diff --git a/crypto/src/pqc/crypto/crystals/kyber/CBD.cs b/crypto/src/pqc/crypto/crystals/kyber/CBD.cs
index 843b0d8f6..be0ed7296 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/CBD.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/CBD.cs
@@ -1,76 +1,52 @@
-
-using System;
+using System;
+
+using Org.BouncyCastle.Crypto.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- internal static class CBD
+ internal static class Cbd
{
- public static void Eta(Poly r, byte[] bytes, int eta)
+ internal static void Eta(Poly r, byte[] bytes, int eta)
{
- int i, j;
- uint t, d;
- short a, b;
-
switch (eta)
{
- case 2:
- for (i = 0; i < KyberEngine.N / 8; i++)
+ case 2:
+ {
+ for (int i = 0; i < KyberEngine.N / 8; i++)
+ {
+ uint t = Pack.LE_To_UInt32(bytes, 4 * i);
+ uint d = t & 0x55555555;
+ d += (t >> 1) & 0x55555555;
+ for (int j = 0; j < 8; j++)
{
- t = LittleEndianToUInt32(bytes, 4 * i);
- d = t & 0x55555555;
- d += (t >> 1) & 0x55555555;
- for (j = 0; j < 8; j++)
- {
- a = (short)((d >> (4 * j + 0)) & 0x3);
- b = (short)((d >> (4 * j + eta)) & 0x3);
- r.Coeffs[8 * i + j] = (short) (a - b);
- }
+ short a = (short)((d >> (4 * j + 0)) & 0x3);
+ short b = (short)((d >> (4 * j + eta)) & 0x3);
+ r.Coeffs[8 * i + j] = (short) (a - b);
}
- break;
- case 3:
- for (i = 0; i < KyberEngine.N / 4; i++)
+ }
+ break;
+ }
+ case 3:
+ {
+ for (int i = 0; i < KyberEngine.N / 4; i++)
+ {
+ uint t = Pack.LE_To_UInt24(bytes, 3 * i);
+ uint d = t & 0x00249249;
+ d += (t >> 1) & 0x00249249;
+ d += (t >> 2) & 0x00249249;
+
+ for (int j = 0; j < 4; j++)
{
- t = LittleEndianToUInt24(bytes, 3 * i);
- d = t & 0x00249249;
- d += (t >> 1) & 0x00249249;
- d += (t >> 2) & 0x00249249;
-
- for (j = 0; j < 4; j++)
- {
- a = (short)((d >> (6 * j + 0)) & 0x7);
- b = (short)((d >> (6 * j + 3)) & 0x7);
- r.Coeffs[4 * i + j] = (short)(a - b);
- }
+ short a = (short)((d >> (6 * j + 0)) & 0x7);
+ short b = (short)((d >> (6 * j + 3)) & 0x7);
+ r.Coeffs[4 * i + j] = (short)(a - b);
}
- break;
- default:
- throw new ArgumentException("Wrong Eta");
+ }
+ break;
+ }
+ default:
+ throw new ArgumentException("Wrong Eta");
}
}
-
- private static uint LittleEndianToUInt24(byte[] x, int offset)
- {
- // Refer to convertByteTo32-BitUnsignedInt for explanation
- uint r = (uint) (x[offset] & 0xFF);
- r = r | ((uint)(x[offset + 1] & 0xFF) << 8);
- r = r | ((uint)(x[offset + 2] & 0xFF) << 16);
- return r;
- }
-
- private static uint LittleEndianToUInt32(byte[] x, int offset)
- {
- // Convert first byte to an unsigned integer
- // byte x & 0xFF allows us to grab the last 8 bits
- uint r = (uint)(x[offset] & 0xFF);
-
- // Perform the same operation then left bit shift to store the next 8 bits without
- // altering the previous bits
- r = r | ((uint)(x[offset + 1] & 0xFF) << 8);
- r = r | ((uint)(x[offset + 2] & 0xFF) << 16);
- r = r | ((uint)(x[offset + 3] & 0xFF) << 24);
- return r;
- }
-
-
}
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs
index 0cbd56e7f..556803e57 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs
@@ -1,4 +1,5 @@
using System;
+
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
@@ -7,9 +8,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
internal class KyberEngine
{
- private SecureRandom _random;
- private KyberIndCpa IndCpa;
- private byte[] Seed;
+ private SecureRandom m_random;
+ private KyberIndCpa m_indCpa;
// Constant Parameters
public const int N = 256;
@@ -45,28 +45,28 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
public int CryptoPublicKeyBytes { get; private set; }
public int CryptoCipherTextBytes { get; private set; }
- public KyberEngine(int k)
+ internal KyberEngine(int k)
{
K = k;
switch (k)
{
- case 2:
- Eta1 = 3;
- PolyCompressedBytes = 128;
- PolyVecCompressedBytes = K * 320;
- break;
- case 3:
- Eta1 = 2;
- PolyCompressedBytes = 128;
- PolyVecCompressedBytes = K * 320;
- break;
- case 4:
- Eta1 = 2;
- PolyCompressedBytes = 160;
- PolyVecCompressedBytes = K * 352;
- break;
- default:
- break;
+ case 2:
+ Eta1 = 3;
+ PolyCompressedBytes = 128;
+ PolyVecCompressedBytes = K * 320;
+ break;
+ case 3:
+ Eta1 = 2;
+ PolyCompressedBytes = 128;
+ PolyVecCompressedBytes = K * 320;
+ break;
+ case 4:
+ Eta1 = 2;
+ PolyCompressedBytes = 160;
+ PolyVecCompressedBytes = K * 352;
+ break;
+ default:
+ break;
}
PolyVecBytes = k * PolyBytes;
@@ -83,38 +83,37 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
CryptoPublicKeyBytes = PublicKeyBytes;
CryptoCipherTextBytes = CipherTextBytes;
- IndCpa = new KyberIndCpa(this);
+ m_indCpa = new KyberIndCpa(this);
}
- public void Init(SecureRandom random)
+ internal void Init(SecureRandom random)
{
- this._random = random;
+ m_random = random;
}
- public void UpdateSeed(byte[] seed)
+ internal void UpdateSeed(byte[] seed)
{
- this.Seed = seed;
- _random.SetSeed(seed);
+ m_random.SetSeed(seed);
}
-
- public void GenerateKemKeyPair(byte[] pk, byte[] sk)
+
+ internal void GenerateKemKeyPair(byte[] pk, byte[] sk)
{
Sha3Digest Sha3Digest256 = new Sha3Digest(256);
- IndCpa.GenerateKeyPair(pk, sk);
+ m_indCpa.GenerateKeyPair(pk, sk);
Array.Copy(pk, 0, sk, IndCpaSecretKeyBytes, IndCpaPublicKeyBytes);
Sha3Digest256.BlockUpdate(pk, 0, PublicKeyBytes);
Sha3Digest256.DoFinal(sk, SecretKeyBytes - 2 * SymBytes);
- _random.NextBytes(sk, SecretKeyBytes - SymBytes, SymBytes);
+ m_random.NextBytes(sk, SecretKeyBytes - SymBytes, SymBytes);
}
- public void KemEncrypt(byte[] cipherText, byte[] sharedSecret, byte[] pk)
+ internal void KemEncrypt(byte[] cipherText, byte[] sharedSecret, byte[] pk)
{
byte[] buf = new byte[2 * SymBytes];
byte[] kr = new byte[2 * SymBytes];
Sha3Digest Sha3Digest256 = new Sha3Digest(256);
- _random.NextBytes(buf, 0, SymBytes);
+ m_random.NextBytes(buf, 0, SymBytes);
Sha3Digest256.BlockUpdate(buf, 0, SymBytes);
Sha3Digest256.DoFinal(buf, 0);
@@ -126,7 +125,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
Sha3Digest512.BlockUpdate(buf, 0, 2 * SymBytes);
Sha3Digest512.DoFinal(kr, 0);
- IndCpa.Encrypt(cipherText, Arrays.CopyOfRange(buf, 0, SymBytes), pk, Arrays.CopyOfRange(kr, SymBytes, 2 * SymBytes));
+ m_indCpa.Encrypt(cipherText, Arrays.CopyOfRange(buf, 0, SymBytes), pk, Arrays.CopyOfRange(kr, SymBytes, 2 * SymBytes));
Sha3Digest256.BlockUpdate(cipherText, 0, CipherTextBytes);
Sha3Digest256.DoFinal(kr, SymBytes);
@@ -136,39 +135,39 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
ShakeDigest128.DoFinal(sharedSecret, 0, SymBytes);
}
- public void KemDecrypt(byte[] SharedSecret, byte[] CipherText, byte[] SecretKey)
+ internal void KemDecrypt(byte[] sharedSecret, byte[] cipherText, byte[] secretKey)
{
- int i;
- bool fail;
- byte[] buf = new byte[2 * SymBytes],
- kr = new byte[2 * SymBytes],
- cmp = new byte[CipherTextBytes];
