TODO: Evaluate vinegar part of central map

gefeili · gefeili · commit 54b3283d8b2b · 2025-03-25T17:17:32.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyElements.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyElements.java
@@ -78,7 +78,7 @@ public void encodeMergerInHalf(byte[] output)
 
     public void skUnpack(byte[] input)
     {
-        byte[] tmp = new byte[input.length << 1];
+        byte[] tmp = new byte[(input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength)<< 1];
         GF16Utils.decodeMergeInHalf(input, tmp, tmp.length);
         int inOff = 0;
         inOff = copy3d(tmp, inOff, map1.aAlpha);
@@ -89,10 +89,9 @@ public void skUnpack(byte[] input)
         inOff = copy4d(tmp, inOff, map2.f11);
         inOff = copy4d(tmp, inOff, map2.f12);
         inOff = copy4d(tmp, inOff, map2.f21);
-        System.arraycopy(tmp, inOff, publicKey.publicKeySeed, 0, publicKey.publicKeySeed.length);
-        inOff += publicKey.publicKeySeed.length;
+        System.arraycopy(input, input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength, publicKey.publicKeySeed, 0, publicKey.publicKeySeed.length);
         ptPrivateKeySeed = new byte[SnovaKeyPairGenerator.privateSeedLength];
-        System.arraycopy(tmp, inOff, ptPrivateKeySeed, 0, ptPrivateKeySeed.length);
+        System.arraycopy(input, input.length - SnovaKeyPairGenerator.privateSeedLength, ptPrivateKeySeed, 0, ptPrivateKeySeed.length);
     }
 
     public int copy3d(byte[][][] alpha, byte[] output, int outOff)
@@ -134,7 +133,14 @@ public int copy4d(byte[] input, int inOff, byte[][][][] alpha)
     {
         for (int i = 0; i < alpha.length; ++i)
         {
-            inOff = copy3d(alpha[i], input, inOff);
+            for (int j = 0; j < alpha[i].length; ++j)
+            {
+                for (int k = 0; k < alpha[i][j].length; ++k)
+                {
+                    System.arraycopy(input, inOff, alpha[i][j][k], 0, alpha[i][j][k].length);
+                    inOff += alpha[i][j][k].length;
+                }
+            }
         }
         return inOff;
     }
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaParameters.java
@@ -187,4 +187,9 @@ public int getLsq()
     {
         return l * l;
     }
+
+    public int getSaltLength()
+    {
+        return 16;
+    }
 }
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java
@@ -4,15 +4,13 @@
 import java.util.Arrays;
 
 import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoException;
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
-import org.bouncycastle.crypto.DataLengthException;
-import org.bouncycastle.crypto.Signer;
 import org.bouncycastle.crypto.digests.SHAKEDigest;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
+import org.bouncycastle.pqc.crypto.MessageSigner;
 
 public class SnovaSigner
-    implements Signer
+    implements MessageSigner
 {
     private SnovaParameters params;
     private SnovaEngine engine;
@@ -53,25 +51,14 @@ public void init(boolean forSigning, CipherParameters param)
     }
 
     @Override
-    public void update(byte b)
-    {
-        digest.update(b);
-    }
-
-    @Override
-    public void update(byte[] in, int off, int len)
-    {
-        digest.update(in, off, len);
-    }
-
-    @Override
-    public byte[] generateSignature()
-        throws CryptoException, DataLengthException
+    public byte[] generateSignature(byte[] message)
     {
         byte[] hash = new byte[digest.getDigestSize()];
+        digest.update(message, 0, message.length);
         digest.doFinal(hash, 0);
-        byte[] salt = new byte[16];
+        byte[] salt = new byte[params.getSaltLength()];
         random.nextBytes(salt);
+        byte[] signature = new byte[((params.getN() * params.getLsq() + 1) >>> 1) + params.getSaltLength()];
         if (params.isSkIsSeed())
         {
 
@@ -80,22 +67,18 @@ public byte[] generateSignature()
         {
             SnovaKeyElements esk = new SnovaKeyElements(params, engine);
             esk.skUnpack(privKey.getPrivateKey());
+            signDigestCore(signature, hash, salt, esk.map1.aAlpha, esk.map1.bAlpha, esk.map1.qAlpha1, esk.map1.qAlpha2,
+                esk.T12, esk.map2.f11, esk.map2.f12, esk.map2.f21, esk.publicKey.publicKeySeed, esk.ptPrivateKeySeed);
         }
         return new byte[0];
     }
 
