diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
index 9e41c8684..b5ac413e4 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
@@ -126,8 +126,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
PolyVecK s2 = new PolyVecK(this), t1 = new PolyVecK(this), t0 = new PolyVecK(this);
_random.NextBytes(SeedBuf);
-
- //Console.WriteLine("SeedBuf = {0}", Convert.ToHexString(SeedBuf));
+
ShakeDigest Shake256Digest = new ShakeDigest(256);
@@ -158,19 +157,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
t1.ConditionalAddQ();
t1.Power2Round(t0);
- //Console.WriteLine("t1 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (short coeff in t1.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- //Console.WriteLine("rho = {0}", Convert.ToHexString(rho));
-
+
Packing.PackPublicKey(pk, rho, t1, this);
Shake256Digest.BlockUpdate(pk, 0, CryptoPublicKeyBytes);
@@ -179,8 +166,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
Packing.PackSecretKey(sk, rho, tr, key, t0, s1, s2, this);
}
- public void SignSignature(byte[] sig, int siglen, byte[] msg, int msglen, byte[] sk)
+ public byte[] SignSignature(DilithiumEngine engine, byte[] msg, int msglen, byte[] sk)
{
+ byte[] sig = new byte[engine.CryptoBytes];
int n;
byte[] SeedBuf = new byte[3 * SeedBytes + 2 * CrhBytes];
byte[] rho = new byte[SeedBytes], tr = new byte[SeedBytes], key = new byte[SeedBytes], mu = new byte[CrhBytes], rhoPrime = new byte[CrhBytes];
@@ -209,207 +197,94 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
ShakeDigest256.DoFinal(rhoPrime, 0, CrhBytes);
}
- Matrix.ExpandMatrix(rho);
-
- //Console.WriteLine("Matrix = [");
- //for (int i = 0; i < K; i++)
- //{
- // Console.Write("[", i);
- // for (int j = 0; j < L; j++)
- // {
- // Console.Write("{0} {1} [", i, j);
- // for (int co = 0; co < N; co++)
- // {
- // Console.Write("{0}, ", Matrix.Matrix[i].Vec[j].Coeffs[co]);
- // }
- // Console.Write("]\n");
- // }
- // Console.Write("]\n");
- //}
- //Console.Write("]\n");
+ Matrix.ExpandMatrix(rho);
s1.Ntt();
s2.Ntt();
t0.Ntt();
- rej:
- y.UniformGamma1(rhoPrime, nonce++);
- y.CopyPolyVecL(z);
- z.Ntt();
+ int count = 0;
+
- Matrix.PointwiseMontgomery(w1, z);
+ while (count < 1000)
+ {
+ count++;
- //Console.WriteLine("w1 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in w1.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
+ y.UniformGamma1(rhoPrime, nonce++);
+ y.CopyPolyVecL(z);
+ z.Ntt();
+ Matrix.PointwiseMontgomery(w1, z);
- w1.Reduce();
- w1.InverseNttToMont();
+ w1.Reduce();
+ w1.InverseNttToMont();
- w1.ConditionalAddQ();
- w1.Decompose(w0);
-
- //Console.WriteLine("w0 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in w0.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
+ w1.ConditionalAddQ();
+ w1.Decompose(w0);
- w1.PackW1(sig);
+ w1.PackW1(sig);
- ShakeDigest256.BlockUpdate(mu, 0, CrhBytes);
- ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes);
- ShakeDigest256.DoFinal(sig, 0, SeedBytes);
+ ShakeDigest256.BlockUpdate(mu, 0, CrhBytes);
+ ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes);
+ ShakeDigest256.DoFinal(sig, 0, SeedBytes);
- cp.Challenge(sig);
+ cp.Challenge(sig);
- cp.PolyNtt();
+ cp.PolyNtt();
- z.PointwisePolyMontgomery(cp, s1);
- z.InverseNttToMont();
- z.AddPolyVecL(y);
- z.Reduce();
- if (z.CheckNorm(Gamma1 - Beta))
- {
- goto rej;
- }
+ z.PointwisePolyMontgomery(cp, s1);
+ z.InverseNttToMont();
+ z.AddPolyVecL(y);
+ z.Reduce();
+ if (z.CheckNorm(Gamma1 - Beta))
+ {
+ continue;
+ }
- //Console.WriteLine("cp = ");
- //Console.Write("[");
- //foreach (int coeff in cp.Coeffs)
- //{
- // Console.Write(String.Format("{0}, ", coeff));
- //}
- //Console.Write("]\n");
-
