From 6836706a1da6ed16e7d08dbddbb0220fd6722391 Mon Sep 17 00:00:00 2001 From: mw Date: Wed, 14 Sep 2022 08:38:18 +1000 Subject: Cleanup. --- .../crypto/crystals/dilithium/DilithiumEngine.cs | 321 +++++---------------- .../crypto/crystals/dilithium/DilithiumSigner.cs | 6 +- .../src/pqc/crypto/crystals/dilithium/Packing.cs | 7 +- .../src/pqc/crypto/test/CrystalsDilithiumTest.cs | 46 ++- 4 files changed, 124 insertions(+), 256 deletions(-) diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs index 9e41c8684..b5ac413e4 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs @@ -126,8 +126,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium PolyVecK s2 = new PolyVecK(this), t1 = new PolyVecK(this), t0 = new PolyVecK(this); _random.NextBytes(SeedBuf); - - //Console.WriteLine("SeedBuf = {0}", Convert.ToHexString(SeedBuf)); + ShakeDigest Shake256Digest = new ShakeDigest(256); @@ -158,19 +157,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium t1.ConditionalAddQ(); t1.Power2Round(t0); - //Console.WriteLine("t1 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (short coeff in t1.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - //Console.WriteLine("rho = {0}", Convert.ToHexString(rho)); - + Packing.PackPublicKey(pk, rho, t1, this); Shake256Digest.BlockUpdate(pk, 0, CryptoPublicKeyBytes); @@ -179,8 +166,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Packing.PackSecretKey(sk, rho, tr, key, t0, s1, s2, this); } - public void SignSignature(byte[] sig, int siglen, byte[] msg, int msglen, byte[] sk) + public byte[] SignSignature(DilithiumEngine engine, byte[] msg, int msglen, byte[] sk) { + byte[] sig = new byte[engine.CryptoBytes]; int n; byte[] SeedBuf = new byte[3 * SeedBytes + 2 * CrhBytes]; byte[] rho = new byte[SeedBytes], tr = new byte[SeedBytes], key = new byte[SeedBytes], mu = new byte[CrhBytes], rhoPrime = new byte[CrhBytes]; @@ -209,207 +197,94 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest256.DoFinal(rhoPrime, 0, CrhBytes); } - Matrix.ExpandMatrix(rho); - - //Console.WriteLine("Matrix = ["); - //for (int i = 0; i < K; i++) - //{ - // Console.Write("[", i); - // for (int j = 0; j < L; j++) - // { - // Console.Write("{0} {1} [", i, j); - // for (int co = 0; co < N; co++) - // { - // Console.Write("{0}, ", Matrix.Matrix[i].Vec[j].Coeffs[co]); - // } - // Console.Write("]\n"); - // } - // Console.Write("]\n"); - //} - //Console.Write("]\n"); + Matrix.ExpandMatrix(rho); s1.Ntt(); s2.Ntt(); t0.Ntt(); - rej: - y.UniformGamma1(rhoPrime, nonce++); - y.CopyPolyVecL(z); - z.Ntt(); + int count = 0; + - Matrix.PointwiseMontgomery(w1, z); + while (count < 1000) + { + count++; - //Console.WriteLine("w1 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in w1.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} + y.UniformGamma1(rhoPrime, nonce++); + y.CopyPolyVecL(z); + z.Ntt(); + Matrix.PointwiseMontgomery(w1, z); - w1.Reduce(); - w1.InverseNttToMont(); + w1.Reduce(); + w1.InverseNttToMont(); - w1.ConditionalAddQ(); - w1.Decompose(w0); - - //Console.WriteLine("w0 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in w0.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} + w1.ConditionalAddQ(); + w1.Decompose(w0); - w1.PackW1(sig); + w1.PackW1(sig); - ShakeDigest256.BlockUpdate(mu, 0, CrhBytes); - ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes); - ShakeDigest256.DoFinal(sig, 0, SeedBytes); + ShakeDigest256.BlockUpdate(mu, 0, CrhBytes); + ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes); + ShakeDigest256.DoFinal(sig, 0, SeedBytes); - cp.Challenge(sig); + cp.Challenge(sig); - cp.PolyNtt(); + cp.PolyNtt(); - z.PointwisePolyMontgomery(cp, s1); - z.InverseNttToMont(); - z.AddPolyVecL(y); - z.Reduce(); - if (z.CheckNorm(Gamma1 - Beta)) - { - goto rej; - } + z.PointwisePolyMontgomery(cp, s1); + z.InverseNttToMont(); + z.AddPolyVecL(y); + z.Reduce(); + if (z.CheckNorm(Gamma1 - Beta)) + { + continue; + } - //Console.WriteLine("cp = "); - //Console.Write("["); - //foreach (int coeff in cp.Coeffs) - //{ - // Console.Write(String.Format("{0}, ", coeff)); - //} - //Console.Write("]\n"); - - //Console.WriteLine("s2 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in s2.