     @Override
-    public boolean verifySignature(byte[] signature)
+    public boolean verifySignature(byte[] message, byte[] signature)
     {
         return false;
     }
 
-    @Override
-    public void reset()
-    {
-
-    }
-
     public static void createSignedHash(
         byte[] digest, int bytesDigest,
         byte[] ptPublicKeySeed, int seedLengthPublic,
@@ -120,9 +103,9 @@ public static void createSignedHash(
     }
 
     public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
-                               byte[][][][] Aalpha, byte[][][][] Balpha,
-                               byte[][][][] Qalpha1, byte[][][][] Qalpha2,
-                               byte[][][][] T12, byte[][][][] F11,
+                               byte[][][] Aalpha, byte[][][] Balpha,
+                               byte[][][] Qalpha1, byte[][][] Qalpha2,
+                               byte[][][] T12, byte[][][][] F11,
                                byte[][][][] F12, byte[][][][] F21,
                                byte[] ptPublicKeySeed, byte[] ptPrivateKeySeed)
     {
@@ -168,7 +151,10 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
         do
         {
             // Initialize Gauss matrix
-            Arrays.stream(Gauss).forEach(row -> Arrays.fill(row, (byte)0));
+            for (int i = 0; i < Gauss.length; ++i)
+            {
+                Arrays.fill(Gauss[i], (byte)0);
+            }
             numSign++;
             //flagRedo = 0;
 
@@ -357,6 +343,26 @@ private void multiplyGF16Matrices(byte[][] a, byte[] b, byte[][] result)
         }
     }
 
+    private void multiplyGF16Matrices(byte[] a, byte[][] b, byte[][] result)
+    {
+        for (int i = 0; i < params.getL(); i++)
+        {
+            Arrays.fill(result[i], (byte)0);
+            for (int j = 0; j < params.getL(); j++)
+            {
+                byte sum = 0;
+                for (int k = 0; k < params.getL(); k++)
+                {
+                    sum = GF16Utils.add(sum, GF16Utils.mul(
+                        engine.getGF16m(a, i, k),
+                        b[k][j]
+                    ));
+                }
+                result[i][j] = sum;
+            }
+        }
+    }
+
     private int performGaussianElimination(byte[][] Gauss, byte[] solution, int size)
     {
         final int cols = size + 1;
diff --git a/core/src/test/java/org/bouncycastle/pqc/crypto/test/SnovaTest.java b/core/src/test/java/org/bouncycastle/pqc/crypto/test/SnovaTest.java
@@ -28,42 +28,42 @@ public static void main(String[] args)
 
