From 5457e6a607ddec3a3a006be0e173384d34dda483 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 20 May 2024 18:27:00 +0700 Subject: Picnic followup changes --- crypto/Contributors.html | 3 + crypto/src/pqc/crypto/picnic/LowmcConstants.cs | 179 ++++++----------------- crypto/src/pqc/crypto/picnic/LowmcConstantsL1.cs | 31 ++-- crypto/src/pqc/crypto/picnic/LowmcConstantsL3.cs | 24 +-- crypto/src/pqc/crypto/picnic/LowmcConstantsL5.cs | 24 +-- 5 files changed, 76 insertions(+), 185 deletions(-) diff --git a/crypto/Contributors.html b/crypto/Contributors.html index 953b26ee1..6fb80482a 100644 --- a/crypto/Contributors.html +++ b/crypto/Contributors.html @@ -292,6 +292,9 @@ University of Wollongong, Institute of Cybersecurity and Cryptology, under the s

  • Triton (https://github.com/EnigmaTriton) - Improvements in PbeUtilities.

    • +
  • +

    Rob Hague (https://github.com/Rob-Hague) - Embed picnic data in source to make it trim-friendly.

    +
    • diff --git a/crypto/src/pqc/crypto/picnic/LowmcConstants.cs b/crypto/src/pqc/crypto/picnic/LowmcConstants.cs index b720afe63..ed6756d50 100644 --- a/crypto/src/pqc/crypto/picnic/LowmcConstants.cs +++ b/crypto/src/pqc/crypto/picnic/LowmcConstants.cs @@ -2,21 +2,11 @@ using System; namespace Org.BouncyCastle.Pqc.Crypto.Picnic { - abstract internal class LowmcConstants + internal abstract class LowmcConstants { - internal uint[] linearMatrices; - internal uint[] roundConstants; - internal uint[] keyMatrices; - internal KMatrices _LMatrix; internal KMatrices _KMatrix; internal KMatrices RConstants; - - internal uint[] linearMatrices_full; - internal uint[] keyMatrices_full; - internal uint[] keyMatrices_inv; - internal uint[] linearMatrices_inv; - internal uint[] roundConstants_full; internal KMatrices LMatrix_full; internal KMatrices LMatrix_inv; @@ -24,174 +14,95 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic internal KMatrices KMatrix_inv; internal KMatrices RConstants_full; - internal static uint[] ReadFromProperty(uint[] data, int intSize) - { - uint[] ints = new uint[intSize]; - Array.Copy(data, ints, data.Length); - return ints; - } - - - - // Functions to return individual matricies and round constants - - /* Return a pointer to the r-th matrix. The caller must know the dimensions */ + /// Return a pointer to the r-th matrix. + /// The caller must know the dimensions. private KMatricesWithPointer GET_MAT(KMatrices m, int r) { KMatricesWithPointer mwp = new KMatricesWithPointer(m); - mwp.SetMatrixPointer(r*mwp.GetSize()); + mwp.SetMatrixPointer(r * mwp.GetSize()); return mwp; } - - /* Return the LowMC linear matrix for this round */ + /// Return the LowMC linear matrix for this round. internal KMatricesWithPointer LMatrix(PicnicEngine engine, int round) { - - if(engine.stateSizeBits == 128) + switch (engine.stateSizeBits) { + case 128: + case 256: return GET_MAT(_LMatrix, round); - } - else if(engine.stateSizeBits == 129) - { + case 129: + case 255: return GET_MAT(LMatrix_full, round); - } - else if(engine.stateSizeBits == 192) - { - if(engine.numRounds == 4) - { - return GET_MAT(LMatrix_full, round); - } - else - { - return GET_MAT(_LMatrix, round); - } - } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(LMatrix_full, round); - } - else if(engine.stateSizeBits == 256) - { - return GET_MAT(_LMatrix, round); - } - else - { + case 192: + return GET_MAT(engine.numRounds == 4 ? LMatrix_full : _LMatrix, round); + default: return null; } } - /* Return the LowMC inverse linear layer matrix for this