Try to refactor MapGroup1.

gefeili · gefeili · commit 1bb0a7653da4 · 2025-04-01T12:51:59.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/MapGroup1.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/MapGroup1.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.pqc.crypto.snova;
 
+import org.bouncycastle.util.GF16;
+
 class MapGroup1
 {
     public final byte[][][][] p11;  // [m][v][v]
@@ -26,6 +28,102 @@ public MapGroup1(SnovaParameters params)
         qAlpha2 = new byte[m][alpha][lsq];
     }
 
+    public void decode(byte[] input, SnovaParameters params, int len)
+    {
+//        int m = params.getM();
+//        int v = params.getV();
+//        int o = params.getO();
+//        int alpha = params.getAlpha();
+        int lsq = params.getLsq();
+        if ((lsq & 1) == 0)
+        {
+            int inOff = decodeP(input, 0, p11, len);
+            inOff += decodeP(input, inOff, p12, len - inOff);
+            inOff += decodeP(input, inOff, p21, len - inOff);
+            inOff += decodeAlpha(input, inOff, aAlpha, len - inOff);
+            inOff += decodeAlpha(input, inOff, bAlpha, len - inOff);
+            inOff += decodeAlpha(input, inOff, qAlpha1, len - inOff);
+            decodeAlpha(input, inOff, qAlpha2, len - inOff);
+        }
+//        else
+//        {
+//
+//        }
+    }
+
+//    public boolean decodeArrayLsqOdd(byte[] input, int inOff, boolean isLower, byte[] output, int lsqHalf)
+//    {
+//        int outOff = 0;
+//        if (isLower)
+//        {
+//            for (int i = 0; i < lsqHalf; ++i)
+//            {
+//                output[outOff++] = (byte)(input[inOff] & 0x0F);
+//                output[outOff++] = (byte)((input[inOff++] >>> 4) & 0x0F);
+//            }
+//            output[outOff] = (byte)(input[inOff] & 0x0F);
+//            return false;
+//        }
+//        else
+//        {
+//            for (int i = 0; i < lsqHalf; ++i)
+//            {
+//                output[outOff++] = (byte)((input[inOff++] >>> 4) & 0x0F);
+//                output[outOff++] = (byte)(input[inOff] & 0x0F);
+//            }
+//            output[outOff] = (byte)((input[inOff] >>> 4) & 0x0F);
+//            return true;
+//        }
+//    }
+
+    private int decodeP(byte[] input, int inOff, byte[][][][] p, int len)
+    {
+        int rlt = 0;
+        for (int i = 0; i < p.length; ++i)
+        {
+            rlt += decodeAlpha(input, inOff + rlt, p[i], len);
+        }
+        return rlt;
+    }
+
+    private static int decodeAlpha(byte[] input, int inOff, byte[][][] alpha, int len)
+    {
+        int rlt = 0;
+        for (int i = 0; i < alpha.length; ++i)
+        {
+            for (int j = 0; j < alpha[i].length; ++j)
+            {
+                int tmp = Math.min(alpha[i][j].length, len << 1);
+                GF16.decode(input, inOff + rlt, alpha[i][j], 0, tmp);
+                rlt += (tmp + 1) >> 1;
+                len -= (tmp + 1) >> 1;
+            }
+        }
+        return rlt;
+    }
+
+//    private int decodeP(byte[] input, int inOff, boolean isLower,byte[][][][] p, int lsqHalf)
+//    {
+//        for (int i = 0; i < p.length; ++i)
+//        {
+//            inOff = decodeAlpha(input, inOff, p[i]);
+//        }
+//        return inOff;
+//    }
+
+//    private boolean decodeAlpha(byte[] input, int inOff, boolean isLower, byte[][][] alpha, int lsqHalf)
+//    {
+//        for (int i = 0; i < alpha.length; ++i)
+//        {
+//            for (int j = 0; j < alpha[i].length; ++j)
+//            {
+//                isLower = decodeArrayLsqOdd(input, inOff, isLower, alpha[i][j], lsqHalf);
+//                inOff += lsqHalf + (isLower ? 1 : 0);
+//            }
+//        }
+//        return isLower;
+//    }
+
     public void fill(byte[] input)
     {
         int inOff = fillP(input, 0, p11, input.length);
@@ -61,20 +159,4 @@ static int fillAlpha(byte[] input, int inOff, byte[][][] alpha, int len)
         }
         return rlt;
     }
-
-    static void copyTo(byte[][][][] alpha, byte[] output)
-    {
-        int outOff = 0;
-        for (int i = 0; i < alpha.length; ++i)
-        {
-            for (int j = 0; j < alpha[i].length; ++j)
-            {
-                for (int k = 0; k < alpha[i][j].length; ++k)
-                {
-                    System.arraycopy(alpha[i][j][k], 0, output, outOff, alpha[i][j][k].length);
-                    outOff += alpha[i][j][k].length;
-                }
-            }
-        }
-    }
 }
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java
@@ -11,7 +11,7 @@
 import org.bouncycastle.util.GF16;
 import org.bouncycastle.util.Pack;
 
