bcgit
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstants.java‎
Lines changed: 52 additions & 219 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstants.java‎
Lines changed: 52 additions & 219 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstantsL1.java‎
Lines changed: 55 additions & 0 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstantsL1.java‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstantsL3.java‎
Lines changed: 54 additions & 0 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstantsL3.java‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstantsL5.java‎
Lines changed: 53 additions & 0 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/LowmcConstantsL5.java‎
Lines changed: 53 additions & 0 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/PicnicEngine.java‎
Lines changed: 20 additions & 17 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/PicnicEngine.java‎
Lines changed: 20 additions & 17 deletions
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/PicnicParameters.java‎
Lines changed: 32 additions & 1 deletion b/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/PicnicParameters.java‎
Lines changed: 32 additions & 1 deletion
diff --git a/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/Tape.java‎
Lines changed: 3 additions & 3 deletions b/‎core/src/main/java/org/bouncycastle/pqc/crypto/picnic/Tape.java‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎core/src/main/resources/org/bouncycastle/pqc/crypto/picnic/lowmc.properties‎
Lines changed: 0 additions & 30 deletions b/‎core/src/main/resources/org/bouncycastle/pqc/crypto/picnic/lowmc.properties‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎core/src/main/resources/org/bouncycastle/pqc/crypto/picnic/lowmcL1.properties‎
Lines changed: 10 additions & 0 deletions b/‎core/src/main/resources/org/bouncycastle/pqc/crypto/picnic/lowmcL1.properties‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎core/src/main/resources/org/bouncycastle/pqc/crypto/picnic/lowmcL3.properties‎
Lines changed: 10 additions & 0 deletions b/‎core/src/main/resources/org/bouncycastle/pqc/crypto/picnic/lowmcL3.properties‎
Lines changed: 10 additions & 0 deletions
@@ -0,0 +1,55 @@
+package org.bouncycastle.pqc.crypto.picnic;
+
+import org.bouncycastle.util.Exceptions;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+public class LowmcConstantsL1
+    extends LowmcConstants
+{
+    LowmcConstantsL1()
+    {
+        InputStream input = LowmcConstants.class.getResourceAsStream("lowmcL1.properties");
+        Properties props = new Properties();
+
+        // load a properties file
+        try
+        {
+            props.load(input);
+        }
+        catch (IOException e)
+        {
+            throw Exceptions.illegalStateException("unable to load Picnic properties: " + e.getMessage(), e);
+        }
+
+        // Parameters for security level L1
+        // Block/key size: 128
+        // Rounds: 20
+        linearMatrices = ReadFromProperty(props, "linearMatrices", 40960);
+        roundConstants = ReadFromProperty(props, "roundConstants", 320);
+        keyMatrices = ReadFromProperty(props, "keyMatrices", 43008);
+
+        LMatrix = new KMatrices(20, 128, 4, linearMatrices);
+        KMatrix = new KMatrices(21, 128, 4, keyMatrices);
+        RConstants = new KMatrices(0, 1, 4, roundConstants);
+
+        // Parameters for security level L1, full s-box layer
+        // Block/key size: 129
+        // Rounds: 4
+        // Note that each 129-bit row of the matrix is zero padded to 160 bits (the next multiple of 32)
+        linearMatrices_full = ReadFromProperty(props, "linearMatrices_full", 12800);
+        keyMatrices_full = ReadFromProperty(props, "keyMatrices_full", 12900);
+        keyMatrices_inv = ReadFromProperty(props, "keyMatrices_inv", 2850);
+        linearMatrices_inv = ReadFromProperty(props, "linearMatrices_inv", 12800);
+        roundConstants_full = ReadFromProperty(props, "roundConstants_full", 80);
+
+        LMatrix_full = new KMatrices(4, 129, 5, linearMatrices_full);
+        LMatrix_inv = new KMatrices(4, 129, 5, linearMatrices_inv);
+        KMatrix_full = new KMatrices(5, 129, 5, keyMatrices_full);
+        KMatrix_inv = new KMatrices(1, 129, 5, keyMatrices_inv);
+        RConstants_full = new KMatrices(4, 1, 5, roundConstants_full);
