-rw-r--r-- 3000 libmceliece-20241009/crypto_kem/6960119/avx/encrypt.c raw
/*
This file is for Niederreiter encryption
*/
// 20240508 djb: switch to crypto_sort_int32
// 20240508 djb: use xor_mat_vec256
// 20240504 djb: negifcollision
// 20240504 djb: use crypto_xof_bitwrite16
// 20240503 djb: remove #ifdef KAT ... #endif
// 20230102 djb: rename encrypt() as pke_encrypt()
// 20221231 djb: move encrypt.h last for macos portability; tnx thom wiggers
// 20221230 djb: add linker lines
// linker define pke_encrypt
// linker use xor_mat_vec256
#include "util.h"
#include "params.h"
#include "crypto_sort_int32.h"
#include "randombytes.h"
#include "crypto_declassify.h"
#include "crypto_uint16.h"
#include "crypto_int32.h"
#include "crypto_xof_bitwrite16.h"
#include "xor_mat_vec256.h"
#include "encrypt.h"
static inline crypto_uint16 uint16_is_smaller_declassify(uint16_t t,uint16_t u)
{
crypto_uint16 mask = crypto_uint16_smaller_mask(t,u);
crypto_declassify(&mask,sizeof mask);
return mask;
}
/* output: e, an error vector of weight t */
static void gen_e(unsigned char *e)
{
int i, j, count;
union
{
uint16_t nums[ SYS_T*2 ];
unsigned char bytes[ SYS_T*2 * sizeof(uint16_t) ];
} buf;
int32_t ind[ SYS_T ]; // can also use uint16 or int16
crypto_int32 negifcollision;
unsigned char indbytes[ SYS_T*2 ];
while (1)
{
randombytes(buf.bytes, sizeof(buf));
for (i = 0; i < SYS_T*2; i++)
buf.nums[i] = load_gf(buf.bytes + i*2);
// moving and counting indices in the correct range
count = 0;
for (i = 0; i < SYS_T*2 && count < SYS_T; i++)
if (uint16_is_smaller_declassify(buf.nums[i],SYS_N))
ind[ count++ ] = buf.nums[i];
if (count < SYS_T) continue;
// check for repetition
crypto_sort_int32(ind, SYS_T);
negifcollision = 0;
for (i = 1; i < SYS_T; i++)
negifcollision |= (ind[i-1]^ind[i])-1;
negifcollision = crypto_int32_negative_mask(negifcollision);
crypto_declassify(&negifcollision,sizeof negifcollision);
if (!negifcollision)
break;
}
for (j = 0; j < SYS_T; j++)
crypto_uint16_store(indbytes+2*j,ind[j]);
crypto_xof_bitwrite16(e,SYS_N/8,indbytes,2*SYS_T);
}
/* input: public key pk, error vector e */
/* output: syndrome s */
static void syndrome(unsigned char *s, const unsigned char *pk, unsigned char *e)
{
unsigned char e_tmp[ SYS_N/8 ];
const unsigned char *e_ptr = e_tmp + SYND_BYTES - 1;
vec256 eword[PK_NCOLS/256+1];
int i, j, tail = (PK_NROWS % 8);
for (i = 0; i < SYND_BYTES; i++)
s[i] = e[i];
s[i-1] &= (1 << tail) - 1;
for (i = SYND_BYTES-1; i < SYS_N/8-1; i++)
e_tmp[i] = (e[i] >> tail) | (e[i+1] << (8-tail));
e_tmp[i] = e[i] >> tail;
for (j = 0;j < PK_NCOLS/256;++j)
eword[j] = vec256_load(e_ptr+32*j);
eword[j] = vec256_load(e_ptr+PK_ROW_BYTES-32);
eword[j] &= vec256_set4x(0,0,0,0xffffffffff000000);
xor_mat_vec256(s, pk, PK_NROWS, PK_ROW_BYTES, eword);
}
/* input: public key pk */
/* output: error vector e, syndrome s */
void pke_encrypt(unsigned char *s, const unsigned char *pk, unsigned char *e)
{
gen_e(e);
syndrome(s, pk, e);
}