- byte[] pk = Arrays.CopyOfRange(SecretKey, IndCpaSecretKeyBytes, SecretKey.Length);
- IndCpa.Decrypt(buf, CipherText, SecretKey);
- Array.Copy(SecretKey, SecretKeyBytes - 2 * SymBytes, buf, SymBytes, SymBytes);
+ byte[] buf = new byte[2 * SymBytes], kr = new byte[2 * SymBytes], cmp = new byte[CipherTextBytes];
+ byte[] pk = Arrays.CopyOfRange(secretKey, IndCpaSecretKeyBytes, secretKey.Length);
+ m_indCpa.Decrypt(buf, cipherText, secretKey);
+ Array.Copy(secretKey, SecretKeyBytes - 2 * SymBytes, buf, SymBytes, SymBytes);
Sha3Digest Sha3Digest512 = new Sha3Digest(512);
Sha3Digest512.BlockUpdate(buf, 0, 2 * SymBytes);
Sha3Digest512.DoFinal(kr, 0);
- IndCpa.Encrypt(cmp, Arrays.CopyOf(buf, SymBytes), pk, Arrays.CopyOfRange(kr, SymBytes, kr.Length));
+ m_indCpa.Encrypt(cmp, Arrays.CopyOf(buf, SymBytes), pk, Arrays.CopyOfRange(kr, SymBytes, kr.Length));
- fail = !(Arrays.AreEqual(CipherText, cmp));
+ bool fail = !Arrays.ConstantTimeAreEqual(cipherText, cmp);
Sha3Digest Sha3Digest256 = new Sha3Digest(256);
- Sha3Digest256.BlockUpdate(CipherText, 0, CipherTextBytes);
+ Sha3Digest256.BlockUpdate(cipherText, 0, CipherTextBytes);
Sha3Digest256.DoFinal(kr, SymBytes);
- Cmov(kr, Arrays.CopyOfRange(SecretKey, SecretKeyBytes - SymBytes, SecretKeyBytes), SymBytes, fail);
+ CMov(kr, Arrays.CopyOfRange(secretKey, SecretKeyBytes - SymBytes, SecretKeyBytes), SymBytes, fail);
ShakeDigest ShakeDigest256 = new ShakeDigest(256);
ShakeDigest256.BlockUpdate(kr, 0, 2 * SymBytes);
- ShakeDigest256.DoFinal(SharedSecret, 0, SymBytes);
+ ShakeDigest256.DoFinal(sharedSecret, 0, SymBytes);
+ }
+
+ internal void RandomBytes(byte[] buf, int len)
+ {
+ m_random.NextBytes(buf, 0, len);
}
- private void Cmov(byte[] r, byte[] x, int len, bool b)
+ private void CMov(byte[] r, byte[] x, int len, bool b)
{
- int i;
if (b)
{
Array.Copy(x, 0, r, 0, len);
@@ -178,11 +177,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
Array.Copy(r, 0, r, 0, len);
}
}
-
- public void RandomBytes(byte[] buf, int len)
- {
- _random.NextBytes(buf,0,len);
- }
}
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberIndCpa.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberIndCpa.cs
index da4f94b88..1628ed90d 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberIndCpa.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberIndCpa.cs
@@ -1,96 +1,93 @@
-using Org.BouncyCastle.Crypto.Digests;
+using System;
+
+using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Utilities;
-using System;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
internal class KyberIndCpa
{
- KyberEngine Engine;
- int K;
- public KyberIndCpa(KyberEngine engine)
+ private readonly KyberEngine m_engine;
+
+ internal KyberIndCpa(KyberEngine engine)
{
- Engine = engine;
- this.K = engine.K;
- return;
+ m_engine = engine;
}
- private int XOFBlockBytes => Symmetric.Shake128Rate;
+ private int XofBlockBytes => Symmetric.Shake128Rate;
- private int GenerateMatrixNBlocks => ((12 * KyberEngine.N / 8 * (1 << 12) / KyberEngine.Q + XOFBlockBytes) / XOFBlockBytes);
+ private int GenerateMatrixNBlocks => ((12 * KyberEngine.N / 8 * (1 << 12) / KyberEngine.Q + XofBlockBytes) / XofBlockBytes);
private void GenerateMatrix(PolyVec[] a, byte[] seed, bool transposed)
{
- int ctr, i, j, k;
- int buflen, off;
- ShakeDigest XOF = new ShakeDigest(128);
- byte[] buf = new byte[GenerateMatrixNBlocks * XOFBlockBytes + 2];
- for (i = 0; i < K; i++)
+ int K = m_engine.K;
+ ShakeDigest shake128 = new ShakeDigest(128);
+ byte[] buf = new byte[GenerateMatrixNBlocks * XofBlockBytes + 2];
+
+ for (int i = 0; i < K; i++)
{
- for (j = 0; j < K; j++)
+ for (int j = 0; j < K; j++)
{
if (transposed)
{
- XOF = Symmetric.XOF(seed, (byte) i, (byte) j);
+ shake128 = Symmetric.Xof(seed, (byte) i, (byte) j);
}
else
{
- XOF = Symmetric.XOF(seed, (byte) j, (byte) i);
+ shake128 = Symmetric.Xof(seed, (byte) j, (byte) i);
}
- XOF.DoOutput(buf, 0, GenerateMatrixNBlocks * XOFBlockBytes);
- buflen = GenerateMatrixNBlocks * XOFBlockBytes;
- ctr = RejectionSampling(a[i].Vec[j].Coeffs, 0, KyberEngine.N, buf, buflen);
+ shake128.DoOutput(buf, 0, GenerateMatrixNBlocks * XofBlockBytes);
+ int buflen = GenerateMatrixNBlocks * XofBlockBytes;
+ int ctr = RejectionSampling(a[i].m_vec[j].Coeffs, 0, KyberEngine.N, buf, buflen);
while (ctr < KyberEngine.N)
{
- off = buflen % 3;
- for (k = 0; k < off; k++)
+ int off = buflen % 3;
+ for (int k = 0; k < off; k++)
{
buf[k] = buf[buflen - off + k];
}
- XOF.DoOutput(buf, off, XOFBlockBytes * 2);
- buflen = off + XOFBlockBytes;
- ctr += RejectionSampling(a[i].Vec[j].Coeffs, ctr, KyberEngine.N - ctr, buf, buflen);
+ shake128.DoOutput(buf, off, XofBlockBytes * 2);
+ buflen = off + XofBlockBytes;
+ ctr += RejectionSampling(a[i].m_vec[j].Coeffs, ctr, KyberEngine.N - ctr, buf, buflen);
}
}
}
- return;
}
private int RejectionSampling(short[] r, int off, int len, byte[] buf, int buflen)
{
- int ctr, pos;
- ushort val0, val1;
- ctr = pos = 0;
+ int ctr = 0, pos = 0;
while (ctr < len && pos + 3 <= buflen)
{
- val0 = (ushort) ((((ushort) (buf[pos + 0] & 0xFF) >> 0) | ((ushort)(buf[pos + 1] & 0xFF) << 8)) & 0xFFF);
- val1 = (ushort) ((((ushort) (buf[pos + 1] & 0xFF) >> 4) | ((ushort)(buf[pos + 2] & 0xFF) << 4)) & 0xFFF);
+ ushort val0 = (ushort) ((((ushort) (buf[pos + 0] & 0xFF) >> 0) | ((ushort)(buf[pos + 1] & 0xFF) << 8)) & 0xFFF);
+ ushort val1 = (ushort) ((((ushort) (buf[pos + 1] & 0xFF) >> 4) | ((ushort)(buf[pos + 2] & 0xFF) << 4)) & 0xFFF);
pos += 3;
if (val0 < KyberEngine.Q)
{
- r[off + ctr++] = (short) val0;
+ r[off + ctr++] = (short)val0;
}
if (ctr < len && val1 < KyberEngine.Q)
{
- r[off + ctr++] = (short) val1;
+ r[off + ctr++] = (short)val1;
}
}
return ctr;
}
- public void GenerateKeyPair(byte[] pk, byte[] sk)
+ internal void GenerateKeyPair(byte[] pk, byte[] sk)
{
- uint i;
+ int K = m_engine.K;
+
byte[] buf = new byte[2 * KyberEngine.SymBytes];
byte nonce = 0;
PolyVec[] Matrix = new PolyVec[K];
- PolyVec e = new PolyVec(Engine), pkpv = new PolyVec(Engine), skpv = new PolyVec(Engine);
+ PolyVec e = new PolyVec(m_engine), pkpv = new PolyVec(m_engine), skpv = new PolyVec(m_engine);
Sha3Digest Sha3Digest512 = new Sha3Digest(512);
- Engine.RandomBytes(buf, KyberEngine.SymBytes);
+ m_engine.RandomBytes(buf, KyberEngine.SymBytes);
Sha3Digest512.BlockUpdate(buf, 0, KyberEngine.SymBytes);
Sha3Digest512.DoFinal(buf, 0);
@@ -99,30 +96,28 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
byte[] PublicSeed = Arrays.CopyOfRange(buf, 0, KyberEngine.SymBytes);
byte[] NoiseSeed = Arrays.CopyOfRange(buf, KyberEngine.SymBytes, 2 * KyberEngine.SymBytes);
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- Matrix[i] = new PolyVec(Engine);
+ Matrix[i] = new PolyVec(m_engine);
}
GenerateMatrix(Matrix, PublicSeed, false);
