Reduce the size of SnovaKeyElements

Author: gefeili

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java

@@ -349,7 +349,7 @@ private static void copy4DMatrix(byte[][][][] src, byte[][][][] dest, int dim1,
         }
     }
 
-    public void genP22(byte[] outP22, byte[][][] T12, byte[][][][] P21, byte[][][][] F12)
+    public void genP22(byte[] outP22, int outOff, byte[][][] T12, byte[][][][] P21, byte[][][][] F12)
     {
         // Initialize P22 with zeros
         byte[] P22 = new byte[m * o * o * lsq];
@@ -374,7 +374,7 @@ public void genP22(byte[] outP22, byte[][][] T12, byte[][][][] P21, byte[][][][]
         }
 
         // Convert GF16 elements to packed bytes
-        GF16.encode(P22, outP22, P22.length);
+        GF16.encode(P22, outP22, outOff, P22.length);
     }
 
     void genSeedsAndT12(byte[][][] T12, byte[] skSeed)
@@ -405,7 +405,7 @@ void genSeedsAndT12(byte[][][] T12, byte[] skSeed)
         }
     }
 
-    void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)
+    void genABQP(MapGroup1 map1, byte[] pkSeed)
     {
         int gf16sPrngPublic = lsq * (2 * m * alpha + m * (n * n - m * m)) + l * 2 * m * alpha;
         byte[] qTemp = new byte[(m * alpha * lsq + m * alpha * lsq) / l];
@@ -497,10 +497,23 @@ void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)
         }
         else
         {
+            byte[] fixedAbq = SnovaParameters.fixedAbqSet.get(o);
             MapGroup1.fillAlpha(fixedAbq, 0, map1.aAlpha, m * o * alpha * lsq);
             MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq, map1.bAlpha, (m - 1) * o * alpha * lsq);
             MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq * 2, map1.qAlpha1, (m - 2) * o * alpha * lsq);
             MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq * 3, map1.qAlpha2, (m - 3) * o * alpha * lsq);
         }
     }
+
+    void genMap1T12Map2(SnovaKeyElements keyElements, byte[] pkSeed, byte[] skSeed)
+    {
+        // Generate T12 matrix
+        genSeedsAndT12(keyElements.T12, skSeed);
+
+        // Generate map components
+        genABQP(keyElements.map1, pkSeed);
+
+        // Generate F matrices
+        genF(keyElements.map2, keyElements.map1, keyElements.T12);
+    }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyElements.java

@@ -7,8 +7,6 @@ class SnovaKeyElements
     public final MapGroup2 map2;
     public byte[] ptPrivateKeySeed;
 
-    byte[] fixedAbq;
-
     public SnovaKeyElements(SnovaParameters params)
     {
         int o = params.getO();
@@ -18,46 +16,8 @@ public SnovaKeyElements(SnovaParameters params)
         map1 = new MapGroup1(params);
         T12 = new byte[v][o][lsq];
         map2 = new MapGroup2(params);
-
-        if (l < 4)
-        {
-            fixedAbq = SnovaParameters.fixedAbqSet.get(o);
-        }
     }
 
