Refactoring in NTRU

Author: peterdettman

core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUKEMExtractor.java

@@ -11,7 +11,6 @@
 public class NTRUKEMExtractor
     implements EncapsulatedSecretExtractor
 {
-    private final NTRUParameters params;
     private final NTRUPrivateKeyParameters ntruPrivateKey;
 
     /**
@@ -22,53 +21,50 @@ public class NTRUKEMExtractor
      */
     public NTRUKEMExtractor(NTRUPrivateKeyParameters ntruPrivateKey)
     {
-        this.params = ntruPrivateKey.getParameters();
+        if (ntruPrivateKey == null)
+        {
+            throw new NullPointerException("'ntruPrivateKey' cannot be null");
+        }
+
         this.ntruPrivateKey = ntruPrivateKey;
     }
 
-
-    @Override
     public byte[] extractSecret(byte[] encapsulation)
     {
-//        assert this.ntruPrivateKey != null;
-        NTRUParameterSet parameterSet = this.params.parameterSet;
+        NTRUParameterSet parameterSet = ntruPrivateKey.getParameters().getParameterSet();
+
+        if (encapsulation == null)
+        {
+            throw new NullPointerException("'encapsulation' cannot be null");
+        }
+        if (encapsulation.length != parameterSet.ntruCiphertextBytes())
+        {
+            throw new IllegalArgumentException("encapsulation");
+        }
 
         byte[] sk = this.ntruPrivateKey.privateKey;
-        int i, fail;
-        byte[] rm;
-        byte[] buf = new byte[parameterSet.prfKeyBytes() + parameterSet.ntruCiphertextBytes()];
 
         NTRUOWCPA owcpa = new NTRUOWCPA(parameterSet);
-        OWCPADecryptResult owcpaResult = owcpa.decrypt(encapsulation, ntruPrivateKey.privateKey);
-        rm = owcpaResult.rm;
-        fail = owcpaResult.fail;
+        OWCPADecryptResult owcpaResult = owcpa.decrypt(encapsulation, sk);
+        byte[] rm = owcpaResult.rm;
+        int fail = owcpaResult.fail;
         /* If fail = 0 then c = Enc(h, rm). There is no need to re-encapsulate. */
         /* See comment in owcpa_dec for details.                                */
 
         SHA3Digest sha3256 = new SHA3Digest(256);
-
         byte[] k = new byte[sha3256.getDigestSize()];
 
         sha3256.update(rm, 0, rm.length);
         sha3256.doFinal(k, 0);
 
         /* shake(secret PRF key || input ciphertext) */
-        for (i = 0; i < parameterSet.prfKeyBytes(); i++)
-        {
-            buf[i] = sk[i + parameterSet.owcpaSecretKeyBytes()];
-        }
-        for (i = 0; i < parameterSet.ntruCiphertextBytes(); i++)
-        {
-            buf[parameterSet.prfKeyBytes() + i] = encapsulation[i];
-        }
-        sha3256.reset();
-        sha3256.update(buf, 0, buf.length);
+        sha3256.update(sk, parameterSet.owcpaSecretKeyBytes(), parameterSet.prfKeyBytes());
+        sha3256.update(encapsulation, 0, encapsulation.length);
         sha3256.doFinal(rm, 0);
 
         cmov(k, rm, (byte)fail);
 
         byte[] sharedKey = Arrays.copyOfRange(k, 0, parameterSet.sharedKeyBytes());
-
         Arrays.clear(k);
 
         return sharedKey;
@@ -85,6 +81,6 @@ private void cmov(byte[] r, byte[] x, byte b)
 
     public int getEncapsulationLength()
     {
-        return params.parameterSet.ntruCiphertextBytes();
+        return ntruPrivateKey.getParameters().getParameterSet().ntruCiphertextBytes();
     }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUKEMGenerator.java

@@ -29,42 +29,51 @@ public class NTRUKEMGenerator
      */
     public NTRUKEMGenerator(SecureRandom random)
     {
+        if (random == null)
+        {
+            throw new NullPointerException("'random' cannot be null");
+        }
+
         this.random = random;
     }
 
     public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter recipientKey)
     {
-        NTRUParameterSet parameterSet = ((NTRUPublicKeyParameters)recipientKey).getParameters().parameterSet;
+        if (recipientKey == null)
+        {
+            throw new NullPointerException("'recipientKey' cannot be null");
+        }
+
+        NTRUPublicKeyParameters publicKey = (NTRUPublicKeyParameters)recipientKey;
+
+        NTRUParameterSet parameterSet = publicKey.getParameters().getParameterSet();
         NTRUSampling sampling = new NTRUSampling(parameterSet);
         NTRUOWCPA owcpa = new NTRUOWCPA(parameterSet);
-        Polynomial r;
-        Polynomial m;
         byte[] rm = new byte[parameterSet.owcpaMsgBytes()];
         byte[] rmSeed = new byte[parameterSet.sampleRmBytes()];
 
         random.nextBytes(rmSeed);
 
         PolynomialPair pair = sampling.sampleRm(rmSeed);
-        r = pair.r();
-        m = pair.m();
+        Polynomial r = pair.r();
+        Polynomial m = pair.m();
 
         r.s3ToBytes(rm, 0);
         m.s3ToBytes(rm, parameterSet.packTrinaryBytes());
 
         SHA3Digest sha3256 = new SHA3Digest(256);
-        sha3256.update(rm, 0, rm.length);
-
         byte[] k = new byte[sha3256.getDigestSize()];
 