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- skpv.Vec[i].GetNoiseEta1(NoiseSeed, nonce++);
+ skpv.m_vec[i].GetNoiseEta1(NoiseSeed, nonce++);
}
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- e.Vec[i].GetNoiseEta1(NoiseSeed, nonce++);
+ e.m_vec[i].GetNoiseEta1(NoiseSeed, nonce++);
}
-
-
skpv.Ntt();
e.Ntt();
//Console.WriteLine("skpv = ");
- //for (i = 0; i < K; i++)
+ //for (int i = 0; i < K; i++)
//{
// Console.Write(String.Format("{0} [", i));
// foreach (short coeff in skpv.Vec[i].Coeffs)
@@ -132,7 +127,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
// Console.Write("]\n");
//}
- //for (i = 0; i < K; i++)
+ //for (int i = 0; i < K; i++)
//{
// Console.Write("[");
// for (int j = 0; j < K; j++)
@@ -147,14 +142,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
// Console.Write("] \n");
//}
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- PolyVec.PointwiseAccountMontgomery(pkpv.Vec[i], Matrix[i], skpv, Engine);
- pkpv.Vec[i].ToMont();
+ PolyVec.PointwiseAccountMontgomery(pkpv.m_vec[i], Matrix[i], skpv, m_engine);
+ pkpv.m_vec[i].ToMont();
}
//Console.WriteLine("pkpv = ");
- //for (i = 0; i < K; i++)
+ //for (int i = 0; i < K; i++)
//{
// Console.Write(String.Format("{0} [", i));
// foreach (short coeff in pkpv.Vec[i].Coeffs)
@@ -166,14 +161,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
pkpv.Add(e);
pkpv.Reduce();
-
-
-
PackSecretKey(sk, skpv);
PackPublicKey(pk, pkpv, PublicSeed);
-
-
- return;
}
private void PackSecretKey(byte[] sk, PolyVec skpv)
@@ -188,57 +177,57 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
private void PackPublicKey(byte[] pk, PolyVec pkpv, byte[] seed)
{
- int i;
pkpv.ToBytes(pk);
- Array.Copy(seed, 0, pk, Engine.PolyVecBytes, KyberEngine.SymBytes);
+ Array.Copy(seed, 0, pk, m_engine.PolyVecBytes, KyberEngine.SymBytes);
}
private void UnpackPublicKey(PolyVec pkpv, byte[] seed, byte[] pk)
{
- int i;
pkpv.FromBytes(pk);
- Array.Copy(pk, Engine.PolyVecBytes, seed, 0, KyberEngine.SymBytes);
+ Array.Copy(pk, m_engine.PolyVecBytes, seed, 0, KyberEngine.SymBytes);
}
- public void Encrypt(byte[] c, byte[] m, byte[] pk, byte[] coins)
+ internal void Encrypt(byte[] c, byte[] m, byte[] pk, byte[] coins)
{
- int i;
+ int K = m_engine.K;
+
byte[] seed = new byte[KyberEngine.SymBytes];
- byte nonce = (byte)0;
- PolyVec sp = new PolyVec(Engine), pkpv = new PolyVec(Engine), ep = new PolyVec(Engine), bp = new PolyVec(Engine);
+ byte nonce = 0;
+ PolyVec sp = new PolyVec(m_engine), pkpv = new PolyVec(m_engine), ep = new PolyVec(m_engine),
+ bp = new PolyVec(m_engine);
PolyVec[] MatrixTransposed = new PolyVec[K];
- Poly v = new Poly(Engine), k = new Poly(Engine), epp = new Poly(Engine);
+ Poly v = new Poly(m_engine), k = new Poly(m_engine), epp = new Poly(m_engine);
UnpackPublicKey(pkpv, seed, pk);
k.FromMsg(m);
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- MatrixTransposed[i] = new PolyVec(Engine);
+ MatrixTransposed[i] = new PolyVec(m_engine);
}
GenerateMatrix(MatrixTransposed, seed, true);
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- sp.Vec[i].GetNoiseEta1(coins, nonce++);
+ sp.m_vec[i].GetNoiseEta1(coins, nonce++);
}
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- ep.Vec[i].GetNoiseEta2(coins, nonce++);
+ ep.m_vec[i].GetNoiseEta2(coins, nonce++);
}
epp.GetNoiseEta2(coins, nonce++);
sp.Ntt();
- for (i = 0; i < K; i++)
+ for (int i = 0; i < K; i++)
{
- PolyVec.PointwiseAccountMontgomery(bp.Vec[i], MatrixTransposed[i], sp, Engine);
+ PolyVec.PointwiseAccountMontgomery(bp.m_vec[i], MatrixTransposed[i], sp, m_engine);
}
- PolyVec.PointwiseAccountMontgomery(v, pkpv, sp, Engine);
+ PolyVec.PointwiseAccountMontgomery(v, pkpv, sp, m_engine);
bp.InverseNttToMont();
@@ -258,36 +247,31 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
private void PackCipherText(byte[] r, PolyVec b, Poly v)
{
b.CompressPolyVec(r);
- v.CompressPoly(r, Engine.PolyVecCompressedBytes);
+ v.CompressPoly(r, m_engine.PolyVecCompressedBytes);
}
private void UnpackCipherText(PolyVec b, Poly v, byte[] c)
{
b.DecompressPolyVec(c);
- v.DecompressPoly(c, Engine.PolyVecCompressedBytes);
+ v.DecompressPoly(c, m_engine.PolyVecCompressedBytes);
}
- public void Decrypt(byte[] m, byte[] c, byte[] sk)
+ internal void Decrypt(byte[] m, byte[] c, byte[] sk)
{
- PolyVec bp = new PolyVec(Engine),
- skpv = new PolyVec(Engine);
- Poly v = new Poly(Engine),
- mp = new Poly(Engine);
- int i;
+ PolyVec bp = new PolyVec(m_engine), skpv = new PolyVec(m_engine);
+ Poly v = new Poly(m_engine), mp = new Poly(m_engine);
UnpackCipherText(bp, v, c);
-
UnpackSecretKey(skpv, sk);
bp.Ntt();
- PolyVec.PointwiseAccountMontgomery(mp, skpv, bp, Engine);
+ PolyVec.PointwiseAccountMontgomery(mp, skpv, bp, m_engine);
mp.PolyInverseNttToMont();
mp.Subtract(v);
mp.PolyReduce();
mp.ToMsg(m);
-
}
}
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberKEMExtractor.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberKEMExtractor.cs
index 38b826f43..a9f27c4ed 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberKEMExtractor.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberKEMExtractor.cs
@@ -1,36 +1,29 @@
-
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- public class KyberKEMExtractor
+ public sealed class KyberKemExtractor
: IEncapsulatedSecretExtractor
{
- private KyberEngine engine;
-
- private KyberKeyParameters key;
-
- public KyberKEMExtractor(KyberKeyParameters privParams)
- {
- this.key = privParams;
- InitCipher(key.Parameters);
- }
+ private readonly KyberKeyParameters m_key;
+ private readonly KyberEngine m_engine;
- private void InitCipher(KyberParameters param)
+ public KyberKemExtractor(KyberKeyParameters privParams)
{
- engine = param.GetEngine();
+ m_key = privParams;
+ m_engine = m_key.Parameters.Engine;
}
public byte[] ExtractSecret(byte[] encapsulation)
{
- byte[] sessionKey = new byte[engine.CryptoBytes];
- engine.KemDecrypt(sessionKey, encapsulation, ((KyberPrivateKeyParameters) key).privateKey);
- byte[] rv = Arrays.CopyOfRange(sessionKey, 0, key.Parameters.DefaultKeySize / 8);
+ byte[] sessionKey = new byte[m_engine.CryptoBytes];
+ m_engine.KemDecrypt(sessionKey, encapsulation, ((KyberPrivateKeyParameters)m_key).m_privateKey);
+ byte[] rv = Arrays.CopyOfRange(sessionKey, 0, m_key.Parameters.DefaultKeySize / 8);
Arrays.Clear(sessionKey);
return rv;
}
- public int EncapsulationLength => engine.CryptoCipherTextBytes;
+ public int EncapsulationLength => m_engine.CryptoCipherTextBytes;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberKEMGenerator.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberKEMGenerator.cs
index c43f10ff1..a0c070069 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberKEMGenerator.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberKEMGenerator.cs