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - h.PointwisePolyMontgomery(cp, s2); - h.InverseNttToMont(); - - //Console.WriteLine("h = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in h.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - w0.Subtract(h); - w0.Reduce(); - if (w0.CheckNorm(Gamma2 - Beta)) - { - goto rej; - } - h.PointwisePolyMontgomery(cp, t0); - h.InverseNttToMont(); - h.Reduce(); - if (h.CheckNorm(Gamma2)) - { - goto rej; - } + h.PointwisePolyMontgomery(cp, s2); + h.InverseNttToMont(); - w0.AddPolyVecK(h); - - //Console.WriteLine("w0 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in w0.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - w0.ConditionalAddQ(); - - //Console.WriteLine("w0 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in w0.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - //Console.WriteLine("w1 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in w1.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - n = h.MakeHint(w0, w1); - if (n > Omega) - { - goto rej; - } + w0.Subtract(h); + w0.Reduce(); + if (w0.CheckNorm(Gamma2 - Beta)) + { + continue; + } + + h.PointwisePolyMontgomery(cp, t0); + h.InverseNttToMont(); + h.Reduce(); + if (h.CheckNorm(Gamma2)) + { + continue; + } + + w0.AddPolyVecK(h); - //Console.WriteLine("z = "); - //for (int i = 0; i < L; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in z.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - //Console.WriteLine("h = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in h.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - Packing.PackSignature(sig, sig, z, h, this); + w0.ConditionalAddQ(); + + + n = h.MakeHint(w0, w1); + if (n > Omega) + { + continue; + } + + + sig = Packing.PackSignature(sig, z, h, this); + return sig; + } + return null; } - public void Sign(byte[] sig, int siglen, byte[] msg, int msglen, byte[] sk) + public byte[] Sign(DilithiumEngine engine, byte[] msg, int msglen, byte[] sk) { - SignSignature(sig, siglen, msg, msglen, sk); + return SignSignature(engine, msg, msglen, sk); } - public bool SignVerify(byte[] msg, int msglen, byte[] sig, int siglen, byte[] pk) + public bool SignVerify(byte[] sig, int siglen, byte[] msg, int msglen, byte[] pk) { byte[] buf = new byte[K * PolyW1PackedBytes], rho = new byte[SeedBytes], mu = new byte[CrhBytes], c = new byte[SeedBytes], c2 = new byte[SeedBytes]; Poly cp = new Poly(this); @@ -417,27 +292,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium PolyVecL z = new PolyVecL(this); PolyVecK t1 = new PolyVecK(this), w1 = new PolyVecK(this), h = new PolyVecK(this); - if (sig.Length != CryptoBytes + msg.Length) + if (siglen != CryptoBytes) { return false; } Packing.UnpackPublicKey(rho, t1, pk, this); - - //Console.WriteLine("rho = "+Convert.ToHexString(rho)); - - //Console.WriteLine("t1 = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in t1.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - + if (!Packing.UnpackSignature(c, z, h, sig, this)) { return false; @@ -447,31 +308,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium { return false; } - - //Console.WriteLine("z = "); - //for (int i = 0; i < L; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in z.