     private static final SnovaParameters[] PARAMETER_SETS = new SnovaParameters[]
         {
-//            SnovaParameters.SNOVA_24_5_16_4_ESK,
-//            SnovaParameters.SNOVA_24_5_16_4_SHAKE_ESK,
-//            SnovaParameters.SNOVA_24_5_16_4_SHAKE_SSK,
-//            SnovaParameters.SNOVA_24_5_16_4_SSK,
-//            SnovaParameters.SNOVA_24_5_16_5_ESK,
-//            SnovaParameters.SNOVA_24_5_16_5_SHAKE_ESK,
-//            SnovaParameters.SNOVA_24_5_16_5_SHAKE_SSK,
-//            SnovaParameters.SNOVA_24_5_16_5_SSK,
-//            SnovaParameters.SNOVA_25_8_16_3_ESK,
-//            SnovaParameters.SNOVA_25_8_16_3_SHAKE_ESK,
-//            SnovaParameters.SNOVA_25_8_16_3_SHAKE_SSK,
-//            SnovaParameters.SNOVA_25_8_16_3_SSK,
-//            SnovaParameters.SNOVA_29_6_16_5_ESK,
-//            SnovaParameters.SNOVA_29_6_16_5_SHAKE_ESK,
-//            SnovaParameters.SNOVA_29_6_16_5_SHAKE_SSK,
-//            SnovaParameters.SNOVA_29_6_16_5_SSK,
-//            SnovaParameters.SNOVA_37_8_16_4_ESK,
-//            SnovaParameters.SNOVA_37_8_16_4_SHAKE_ESK,
-//            SnovaParameters.SNOVA_37_8_16_4_SHAKE_SSK,
-//            SnovaParameters.SNOVA_37_8_16_4_SSK,
-//            SnovaParameters.SNOVA_37_17_16_2_ESK,
-//            SnovaParameters.SNOVA_37_17_16_2_SHAKE_ESK,
-//            SnovaParameters.SNOVA_37_17_16_2_SHAKE_SSK,
-//            SnovaParameters.SNOVA_37_17_16_2_SSK,
-//            SnovaParameters.SNOVA_49_11_16_3_ESK,
-//            SnovaParameters.SNOVA_49_11_16_3_SHAKE_ESK,
-//            SnovaParameters.SNOVA_49_11_16_3_SHAKE_SSK,
-//            SnovaParameters.SNOVA_49_11_16_3_SSK,
-//            SnovaParameters.SNOVA_56_25_16_2_ESK,
-//            SnovaParameters.SNOVA_56_25_16_2_SHAKE_ESK,
-//            SnovaParameters.SNOVA_56_25_16_2_SHAKE_SSK,
-//            SnovaParameters.SNOVA_56_25_16_2_SSK,
-//            SnovaParameters.SNOVA_60_10_16_4_ESK,
-//            SnovaParameters.SNOVA_60_10_16_4_SHAKE_ESK,
-//            SnovaParameters.SNOVA_60_10_16_4_SHAKE_SSK,
-//            SnovaParameters.SNOVA_60_10_16_4_SSK,
+            SnovaParameters.SNOVA_24_5_16_4_ESK,
+            SnovaParameters.SNOVA_24_5_16_4_SHAKE_ESK,
+            SnovaParameters.SNOVA_24_5_16_4_SHAKE_SSK,
+            SnovaParameters.SNOVA_24_5_16_4_SSK,
+            SnovaParameters.SNOVA_24_5_16_5_ESK,
+            SnovaParameters.SNOVA_24_5_16_5_SHAKE_ESK,
+            SnovaParameters.SNOVA_24_5_16_5_SHAKE_SSK,
+            SnovaParameters.SNOVA_24_5_16_5_SSK,
+            SnovaParameters.SNOVA_25_8_16_3_ESK,
+            SnovaParameters.SNOVA_25_8_16_3_SHAKE_ESK,
+            SnovaParameters.SNOVA_25_8_16_3_SHAKE_SSK,
+            SnovaParameters.SNOVA_25_8_16_3_SSK,
+            SnovaParameters.SNOVA_29_6_16_5_ESK,
+            SnovaParameters.SNOVA_29_6_16_5_SHAKE_ESK,
+            SnovaParameters.SNOVA_29_6_16_5_SHAKE_SSK,
+            SnovaParameters.SNOVA_29_6_16_5_SSK,
+            SnovaParameters.SNOVA_37_8_16_4_ESK,
+            SnovaParameters.SNOVA_37_8_16_4_SHAKE_ESK,
+            SnovaParameters.SNOVA_37_8_16_4_SHAKE_SSK,
+            SnovaParameters.SNOVA_37_8_16_4_SSK,
+            SnovaParameters.SNOVA_37_17_16_2_ESK,
+            SnovaParameters.SNOVA_37_17_16_2_SHAKE_ESK,
+            SnovaParameters.SNOVA_37_17_16_2_SHAKE_SSK,
+            SnovaParameters.SNOVA_37_17_16_2_SSK,
+            SnovaParameters.SNOVA_49_11_16_3_ESK,
+            SnovaParameters.SNOVA_49_11_16_3_SHAKE_ESK,
+            SnovaParameters.SNOVA_49_11_16_3_SHAKE_SSK,
+            SnovaParameters.SNOVA_49_11_16_3_SSK,
+            SnovaParameters.SNOVA_56_25_16_2_ESK,
+            SnovaParameters.SNOVA_56_25_16_2_SHAKE_ESK,
+            SnovaParameters.SNOVA_56_25_16_2_SHAKE_SSK,
+            SnovaParameters.SNOVA_56_25_16_2_SSK,
+            SnovaParameters.SNOVA_60_10_16_4_ESK,
+            SnovaParameters.SNOVA_60_10_16_4_SHAKE_ESK,
+            SnovaParameters.SNOVA_60_10_16_4_SHAKE_SSK,
+            SnovaParameters.SNOVA_60_10_16_4_SSK,
             SnovaParameters.SNOVA_66_15_16_3_ESK,
             SnovaParameters.SNOVA_66_15_16_3_SHAKE_ESK,
             SnovaParameters.SNOVA_66_15_16_3_SHAKE_SSK,
@@ -75,42 +75,42 @@ public static void main(String[] args)
         };
 
