Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor: Have a common base for Kyber/Dilithium structures #4024

Merged
merged 7 commits into from
Jul 15, 2024
Merged

Refactor: Have a common base for Kyber/Dilithium structures #4024

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d6e0bf7
Add to_underlying() (from C++23)
reneme Jun 20, 2024
bb374ca
Add XOF::output<count>() to obtain an array
reneme Jun 20, 2024
757c006
Add common utilities for CRYSTALS Kyber/Dilithium
reneme Jun 20, 2024
06480e6
Rework Kyber using the common CRYSTALS structs
reneme Jun 20, 2024
ae8eb45
Rework Dilithium using the common CRYSTALS structs
reneme Jun 20, 2024
ebfd459
Cache the result of ntt(t1 << D) in the verification op
reneme Jun 25, 2024
8bd26c7
Kyber/Dilithium_PK::key_length() returns canonical parameter set ID
reneme Jun 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 14 additions & 11 deletions src/lib/pubkey/dilithium/dilithium/dilithium_modern.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
#include <botan/internal/dilithium_symmetric_primitives.h>

#include <botan/internal/loadstor.h>
#include <botan/internal/shake.h>
#include <botan/internal/shake_xof.h>

#include <array>
Expand All @@ -23,26 +22,30 @@ namespace Botan {

class Dilithium_Common_Symmetric_Primitives : public Dilithium_Symmetric_Primitives {
public:
std::unique_ptr<Botan::XOF> XOF(XofType type, std::span<const uint8_t> seed, uint16_t nonce) const override {
const auto xof_type = [&] {
Dilithium_Common_Symmetric_Primitives(size_t collision_strength_in_bytes) :
Dilithium_Symmetric_Primitives(collision_strength_in_bytes) {}

Botan::XOF& XOF(XofType type, std::span<const uint8_t> seed, uint16_t nonce) const override {
auto& xof = [&]() -> Botan::XOF& {
switch(type) {
case XofType::k128:
return "SHAKE-128";
return m_xof_128;
case XofType::k256:
return "SHAKE-256";
return m_xof_256;
}

BOTAN_ASSERT_UNREACHABLE();
}();

std::array<uint8_t, sizeof(nonce)> nonce_buffer;
store_le(nonce, nonce_buffer.data());

auto xof = Botan::XOF::create_or_throw(xof_type);
xof->update(seed);
xof->update(nonce_buffer);
xof.clear();
xof.update(seed);
xof.update(store_le(nonce));
return xof;
}

private:
mutable SHAKE_256_XOF m_xof_256;
mutable SHAKE_128_XOF m_xof_128;
};

} // namespace Botan
Expand Down
14 changes: 10 additions & 4 deletions src/lib/pubkey/dilithium/dilithium_aes/dilithium_aes.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,11 @@ namespace Botan {

class Dilithium_AES_Symmetric_Primitives : public Dilithium_Symmetric_Primitives {
public:
Dilithium_AES_Symmetric_Primitives(size_t collision_strength_in_bytes) :
Dilithium_Symmetric_Primitives(collision_strength_in_bytes) {}

// AES mode always uses AES-256, regardless of the XofType
std::unique_ptr<Botan::XOF> XOF(XofType /* type */, std::span<const uint8_t> seed, uint16_t nonce) const final {
Botan::XOF& XOF(XofType /* type */, std::span<const uint8_t> seed, uint16_t nonce) const final {
// Algorithm Spec V. 3.1 Section 5.3
// In the AES variant, the first 32 bytes of rhoprime are used as
// the key and i is extended to a 12 byte nonce for AES-256 in
Expand All @@ -36,10 +39,13 @@ class Dilithium_AES_Symmetric_Primitives : public Dilithium_Symmetric_Primitives
const std::array<uint8_t, 12> iv{get_byte<1>(nonce), get_byte<0>(nonce), 0};
const auto key = seed.first(32);

auto xof = std::make_unique<AES_256_CTR_XOF>();
xof->start(iv, key);
return xof;
m_aes_xof.clear();
m_aes_xof.start(iv, key);
return m_aes_xof;
}

private:
mutable AES_256_CTR_XOF m_aes_xof;
};

} // namespace Botan
Expand Down
Loading
Loading