-public class SnovaEngine
+class SnovaEngine
 {
     private final SnovaParameters params;
     private final int l;
@@ -517,38 +517,32 @@ void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)
                 System.arraycopy(blockOut, 0, prngOutput, offset, remaining);
             }
         }
+//        if ((lsq & 1) == 0)
+//        {
+//            map1.decode(prngOutput, params, (gf16sPrngPublic - qTemp.length) >> 1);
+//        }
+//        else
+//        {
         byte[] temp = new byte[gf16sPrngPublic - qTemp.length];
         GF16.decode(prngOutput, temp, temp.length);
         map1.fill(temp);
+//        }
         if (l >= 4)
         {
-            GF16.decode(prngOutput, temp.length >> 1, qTemp, 0, qTemp.length);
-
+            GF16.decode(prngOutput, (gf16sPrngPublic - qTemp.length) >> 1, qTemp, 0, qTemp.length);
+            int ptArray = 0;
             // Post-processing for invertible matrices
+            int offset = m * alpha * l;
             for (int pi = 0; pi < m; ++pi)
             {
                 for (int a = 0; a < alpha; ++a)
                 {
                     makeInvertibleByAddingAS(map1.aAlpha[pi][a], 0);
                     makeInvertibleByAddingAS(map1.bAlpha[pi][a], 0);
-                }
-            }
-
-            int ptArray = 0;
-            for (int pi = 0; pi < m; ++pi)
-            {
-                for (int a = 0; a < alpha; ++a)
-                {
                     genAFqS(qTemp, ptArray, map1.qAlpha1[pi][a], 0);
                     ptArray += l;
-                }
-            }
-            for (int pi = 0; pi < m; ++pi)
-            {
-                for (int a = 0; a < alpha; ++a)
-                {
-                    genAFqS(qTemp, ptArray, map1.qAlpha2[pi][a], 0);
-                    ptArray += l;
+                    genAFqS(qTemp, offset, map1.qAlpha2[pi][a], 0);
+                    offset += l;
                 }
             }
         }
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java
@@ -134,21 +134,23 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
         final int v = params.getV();
         final int o = params.getO();
         final int n = params.getN();
-        final int bytesHash = (o * lsq + 1) >>> 1;
+        final int mxlsq = m * lsq;
+        final int oxlsq = o * lsq;
+        final int bytesHash = (oxlsq + 1) >>> 1;
         final int bytesSalt = 16;
 