@@ -1,85 +1,80 @@
-
using System;
+
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- public class KyberKEMGenerator
+ public sealed class KyberKemGenerator
: IEncapsulatedSecretGenerator
{
// the source of randomness
- private SecureRandom sr;
+ private readonly SecureRandom m_random;
- public KyberKEMGenerator(SecureRandom random)
+ public KyberKemGenerator(SecureRandom random)
{
- this.sr = random;
+ m_random = random;
}
public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey)
{
- KyberPublicKeyParameters key = (KyberPublicKeyParameters) recipientKey;
- KyberEngine engine = key.Parameters.GetEngine();
- engine.Init(sr);
- byte[] CipherText = new byte[engine.CryptoCipherTextBytes];
- byte[] SessionKey = new byte[engine.CryptoBytes];
- engine.KemEncrypt(CipherText, SessionKey, key.publicKey);
- byte[] rv = Arrays.CopyOfRange(SessionKey, 0, key.Parameters.DefaultKeySize / 8);
- Arrays.Clear(SessionKey);
- return new SecretWithEncapsulationImpl(rv, CipherText);
+ KyberPublicKeyParameters key = (KyberPublicKeyParameters)recipientKey;
+ KyberEngine engine = key.Parameters.Engine;
+ engine.Init(m_random);
+ byte[] cipherText = new byte[engine.CryptoCipherTextBytes];
+ byte[] sessionKey = new byte[engine.CryptoBytes];
+ engine.KemEncrypt(cipherText, sessionKey, key.m_publicKey);
+ byte[] rv = Arrays.CopyOfRange(sessionKey, 0, key.Parameters.DefaultKeySize / 8);
+ Arrays.Clear(sessionKey);
+ return new SecretWithEncapsulationImpl(rv, cipherText);
}
- private class SecretWithEncapsulationImpl
+ private sealed class SecretWithEncapsulationImpl
: ISecretWithEncapsulation
{
- private volatile bool hasBeenDestroyed = false;
+ private volatile bool m_hasBeenDestroyed = false;
- private byte[] SessionKey;
- private byte[] CipherText;
+ private readonly byte[] m_sessionKey;
+ private readonly byte[] m_cipherText;
- public SecretWithEncapsulationImpl(byte[] sessionKey, byte[] cipher_text)
+ internal SecretWithEncapsulationImpl(byte[] sessionKey, byte[] cipher_text)
{
- this.SessionKey = sessionKey;
- this.CipherText = cipher_text;
+ m_sessionKey = sessionKey;
+ m_cipherText = cipher_text;
}
public byte[] GetSecret()
{
CheckDestroyed();
- return Arrays.Clone(SessionKey);
+ return Arrays.Clone(m_sessionKey);
}
public byte[] GetEncapsulation()
{
CheckDestroyed();
- return Arrays.Clone(CipherText);
+ return Arrays.Clone(m_cipherText);
}
public void Dispose()
{
- if (!hasBeenDestroyed)
+ if (!m_hasBeenDestroyed)
{
- hasBeenDestroyed = true;
- Arrays.Clear(SessionKey);
- Arrays.Clear(CipherText);
+ m_hasBeenDestroyed = true;
+ Arrays.Clear(m_sessionKey);
+ Arrays.Clear(m_cipherText);
}
}
- public bool IsDestroyed()
- {
- return hasBeenDestroyed;
- }
+ internal bool IsDestroyed => m_hasBeenDestroyed;
- void CheckDestroyed()
+ private void CheckDestroyed()
{
- if (IsDestroyed())
- {
+ if (IsDestroyed)
throw new ArgumentException("data has been destroyed");
- }
}
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberKeyGenerationParameters.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberKeyGenerationParameters.cs
index f6adb0071..e42d6fdeb 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberKeyGenerationParameters.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberKeyGenerationParameters.cs
@@ -1,22 +1,19 @@
-
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Security;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- public class KyberKeyGenerationParameters
+ public sealed class KyberKeyGenerationParameters
: KeyGenerationParameters
{
- private KyberParameters parameters;
+ private readonly KyberParameters m_parameters;
- public KyberKeyGenerationParameters(
- SecureRandom random,
- KyberParameters KyberParameters)
+ public KyberKeyGenerationParameters(SecureRandom random, KyberParameters KyberParameters)
: base(random, 256)
{
- this.parameters = KyberParameters;
+ m_parameters = KyberParameters;
}
- public KyberParameters Parameters => parameters;
+ public KyberParameters Parameters => m_parameters;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberKeyPairGenerator.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberKeyPairGenerator.cs
index 39ee496f2..fde26f727 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberKeyPairGenerator.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberKeyPairGenerator.cs
@@ -1,6 +1,4 @@
-
using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber;
using Org.BouncyCastle.Security;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
@@ -8,42 +6,26 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
public class KyberKeyPairGenerator
: IAsymmetricCipherKeyPairGenerator
{
- private KyberKeyGenerationParameters KyberParams;
-
- private int k;
+ private KyberKeyGenerationParameters m_kyberParams;
+ private SecureRandom m_random;
- private SecureRandom random;
-
- private void Initialize(
- KeyGenerationParameters param)
+ public void Init(KeyGenerationParameters param)
{
- this.KyberParams = (KyberKeyGenerationParameters) param;
- this.random = param.Random;
-
- this.k = this.KyberParams.Parameters.K;
+ m_kyberParams = (KyberKeyGenerationParameters)param;
+ m_random = param.Random;
}
- private AsymmetricCipherKeyPair GenKeyPair()
+ public AsymmetricCipherKeyPair GenerateKeyPair()
{
- KyberEngine engine = KyberParams.Parameters.GetEngine();
- engine.Init(random);
+ KyberEngine engine = m_kyberParams.Parameters.Engine;
+ engine.Init(m_random);
byte[] sk = new byte[engine.CryptoSecretKeyBytes];
byte[] pk = new byte[engine.CryptoPublicKeyBytes];
engine.GenerateKemKeyPair(pk, sk);
- KyberPublicKeyParameters pubKey = new KyberPublicKeyParameters(KyberParams.Parameters, pk);
- KyberPrivateKeyParameters privKey = new KyberPrivateKeyParameters(KyberParams.Parameters, sk);
+ KyberPublicKeyParameters pubKey = new KyberPublicKeyParameters(m_kyberParams.Parameters, pk);
+ KyberPrivateKeyParameters privKey = new KyberPrivateKeyParameters(m_kyberParams.Parameters, sk);
return new AsymmetricCipherKeyPair(pubKey, privKey);
}
-
- public void Init(KeyGenerationParameters param)
- {
- this.Initialize(param);
- }
-
- public AsymmetricCipherKeyPair GenerateKeyPair()
- {
- return GenKeyPair();
- }
}
}
\ No newline at end of file
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberKeyParameters.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberKeyParameters.cs
index 37650cb4d..9fb26c2ad 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberKeyParameters.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberKeyParameters.cs
@@ -1,21 +1,18 @@
-
using Org.BouncyCastle.Crypto;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- public class KyberKeyParameters
+ public abstract class KyberKeyParameters
: AsymmetricKeyParameter
{
- private KyberParameters parameters;