+
+    }
+}
@@ -0,0 +1,54 @@
+package org.bouncycastle.pqc.crypto.picnic;
+
+import org.bouncycastle.util.Exceptions;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+public class LowmcConstantsL3
+    extends LowmcConstants
+{
+    LowmcConstantsL3()
+    {
+        InputStream input = LowmcConstants.class.getResourceAsStream("lowmcL3.properties");
+        Properties props = new Properties();
+
+        // load a properties file
+        try
+        {
+            props.load(input);
+        }
+        catch (IOException e)
+        {
+            throw Exceptions.illegalStateException("unable to load Picnic properties: " + e.getMessage(), e);
+        }
+
+        // Parameters for security level L3
+        // Block/key size: 192
+        // Rounds: 30
+        linearMatrices = ReadFromProperty(props, "linearMatrices", 138240);
+        roundConstants = ReadFromProperty(props, "roundConstants", 720);
+        keyMatrices = ReadFromProperty(props, "keyMatrices", 142848);
+
+        LMatrix = new KMatrices(30, 192, 6, linearMatrices);
+        KMatrix = new KMatrices(31, 192, 6, keyMatrices);
+        RConstants = new KMatrices(30, 1, 6, roundConstants);
+
+        // Parameters for security level L3, full s-box layer
+        // Block/key size: 192
+        // S-boxes: 64
+        // Rounds: 4
+        linearMatrices_full = ReadFromProperty(props, "linearMatrices_full", 18432);
+        linearMatrices_inv = ReadFromProperty(props, "linearMatrices_inv", 18432);
+        roundConstants_full = ReadFromProperty(props, "roundConstants_full", 96);
+        keyMatrices_full = ReadFromProperty(props, "keyMatrices_full", 23040);
+        keyMatrices_inv = ReadFromProperty(props, "keyMatrices_inv", 4608);
+
+        LMatrix_full = new KMatrices(4, 192, 6, linearMatrices_full);
+        LMatrix_inv = new KMatrices(4, 192, 6, linearMatrices_inv);
+        KMatrix_full = new KMatrices(5, 192, 6, keyMatrices_full);
+        KMatrix_inv = new KMatrices(1, 192, 6, keyMatrices_inv);
+        RConstants_full = new KMatrices(4, 1, 6, roundConstants_full);
+    }
+}
@@ -0,0 +1,53 @@
+package org.bouncycastle.pqc.crypto.picnic;
+
+import org.bouncycastle.util.Exceptions;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+public class LowmcConstantsL5
+    extends LowmcConstants
+{
+    LowmcConstantsL5()
+    {
+        InputStream input = LowmcConstants.class.getResourceAsStream("lowmcL5.properties");
+        Properties props = new Properties();
+
+        // load a properties file
+        try
+        {
+            props.load(input);
+        }
+        catch (IOException e)
+        {
+            throw Exceptions.illegalStateException("unable to load Picnic properties: " + e.getMessage(), e);
+        }
+        // Parameters for security level L5
+        // Block/key size: 256
+        // Rounds: 38
+        linearMatrices = ReadFromProperty(props, "linearMatrices", 311296);
+        roundConstants = ReadFromProperty(props, "roundConstants", 1216);
+        keyMatrices = ReadFromProperty(props, "keyMatrices", 319488);
+
+        LMatrix = new KMatrices(38, 256, 8, linearMatrices);
+        KMatrix = new KMatrices(39, 256, 8, keyMatrices);
+        RConstants = new KMatrices(38, 1, 8, roundConstants);
+
+        // Parameters for security level L5, full nonlinear layer
+        // Block/key size: 255
+        // S-boxes: 85
+        // Rounds: 4
+        linearMatrices_full = ReadFromProperty(props, "linearMatrices_full", 32768);
+        linearMatrices_inv = ReadFromProperty(props, "linearMatrices_inv", 32768);
+        roundConstants_full = ReadFromProperty(props, "roundConstants_full", 128);
+        keyMatrices_full = ReadFromProperty(props, "keyMatrices_full", 40960);
+        keyMatrices_inv = ReadFromProperty(props, "keyMatrices_inv", 8160);
+
+        LMatrix_full = new KMatrices(4, 255, 8, linearMatrices_full);
+        LMatrix_inv = new KMatrices(4, 255, 8, linearMatrices_inv);
+        KMatrix_full = new KMatrices(5, 255, 8, keyMatrices_full);
+        KMatrix_inv = new KMatrices(1, 255, 8, keyMatrices_inv);
+        RConstants_full = new KMatrices(4, 1, 8, roundConstants_full);
+    }
+}
@@ -89,9 +89,12 @@ public int getTrueSignatureSize()
     {
         return signatureLength;
     }
+
+    protected final LowmcConstants lowmcConstants;
 