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - //Console.WriteLine("h = "); - //for (int i = 0; i < K; ++i) - //{ - // Console.Write(String.Format("{0} [", i)); - // foreach (int coeff in h.Vec[i].Coeffs) - // { - // Console.Write(String.Format("{0}, ", coeff)); - // } - // Console.Write("]\n"); - //} - - - + ShakeDigest Shake256Digest = new ShakeDigest(256); Shake256Digest.BlockUpdate(pk, 0, CryptoPublicKeyBytes); Shake256Digest.DoFinal(mu, 0, SeedBytes); @@ -521,21 +358,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium int i; if (siglen < CryptoBytes) { - goto badsig; - } - - Array.Copy(sig, CryptoBytes, msg, 0, siglen - CryptoBytes); - if (SignVerify(msg, siglen - CryptoBytes, sig, siglen, pk)) - { - return true; - } - - badsig: - for (i = 0; i < msg.Length; i++) - { - msg[i] = 0; + return false; } - return false; + + return SignVerify(sig, siglen, msg, msglen, pk); + } } } diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs index 95ca3be1f..98b19ff3e 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumSigner.cs @@ -42,9 +42,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium public byte[] GenerateSignature(byte[] message) { DilithiumEngine engine = privKey.Parameters.GetEngine(random); - byte[] sig = new byte[engine.CryptoBytes]; - engine.Sign(sig, sig.Length, message, message.Length, privKey.GetEncoded()); - return sig; + + return engine.Sign(engine, message, message.Length, privKey.GetEncoded()); + } public bool VerifySignature(byte[] message, byte[] signature) diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs b/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs index b849fb228..8a5862254 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/Packing.cs @@ -86,9 +86,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium } } - public static void PackSignature(byte[] sig, byte[] c, PolyVecL z, PolyVecK h, DilithiumEngine engine) + public static byte[] PackSignature(byte[] c, PolyVecL z, PolyVecK h, DilithiumEngine engine) { int i, j, k, end = 0; + byte[] sig = new byte[engine.CryptoBytes]; + Array.Copy(c, 0, sig, 0, DilithiumEngine.SeedBytes); end += DilithiumEngine.SeedBytes; @@ -117,7 +119,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium } sig[end + engine.Omega + i] = (byte)k; } - //Console.WriteLine("sig = " + Convert.ToHexString(sig)); + + return sig; } diff --git a/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs b/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs index 1fddfb565..fc26f3c5f 100644 --- a/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs +++ b/crypto/test/src/pqc/crypto/test/CrystalsDilithiumTest.cs @@ -37,6 +37,45 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests RunTestVectorFile(testVectorFile); } + [Test] + public void TestDilithiumRandom() + { + byte[] msg = Strings.ToByteArray("Hello World!"); + + Security.SecureRandom random = new Security.SecureRandom(); + + DilithiumKeyPairGenerator kpGen = new DilithiumKeyPairGenerator(); + DilithiumKeyGenerationParameters genParams = new DilithiumKeyGenerationParameters(random, DilithiumParameters.Dilithium2); + kpGen.Init(genParams); + + + + + for (int i = 0; i < 1000; i++) { + + // + // Generate keys and test. + // + + AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); + + + DilithiumSigner signer = new DilithiumSigner(random); + + signer.Init(true, kp.Private); + + byte[] s = signer.GenerateSignature(msg); + + signer.Init(false, kp.Public); + + + Assert.True(signer.VerifySignature(msg,s),"Here "+i); + + } + } + + + private static void TestVectors(string name, IDictionary buf) { string count = buf["count"]; @@ -85,13 +124,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests Assert.True(smlen == attachedSig.Length, name + " " + count + ": signature length"); - byte[] msg1 = new byte[msg.Length]; + signer.Init(false, pubParams); - Assert.True(signer.VerifySignature(msg1, attachedSig), (name + " " + count + ": signature verify")); - - Assert.True(Arrays.AreEqual(msg, msg1), name + " " + count + ": signature message verify"); + Assert.True(signer.VerifySignature(msg, sigGenerated), (name + " " + count + ": signature verify")); + Assert.True(Arrays.AreEqual(sigExpected, attachedSig), name + " " + count + ": signature gen match"); } -- cgit 1.4.1