
|
+
export function polyUseHint(b: Poly, a: Poly, h: Poly): void;
|
|
249
|
+
export function polyChkNorm(a: Poly, b: number): number;
|
|
250
|
+
export function rejUniform(
|
|
251
|
+
a: Int32Array,
|
|
252
|
+
aOffset: number,
|
|
253
|
+
len: number,
|
|
254
|
+
buf: Uint8Array,
|
|
255
|
+
bufLen: number
|
|
256
|
+
): number;
|
|
257
|
+
export function polyUniform(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
258
|
+
export function rejEta(
|
|
259
|
+
a: Int32Array,
|
|
260
|
+
aOffset: number,
|
|
261
|
+
len: number,
|
|
262
|
+
buf: Uint8Array,
|
|
263
|
+
bufLen: number
|
|
264
|
+
): number;
|
|
265
|
+
export function polyUniformEta(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
266
|
+
export function polyZUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
267
|
+
export function polyUniformGamma1(a: Poly, seed: Uint8Array, nonce: number): void;
|
|
268
|
+
export function polyEtaPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
269
|
+
export function polyEtaUnpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
270
|
+
export function polyT1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
271
|
+
export function polyT1Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
272
|
+
export function polyT0Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
273
|
+
export function polyT0Unpack(r: Poly, a: Uint8Array, aOffset: number): void;
|
|
274
|
+
export function polyZPack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
275
|
+
export function polyW1Pack(r: Uint8Array, rOffset: number, a: Poly): void;
|
|
276
|
+
|
|
277
|
+
// Polynomial vector operations (internal)
|
|
278
|
+
export function polyVecMatrixExpand(mat: PolyVecL[], rho: Uint8Array): void;
|
|
279
|
+
export function polyVecMatrixPointWiseMontgomery(
|
|
280
|
+
t: PolyVecK,
|
|
281
|
+
mat: PolyVecL[],
|
|
282
|
+
v: PolyVecL
|
|
283
|
+
): void;
|
|
284
|
+
export function polyVecLUniformEta(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
285
|
+
export function polyVecLUniformGamma1(v: PolyVecL, seed: Uint8Array, nonce: number): void;
|
|
286
|
+
export function polyVecLReduce(v: PolyVecL): void;
|
|
287
|
+
export function polyVecLAdd(w: PolyVecL, u: PolyVecL, v: PolyVecL): void;
|
|
288
|
+
export function polyVecLNTT(v: PolyVecL): void;
|
|
289
|
+
export function polyVecLInvNTTToMont(v: PolyVecL): void;
|
|
290
|
+
export function polyVecLPointWisePolyMontgomery(
|
|
291
|
+
r: PolyVecL,
|
|
292
|
+
a: Poly,
|
|
293
|
+
v: PolyVecL
|
|
294
|
+
): void;
|
|
295
|
+
export function polyVecLPointWiseAccMontgomery(
|
|
296
|
+
w: Poly,
|
|
297
|
+
u: PolyVecL,
|
|
298
|
+
v: PolyVecL
|
|
299
|
+
): void;
|
|
300
|
+
export function polyVecLChkNorm(v: PolyVecL, bound: number): number;
|
|
301
|
+
export function polyVecKUniformEta(v: PolyVecK, seed: Uint8Array, nonce: number): void;
|
|
302
|
+
export function polyVecKReduce(v: PolyVecK): void;
|
|
303
|
+
export function polyVecKCAddQ(v: PolyVecK): void;
|
|
304
|
+
export function polyVecKAdd(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
305
|
+
export function polyVecKSub(w: PolyVecK, u: PolyVecK, v: PolyVecK): void;
|
|
306
|
+
export function polyVecKShiftL(v: PolyVecK): void;
|
|
307
|
+
export function polyVecKNTT(v: PolyVecK): void;
|
|
308
|
+
export function polyVecKInvNTTToMont(v: PolyVecK): void;
|
|
309
|
+
export function polyVecKPointWisePolyMontgomery(
|
|
310
|
+
r: PolyVecK,
|
|
311
|
+
a: Poly,
|
|
312
|
+
v: PolyVecK
|
|
313
|
+
): void;
|
|
314
|
+
export function polyVecKChkNorm(v: PolyVecK, bound: number): number;
|
|
315
|
+
export function polyVecKPower2round(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
316
|
+
export function polyVecKDecompose(v1: PolyVecK, v0: PolyVecK, v: PolyVecK): void;
|
|
317
|
+
export function polyVecKMakeHint(h: PolyVecK, v0: PolyVecK, v1: PolyVecK): number;
|
|
318
|
+
export function polyVecKUseHint(w: PolyVecK, u: PolyVecK, h: PolyVecK): void;
|
|
319
|
+
export function polyVecKPackW1(r: Uint8Array, w1: PolyVecK): void;
|