-    PicnicEngine(int picnicParams)
+    PicnicEngine(int picnicParams, LowmcConstants lowmcConstants)
     {
+        this.lowmcConstants = lowmcConstants;
         parameters = picnicParams;
         switch (parameters)
         {
@@ -531,7 +534,7 @@ void mpc_LowMC_verify(View view1, View view2, Tape tapes, int[] tmp, int[] plain
 
         mpc_xor_constant_verify(tmp, plaintext, 0, stateSizeWords, challenge);
 
-        KMatricesWithPointer current = LowmcConstants.KMatrix(this, 0);
+        KMatricesWithPointer current = lowmcConstants.KMatrix(this, 0);
         matrix_mul_offset(tmp, 0,
                 view1.inputShare, 0,
                 current.getData(), current.getMatrixPointer());
@@ -543,7 +546,7 @@ void mpc_LowMC_verify(View view1, View view2, Tape tapes, int[] tmp, int[] plain
 
         for (int r = 1; r <= numRounds; ++r)
         {
-            current = LowmcConstants.KMatrix(this, r);
+            current = lowmcConstants.KMatrix(this, r);
             matrix_mul_offset(tmp, 0,
                     view1.inputShare, 0,
                     current.getData(), current.getMatrixPointer());
@@ -553,12 +556,12 @@ void mpc_LowMC_verify(View view1, View view2, Tape tapes, int[] tmp, int[] plain
 
             mpc_substitution_verify(tmp, tapes, view1, view2);
 
-            current = LowmcConstants.LMatrix(this, r - 1);
+            current = lowmcConstants.LMatrix(this, r - 1);
             mpc_matrix_mul(tmp, 2*stateSizeWords,
                     tmp, 2*stateSizeWords,
                     current.getData(), current.getMatrixPointer(), 2);
 
-            current = LowmcConstants.RConstant(this, r - 1);
+            current = lowmcConstants.RConstant(this, r - 1);
             mpc_xor_constant_verify(tmp, current.getData(), current.getMatrixPointer(), stateSizeWords, challenge);
             mpc_xor(tmp, tmp, stateSizeWords, 2);
         }
@@ -1541,7 +1544,7 @@ private void mpc_LowMC(Tape tapes, View[] views, int[] plaintext, int[] slab)
 
         mpc_xor_constant(slab, 3*stateSizeWords, plaintext, 0, stateSizeWords);
 
-        KMatricesWithPointer current = LowmcConstants.KMatrix(this, 0);
+        KMatricesWithPointer current = lowmcConstants.KMatrix(this, 0);
         for (int player = 0; player < 3; player++)
         {
             matrix_mul_offset(slab, player  * stateSizeWords, views[player].inputShare, 0,
@@ -1552,7 +1555,7 @@ private void mpc_LowMC(Tape tapes, View[] views, int[] plaintext, int[] slab)
 
         for (int r = 1; r <= numRounds; r++)
         {
-            current = LowmcConstants.KMatrix(this, r);
+            current = lowmcConstants.KMatrix(this, r);
             for (int player = 0; player < 3; player++)
             {
                 matrix_mul_offset(slab, player  * stateSizeWords,
@@ -1562,12 +1565,12 @@ private void mpc_LowMC(Tape tapes, View[] views, int[] plaintext, int[] slab)
 
             mpc_substitution(slab, tapes, views);
 
-            current = LowmcConstants.LMatrix(this, r - 1);
+            current = lowmcConstants.LMatrix(this, r - 1);
             mpc_matrix_mul(slab, 3*stateSizeWords,
                            slab, 3*stateSizeWords,
                            current.getData(), current.getMatrixPointer(), 3);
 
-            current = LowmcConstants.RConstant(this, r - 1);
+            current = lowmcConstants.RConstant(this, r - 1);
             mpc_xor_constant(slab, 3*stateSizeWords,
                              current.getData(), current.getMatrixPointer(), stateSizeWords);
 
@@ -2032,7 +2035,7 @@ private int simulateOnline(int[] maskedKey, Tape tape, int[] tmp_shares,
         int[] roundKey = new int[LOWMC_MAX_WORDS];
         int[] state = new int[LOWMC_MAX_WORDS];
 
-        KMatricesWithPointer current = LowmcConstants.KMatrix(this,0);
+        KMatricesWithPointer current = lowmcConstants.KMatrix(this,0);
         matrix_mul(roundKey, maskedKey, current.getData(), current.getMatrixPointer()); // roundKey = maskedKey * KMatrix[0]
         xor_array(state, roundKey, plaintext,0, stateSizeWords);      // state = plaintext + roundKey
 
@@ -2041,13 +2044,13 @@ private int simulateOnline(int[] maskedKey, Tape tape, int[] tmp_shares,
             tapesToWords(tmp_shares, tape);
             mpc_sbox(state, tmp_shares, tape, msg);
 
-            current = LowmcConstants.LMatrix(this, r - 1);
+            current = lowmcConstants.LMatrix(this, r - 1);
             matrix_mul(state, state, current.getData(), current.getMatrixPointer()); // state = state * LMatrix (r-1)
 