         // Initialize matrices and arrays
-        byte[][] Gauss = new byte[m * lsq][m * lsq + 1];
+        byte[][] Gauss = new byte[mxlsq][mxlsq + 1];
         byte[][] Temp = new byte[lsq][lsq];
-        byte[] solution = new byte[m * lsq];
+        byte[] solution = new byte[mxlsq];
 
         byte[][][][] Left = new byte[m][alpha][v][lsq];
         byte[][][][] Right = new byte[m][alpha][v][lsq];
         byte[] leftXTmp = new byte[lsq];
         byte[] rightXtmp = new byte[lsq];
         byte[][] XInGF16Matrix = new byte[v][lsq];
         byte[][] FvvGF16Matrix = new byte[m][lsq];
-        byte[] hashInGF16 = new byte[m * lsq];
+        byte[] hashInGF16 = new byte[mxlsq];
 
         byte[] signedHash = new byte[bytesHash];
         byte[] vinegarBytes = new byte[(v * lsq + 1) / 2];
@@ -174,9 +176,9 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
             numSign++;
 
             // Fill last column of Gauss matrix
-            for (int i = 0; i < m * lsq; i++)
+            for (int i = 0; i < mxlsq; i++)
             {
-                Gauss[i][m * lsq] = hashInGF16[i];
+                Gauss[i][mxlsq] = hashInGF16[i];
             }
 
             // Generate vinegar values
@@ -227,24 +229,22 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
                 }
             }
 
-            int idx2 = m * lsq;
             // Gaussian elimination setup
-            for (int i = 0; i < m; i++)
+            for (int i = 0, ixlsq = 0; i < m; i++, ixlsq += lsq)
             {
-                for (int j = 0; j < l; j++)
+                for (int j = 0, jxl = 0; j < l; j++, jxl += l)
                 {
-                    for (int k = 0; k < l; k++)
+                    for (int k = 0, jxl_k = jxl; k < l; k++, jxl_k++)
                     {
-                        int idx1 = i * lsq + j * l + k;
-                        Gauss[idx1][idx2] ^= FvvGF16Matrix[i][j * l + k];
+                        Gauss[ixlsq + jxl_k][mxlsq] ^= FvvGF16Matrix[i][jxl_k];
                     }
                 }
             }
 
             // Compute the coefficients of Xo and put into Gauss matrix and compute the coefficients of Xo^t and add into Gauss matrix
-            for (int mi = 0; mi < m; ++mi)
+            for (int mi = 0, mixlsq = 0; mi < m; ++mi, mixlsq += lsq)
             {
-                for (int index = 0; index < o; ++index)
+                for (int index = 0, idxlsq = 0; index < o; ++index, idxlsq += lsq)
                 {
                     for (int a = 0; a < alpha; ++a)
                     {
@@ -297,32 +297,30 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
                         {
                             for (int tj = 0; tj < lsq; ++tj)
                             {
-                                int gaussRow = mi * lsq + ti;
-                                int gaussCol = index * lsq + tj;
-                                Gauss[gaussRow][gaussCol] ^= Temp[ti][tj];
+                                Gauss[mixlsq + ti][idxlsq + tj] ^= Temp[ti][tj];
                             }
                         }
                     }
                 }
             }
             // Gaussian elimination implementation
-            flagRedo = performGaussianElimination(Gauss, solution, m * lsq);
+            flagRedo = performGaussianElimination(Gauss, solution, mxlsq);
         }
         while (flagRedo != 0);
 
         // Copy vinegar variables
         byte[] tmp = new byte[n * lsq];
-        for (int idx = 0; idx < v; idx++)
+        for (int idx = 0, idxlsq = 0; idx < v; idx++, idxlsq += lsq)
         {
-            System.arraycopy(XInGF16Matrix[idx], 0, tmp, idx * lsq, lsq);
-            for (int i = 0; i < o; i++)
+            System.arraycopy(XInGF16Matrix[idx], 0, tmp, idxlsq, lsq);
+            for (int i = 0, ixlsq = 0; i < o; i++, ixlsq += lsq)
             {
-                GF16Utils.gf16mMulTo(T12[idx][i], solution, i * lsq, tmp, idx * lsq, l);
+                GF16Utils.gf16mMulTo(T12[idx][i], solution, ixlsq, tmp, idxlsq, l);
             }
         }
 