+        sha3256.update(rm, 0, rm.length);
         sha3256.doFinal(k, 0);
 
         r.z3ToZq();
-        byte[] c = owcpa.encrypt(r, m, ((NTRUPublicKeyParameters)recipientKey).publicKey);
 
-        byte[] sharedKey = Arrays.copyOfRange(k, 0, parameterSet.sharedKeyBytes());
+        byte[] c = owcpa.encrypt(r, m, publicKey.publicKey);
 
+        byte[] sharedKey = Arrays.copyOfRange(k, 0, parameterSet.sharedKeyBytes());
         Arrays.clear(k);
-        
+
         return new SecretWithEncapsulationImpl(sharedKey, c);
     }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUKeyPairGenerator.java

@@ -6,6 +6,7 @@
 import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.pqc.math.ntru.parameters.NTRUParameterSet;
+import org.bouncycastle.util.Arrays;
 
 /**
  * Key generator for NTRU.
@@ -19,32 +20,31 @@ public class NTRUKeyPairGenerator
     private NTRUKeyGenerationParameters params;
     private SecureRandom random;
 
-    @Override
     public void init(KeyGenerationParameters param)
     {
         this.params = (NTRUKeyGenerationParameters)param;
         this.random = param.getRandom();
     }
 
-    @Override
     public AsymmetricCipherKeyPair generateKeyPair()
     {
-//        assert this.random != null;
-        NTRUParameterSet parameterSet = this.params.getParameters().parameterSet;
+        NTRUParameters parameters = params.getParameters();
+        NTRUParameterSet parameterSet = parameters.getParameterSet();
+
         byte[] seed = new byte[parameterSet.sampleFgBytes()];
         random.nextBytes(seed);
 
         NTRUOWCPA owcpa = new NTRUOWCPA(parameterSet);
         OWCPAKeyPair owcpaKeys = owcpa.keypair(seed);
+
         byte[] publicKey = owcpaKeys.publicKey;
-        byte[] privateKey = new byte[parameterSet.ntruSecretKeyBytes()];
-        byte[] owcpaPrivateKey = owcpaKeys.privateKey;
-        System.arraycopy(owcpaPrivateKey, 0, privateKey, 0, owcpaPrivateKey.length);
 
         byte[] prfBytes = new byte[parameterSet.prfKeyBytes()];
         random.nextBytes(prfBytes);
-        System.arraycopy(prfBytes, 0, privateKey, parameterSet.owcpaSecretKeyBytes(), prfBytes.length);
+        byte[] privateKey = Arrays.concatenate(owcpaKeys.privateKey, prfBytes);
 
-        return new AsymmetricCipherKeyPair(new NTRUPublicKeyParameters(params.getParameters(), publicKey), new NTRUPrivateKeyParameters(params.getParameters(), privateKey));
+        return new AsymmetricCipherKeyPair(
+            new NTRUPublicKeyParameters(parameters, publicKey),
+            new NTRUPrivateKeyParameters(parameters, privateKey));
     }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUParameters.java

@@ -1,6 +1,5 @@
 package org.bouncycastle.pqc.crypto.ntru;
 
-import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.pqc.crypto.KEMParameters;
 import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPS2048509;
 import org.bouncycastle.pqc.math.ntru.parameters.NTRUHPS2048677;
@@ -45,10 +44,7 @@ public class NTRUParameters
     public static final NTRUParameters ntruhrss1373 = new NTRUParameters("ntruhrss1373", new NTRUHRSS1373());
 
     private final String name;
-    /**
-     * Currently selected parameter set
-     */
-    final NTRUParameterSet parameterSet;
+    private final NTRUParameterSet parameterSet;
 
     private NTRUParameters(String name, NTRUParameterSet parameterSet)
     {
@@ -61,6 +57,21 @@ public String getName()
         return name;
     }
 
+    NTRUParameterSet getParameterSet()
+    {
+        return parameterSet;
+    }
+
+    int getPrivateKeyLength()
+    {
+        return getParameterSet().ntruSecretKeyBytes();
+    }
+
+    int getPublicKeyLength()
+    {
+        return getParameterSet().ntruPublicKeyBytes();
+    }
+
     public int getSessionKeySize()
     {
         return parameterSet.sharedKeyBytes() * 8;

core/src/test/java/org/bouncycastle/pqc/crypto/test/NTRUTest.java

@@ -31,7 +31,6 @@
 public class NTRUTest
     extends TestCase
 {
-    private final String KAT_ROOT = "/org/bouncycastle/pqc/crypto/test/ntru/";
     private final NTRUParameters[] params = {
         NTRUParameters.ntruhps2048509,
         NTRUParameters.ntruhps2048677,
@@ -59,6 +58,16 @@ public class NTRUTest
         "PQCkemKAT_2983.rsp"
     };
 
+    public void testParameters()
+    {
+        assertEquals(256, NTRUParameters.ntruhps2048509.getSessionKeySize());
+        assertEquals(256, NTRUParameters.ntruhps2048677.getSessionKeySize());
+        assertEquals(256, NTRUParameters.ntruhps4096821 .getSessionKeySize());
+        assertEquals(256, NTRUParameters.ntruhps40961229.getSessionKeySize());
+        assertEquals(256, NTRUParameters.ntruhrss701.getSessionKeySize());
+        assertEquals(256, NTRUParameters.ntruhrss1373.getSessionKeySize());
+    }
+
     public void testPrivInfoGeneration()
         throws IOException
     {