     private static final String[] files = new String[]{
-//        "PQCsignKAT_SNOVA_24_5_4_ESK.rsp",
-//        "PQCsignKAT_SNOVA_24_5_4_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_24_5_4_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_24_5_4_SSK.rsp",
-//        "PQCsignKAT_SNOVA_24_5_5_ESK.rsp",
-//        "PQCsignKAT_SNOVA_24_5_5_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_24_5_5_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_24_5_5_SSK.rsp",
-//        "PQCsignKAT_SNOVA_25_8_3_ESK.rsp",
-//        "PQCsignKAT_SNOVA_25_8_3_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_25_8_3_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_25_8_3_SSK.rsp",
-//        "PQCsignKAT_SNOVA_29_6_5_ESK.rsp",
-//        "PQCsignKAT_SNOVA_29_6_5_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_29_6_5_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_29_6_5_SSK.rsp",
-//        "PQCsignKAT_SNOVA_37_8_4_ESK.rsp",
-//        "PQCsignKAT_SNOVA_37_8_4_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_37_8_4_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_37_8_4_SSK.rsp",
-//        "PQCsignKAT_SNOVA_37_17_2_ESK.rsp",
-//        "PQCsignKAT_SNOVA_37_17_2_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_37_17_2_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_37_17_2_SSK.rsp",
-//        "PQCsignKAT_SNOVA_49_11_3_ESK.rsp",
-//        "PQCsignKAT_SNOVA_49_11_3_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_49_11_3_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_49_11_3_SSK.rsp",
-//        "PQCsignKAT_SNOVA_56_25_2_ESK.rsp",
-//        "PQCsignKAT_SNOVA_56_25_2_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_56_25_2_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_56_25_2_SSK.rsp",
-//        "PQCsignKAT_SNOVA_60_10_4_ESK.rsp",
-//        "PQCsignKAT_SNOVA_60_10_4_SHAKE_ESK.rsp",
-//        "PQCsignKAT_SNOVA_60_10_4_SHAKE_SSK.rsp",
-//        "PQCsignKAT_SNOVA_60_10_4_SSK.rsp",
+        "PQCsignKAT_SNOVA_24_5_4_ESK.rsp",
+        "PQCsignKAT_SNOVA_24_5_4_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_24_5_4_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_24_5_4_SSK.rsp",
+        "PQCsignKAT_SNOVA_24_5_5_ESK.rsp",
+        "PQCsignKAT_SNOVA_24_5_5_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_24_5_5_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_24_5_5_SSK.rsp",
+        "PQCsignKAT_SNOVA_25_8_3_ESK.rsp",
+        "PQCsignKAT_SNOVA_25_8_3_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_25_8_3_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_25_8_3_SSK.rsp",
+        "PQCsignKAT_SNOVA_29_6_5_ESK.rsp",
+        "PQCsignKAT_SNOVA_29_6_5_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_29_6_5_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_29_6_5_SSK.rsp",
+        "PQCsignKAT_SNOVA_37_8_4_ESK.rsp",
+        "PQCsignKAT_SNOVA_37_8_4_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_37_8_4_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_37_8_4_SSK.rsp",
+        "PQCsignKAT_SNOVA_37_17_2_ESK.rsp",
+        "PQCsignKAT_SNOVA_37_17_2_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_37_17_2_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_37_17_2_SSK.rsp",
+        "PQCsignKAT_SNOVA_49_11_3_ESK.rsp",
+        "PQCsignKAT_SNOVA_49_11_3_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_49_11_3_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_49_11_3_SSK.rsp",
+        "PQCsignKAT_SNOVA_56_25_2_ESK.rsp",
+        "PQCsignKAT_SNOVA_56_25_2_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_56_25_2_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_56_25_2_SSK.rsp",
+        "PQCsignKAT_SNOVA_60_10_4_ESK.rsp",
+        "PQCsignKAT_SNOVA_60_10_4_SHAKE_ESK.rsp",
+        "PQCsignKAT_SNOVA_60_10_4_SHAKE_SSK.rsp",
+        "PQCsignKAT_SNOVA_60_10_4_SSK.rsp",
         "PQCsignKAT_SNOVA_66_15_3_ESK.rsp",
         "PQCsignKAT_SNOVA_66_15_3_SHAKE_ESK.rsp",
         "PQCsignKAT_SNOVA_66_15_3_SHAKE_SSK.rsp",
@@ -159,13 +159,13 @@ public byte[] getPrivateKeyEncoded(CipherParameters privParams)
             @Override
             public Signer getSigner()
             {
-                return new SnovaSigner();
+                return null;
             }
 