-//    public void encodeMergerInHalf(byte[] output)
-//    {
-//        byte[] input = new byte[length];
-//        int inOff = 0;
-//        inOff = copy3d(map1.aAlpha, input, inOff);
-//        inOff = copy3d(map1.bAlpha, input, inOff);
-//        inOff = copy3d(map1.qAlpha1, input, inOff);
-//        inOff = copy3d(map1.qAlpha2, input, inOff);
-//        inOff = copy3d(T12, input, inOff);
-//        inOff = copy4d(map2.f11, input, inOff);
-//        inOff = copy4d(map2.f12, input, inOff);
-//        copy4d(map2.f21, input, inOff);
-//        GF16Utils.encodeMergeInHalf(input, length, output);
-//    }
-
-//    public void skUnpack(byte[] input)
-//    {
-//        byte[] tmp = new byte[(input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength) << 1];
-//        GF16Utils.decodeMergeInHalf(input, tmp, tmp.length);
-//        int inOff = 0;
-//        inOff = copy3d(tmp, inOff, map1.aAlpha);
-//        inOff = copy3d(tmp, inOff, map1.bAlpha);
-//        inOff = copy3d(tmp, inOff, map1.qAlpha1);
-//        inOff = copy3d(tmp, inOff, map1.qAlpha2);
-//        inOff = copy3d(tmp, inOff, T12);
-//        inOff = copy4d(tmp, inOff, map2.f11);
-//        inOff = copy4d(tmp, inOff, map2.f12);
-//        copy4d(tmp, inOff, map2.f21);
-//        System.arraycopy(input, input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength, publicKey.publicKeySeed, 0, publicKey.publicKeySeed.length);
-//        ptPrivateKeySeed = new byte[SnovaKeyPairGenerator.privateSeedLength];
-//        System.arraycopy(input, input.length - SnovaKeyPairGenerator.privateSeedLength, ptPrivateKeySeed, 0, ptPrivateKeySeed.length);
-//    }
-
     static int copy3d(byte[][][] alpha, byte[] output, int outOff)
     {
         for (int i = 0; i < alpha.length; ++i)

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyPairGenerator.java

@@ -47,12 +47,11 @@ public AsymmetricCipherKeyPair generateKeyPair()
         byte[] ptPrivateKeySeed = Arrays.copyOfRange(seedPair, publicSeedLength, seedPair.length);
 
         SnovaKeyElements keyElements = new SnovaKeyElements(params);
-        byte[] p22 = new byte[(params.getM() * params.getO() * params.getO() * params.getL() * params.getL() + 1) >> 1];
-        generateKeysCore(keyElements, ptPublicKeySeed, ptPrivateKeySeed, p22);
+        System.arraycopy(ptPublicKeySeed, 0, pk, 0, ptPublicKeySeed.length);
+        generateKeysCore(keyElements, ptPublicKeySeed, ptPrivateKeySeed, pk, ptPublicKeySeed.length);
 
         // Pack public key components
         System.arraycopy(ptPublicKeySeed, 0, pk, 0, ptPublicKeySeed.length);
-        System.arraycopy(p22, 0, pk, ptPublicKeySeed.length, p22.length);
 
         if (params.isSkIsSeed())
         {
@@ -85,18 +84,11 @@ public AsymmetricCipherKeyPair generateKeyPair()
         );
     }
 
-    private void generateKeysCore(SnovaKeyElements keyElements, byte[] pkSeed, byte[] skSeed, byte[] p22)
+    private void generateKeysCore(SnovaKeyElements keyElements, byte[] pkSeed, byte[] skSeed, byte[] p22, int p22Off)
     {
-        // Generate T12 matrix
-        engine.genSeedsAndT12(keyElements.T12, skSeed);
-
-        // Generate map components
-        engine.genABQP(keyElements.map1, pkSeed, keyElements.fixedAbq);
-
-        // Generate F matrices
-        engine.genF(keyElements.map2, keyElements.map1, keyElements.T12);
+        engine.genMap1T12Map2(keyElements, pkSeed, skSeed);
 
         // Generate P22 matrix
-        engine.genP22(p22, keyElements.T12, keyElements.map1.p21, keyElements.map2.f12);
+        engine.genP22(p22, p22Off, keyElements.T12, keyElements.map1.p21, keyElements.map2.f12);
     }
 }

