From c70b82eeb8e413f37e13857669bdfb001990a9e7 Mon Sep 17 00:00:00 2001
From: royb <roy.basmacier@primekey.com>
Date: Thu, 6 Jun 2024 13:55:52 -0400
Subject: Dilithium SampleInBall change and KATs updated

---
 crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs | 4 ++--
 crypto/src/pqc/crypto/crystals/dilithium/Poly.cs            | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'crypto/src')

diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
index 9bbdcdad4..2f37887d7 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
@@ -109,7 +109,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
             _random = random;
             PolyVecHPackedBytes = Omega + K;
             CryptoPublicKeyBytes = SeedBytes + K * PolyT1PackedBytes;
-            CryptoSecretKeyBytes = 3 * SeedBytes + L * PolyEtaPackedBytes + K * PolyEtaPackedBytes + K * PolyT0PackedBytes;
+            CryptoSecretKeyBytes = 2 * SeedBytes + TrBytes + L * PolyEtaPackedBytes + K * PolyEtaPackedBytes + K * PolyT0PackedBytes;
             CryptoBytes = CTilde + L * PolyZPackedBytes + PolyVecHPackedBytes;
 
             if (Gamma1 == (1 << 17))
@@ -237,7 +237,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
             ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes);
             ShakeDigest256.OutputFinal(sig, 0, CTilde);
 
-            cp.Challenge(sig); // use only first SeedBytes of sig
+            cp.Challenge(sig); // use only first CTilde of sig
 
             cp.PolyNtt();
 
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs
index eb209f8a2..eb08daaca 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs
@@ -590,7 +590,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
             byte[] buf = new byte[Symmetric.Stream256BlockBytes];
 
             ShakeDigest ShakeDigest256 = new ShakeDigest(256);
-            ShakeDigest256.BlockUpdate(seed, 0, DilithiumEngine.SeedBytes);
+            ShakeDigest256.BlockUpdate(seed, 0, Engine.CTilde);
             ShakeDigest256.Output(buf, 0, Symmetric.Stream256BlockBytes);
 
             signs = 0;
-- 
cgit 1.4.1