         // Copy remaining oil variables
-        System.arraycopy(solution, 0, tmp, v * lsq, lsq * o);
+        System.arraycopy(solution, 0, tmp, v * lsq, oxlsq);
         GF16.encode(tmp, ptSignature, tmp.length);
 
         System.arraycopy(arraySalt, 0, ptSignature, ptSignature.length - bytesSalt, bytesSalt);
diff --git a/core/src/main/java/org/bouncycastle/util/GF16.java b/core/src/main/java/org/bouncycastle/util/GF16.java

Original file line number	Diff line number	Diff line change
`@@ -134,21 +134,23 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,`
`134`	`134`	`final int v = params.getV();`
`135`	`135`	`final int o = params.getO();`
`136`	`136`	`final int n = params.getN();`
`137`		`- final int bytesHash = (o * lsq + 1) >>> 1;`
	`137`	`+ final int mxlsq = m * lsq;`
	`138`	`+ final int oxlsq = o * lsq;`
	`139`	`+ final int bytesHash = (oxlsq + 1) >>> 1;`
`138`	`140`	`final int bytesSalt = 16;`
`139`	`141`
`140`	`142`	`// Initialize matrices and arrays`
`141`		`- byte[][] Gauss = new byte[m * lsq][m * lsq + 1];`
	`143`	`+ byte[][] Gauss = new byte[mxlsq][mxlsq + 1];`
`142`	`144`	`byte[][] Temp = new byte[lsq][lsq];`
`143`		`- byte[] solution = new byte[m * lsq];`
	`145`	`+ byte[] solution = new byte[mxlsq];`
`144`	`146`
`145`	`147`	`byte[][][][] Left = new byte[m][alpha][v][lsq];`
`146`	`148`	`byte[][][][] Right = new byte[m][alpha][v][lsq];`
`147`	`149`	`byte[] leftXTmp = new byte[lsq];`
`148`	`150`	`byte[] rightXtmp = new byte[lsq];`
`149`	`151`	`byte[][] XInGF16Matrix = new byte[v][lsq];`
`150`	`152`	`byte[][] FvvGF16Matrix = new byte[m][lsq];`
`151`		`- byte[] hashInGF16 = new byte[m * lsq];`
	`153`	`+ byte[] hashInGF16 = new byte[mxlsq];`
`152`	`154`
`153`	`155`	`byte[] signedHash = new byte[bytesHash];`
`154`	`156`	`byte[] vinegarBytes = new byte[(v * lsq + 1) / 2];`
`@@ -174,9 +176,9 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,`
`174`	`176`	`numSign++;`
`175`	`177`
`176`	`178`	`// Fill last column of Gauss matrix`
`177`		`- for (int i = 0; i < m * lsq; i++)`
	`179`	`+ for (int i = 0; i < mxlsq; i++)`
`178`	`180`	`{`
`179`		`- Gauss[i][m * lsq] = hashInGF16[i];`
	`181`	`+ Gauss[i][mxlsq] = hashInGF16[i];`
`180`	`182`	`}`
`181`	`183`
`182`	`184`	`// Generate vinegar values`
`@@ -227,24 +229,22 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,`
`227`	`229`	`}`
`228`	`230`	`}`
`229`	`231`
`230`		`- int idx2 = m * lsq;`
`231`	`232`	`// Gaussian elimination setup`
`232`		`- for (int i = 0; i < m; i++)`
	`233`	`+ for (int i = 0, ixlsq = 0; i < m; i++, ixlsq += lsq)`
`233`	`234`	`{`
`234`		`- for (int j = 0; j < l; j++)`