+ private readonly KyberParameters m_parameters;
- public KyberKeyParameters(
- bool isPrivate,
- KyberParameters parameters)
+ public KyberKeyParameters(bool isPrivate, KyberParameters parameters)
: base(isPrivate)
{
- this.parameters = parameters;
+ m_parameters = parameters;
}
- public KyberParameters Parameters => parameters;
+ public KyberParameters Parameters => m_parameters;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberParameters.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberParameters.cs
index d0fd8a631..ea9f90c98 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberParameters.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberParameters.cs
@@ -1,38 +1,31 @@
-
using System;
+
using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- public class KyberParameters
+ public sealed class KyberParameters
: ICipherParameters
{
-
public static KyberParameters kyber512 = new KyberParameters("kyber512", 2);
public static KyberParameters kyber768 = new KyberParameters("kyber768", 3);
public static KyberParameters kyber1024 = new KyberParameters("kyber1024", 4);
- private String name;
- private int k;
- private KyberEngine engine;
+ private string m_name;
+ private KyberEngine m_engine;
- public KyberParameters(String name, int k)
+ public KyberParameters(string name, int k)
{
- this.name = name;
- this.k = k;
- this.engine = new KyberEngine(k);
+ m_name = name;
+ m_engine = new KyberEngine(k);
}
- public String Name => name;
+ public string Name => m_name;
- public int K => k;
+ public int K => m_engine.K;
- public int DefaultKeySize => 64 * k;
+ public int DefaultKeySize => 64 * m_engine.K;
- internal KyberEngine GetEngine()
- {
- return engine;
- }
+ internal KyberEngine Engine => m_engine;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberPrivateKeyParameters.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberPrivateKeyParameters.cs
index 955b44673..d58a59c40 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberPrivateKeyParameters.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberPrivateKeyParameters.cs
@@ -2,20 +2,20 @@ using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- public class KyberPrivateKeyParameters
+ public sealed class KyberPrivateKeyParameters
: KyberKeyParameters
{
- internal byte[] privateKey;
+ internal readonly byte[] m_privateKey;
public KyberPrivateKeyParameters(KyberParameters parameters, byte[] privateKey)
: base(true, parameters)
{
- this.privateKey = Arrays.Clone(privateKey);
+ m_privateKey = Arrays.Clone(privateKey);
}
public byte[] GetEncoded()
{
- return Arrays.Clone(privateKey);
+ return Arrays.Clone(m_privateKey);
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberPublicKeyParameters.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberPublicKeyParameters.cs
index 1092c7e96..02e467530 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/KyberPublicKeyParameters.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/KyberPublicKeyParameters.cs
@@ -2,20 +2,20 @@ using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- public class KyberPublicKeyParameters
+ public sealed class KyberPublicKeyParameters
: KyberKeyParameters
{
- internal byte[] publicKey;
+ internal readonly byte[] m_publicKey;
- public byte[] GetEncoded()
+ public KyberPublicKeyParameters(KyberParameters parameters, byte[] publicKey)
+ : base(false, parameters)
{
- return Arrays.Clone(publicKey);
+ m_publicKey = Arrays.Clone(publicKey);
}
- public KyberPublicKeyParameters(KyberParameters parameters, byte[] publicKey)
- : base(false, parameters)
+ public byte[] GetEncoded()
{
- this.publicKey = Arrays.Clone(publicKey);
+ return Arrays.Clone(m_publicKey);
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/Ntt.cs b/crypto/src/pqc/crypto/crystals/kyber/Ntt.cs
index f07e8da26..1b0c05c8e 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/Ntt.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/Ntt.cs
@@ -3,7 +3,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
internal static class Ntt
{
- public static readonly short[] Zetas = {
+ internal static readonly short[] Zetas = {
2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962,
2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017,
732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047,
@@ -16,7 +16,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628
};
- public static readonly short[] ZetasInv = {
+ internal static readonly short[] ZetasInv = {
1701, 1807, 1460, 2371, 2338, 2333, 308, 108, 2851, 870, 854, 1510, 2535,
1278, 1530, 1185, 1659, 1187, 3109, 874, 1335, 2111, 136, 1215, 2945, 1465,
1285, 2007, 2719, 2726, 2232, 2512, 75, 156, 3000, 2911, 2980, 872, 2685,
@@ -34,20 +34,17 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
return Reduce.MontgomeryReduce(a * b);
}
- public static void NTT(short[] r)
+ internal static void NTT(short[] r)
{
- int len, start, j, k;
- short t, zeta;
-
- k = 1;
- for (len = 128; len >= 2; len >>= 1)
+ int j = 0, k = 1;
+ for (int len = 128; len >= 2; len >>= 1)
{
- for (start = 0; start < 256; start = j + len)
+ for (int start = 0; start < 256; start = j + len)
{
- zeta = Zetas[k++];
+ short zeta = Zetas[k++];
for (j = start; j < start + len; ++j)
{
- t = FactorQMulMont(zeta, r[j + len]);
+ short t = FactorQMulMont(zeta, r[j + len]);
r[j + len] = (short)(r[j] - t);
r[j] = (short)(r[j] + t);
}
@@ -55,20 +52,17 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
}
}
- public static void InvNTT(short[] r)
+ internal static void InvNTT(short[] r)
{
- int len, start, j, k;
- short t, zeta;
-
- k = 0;
- for (len = 2; len <= 128; len <<= 1)
+ int j = 0, k = 0;
+ for (int len = 2; len <= 128; len <<= 1)
{
- for (start = 0; start < 256; start = j + len)
+ for (int start = 0; start < 256; start = j + len)
{
- zeta = ZetasInv[k++];
+ short zeta = ZetasInv[k++];
for (j = start; j < start + len; ++j)
{
- t = r[j];
+ short t = r[j];
r[j] = Reduce.BarrettReduce((short)(t + r[j + len]));
r[j + len] = (short)(t - r[j + len]);
r[j + len] = FactorQMulMont(zeta, r[j + len]);
@@ -76,22 +70,22 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
}
}
}
- for (j = 0; j < 256; ++j)
+ for (int i = 0; i < 256; ++i)
{
- r[j] = FactorQMulMont(r[j], Ntt.ZetasInv[127]);
+ r[i] = FactorQMulMont(r[i], ZetasInv[127]);
}
}
- public static void BaseMult(short[] r, int off, short a0, short a1, short b0, short b1, short zeta)
+ internal static void BaseMult(short[] r, int off, short a0, short a1, short b0, short b1, short zeta)
{
- short OutVal0 = FactorQMulMont(a1, b1);
- OutVal0 = FactorQMulMont(OutVal0, zeta);
- OutVal0 += FactorQMulMont(a0, b0);
- r[off] = OutVal0;
+ short outVal0 = FactorQMulMont(a1, b1);
+ outVal0 = FactorQMulMont(outVal0, zeta);