-            current = LowmcConstants.RConstant(this,r - 1);
+            current = lowmcConstants.RConstant(this,r - 1);
             xor_array(state, state, current.getData(), current.getMatrixPointer(), stateSizeWords);  // state += RConstant
 
-            current = LowmcConstants.KMatrix(this, r);
+            current = lowmcConstants.KMatrix(this, r);
             matrix_mul(roundKey, maskedKey, current.getData(), current.getMatrixPointer());
             xor_array(state, roundKey, state, 0, stateSizeWords);      // state += roundKey
         }
@@ -2365,22 +2368,22 @@ private void LowMCEnc(int[] plaintext, int[] output, int[] key)
             System.arraycopy(plaintext, 0, output, 0, stateSizeWords);
         }
 
-        KMatricesWithPointer current = LowmcConstants.KMatrix(this,0);
+        KMatricesWithPointer current = lowmcConstants.KMatrix(this,0);
         matrix_mul(roundKey, key, current.getData(), current.getMatrixPointer());
 
         xor_array(output, output, roundKey, 0,  stateSizeWords);
 
         for (int r = 1; r <= numRounds; r++)
         {
-            current = LowmcConstants.KMatrix(this, r);
+            current = lowmcConstants.KMatrix(this, r);
             matrix_mul(roundKey, key, current.getData(), current.getMatrixPointer());
 
             substitution(output);
 
-            current = LowmcConstants.LMatrix(this,r-1);
+            current = lowmcConstants.LMatrix(this,r-1);
             matrix_mul(output, output, current.getData(), current.getMatrixPointer());
 
-            current = LowmcConstants.RConstant(this,r-1);
+            current = lowmcConstants.RConstant(this,r-1);
             xor_array(output, output, current.getData(), current.getMatrixPointer(), stateSizeWords);
             xor_array(output, output, roundKey, 0, stateSizeWords);
         }
 
@@ -5,6 +5,19 @@
 public class PicnicParameters
     implements CipherParameters
 {
+    private static class L1Constants
+    {
+        protected static final LowmcConstantsL1 Instance = new LowmcConstantsL1();
+    }
+    private static class L3Constants
+    {
+        protected static final LowmcConstantsL3 Instance = new LowmcConstantsL3();
+    }
+    private static class L5Constants
+    {
+        protected static final LowmcConstantsL5 Instance = new LowmcConstantsL5();
+    }
+
     public static final PicnicParameters picnicl1fs = new PicnicParameters("picnicl1fs",  1);
     public static final PicnicParameters picnicl1ur = new PicnicParameters("picnicl1ur",  2);
     public static final PicnicParameters picnicl3fs = new PicnicParameters("picnicl3fs",  3);
@@ -36,6 +49,24 @@ public String getName()
 
     PicnicEngine getEngine()
     {
-        return new PicnicEngine(param);
+        switch (param)
+        {
+            case 1:
+            case 2:
+            case 7:
+            case 10:
+                return new PicnicEngine(param, L1Constants.Instance);
+            case 3:
+            case 4:
+            case 8:
+            case 11:
+                return new PicnicEngine(param, L3Constants.Instance);
+            case 12:
+            case 5:
+            case 6:
+            case 9:
+                return new PicnicEngine(param, L5Constants.Instance);
+            default: return null;
+        }
     }
 }
@@ -54,7 +54,7 @@ protected void computeAuxTape(byte[] inputs)
 //        {System.out.printf("%08x ", key0[i]);}System.out.println();
 
         // key = key0 x KMatrix[0]^(-1)
-        KMatricesWithPointer current = LowmcConstants.KMatrixInv(engine);
+        KMatricesWithPointer current = engine.lowmcConstants.KMatrixInv(engine);
         engine.matrix_mul(key, key0, current.getData(), current.getMatrixPointer());
 
 //        System.out.print("key: ");
@@ -70,12 +70,12 @@ protected void computeAuxTape(byte[] inputs)
 
         for (int r = engine.numRounds; r > 0; r--)
         {
-            current = LowmcConstants.KMatrix(engine, r);
+            current = engine.lowmcConstants.KMatrix(engine, r);
             engine.matrix_mul(roundKey, key, current.getData(), current.getMatrixPointer());    // roundKey = key * KMatrix(r)
 
             engine.xor_array(x, x, roundKey, 0, engine.stateSizeWords);
 
-            current = LowmcConstants.LMatrixInv(engine, r-1);
+            current = engine.lowmcConstants.LMatrixInv(engine, r-1);
             engine.matrix_mul(y, x, current.getData(), current.getMatrixPointer());
 
             if(r == 1)