- //Console.WriteLine("s2 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in s2.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- h.PointwisePolyMontgomery(cp, s2);
- h.InverseNttToMont();
-
- //Console.WriteLine("h = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in h.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- w0.Subtract(h);
- w0.Reduce();
- if (w0.CheckNorm(Gamma2 - Beta))
- {
- goto rej;
- }
- h.PointwisePolyMontgomery(cp, t0);
- h.InverseNttToMont();
- h.Reduce();
- if (h.CheckNorm(Gamma2))
- {
- goto rej;
- }
+ h.PointwisePolyMontgomery(cp, s2);
+ h.InverseNttToMont();
- w0.AddPolyVecK(h);
-
- //Console.WriteLine("w0 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in w0.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- w0.ConditionalAddQ();
-
- //Console.WriteLine("w0 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in w0.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- //Console.WriteLine("w1 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in w1.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- n = h.MakeHint(w0, w1);
- if (n > Omega)
- {
- goto rej;
- }
+ w0.Subtract(h);
+ w0.Reduce();
+ if (w0.CheckNorm(Gamma2 - Beta))
+ {
+ continue;
+ }
+
+ h.PointwisePolyMontgomery(cp, t0);
+ h.InverseNttToMont();
+ h.Reduce();
+ if (h.CheckNorm(Gamma2))
+ {
+ continue;
+ }
+
+ w0.AddPolyVecK(h);
- //Console.WriteLine("z = ");
- //for (int i = 0; i < L; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in z.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- //Console.WriteLine("h = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in h.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- Packing.PackSignature(sig, sig, z, h, this);
+ w0.ConditionalAddQ();
+
+
+ n = h.MakeHint(w0, w1);
+ if (n > Omega)
+ {
+ continue;
+ }
+
+
+ sig = Packing.PackSignature(sig, z, h, this);
+ return sig;
+ }
+ return null;
}
- public void Sign(byte[] sig, int siglen, byte[] msg, int msglen, byte[] sk)
+ public byte[] Sign(DilithiumEngine engine, byte[] msg, int msglen, byte[] sk)
{
- SignSignature(sig, siglen, msg, msglen, sk);
+ return SignSignature(engine, msg, msglen, sk);
}
- public bool SignVerify(byte[] msg, int msglen, byte[] sig, int siglen, byte[] pk)
+ public bool SignVerify(byte[] sig, int siglen, byte[] msg, int msglen, byte[] pk)
{
byte[] buf = new byte[K * PolyW1PackedBytes], rho = new byte[SeedBytes], mu = new byte[CrhBytes], c = new byte[SeedBytes], c2 = new byte[SeedBytes];
Poly cp = new Poly(this);
@@ -417,27 +292,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
PolyVecL z = new PolyVecL(this);
PolyVecK t1 = new PolyVecK(this), w1 = new PolyVecK(this), h = new PolyVecK(this);
- if (sig.Length != CryptoBytes + msg.Length)
+ if (siglen != CryptoBytes)
{
return false;
}
Packing.UnpackPublicKey(rho, t1, pk, this);
-
- //Console.WriteLine("rho = "+Convert.ToHexString(rho));
-
- //Console.WriteLine("t1 = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in t1.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
-
+
if (!Packing.UnpackSignature(c, z, h, sig, this))
{
return false;
@@ -447,31 +308,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
{
return false;
}
-
- //Console.WriteLine("z = ");
- //for (int i = 0; i < L; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in z.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
- //Console.WriteLine("h = ");
- //for (int i = 0; i < K; ++i)
- //{
- // Console.Write(String.Format("{0} [", i));
- // foreach (int coeff in h.Vec[i].Coeffs)
- // {
- // Console.Write(String.Format("{0}, ", coeff));
- // }
- // Console.Write("]\n");
- //}
-
-
-
+
ShakeDigest Shake256Digest = new ShakeDigest(256);
Shake256Digest.BlockUpdate(pk, 0, CryptoPublicKeyBytes);
Shake256Digest.DoFinal(mu, 0, SeedBytes);