+ outVal0 += FactorQMulMont(a0, b0);
+ r[off] = outVal0;
- short OutVal1 = FactorQMulMont(a0, b1);
- OutVal1 += FactorQMulMont(a1, b0);
- r[off + 1] = OutVal1;
+ short outVal1 = FactorQMulMont(a0, b1);
+ outVal1 += FactorQMulMont(a1, b0);
+ r[off + 1] = outVal1;
}
}
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/Poly.cs b/crypto/src/pqc/crypto/crystals/kyber/Poly.cs
index 0b226bca1..fc2f7ec70 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/Poly.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/Poly.cs
@@ -1,54 +1,48 @@
-
-using System;
+using System;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- class Poly
+ internal class Poly
{
- private KyberEngine Engine;
- public short[] Coeffs { get; set; }
- private int PolyCompressedBytes;
- private int Eta1;
- private int Eta2;
- private int N;
- public Poly(KyberEngine engine)
+ private short[] m_coeffs = new short[KyberEngine.N];
+
+ private KyberEngine m_engine;
+
+ internal Poly(KyberEngine engine)
{
- Engine = engine;
- Coeffs = new short[KyberEngine.N];
- PolyCompressedBytes = engine.PolyCompressedBytes;
- Eta1 = engine.Eta1;
- N = KyberEngine.N;
+ m_engine = engine;
}
- public void GetNoiseEta1(byte[] seed, byte nonce)
+ internal short[] Coeffs => m_coeffs;
+
+ internal void GetNoiseEta1(byte[] seed, byte nonce)
{
- byte[] buf = new byte[Engine.Eta1 * KyberEngine.N / 4];
- Symmetric.PRF(buf, buf.Length, seed, nonce);
- CBD.Eta(this, buf, Engine.Eta1);
+ byte[] buf = new byte[m_engine.Eta1 * KyberEngine.N / 4];
+ Symmetric.Prf(buf, buf.Length, seed, nonce);
+ Cbd.Eta(this, buf, m_engine.Eta1);
}
- public void GetNoiseEta2(byte[] seed, byte nonce)
+ internal void GetNoiseEta2(byte[] seed, byte nonce)
{
byte[] buf = new byte[KyberEngine.Eta2 * KyberEngine.N / 4];
- Symmetric.PRF(buf, buf.Length, seed, nonce);
- CBD.Eta(this, buf, KyberEngine.Eta2);
+ Symmetric.Prf(buf, buf.Length, seed, nonce);
+ Cbd.Eta(this, buf, KyberEngine.Eta2);
}
- public void PolyNtt()
+ internal void PolyNtt()
{
Ntt.NTT(Coeffs);
PolyReduce();
}
- public void PolyInverseNttToMont()
+ internal void PolyInverseNttToMont()
{
Ntt.InvNTT(Coeffs);
}
- public static void BaseMultMontgomery(Poly r, Poly a, Poly b)
+ internal static void BaseMultMontgomery(Poly r, Poly a, Poly b)
{
- int i;
- for (i = 0; i < KyberEngine.N/4; i++)
+ for (int i = 0; i < KyberEngine.N/4; i++)
{
Ntt.BaseMult(r.Coeffs, 4 * i,
a.Coeffs[4 * i], a.Coeffs[4 * i + 1],
@@ -61,55 +55,55 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
}
}
- public void ToMont()
+ internal void ToMont()
{
- int i;
const short f = (short) ((1UL << 32) % KyberEngine.Q);
- for (i = 0; i < KyberEngine.N; i++)
+ for (int i = 0; i < KyberEngine.N; i++)
{
Coeffs[i] = Reduce.MontgomeryReduce(Coeffs[i] * f);
}
}
- public void Add(Poly a)
+ internal void Add(Poly a)
{
- int i;
- for (i = 0; i < N; i++)
+ for (int i = 0; i < KyberEngine.N; i++)
{
Coeffs[i] += a.Coeffs[i];
}
}
- public void Subtract(Poly a)
+ internal void Subtract(Poly a)
{
- int i;
- for (i = 0; i < N; i++)
+ for (int i = 0; i < KyberEngine.N; i++)
{
- Coeffs[i] = (short) (a.Coeffs[i] - Coeffs[i]);
+ Coeffs[i] = (short)(a.Coeffs[i] - Coeffs[i]);
}
}
- public void PolyReduce()
+ internal void PolyReduce()
{
- int i;
- for (i = 0; i < KyberEngine.N; i++)
+ for (int i = 0; i < KyberEngine.N; i++)
{
Coeffs[i] = Reduce.BarrettReduce(Coeffs[i]);
}
}
- public void CompressPoly(byte[] r, int off)
+ internal void CompressPoly(byte[] r, int off)
{
- int i, j;
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<byte> t = stackalloc byte[8];
+#else
byte[] t = new byte[8];
+#endif
+
int count = 0;
CondSubQ();
- if (Engine.PolyCompressedBytes == 128)
+ if (m_engine.PolyCompressedBytes == 128)
{
- for (i = 0; i < KyberEngine.N / 8; i++)
+ for (int i = 0; i < KyberEngine.N / 8; i++)
{
- for (j = 0; j < 8; j++)
+ for (int j = 0; j < 8; j++)
{
t[j] =
(byte)(((((Coeffs[8 * i + j]) << 4)
@@ -126,11 +120,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
count += 4;
}
}
- else if (Engine.PolyCompressedBytes == 160)
+ else if (m_engine.PolyCompressedBytes == 160)
{
- for (i = 0; i < KyberEngine.N / 8; i++)
+ for (int i = 0; i < KyberEngine.N / 8; i++)
{
- for (j = 0; j < 8; j++)
+ for (int j = 0; j < 8; j++)
{
t[j] =
(byte)((((Coeffs[8 * i + j] << 5)
@@ -154,24 +148,23 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
}
}
- public void DecompressPoly(byte[] CompressedCipherText, int off)
+ internal void DecompressPoly(byte[] CompressedCipherText, int off)
{
- int i, count = off;
+ int count = off;
- if (Engine.PolyCompressedBytes == 128)
+ if (m_engine.PolyCompressedBytes == 128)
{
- for (i = 0; i < KyberEngine.N / 2; i++)
+ for (int i = 0; i < KyberEngine.N / 2; i++)
{
Coeffs[2 * i + 0] = (short)((((short)((CompressedCipherText[count] & 0xFF) & 15) * KyberEngine.Q) + 8) >> 4);
Coeffs[2 * i + 1] = (short)((((short)((CompressedCipherText[count] & 0xFF) >> 4) * KyberEngine.Q) + 8) >> 4);
count += 1;
}
}
- else if (Engine.PolyCompressedBytes == 160)
+ else if (m_engine.PolyCompressedBytes == 160)
{
- int j;
byte[] t = new byte[8];
- for (i = 0; i < KyberEngine.N / 8; i++)
+ for (int i = 0; i < KyberEngine.N / 8; i++)
{
t[0] = (byte)((CompressedCipherText[count + 0] & 0xFF) >> 0);
t[1] = (byte)(((CompressedCipherText[count + 0] & 0xFF) >> 5) | ((CompressedCipherText[count + 1] & 0xFF) << 3));
@@ -182,7 +175,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
t[6] = (byte)(((CompressedCipherText[count + 3] & 0xFF) >> 6) | ((CompressedCipherText[count + 4] & 0xFF) << 2));
t[7] = (byte)((CompressedCipherText[count + 4] & 0xFF) >> 3);
count += 5;
- for (j = 0; j < 8; j++)
+ for (int j = 0; j < 8; j++)
{
Coeffs[8 * i + j] = (short)(((t[j] & 31) * KyberEngine.Q + 16) >> 5);
}
@@ -193,74 +186,63 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
throw new ArgumentException("PolyCompressedBytes is neither 128 or 160!");
}
}
-
- public void ToBytes(byte[] r, int off)
- {
- int i;
- ushort t0, t1;
+ internal void ToBytes(byte[] r, int off)
+ {
CondSubQ();
- for (i = 0; i < KyberEngine.N/2; i++)
+ for (int i = 0; i < KyberEngine.N/2; i++)
{
- t0 = (ushort) Coeffs[2 * i];
- t1 = (ushort) Coeffs[2 * i + 1];
+ ushort t0 = (ushort) Coeffs[2 * i];
+ ushort t1 = (ushort) Coeffs[2 * i + 1];
r[off + 3 * i + 0] = (byte) (ushort) (t0 >> 0);
r[off + 3 * i + 1] = (byte)((t0 >> 8) | (ushort) (t1 << 4));
r[off + 3 * i + 2] = (byte) (ushort) (t1 >> 4);
}
}
- public void FromBytes(byte[] a, int off)
+ internal void FromBytes(byte[] a, int off)
{
- int i;
- for (i = 0; i < KyberEngine.N / 2; i++)
+ for (int i = 0; i < KyberEngine.N / 2; i++)
{
Coeffs[2 * i] = (short) ((((a[off + 3 * i + 0] & 0xFF) >> 0) | (ushort)((a[off + 3 * i + 1] & 0xFF) << 8)) & 0xFFF);