	`235`	`+ for (int j = 0, jxl = 0; j < l; j++, jxl += l)`
`235`	`236`	`{`
`236`		`- for (int k = 0; k < l; k++)`
	`237`	`+ for (int k = 0, jxl_k = jxl; k < l; k++, jxl_k++)`
`237`	`238`	`{`
`238`		`- int idx1 = i * lsq + j * l + k;`
`239`		`- Gauss[idx1][idx2] ^= FvvGF16Matrix[i][j * l + k];`
	`239`	`+ Gauss[ixlsq + jxl_k][mxlsq] ^= FvvGF16Matrix[i][jxl_k];`
`240`	`240`	`}`
`241`	`241`	`}`
`242`	`242`	`}`
`243`	`243`
`244`	`244`	`// Compute the coefficients of Xo and put into Gauss matrix and compute the coefficients of Xo^t and add into Gauss matrix`
`245`		`- for (int mi = 0; mi < m; ++mi)`
	`245`	`+ for (int mi = 0, mixlsq = 0; mi < m; ++mi, mixlsq += lsq)`
`246`	`246`	`{`
`247`		`- for (int index = 0; index < o; ++index)`
	`247`	`+ for (int index = 0, idxlsq = 0; index < o; ++index, idxlsq += lsq)`
`248`	`248`	`{`
`249`	`249`	`for (int a = 0; a < alpha; ++a)`
`250`	`250`	`{`
`@@ -297,32 +297,30 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,`
`297`	`297`	`{`
`298`	`298`	`for (int tj = 0; tj < lsq; ++tj)`
`299`	`299`	`{`
`300`		`- int gaussRow = mi * lsq + ti;`
`301`		`- int gaussCol = index * lsq + tj;`
`302`		`- Gauss[gaussRow][gaussCol] ^= Temp[ti][tj];`
	`300`	`+ Gauss[mixlsq + ti][idxlsq + tj] ^= Temp[ti][tj];`
`303`	`301`	`}`
`304`	`302`	`}`
`305`	`303`	`}`
`306`	`304`	`}`
`307`	`305`	`}`
`308`	`306`	`// Gaussian elimination implementation`
`309`		`- flagRedo = performGaussianElimination(Gauss, solution, m * lsq);`
	`307`	`+ flagRedo = performGaussianElimination(Gauss, solution, mxlsq);`
`310`	`308`	`}`
`311`	`309`	`while (flagRedo != 0);`
`312`	`310`
`313`	`311`	`// Copy vinegar variables`
`314`	`312`	`byte[] tmp = new byte[n * lsq];`
`315`		`- for (int idx = 0; idx < v; idx++)`
	`313`	`+ for (int idx = 0, idxlsq = 0; idx < v; idx++, idxlsq += lsq)`
`316`	`314`	`{`
`317`		`- System.arraycopy(XInGF16Matrix[idx], 0, tmp, idx * lsq, lsq);`
`318`		`- for (int i = 0; i < o; i++)`
	`315`	`+ System.arraycopy(XInGF16Matrix[idx], 0, tmp, idxlsq, lsq);`
	`316`	`+ for (int i = 0, ixlsq = 0; i < o; i++, ixlsq += lsq)`
`319`	`317`	`{`
`320`		`- GF16Utils.gf16mMulTo(T12[idx][i], solution, i * lsq, tmp, idx * lsq, l);`
	`318`	`+ GF16Utils.gf16mMulTo(T12[idx][i], solution, ixlsq, tmp, idxlsq, l);`
`321`	`319`	`}`
`322`	`320`	`}`
`323`	`321`
`324`	`322`	`// Copy remaining oil variables`
`325`		`- System.arraycopy(solution, 0, tmp, v * lsq, lsq * o);`
	`323`	`+ System.arraycopy(solution, 0, tmp, v * lsq, oxlsq);`
`326`	`324`	`GF16.encode(tmp, ptSignature, tmp.length);`
`327`	`325`
`328`	`326`	`System.arraycopy(arraySalt, 0, ptSignature, ptSignature.length - bytesSalt, bytesSalt);`