Add more constant values.

Author: gefeili

core/src/main/java/org/bouncycastle/pqc/crypto/snova/MapGroup1.java

@@ -18,7 +18,7 @@ public MapGroup1(SnovaParameters params)
         int v = params.getV();
         int o = params.getO();
         int alpha = params.getAlpha();
-        int lsq = params.getL() * params.getL();
+        int lsq = params.getLsq();
         p11 = new byte[m][v][v][lsq];
         p12 = new byte[m][v][o][lsq];
         p21 = new byte[m][o][v][lsq];

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java

@@ -15,66 +15,42 @@ class SnovaEngine
 {
     private final SnovaParameters params;
     private final int l;
+    private final int lsq;
+    private final int m;
+    private final int v;
+    private final int o;
+    private final int alpha;
+    private final int n;
     final byte[][] S;
     final int[][] xS;
 
     public SnovaEngine(SnovaParameters params)
     {
         this.params = params;
         this.l = params.getL();
-        int lsq = l * l;
-        S = new byte[l][lsq];
-        xS = new int[l][lsq];
-        be_aI(S[0], 0, (byte)1);
-        beTheS(S[1]);
-        for (int index = 2; index < l; ++index)
-        {
-            GF16Utils.gf16mMul(S[index - 1], S[1], S[index], l);
-        }
-
-        for (int index = 0; index < l; ++index)
-        {
-            for (int ij = 0; ij < lsq; ++ij)
-            {
-                xS[index][ij] = GF16Utils.gf16FromNibble(S[index][ij]);
-            }
-        }
+        this.lsq = params.getLsq();
+        this.m = params.getM();
+        this.v = params.getV();
+        this.o = params.getO();
+        this.alpha = params.getAlpha();
+        this.n = params.getN();
+        S = SnovaParameters.sSet.get(l);
+        xS = SnovaParameters.xSSet.get(l);
     }
 
-    public void be_aI(byte[] target, int off, byte a)
+    static void be_aI(byte[] target, int off, byte a, int l)
     {
-//        // Mask 'a' to ensure it's a valid 4-bit GF16 element
-//        a = (byte)(a & 0x0F);
+        // Ensure 'a' iss a valid 4-bit GF16 element
         int l1 = l + 1;
         for (int i = 0; i < l; ++i, off += l1)
         {
             target[off] = a;
         }
     }
 
-    private void beTheS(byte[] target)
-    {
-        // Set all elements to 8 - (i + j) in GF16 (4-bit values)
-        for (int i = 0, il = 0; i < l; ++i, il += l)
-        {
-            for (int j = 0; j < l; ++j)
-            {
-                int value = 8 - (i + j);
-                target[il + j] = (byte)(value & 0x0F);  // Mask to 4 bits
-            }
-        }
-
-        // Special case for rank 5
-        if (l == 5)
-        {
-            target[24] = (byte)9;  // Set (4,4) to 9
-        }
-    }
-
     // Constant-time GF16 matrix generation
     public void genAFqSCT(byte[] c, int cOff, byte[] ptMatrix)
     {
-        int lsq = l * l;
         int[] xTemp = new int[lsq];
         int l1 = l + 1;
         // Initialize diagonal with c[0]
@@ -102,11 +78,6 @@ public void genAFqSCT(byte[] c, int cOff, byte[] ptMatrix)
         for (int ij = 0; ij < lsq; ij++)
         {
             xTemp[ij] ^= cX * xS[l - 1][ij];
-        }
-
-        // Convert to nibbles and clear temp
-        for (int ij = 0; ij < lsq; ij++)
-        {
             ptMatrix[ij] = GF16Utils.gf16ToNibble(xTemp[ij]);
         }
         Arrays.fill(xTemp, 0); // Secure clear
@@ -298,7 +269,7 @@ private byte determinant5x5(byte[] m, int off)
 
     private void generateASMatrixTo(byte[] target, int off, byte a)
     {
-        for (int i = 0; i < l; i++)
+        for (int i = 0, ixl = off; i < l; i++, ixl += l)
         {
             for (int j = 0; j < l; j++)
             {
@@ -307,15 +278,15 @@ private void generateASMatrixTo(byte[] target, int off, byte a)
                 {
                     coefficient = 9;
                 }
-                target[i * l + j + off] ^= GF16.mul(coefficient, a);
+                target[ixl + j] ^= GF16.mul(coefficient, a);
             }
         }
     }
 
     public void genAFqS(byte[] c, int cOff, byte[] ptMatrix, int off)
     {
         // Initialize with be_aI
-        be_aI(ptMatrix, off, c[cOff]);
+        be_aI(ptMatrix, off, c[cOff], l);
 