Coeffs[2 * i + 1] = (short) ((((a[off + 3 * i + 1] & 0xFF) >> 4) | (ushort)((a[off + 3 * i + 2] & 0xFF) << 4)) & 0xFFF);
}
}
- public void ToMsg(byte[] msg)
+ internal void ToMsg(byte[] msg)
{
- int i, j;
- short t;
-
CondSubQ();
- for (i = 0; i < KyberEngine.N / 8; i++)
+ for (int i = 0; i < KyberEngine.N / 8; i++)
{
msg[i] = 0;
- for (j = 0; j < 8; j++)
+ for (int j = 0; j < 8; j++)
{
- t = (short)(((((short)(Coeffs[8 * i + j] << 1) + KyberEngine.Q / 2) / KyberEngine.Q) & 1));
+ short t = (short)(((((short)(Coeffs[8 * i + j] << 1) + KyberEngine.Q / 2) / KyberEngine.Q) & 1));
msg[i] |= (byte)(t << j);
}
}
}
- public void FromMsg(byte[] m)
+ internal void FromMsg(byte[] m)
{
- int i, j;
- short mask;
if (m.Length != KyberEngine.N / 8)
- {
throw new ArgumentException("KYBER_INDCPA_MSGBYTES must be equal to KYBER_N/8 bytes!");
- }
- for (i = 0; i < KyberEngine.N / 8; i++)
+
+ for (int i = 0; i < KyberEngine.N / 8; i++)
{
- for (j = 0; j < 8; j++)
+ for (int j = 0; j < 8; j++)
{
- mask = (short)((-1) * (short)(((m[i] & 0xFF) >> j) & 1));
+ short mask = (short)((-1) * (short)(((m[i] & 0xFF) >> j) & 1));
Coeffs[8 * i + j] = (short)(mask & ((KyberEngine.Q + 1) / 2));
}
}
}
- public void CondSubQ()
+ internal void CondSubQ()
{
- int i;
- for (i = 0; i < KyberEngine.N; i++)
+ for (int i = 0; i < KyberEngine.N; i++)
{
Coeffs[i] = Reduce.CondSubQ(Coeffs[i]);
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/PolyVec.cs b/crypto/src/pqc/crypto/crystals/kyber/PolyVec.cs
index 7c915dcce..5c92441b9 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/PolyVec.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/PolyVec.cs
@@ -1,98 +1,88 @@
-using Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber;
-using System;
+using System;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
- class PolyVec
+ internal class PolyVec
{
- private KyberEngine Engine;
- private int K;
- private int PolyVecBytes;
- public Poly[] Vec;
+ private KyberEngine m_engine;
+ internal Poly[] m_vec;
-
-
-
- public PolyVec(KyberEngine engine)
+ internal PolyVec(KyberEngine engine)
{
- Engine = engine;
- K = engine.K;
- PolyVecBytes = engine.PolyVecBytes;
- Vec = new Poly[engine.K];
- for (int i = 0; i < K; i++)
+ m_engine = engine;
+ m_vec = new Poly[engine.K];
+ for (int i = 0; i < engine.K; i++)
{
- Vec[i] = new Poly(engine);
+ m_vec[i] = new Poly(engine);
}
}
- public void Ntt()
+ internal void Ntt()
{
- int i;
- for (i = 0; i < K; i++)
+ for (int i = 0; i < m_engine.K; i++)
{
- Vec[i].PolyNtt();
+ m_vec[i].PolyNtt();
}
}
- public void InverseNttToMont()
+ internal void InverseNttToMont()
{
- int i;
- for (i = 0; i < K; i++)
+ for (int i = 0; i < m_engine.K; i++)
{
- Vec[i].PolyInverseNttToMont();
+ m_vec[i].PolyInverseNttToMont();
}
}
-
- public static void PointwiseAccountMontgomery(Poly r, PolyVec a, PolyVec b, KyberEngine engine)
+
+ internal static void PointwiseAccountMontgomery(Poly r, PolyVec a, PolyVec b, KyberEngine engine)
{
- int i;
Poly t = new Poly(engine);
- Poly.BaseMultMontgomery(r, a.Vec[0], b.Vec[0]);
- for (i = 1; i < engine.K; i++)
+ Poly.BaseMultMontgomery(r, a.m_vec[0], b.m_vec[0]);
+ for (int i = 1; i < engine.K; i++)
{
- Poly.BaseMultMontgomery(t, a.Vec[i], b.Vec[i]);
+ Poly.BaseMultMontgomery(t, a.m_vec[i], b.m_vec[i]);
r.Add(t);
}
r.PolyReduce();
}
- public void Add(PolyVec a)
+ internal void Add(PolyVec a)
{
- uint i;
- for (i = 0; i < K; i++)
+ for (int i = 0; i < m_engine.K; i++)
{
- Vec[i].Add(a.Vec[i]);
+ m_vec[i].Add(a.m_vec[i]);
}
}
- public void Reduce()
+ internal void Reduce()
{
- int i;
- for (i = 0; i < K; i++)
+ for (int i = 0; i < m_engine.K; i++)
{
- Vec[i].PolyReduce();
+ m_vec[i].PolyReduce();
}
}
- public void CompressPolyVec(byte[] r)
+ internal void CompressPolyVec(byte[] r)
{
- int i, j, k;
ConditionalSubQ();
- short[] t;
int count = 0;
- if (Engine.PolyVecCompressedBytes == K * 320)
+ if (m_engine.PolyVecCompressedBytes == m_engine.K * 320)
{
- t = new short[4];
- for (i = 0; i < K; i++)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<short> t = stackalloc short[4];
+#else
+ short[] t = new short[4];
+#endif
+
+ for (int i = 0; i < m_engine.K; i++)
{
- for (j = 0; j < KyberEngine.N / 4; j++)
+ for (int j = 0; j < KyberEngine.N / 4; j++)
{
- for (k = 0; k < 4; k++)
+ for (int k = 0; k < 4; k++)
{
t[k] = (short)
(
(
- (((uint) Vec[i].Coeffs[4 * j + k] << 10)
+ (((uint) m_vec[i].Coeffs[4 * j + k] << 10)
+ (KyberEngine.Q / 2))
/ KyberEngine.Q)
& 0x3ff);
@@ -106,19 +96,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
}
}
}
- else if (Engine.PolyVecCompressedBytes == K * 352)
+ else if (m_engine.PolyVecCompressedBytes == m_engine.K * 352)
{
- t = new short[8];
- for (i = 0; i < K; i++)
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<short> t = stackalloc short[8];
+#else
+ short[] t = new short[8];
+#endif
+
+ for (int i = 0; i < m_engine.K; i++)
{
- for (j = 0; j < KyberEngine.N / 8; j++)
+ for (int j = 0; j < KyberEngine.N / 8; j++)
{
- for (k = 0; k < 8; k++)
+ for (int k = 0; k < 8; k++)
{
t[k] = (short)
(
(
- (((uint) Vec[i].Coeffs[8 * j + k] << 11)
+ (((uint) m_vec[i].Coeffs[8 * j + k] << 11)
+ (KyberEngine.Q / 2))
/ KyberEngine.Q)
& 0x7ff);
@@ -144,50 +139,58 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
}
}
- public void DecompressPolyVec(byte[] CompressedCipherText)
+ internal void DecompressPolyVec(byte[] compressedCipherText)
{
- int i, j, k, count = 0;
+ int count = 0;
- if (Engine.PolyVecCompressedBytes == (K * 320))
+ if (m_engine.PolyVecCompressedBytes == (m_engine.K * 320))
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<short> t = stackalloc short[4];
+#else
short[] t = new short[4];
- for (i = 0; i < K; i++)
+#endif
+
+ for (int i = 0; i < m_engine.K; i++)
{
- for (j = 0; j < KyberEngine.N / 4; j++)
+ for (int j = 0; j < KyberEngine.N / 4; j++)
{
- t[0] = (short)(((CompressedCipherText[count] & 0xFF) >> 0) | ((ushort)(CompressedCipherText[count + 1] & 0xFF) << 8));
- t[1] = (short)(((CompressedCipherText[count + 1] & 0xFF) >> 2) | ((ushort)(CompressedCipherText[count + 2] & 0xFF) << 6));
- t[2] = (short)(((CompressedCipherText[count + 2] & 0xFF) >> 4) | ((ushort)(CompressedCipherText[count + 3] & 0xFF) << 4));
- t[3] = (short)(((CompressedCipherText[count + 3] & 0xFF) >> 6) | ((ushort)(CompressedCipherText[count + 4] & 0xFF) << 2));
+ t[0] = (short)(((compressedCipherText[count] & 0xFF) >> 0) | ((ushort)(compressedCipherText[count + 1] & 0xFF) << 8));
+ t[1] = (short)(((compressedCipherText[count + 1] & 0xFF) >> 2) | ((ushort)(compressedCipherText[count + 2] & 0xFF) << 6));
+ t[2] = (short)(((compressedCipherText[count + 2] & 0xFF) >> 4) | ((ushort)(compressedCipherText[count + 3] & 0xFF) << 4));
+ t[3] = (short)(((compressedCipherText[count + 3] & 0xFF) >> 6) | ((ushort)(compressedCipherText[count + 4] & 0xFF) << 2));