round */ + /// Return the LowMC inverse linear layer matrix for this round. internal KMatricesWithPointer LMatrixInv(PicnicEngine engine, int round) { - if(engine.stateSizeBits == 129) + switch (engine.stateSizeBits) { + case 129: + case 255: return GET_MAT(LMatrix_inv, round); - } - else if(engine.stateSizeBits == 192 && engine.numRounds == 4) - { - return GET_MAT(LMatrix_inv, round); - } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(LMatrix_inv, round); - } - else - { + case 192: + return engine.numRounds == 4 ? GET_MAT(LMatrix_inv, round) : null; + default: return null; } } - /* Return the LowMC key matrix for this round */ + /// Return the LowMC key matrix for this round. internal KMatricesWithPointer KMatrix(PicnicEngine engine, int round) { - if(engine.stateSizeBits == 128) + switch (engine.stateSizeBits) { + case 128: + case 256: return GET_MAT(_KMatrix, round); - } - else if(engine.stateSizeBits == 129) - { - return GET_MAT(KMatrix_full, round); - } - else if(engine.stateSizeBits == 192) - { - if(engine.numRounds == 4) - { - return GET_MAT(KMatrix_full, round); - } - else - { - return GET_MAT(_KMatrix, round); - } - } - else if(engine.stateSizeBits == 255) - { + case 129: + case 255: return GET_MAT(KMatrix_full, round); - } - else if(engine.stateSizeBits == 256) - { - return GET_MAT(_KMatrix, round); - } - else - { + case 192: + return GET_MAT(engine.numRounds == 4 ? KMatrix_full : _KMatrix, round); + default: return null; } } - /* Return the LowMC inverse key matrix for this round */ + /// Return the LowMC inverse key matrix for this round. internal KMatricesWithPointer KMatrixInv(PicnicEngine engine, int round) { - if(engine.stateSizeBits == 129) - { - return GET_MAT(KMatrix_inv, round); - } - else if(engine.stateSizeBits == 192 && engine.numRounds == 4) - { - return GET_MAT(KMatrix_inv, round); - } - else if(engine.stateSizeBits == 255) + switch (engine.stateSizeBits) { + case 129: + case 255: return GET_MAT(KMatrix_inv, round); - } - else - { + case 192: + return engine.numRounds == 4 ? GET_MAT(KMatrix_inv, round) : null; + default: return null; } } - - /* Return the LowMC round constant for this round */ + /// Return the LowMC round constant for this round. internal KMatricesWithPointer RConstant(PicnicEngine engine, int round) { - if(engine.stateSizeBits == 128) + switch (engine.stateSizeBits) { + case 128: + case 256: return GET_MAT(RConstants, round); - } - else if(engine.stateSizeBits == 129) - { + case 129: + case 255: return GET_MAT(RConstants_full, round); - } - else if(engine.stateSizeBits == 192) - { - if(engine.numRounds == 4) - { - return GET_MAT(RConstants_full, round); - } - else - { - return GET_MAT(RConstants, round); - } - } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(RConstants_full, round); - } - else if(engine.stateSizeBits == 256) - { - return GET_MAT(RConstants, round); - } - else - { + case 192: + return GET_MAT(engine.numRounds == 4 ? RConstants_full : RConstants, round); + default: return null; } } diff --git a/crypto/src/pqc/crypto/picnic/LowmcConstantsL1.cs b/crypto/src/pqc/crypto/picnic/LowmcConstantsL1.cs index 8b3c6e048..ada3d7fb1 100644 --- a/crypto/src/pqc/crypto/picnic/LowmcConstantsL1.cs +++ b/crypto/src/pqc/crypto/picnic/LowmcConstantsL1.cs @@ -8,27 +8,19 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic // Parameters for security level L1 // Block/key size: 128 // Rounds: 20 - linearMatrices = ReadFromProperty(s_linearMatrices, 40960); - roundConstants = ReadFromProperty(s_roundConstants, 