         // Process middle terms
         for (int i = 1; i < l - 1; ++i)
@@ -341,12 +312,6 @@ private void gf16mScaleTo(byte[] a, byte k, byte[] c, int cOff)
 
     public void genF(MapGroup2 map2, MapGroup1 map1, byte[][][] T12)
     {
-        int m = params.getM();
-        int v = params.getV();
-        int o = params.getO();
-        int l = params.getL();
-        int lsq = l * l;
-
         // Copy initial matrices
         copy4DMatrix(map1.p11, map2.f11, m, v, v, lsq);
         copy4DMatrix(map1.p12, map2.f12, m, v, o, lsq);
@@ -386,12 +351,6 @@ private static void copy4DMatrix(byte[][][][] src, byte[][][][] dest, int dim1,
 
     public void genP22(byte[] outP22, byte[][][] T12, byte[][][][] P21, byte[][][][] F12)
     {
-        int m = params.getM();
-        int o = params.getO();
-        int v = params.getV();
-        int l = params.getL();
-        int lsq = l * l;
-
         // Initialize P22 with zeros
         byte[] P22 = new byte[m * o * o * lsq];
 
@@ -420,8 +379,8 @@ public void genP22(byte[] outP22, byte[][][] T12, byte[][][][] P21, byte[][][][]
 
     void genSeedsAndT12(byte[][][] T12, byte[] skSeed)
     {
-        int bytesPrngPrivate = (params.getV() * params.getO() * params.getL() + 1) >>> 1;
-        int gf16sPrngPrivate = params.getV() * params.getO() * params.getL();
+        int bytesPrngPrivate = (v * o * l + 1) >>> 1;
+        int gf16sPrngPrivate = v * o * l;
         byte[] prngOutput = new byte[bytesPrngPrivate];
 
         // Generate PRNG output using SHAKE-256
@@ -435,10 +394,9 @@ void genSeedsAndT12(byte[][][] T12, byte[] skSeed)
 
         // Generate T12 matrices
         int ptArray = 0;
-        int l = params.getL();
-        for (int j = 0; j < params.getV(); j++)
+        for (int j = 0; j < v; j++)
         {
-            for (int k = 0; k < params.getO(); k++)
+            for (int k = 0; k < o; k++)
             {
                 //gen_a_FqS_ct
                 genAFqSCT(gf16PrngOutput, ptArray, T12[j][k]);
@@ -449,14 +407,6 @@ void genSeedsAndT12(byte[][][] T12, byte[] skSeed)
 
     void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)
     {
-        int l = params.getL();
-        int lsq = l * l;
-        int m = params.getM();
-        int alpha = params.getAlpha();
-        int v = params.getV();
-        int o = params.getO();
-        int n = v + o;
-
         int gf16sPrngPublic = lsq * (2 * m * alpha + m * (n * n - m * m)) + l * 2 * m * alpha;
         byte[] qTemp = new byte[(m * alpha * lsq + m * alpha * lsq) / l];
         byte[] prngOutput = new byte[(gf16sPrngPublic + 1) >> 1];
@@ -500,7 +450,6 @@ void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)
             ctrCipher.init(true, params);
             int blockSize = ctrCipher.getBlockSize(); // typically 16 bytes
             byte[] zeroBlock = new byte[blockSize];     // block of zeros
-            byte[] blockOut = new byte[blockSize];
 