             @Override
             public MessageSigner getMessageSigner()
             {
-                return null;//new SnovaSigner();
+                return new SnovaSigner();
             }
         });
         long end = System.currentTimeMillis();

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ public void encodeMergerInHalf(byte[] output)`
`78`	`78`
`79`	`79`	`public void skUnpack(byte[] input)`
`80`	`80`	`{`
`81`		`- byte[] tmp = new byte[input.length << 1];`
	`81`	`+ byte[] tmp = new byte[(input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength)<< 1];`
`82`	`82`	`GF16Utils.decodeMergeInHalf(input, tmp, tmp.length);`
`83`	`83`	`int inOff = 0;`
`84`	`84`	`inOff = copy3d(tmp, inOff, map1.aAlpha);`
`@@ -89,10 +89,9 @@ public void skUnpack(byte[] input)`
`89`	`89`	`inOff = copy4d(tmp, inOff, map2.f11);`
`90`	`90`	`inOff = copy4d(tmp, inOff, map2.f12);`
`91`	`91`	`inOff = copy4d(tmp, inOff, map2.f21);`
`92`		`- System.arraycopy(tmp, inOff, publicKey.publicKeySeed, 0, publicKey.publicKeySeed.length);`
`93`		`- inOff += publicKey.publicKeySeed.length;`
	`92`	`+ System.arraycopy(input, input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength, publicKey.publicKeySeed, 0, publicKey.publicKeySeed.length);`
`94`	`93`	`ptPrivateKeySeed = new byte[SnovaKeyPairGenerator.privateSeedLength];`
`95`		`- System.arraycopy(tmp, inOff, ptPrivateKeySeed, 0, ptPrivateKeySeed.length);`
	`94`	`+ System.arraycopy(input, input.length - SnovaKeyPairGenerator.privateSeedLength, ptPrivateKeySeed, 0, ptPrivateKeySeed.length);`
`96`	`95`	`}`
`97`	`96`
`98`	`97`	`public int copy3d(byte[][][] alpha, byte[] output, int outOff)`
`@@ -134,7 +133,14 @@ public int copy4d(byte[] input, int inOff, byte[][][][] alpha)`
`134`	`133`	`{`
`135`	`134`	`for (int i = 0; i < alpha.length; ++i)`
`136`	`135`	`{`
`137`		`- inOff = copy3d(alpha[i], input, inOff);`
	`136`	`+ for (int j = 0; j < alpha[i].length; ++j)`
	`137`	`+ {`
	`138`	`+ for (int k = 0; k < alpha[i][j].length; ++k)`
	`139`	`+ {`
	`140`	`+ System.arraycopy(input, inOff, alpha[i][j][k], 0, alpha[i][j][k].length);`
	`141`	`+ inOff += alpha[i][j][k].length;`
	`142`	`+ }`
	`143`	`+ }`
`138`	`144`	`}`
`139`	`145`	`return inOff;`
`140`	`146`	`}`
Original file line number	Diff line number	Diff line change
`@@ -187,4 +187,9 @@ public int getLsq()`
`187`	`187`	`{`
`188`	`188`	`return l * l;`
`189`	`189`	`}`
	`190`	`+`
	`191`	`+ public int getSaltLength()`
	`192`	`+ {`
	`193`	`+ return 16;`
	`194`	`+ }`
`190`	`195`	`}`