320); - keyMatrices = ReadFromProperty(s_keyMatrices, 43008); - _LMatrix = new KMatrices(20, 128, 4, linearMatrices); - _KMatrix = new KMatrices(21, 128, 4, keyMatrices); - RConstants = new KMatrices(0, 1, 4, roundConstants); + _LMatrix = new KMatrices(20, 128, 4, s_linearMatrices); + _KMatrix = new KMatrices(21, 128, 4, s_keyMatrices); + RConstants = new KMatrices(0, 1, 4, s_roundConstants); // Parameters for security level L1, full s-box layer // Block/key size: 129 // Rounds: 4 // Note that each 129-bit row of the matrix is zero padded to 160 bits (the next multiple of 32) - linearMatrices_full = ReadFromProperty(s_linearMatrices_full, 12800); - keyMatrices_full = ReadFromProperty(s_keyMatrices_full, 12900); - keyMatrices_inv = ReadFromProperty(s_keyMatrices_inv, 2850); - linearMatrices_inv = ReadFromProperty(s_linearMatrices_inv, 12800); - roundConstants_full = ReadFromProperty(s_roundConstants_full, 80); - LMatrix_full = new KMatrices(4, 129, 5, linearMatrices_full); - LMatrix_inv = new KMatrices(4, 129, 5, linearMatrices_inv); - KMatrix_full = new KMatrices(5, 129, 5, keyMatrices_full); - KMatrix_inv = new KMatrices(1, 129, 5, keyMatrices_inv); - RConstants_full = new KMatrices(4, 1, 5, roundConstants_full); + LMatrix_full = new KMatrices(4, 129, 5, s_linearMatrices_full); + LMatrix_inv = new KMatrices(4, 129, 5, s_linearMatrices_inv); + KMatrix_full = new KMatrices(5, 129, 5, s_keyMatrices_full); + KMatrix_inv = new KMatrices(1, 129, 5, s_keyMatrices_inv); + RConstants_full = new KMatrices(4, 1, 5, s_roundConstants_full); } /// Length: 10240 @@ -2680,7 +2672,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic 0x0AA6E4C9, 0x96E8B717, 0xF747CF1C, 0x1AB667F5, 0x59BA3271, 0x57E650A0, 0x332A8182, 0xBD2BB927, }; - /// Length: 2579 + /// Length: 2580 private static readonly uint[] s_linearMatrices_full = new uint[] { 0x3612C131, 0xD8AED3B1, 0x277D91FA, 0x2B03E602, 0x00000080, 0xFEC70D84, 0x8EB79B0F, 0x19C1BCC5, @@ -3005,10 +2997,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic 0x9E01EDE5, 0xF6020F78, 0x00000000, 0xF7308A23, 0x37F5A573, 0x631D3C01, 0x4F6017B2, 0x00000080, 0x999D6735, 0x25362221, 0x8A6207D4, 0xC9577507, 0x00000080, 0xAF82DC2C, 0xF53DD937, 0xDDCAD420, 0x2326BB3A, 0x00000080, 0x6DA94156, 0xFED82606, 0xC928D930, 0xDE002BAC, 0x00000080, 0xB90581C5, - 0x022FD723, 0x6F4ED0CB, 0x0068CA91, + 0x022FD723, 0x6F4ED0CB, 0x0068CA91, 0x00000000, }; - /// Length: 3224 + /// Length: 3225 private static readonly uint[] s_keyMatrices_full = new uint[] { 0x7E7B063A, 0x44899148, 0x828572C9, 0x1978D422, 0x00000000, 0xB18691C1, 0x02844B6C, 0x1CFF0611, @@ -3414,6 +3406,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic 0x2D5A1749, 0x3936E8A9, 0x9A2C9DAF, 0x67B8773D, 0x00000080, 0xA1CF8696, 0xC3519247, 0xBBFCFAC2, 0x4CCA2E73, 0x00000080, 0x070196D4, 0xB4F5D0D4, 0xA6E09F54, 0xC82B0C48, 0x00000080, 0x2EB00F62, 0x0A64A9C4, 0x0250A113, 0x972272B3, 0x00000000, 0x1F0DB6CF, 0x78DF0FC9, 0x49C2667B, 0xC55880A3, + 0x00000000, }; /// Length: 645 diff --git a/crypto/src/pqc/crypto/picnic/LowmcConstantsL3.cs b/crypto/src/pqc/crypto/picnic/LowmcConstantsL3.cs index dfa6aefc7..916f232f8 100644 --- a/crypto/src/pqc/crypto/picnic/LowmcConstantsL3.cs +++ b/crypto/src/pqc/crypto/picnic/LowmcConstantsL3.cs @@ -8,27 +8,19 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic // Parameters for security level L3 // Block/key size: 192 // Rounds: 30 - linearMatrices = ReadFromProperty(s_linearMatrices, 138240); - roundConstants = ReadFromProperty(s_roundConstants, 