             int offset = 0;
             // Process full blocks
@@ -512,21 +461,21 @@ void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)
             // Process any remaining partial block.
             if (offset < prngOutput.length)
             {
-                ctrCipher.processBlock(zeroBlock, 0, blockOut, 0);
+                ctrCipher.processBlock(zeroBlock, 0, zeroBlock, 0);
                 int remaining = prngOutput.length - offset;
-                System.arraycopy(blockOut, 0, prngOutput, offset, remaining);
+                System.arraycopy(zeroBlock, 0, prngOutput, offset, remaining);
             }
         }
-//        if ((lsq & 1) == 0)
-//        {
-//            map1.decode(prngOutput, params, (gf16sPrngPublic - qTemp.length) >> 1);
-//        }
-//        else
-//        {
-        byte[] temp = new byte[gf16sPrngPublic - qTemp.length];
-        GF16.decode(prngOutput, temp, temp.length);
-        map1.fill(temp);
-//        }
+        if ((lsq & 1) == 0)
+        {
+            map1.decode(prngOutput, params, (gf16sPrngPublic - qTemp.length) >> 1);
+        }
+        else
+        {
+            byte[] temp = new byte[gf16sPrngPublic - qTemp.length];
+            GF16.decode(prngOutput, temp, temp.length);
+            map1.fill(temp);
+        }
         if (l >= 4)
         {
             GF16.decode(prngOutput, (gf16sPrngPublic - qTemp.length) >> 1, qTemp, 0, qTemp.length);

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyElements.java

@@ -13,12 +13,11 @@ class SnovaKeyElements
     private final int length;
     byte[] fixedAbq;
 
-    public SnovaKeyElements(SnovaParameters params, SnovaEngine engine)
+    public SnovaKeyElements(SnovaParameters params)
     {
         int o = params.getO();
         int l = params.getL();
         int v = params.getV();
-        int alpha = params.getAlpha();
         int lsq = l * l;
         map1 = new MapGroup1(params);
         T12 = new byte[v][o][lsq];
@@ -27,27 +26,7 @@ public SnovaKeyElements(SnovaParameters params, SnovaEngine engine)
         length = o * params.getAlpha() * lsq * 4 + v * o * lsq + (o * v * v + o * v * o + o * o * v) * lsq;
         if (l < 4)
         {
-            fixedAbq = new byte[4 * o * alpha * lsq];
-            //genABQ(byte[] abqSeed)
-            byte[] rngOut = new byte[o * alpha * (lsq + l)];
-            byte[] q12 = new byte[2 * o * alpha * l];
-            byte[] seed = "SNOVA_ABQ".getBytes();
-            SHAKEDigest shake = new SHAKEDigest(256);
-            shake.update(seed, 0, seed.length);
-            shake.doFinal(rngOut, 0, rngOut.length);
-            GF16.decode(rngOut, fixedAbq, 2 * o * alpha * lsq);
-            GF16.decode(rngOut, alpha * lsq, q12, 0, 2 * o * alpha * l);
-            // Post-processing for invertible matrices
-            for (int pi = 0; pi < o; ++pi)
-            {
-                for (int a = 0; a < alpha; ++a)
-                {
-                    engine.makeInvertibleByAddingAS(fixedAbq, (pi * alpha + a) * lsq);
-                    engine.makeInvertibleByAddingAS(fixedAbq, ((o + pi) * alpha + a) * lsq);
-                    engine.genAFqS(q12, (pi * alpha + a) * l, fixedAbq, ((2 * o + pi) * alpha + a) * lsq);
-                    engine.genAFqS(q12, ((o + pi) * alpha + a) * l, fixedAbq, ((3 * o + pi) * alpha + a) * lsq);
-                }
-            }
+            fixedAbq = SnovaParameters.fixedAbqSet.get(o);
         }
     }
 

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyPairGenerator.java

@@ -46,7 +46,7 @@ public AsymmetricCipherKeyPair generateKeyPair()
         byte[] ptPublicKeySeed = Arrays.copyOfRange(seedPair, 0, publicSeedLength);
         byte[] ptPrivateKeySeed = Arrays.copyOfRange(seedPair, publicSeedLength, seedPair.length);
 
-        SnovaKeyElements keyElements = new SnovaKeyElements(params, engine);
+        SnovaKeyElements keyElements = new SnovaKeyElements(params);
         generateKeysCore(keyElements, ptPublicKeySeed, ptPrivateKeySeed);
 
         // Pack public key components