@@ -521,21 +358,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
int i;
if (siglen < CryptoBytes)
{
- goto badsig;
- }
-
- Array.Copy(sig, CryptoBytes, msg, 0, siglen - CryptoBytes);
- if (SignVerify(msg, siglen - CryptoBytes, sig, siglen, pk))
- {
- return true;
- }
-
- badsig:
- for (i = 0; i < msg.Length; i++)
- {
- msg[i] = 0;
+ return false;
}
- return false;
+
+ return SignVerify(sig, siglen, msg, msglen, pk);
+
}
}
}
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs
index 95ca3be1f..98b19ff3e 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs
@@ -42,9 +42,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
public byte[] GenerateSignature(byte[] message)
{
DilithiumEngine engine = privKey.Parameters.GetEngine(random);
- byte[] sig = new byte[engine.CryptoBytes];
- engine.Sign(sig, sig.Length, message, message.Length, privKey.GetEncoded());
- return sig;
+
+ return engine.Sign(engine, message, message.Length, privKey.GetEncoded());
+
}
public bool VerifySignature(byte[] message, byte[] signature)
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs b/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs
index b849fb228..8a5862254 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs
@@ -86,9 +86,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
}
}
- public static void PackSignature(byte[] sig, byte[] c, PolyVecL z, PolyVecK h, DilithiumEngine engine)
+ public static byte[] PackSignature(byte[] c, PolyVecL z, PolyVecK h, DilithiumEngine engine)
{
int i, j, k, end = 0;
+ byte[] sig = new byte[engine.CryptoBytes];
+
Array.Copy(c, 0, sig, 0, DilithiumEngine.SeedBytes);
end += DilithiumEngine.SeedBytes;
@@ -117,7 +119,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
}
sig[end + engine.Omega + i] = (byte)k;
}
- //Console.WriteLine("sig = " + Convert.ToHexString(sig));
+
+ return sig;
}
diff --git a/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs b/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs
index 1fddfb565..fc26f3c5f 100644
--- a/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs
+++ b/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs
@@ -37,6 +37,45 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
RunTestVectorFile(testVectorFile);
}
+ [Test]
+ public void TestDilithiumRandom()
+ {
+ byte[] msg = Strings.ToByteArray("Hello World!");
+
+ Security.SecureRandom random = new Security.SecureRandom();
+
+ DilithiumKeyPairGenerator kpGen = new DilithiumKeyPairGenerator();
+ DilithiumKeyGenerationParameters genParams = new DilithiumKeyGenerationParameters(random, DilithiumParameters.Dilithium2);
+ kpGen.Init(genParams);
+
+
+
+
+ for (int i = 0; i < 1000; i++) {
+
+ //
+ // Generate keys and test.
+ //
+
+ AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
+
+
+ DilithiumSigner signer = new DilithiumSigner(random);
+
+ signer.Init(true, kp.Private);
+
+ byte[] s = signer.GenerateSignature(msg);
+
+ signer.Init(false, kp.Public);
+
+
+ Assert.True(signer.VerifySignature(msg,s),"Here "+i);
+
+ }
+ }
+
+
+
private static void TestVectors(string name, IDictionary<string, string> buf)
{
string count = buf["count"];
@@ -85,13 +124,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
Assert.True(smlen == attachedSig.Length, name + " " + count + ": signature length");
- byte[] msg1 = new byte[msg.Length];
+
signer.Init(false, pubParams);
- Assert.True(signer.VerifySignature(msg1, attachedSig), (name + " " + count + ": signature verify"));
-
- Assert.True(Arrays.AreEqual(msg, msg1), name + " " + count + ": signature message verify");
+ Assert.True(signer.VerifySignature(msg, sigGenerated), (name + " " + count + ": signature verify"));
+
Assert.True(Arrays.AreEqual(sigExpected, attachedSig), name + " " + count + ": signature gen match");
}
|