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java

@@ -66,13 +66,7 @@ public byte[] generateSignature(byte[] message)
             byte[] seedPair = privKey.getPrivateKey();
             publicKeySeed = Arrays.copyOfRange(seedPair, 0, SnovaKeyPairGenerator.publicSeedLength);
             keyElements.ptPrivateKeySeed = Arrays.copyOfRange(seedPair, SnovaKeyPairGenerator.publicSeedLength, seedPair.length);
-            engine.genSeedsAndT12(keyElements.T12, keyElements.ptPrivateKeySeed);
-
-            // Generate map components
-            engine.genABQP(keyElements.map1, publicKeySeed, keyElements.fixedAbq);
-
-            // Generate F matrices
-            engine.genF(keyElements.map2, keyElements.map1, keyElements.T12);
+            engine.genMap1T12Map2(keyElements, publicKeySeed, keyElements.ptPrivateKeySeed);
         }
         else
         {
@@ -103,11 +97,11 @@ public boolean verifySignature(byte[] message, byte[] signature)
         byte[] hash = new byte[shake.getDigestSize()];
         shake.update(message, 0, message.length);
         shake.doFinal(hash, 0);
-        SnovaKeyElements keyElements = new SnovaKeyElements(params);
+        MapGroup1 map1 = new MapGroup1(params);
         byte[] pk = pubKey.getEncoded();
         byte[] publicKeySeed = Arrays.copyOf(pk, SnovaKeyPairGenerator.publicSeedLength);
         byte[] p22_source = Arrays.copyOfRange(pk, SnovaKeyPairGenerator.publicSeedLength, pk.length);
-        engine.genABQP(keyElements.map1, publicKeySeed, keyElements.fixedAbq);
+        engine.genABQP(map1, publicKeySeed);
         byte[][][][] p22 = new byte[params.getM()][params.getO()][params.getO()][params.getLsq()];
         if ((params.getLsq() & 1) == 0)
         {
@@ -120,7 +114,7 @@ public boolean verifySignature(byte[] message, byte[] signature)
             MapGroup1.fillP(p22_gf16s, 0, p22, p22_gf16s.length);
         }
 
-        return verifySignatureCore(hash, signature, publicKeySeed, keyElements.map1, p22);
+        return verifySignatureCore(hash, signature, publicKeySeed, map1, p22);
     }
 
     public void createSignedHash(

core/src/main/java/org/bouncycastle/util/GF16.java

@@ -120,27 +120,44 @@ public static void decode(byte[] input, int inOff, byte[] output, int outOff, in
      * Two 4-bit values are packed into one byte, with the first nibble stored in the lower 4 bits
      * and the second nibble stored in the upper 4 bits.
      *
-     * @param input     the input array of 4-bit values (stored as bytes, only lower 4 bits used)
-     * @param output    the output byte array that will hold the encoded bytes
-     * @param outputLen the number of nibbles in the input array
+     * @param input    the input array of 4-bit values (stored as bytes, only lower 4 bits used)
+     * @param output   the output byte array that will hold the encoded bytes
+     * @param inputLen the number of nibbles in the input array
      */
-    public static void encode(byte[] input, byte[] output, int outputLen)
+    public static void encode(byte[] input, byte[] output, int inputLen)
     {
         int i, inOff = 0;
         // Process pairs of 4-bit values
-        for (i = 0; i < outputLen / 2; i++)
+        for (i = 0; i < inputLen / 2; i++)
         {
             int lowerNibble = input[inOff++] & 0x0F;
             int upperNibble = (input[inOff++] & 0x0F) << 4;
             output[i] = (byte)(lowerNibble | upperNibble);
         }
         // If there is an extra nibble (odd number of nibbles), store it directly in lower 4 bits.
-        if ((outputLen & 1) == 1)
+        if ((inputLen & 1) == 1)
         {
             output[i] = (byte)(input[inOff] & 0x0F);
         }
     }
 
+    public static void encode(byte[] input, byte[] output, int outOff, int inputLen)
+    {
+        int i, inOff = 0;
+        // Process pairs of 4-bit values
+        for (i = 0; i < inputLen / 2; i++)
+        {
+            int lowerNibble = input[inOff++] & 0x0F;
+            int upperNibble = (input[inOff++] & 0x0F) << 4;
+            output[outOff++] = (byte)(lowerNibble | upperNibble);
+        }
+        // If there is an extra nibble (odd number of nibbles), store it directly in lower 4 bits.
+        if ((inputLen & 1) == 1)
+        {
+            output[outOff] = (byte)(input[inOff] & 0x0F);
+        }
+    }
+
     public static byte innerProduct(byte[] a, int aOff, byte[] b, int bOff, int rank)
     {
         byte result = 0;