720); - keyMatrices = ReadFromProperty(s_keyMatrices, 142848); - _LMatrix = new KMatrices(30, 192, 6, linearMatrices); - _KMatrix = new KMatrices(31, 192, 6, keyMatrices); - RConstants = new KMatrices(30, 1, 6, roundConstants); + _LMatrix = new KMatrices(30, 192, 6, s_linearMatrices); + _KMatrix = new KMatrices(31, 192, 6, s_keyMatrices); + RConstants = new KMatrices(30, 1, 6, s_roundConstants); // Parameters for security level L3, full s-box layer // Block/key size: 192 // S-boxes: 64 // Rounds: 4 - linearMatrices_full = ReadFromProperty(s_linearMatrices_full, 18432); - linearMatrices_inv = ReadFromProperty(s_linearMatrices_inv, 18432); - roundConstants_full = ReadFromProperty(s_roundConstants_full, 96); - keyMatrices_full = ReadFromProperty(s_keyMatrices_full, 23040); - keyMatrices_inv = ReadFromProperty(s_keyMatrices_inv, 4608); - LMatrix_full = new KMatrices(4, 192, 6, linearMatrices_full); - LMatrix_inv = new KMatrices(4, 192, 6, linearMatrices_inv); - KMatrix_full = new KMatrices(5, 192, 6, keyMatrices_full); - KMatrix_inv = new KMatrices(1, 192, 6, keyMatrices_inv); - RConstants_full = new KMatrices(4, 1, 6, roundConstants_full); + LMatrix_full = new KMatrices(4, 192, 6, s_linearMatrices_full); + LMatrix_inv = new KMatrices(4, 192, 6, s_linearMatrices_inv); + KMatrix_full = new KMatrices(5, 192, 6, s_keyMatrices_full); + KMatrix_inv = new KMatrices(1, 192, 6, s_keyMatrices_inv); + RConstants_full = new KMatrices(4, 1, 6, s_roundConstants_full); } /// Length: 34560 diff --git a/crypto/src/pqc/crypto/picnic/LowmcConstantsL5.cs b/crypto/src/pqc/crypto/picnic/LowmcConstantsL5.cs index 1363f8d99..a4537f5fb 100644 --- a/crypto/src/pqc/crypto/picnic/LowmcConstantsL5.cs +++ b/crypto/src/pqc/crypto/picnic/LowmcConstantsL5.cs @@ -8,27 +8,19 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic // Parameters for security level L5 // Block/key size: 256 // Rounds: 38 - linearMatrices = ReadFromProperty(s_linearMatrices, 311296); - roundConstants = ReadFromProperty(s_roundConstants, 1216); - keyMatrices = ReadFromProperty(s_keyMatrices, 319488); - _LMatrix = new KMatrices(38, 256, 8, linearMatrices); - _KMatrix = new KMatrices(39, 256, 8, keyMatrices); - RConstants = new KMatrices(38, 1, 8, roundConstants); + _LMatrix = new KMatrices(38, 256, 8, s_linearMatrices); + _KMatrix = new KMatrices(39, 256, 8, s_keyMatrices); + RConstants = new KMatrices(38, 1, 8, s_roundConstants); // Parameters for security level L5, full nonlinear layer // Block/key size: 255 // S-boxes: 85 // Rounds: 4 - linearMatrices_full = ReadFromProperty(s_linearMatrices_full, 32768); - linearMatrices_inv = ReadFromProperty(s_linearMatrices_inv, 32768); - roundConstants_full = ReadFromProperty(s_roundConstants_full, 128); - keyMatrices_full = ReadFromProperty(s_keyMatrices_full, 40960); - keyMatrices_inv = ReadFromProperty(s_keyMatrices_inv, 8160); - LMatrix_full = new KMatrices(4, 255, 8, linearMatrices_full); - LMatrix_inv = new KMatrices(4, 255, 8, linearMatrices_inv); - KMatrix_full = new KMatrices(5, 255, 8, keyMatrices_full); - KMatrix_inv = new KMatrices(1, 255, 8, keyMatrices_inv); - RConstants_full = new KMatrices(4, 1, 8, roundConstants_full); + LMatrix_full = new KMatrices(4, 255, 8, s_linearMatrices_full); + LMatrix_inv = new KMatrices(4, 255, 8, s_linearMatrices_inv); + KMatrix_full = new KMatrices(5, 255, 8, s_keyMatrices_full); + KMatrix_inv = new KMatrices(1, 255, 8, s_keyMatrices_inv); + RConstants_full = new KMatrices(4, 1, 8, s_roundConstants_full); } /// Length: 77824 -- cgit 1.4.1