count += 5;
- for (k = 0; k < 4; k++)
+ for (int k = 0; k < 4; k++)
{
- Vec[i].Coeffs[4 * j + k] = (short)(((t[k] & 0x3FF) * KyberEngine.Q + 512) >> 10);
+ m_vec[i].Coeffs[4 * j + k] = (short)(((t[k] & 0x3FF) * KyberEngine.Q + 512) >> 10);
}
}
-
}
-
}
- else if (Engine.PolyVecCompressedBytes == (K * 352))
+ else if (m_engine.PolyVecCompressedBytes == (m_engine.K * 352))
{
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ Span<short> t = stackalloc short[8];
+#else
short[] t = new short[8];
- for (i = 0; i < K; i++)
+#endif
+
+ for (int i = 0; i < m_engine.K; i++)
{
- for (j = 0; j < KyberEngine.N / 8; j++)
+ for (int j = 0; j < KyberEngine.N / 8; j++)
{
- t[0] = (short)(((CompressedCipherText[count] & 0xFF) >> 0) | ((ushort)(CompressedCipherText[count + 1] & 0xFF) << 8));
- t[1] = (short)(((CompressedCipherText[count + 1] & 0xFF) >> 3) | ((ushort)(CompressedCipherText[count + 2] & 0xFF) << 5));
- t[2] = (short)(((CompressedCipherText[count + 2] & 0xFF) >> 6) | ((ushort)(CompressedCipherText[count + 3] & 0xFF) << 2) | ((ushort)((CompressedCipherText[count + 4] & 0xFF) << 10)));
- t[3] = (short)(((CompressedCipherText[count + 4] & 0xFF) >> 1) | ((ushort)(CompressedCipherText[count + 5] & 0xFF) << 7));
- t[4] = (short)(((CompressedCipherText[count + 5] & 0xFF) >> 4) | ((ushort)(CompressedCipherText[count + 6] & 0xFF) << 4));
- t[5] = (short)(((CompressedCipherText[count + 6] & 0xFF) >> 7) | ((ushort)(CompressedCipherText[count + 7] & 0xFF) << 1) | ((ushort)((CompressedCipherText[count + 8] & 0xFF) << 9)));
- t[6] = (short)(((CompressedCipherText[count + 8] & 0xFF) >> 2) | ((ushort)(CompressedCipherText[count + 9] & 0xFF) << 6));
- t[7] = (short)(((CompressedCipherText[count + 9] & 0xFF) >> 5) | ((ushort)(CompressedCipherText[count + 10] & 0xFF) << 3));
+ t[0] = (short)(((compressedCipherText[count] & 0xFF) >> 0) | ((ushort)(compressedCipherText[count + 1] & 0xFF) << 8));
+ t[1] = (short)(((compressedCipherText[count + 1] & 0xFF) >> 3) | ((ushort)(compressedCipherText[count + 2] & 0xFF) << 5));
+ t[2] = (short)(((compressedCipherText[count + 2] & 0xFF) >> 6) | ((ushort)(compressedCipherText[count + 3] & 0xFF) << 2) | ((ushort)((compressedCipherText[count + 4] & 0xFF) << 10)));
+ t[3] = (short)(((compressedCipherText[count + 4] & 0xFF) >> 1) | ((ushort)(compressedCipherText[count + 5] & 0xFF) << 7));
+ t[4] = (short)(((compressedCipherText[count + 5] & 0xFF) >> 4) | ((ushort)(compressedCipherText[count + 6] & 0xFF) << 4));
+ t[5] = (short)(((compressedCipherText[count + 6] & 0xFF) >> 7) | ((ushort)(compressedCipherText[count + 7] & 0xFF) << 1) | ((ushort)((compressedCipherText[count + 8] & 0xFF) << 9)));
+ t[6] = (short)(((compressedCipherText[count + 8] & 0xFF) >> 2) | ((ushort)(compressedCipherText[count + 9] & 0xFF) << 6));
+ t[7] = (short)(((compressedCipherText[count + 9] & 0xFF) >> 5) | ((ushort)(compressedCipherText[count + 10] & 0xFF) << 3));
count += 11;
- for (k = 0; k < 8; k++)
+ for (int k = 0; k < 8; k++)
{
- Vec[i].Coeffs[8 * j + k] = (short)(((t[k] & 0x7FF) * KyberEngine.Q + 1024) >> 11);
+ m_vec[i].Coeffs[8 * j + k] = (short)(((t[k] & 0x7FF) * KyberEngine.Q + 1024) >> 11);
}
}
}
@@ -198,32 +201,28 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
}
}
- public void ToBytes(byte[] r)
+ internal void ToBytes(byte[] r)
{
- int i;
- for (i = 0; i < K; i++)
+ for (int i = 0; i < m_engine.K; i++)
{
- Vec[i].ToBytes(r, i * KyberEngine.PolyBytes);
+ m_vec[i].ToBytes(r, i * KyberEngine.PolyBytes);
}
}
- public void FromBytes(byte[] pk)
+ internal void FromBytes(byte[] pk)
{
- int i;
- for (i = 0; i < K; i++)
+ for (int i = 0; i < m_engine.K; i++)
{
- Vec[i].FromBytes(pk, i * KyberEngine.PolyBytes);
+ m_vec[i].FromBytes(pk, i * KyberEngine.PolyBytes);
}
}
private void ConditionalSubQ()
{
- int i;
- for (i = 0; i < K; i++)
+ for (int i = 0; i < m_engine.K; i++)
{
- Vec[i].CondSubQ();
+ m_vec[i].CondSubQ();
}
}
-
}
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/Reduce.cs b/crypto/src/pqc/crypto/crystals/kyber/Reduce.cs
index b222cdc17..db80d6967 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/Reduce.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/Reduce.cs
@@ -1,35 +1,29 @@
-
-namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
+namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
internal static class Reduce
{
- public static short MontgomeryReduce(int a)
+ internal static short MontgomeryReduce(int a)
{
- int t;
- short u;
-
- u = (short)(a * KyberEngine.QInv);
- t = (int)(u * KyberEngine.Q);
+ short u = (short)(a * KyberEngine.QInv);
+ int t = u * KyberEngine.Q;
t = a - t;
t >>= 16;
return (short)t;
}
- public static short BarrettReduce(short a)
+ internal static short BarrettReduce(short a)
{
- short t;
short v = (short)(((1U << 26) + (KyberEngine.Q / 2)) / KyberEngine.Q);
- t = (short)((v * a) >> 26);
+ short t = (short)((v * a) >> 26);
t = (short)(t * KyberEngine.Q);
return (short)(a - t);
}
-
- public static short CondSubQ(short a)
+
+ internal static short CondSubQ(short a)
{
a -= KyberEngine.Q;
- a += (short) ((a >> 15) & KyberEngine.Q);
+ a += (short)((a >> 15) & KyberEngine.Q);
return a;
}
-
}
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs
index 711209e2b..d02990635 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs
@@ -1,32 +1,26 @@
using Org.BouncyCastle.Crypto.Digests;
-using System;
namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
{
internal static class Symmetric
{
- public static readonly int Shake128Rate = 168;
- public static void PRF(byte[] outbuf, int outlen, byte[] key, byte nonce)
+ internal const int Shake128Rate = 168;
+
+ internal static void Prf(byte[] outbuf, int outlen, byte[] key, byte nonce)
{
- uint i;
- byte[] ExtraKey = new byte[KyberEngine.SymBytes + 1];
- Array.Copy(key, ExtraKey, KyberEngine.SymBytes);
- ExtraKey[KyberEngine.SymBytes] = nonce;
- ShakeDigest Shake256 = new ShakeDigest(256);
- Shake256.BlockUpdate(ExtraKey, 0, KyberEngine.SymBytes + 1);
- Shake256.DoFinal(outbuf, 0, outlen);
+ ShakeDigest shake256 = new ShakeDigest(256);
+ shake256.BlockUpdate(key, 0, KyberEngine.SymBytes);
+ shake256.Update(nonce);
+ shake256.DoFinal(outbuf, 0, outlen);
}
- public static ShakeDigest XOF(byte[] seed, byte a, byte b)
+ internal static ShakeDigest Xof(byte[] seed, byte a, byte b)
{
- ShakeDigest OutDigest = new ShakeDigest(128);
- byte[] buf = new byte[seed.Length + 2];
- Array.Copy(seed, buf, seed.Length);
- buf[seed.Length] = a;
- buf[seed.Length + 1] = b;
- OutDigest.BlockUpdate(buf, 0, buf.Length);
- return OutDigest;
+ ShakeDigest shake128 = new ShakeDigest(128);
+ shake128.BlockUpdate(seed, 0, seed.Length);
+ shake128.Update(a);
+ shake128.Update(b);
+ return shake128;
}
-
}
}
|
