diff options
| author | David Hook <david.hook@keyfactor.com> | 2023-08-26 13:22:26 +1000 |
|---|---|---|
| committer | David Hook <david.hook@keyfactor.com> | 2023-08-26 13:22:26 +1000 |
| commit | c2a3e14d251466b8b8c86647d4e81887e9031ddd (patch) | |
| tree | 512559739f2ec8260d26efaa59b558cc3e1990c3 /crypto | |
| parent | update Kyber and NTRU to always use 32 byte session keys (diff) | |
| download | BouncyCastle.NET-ed25519-c2a3e14d251466b8b8c86647d4e81887e9031ddd.tar.xz | |
c~ change from SP 800-204 (draft)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs index b03da9748..9bbdcdad4 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs @@ -33,6 +33,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium public int Gamma1 { get; private set; } public int Gamma2 { get; private set; } public int Omega { get; private set; } + public int CTilde { get; private set; } public int PolyVecHPackedBytes { get; private set; } @@ -63,6 +64,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium PolyZPackedBytes = 576; PolyW1PackedBytes = 192; PolyEtaPackedBytes = 96; + CTilde = 32; break; case 3: K = 6; @@ -76,6 +78,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium PolyZPackedBytes = 640; PolyW1PackedBytes = 128; PolyEtaPackedBytes = 128; + CTilde = 48; break; case 5: K = 8; @@ -89,6 +92,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium PolyZPackedBytes = 640; PolyW1PackedBytes = 128; PolyEtaPackedBytes = 96; + CTilde = 64; break; default: throw new ArgumentException("The mode " + mode + "is not supported by Crystals Dilithium!"); @@ -106,7 +110,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium PolyVecHPackedBytes = Omega + K; CryptoPublicKeyBytes = SeedBytes + K * PolyT1PackedBytes; CryptoSecretKeyBytes = 3 * SeedBytes + L * PolyEtaPackedBytes + K * PolyEtaPackedBytes + K * PolyT0PackedBytes; - CryptoBytes = SeedBytes + L * PolyZPackedBytes + PolyVecHPackedBytes; + CryptoBytes = CTilde + L * PolyZPackedBytes + PolyVecHPackedBytes; if (Gamma1 == (1 << 17)) { @@ -231,9 +235,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest256.BlockUpdate(mu, 0, CrhBytes); ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes); - ShakeDigest256.OutputFinal(sig, 0, SeedBytes); + ShakeDigest256.OutputFinal(sig, 0, CTilde); - cp.Challenge(sig); + cp.Challenge(sig); // use only first SeedBytes of sig cp.PolyNtt(); @@ -284,7 +288,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium public bool SignVerify(byte[] sig, int siglen, byte[] msg, int msglen, byte[] rho, byte[] encT1) { - byte[] buf = new byte[K * PolyW1PackedBytes], mu = new byte[CrhBytes], c = new byte[SeedBytes], c2 = new byte[SeedBytes]; + byte[] buf = new byte[K * PolyW1PackedBytes], mu = new byte[CrhBytes], c, c2 = new byte[CTilde]; Poly cp = new Poly(this); PolyVecMatrix Matrix = new PolyVecMatrix(this); PolyVecL z = new PolyVecL(this); @@ -296,14 +300,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium } t1 = Packing.UnpackPublicKey(t1, encT1, this); - - if (!Packing.UnpackSignature(z, h, sig, this)) { return false; } - c = Arrays.CopyOfRange(sig, 0, SeedBytes); + c = Arrays.CopyOfRange(sig, 0, CTilde); if (z.CheckNorm(Gamma1 - Beta)) { @@ -343,9 +345,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Shake256Digest.BlockUpdate(mu, 0, CrhBytes); Shake256Digest.BlockUpdate(buf, 0, K * PolyW1PackedBytes); - Shake256Digest.OutputFinal(c2, 0, SeedBytes); + Shake256Digest.OutputFinal(c2, 0, CTilde); - for (int i = 0; i < SeedBytes; ++i) + for (int i = 0; i < CTilde; ++i) { if (c[i] != c2[i]) { |