Skip to content

Commit 8cbbf61

Browse files
author
gefeili
committed
Refactor of determinant4x4
1 parent b524d1e commit 8cbbf61

File tree

1 file changed

+76
-65
lines changed

1 file changed

+76
-65
lines changed

core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java

Lines changed: 76 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -166,71 +166,93 @@ private byte gf16Determinant(byte[] matrix, int off)
166166
private byte determinant2x2(byte[] m, int off)
167167
{
168168
return (byte)
169-
(gf16Mul(getGF16m(m, 0, off), getGF16m(m, 1, off + 1)) ^
170-
gf16Mul(getGF16m(m, 0, off + 1), getGF16m(m, 1, off)));
169+
(GF16Utils.mul(getGF16m(m, 0, off), getGF16m(m, 1, off + 1)) ^
170+
GF16Utils.mul(getGF16m(m, 0, off + 1), getGF16m(m, 1, off)));
171171
}
172172

173173
private byte determinant3x3(byte[] m, int off, int i0, int i1, int i2)
174174
{
175175
return (byte)(
176-
gf16Mul(getGF16m(m, 0, off + i0), (byte)(
177-
gf16Mul(getGF16m(m, 1, off + i1), getGF16m(m, 2, off + i2)) ^
178-
gf16Mul(getGF16m(m, 1, off + i2), getGF16m(m, 2, off + i1)))) ^
179-
gf16Mul(getGF16m(m, 0, off + i1), (byte)(
180-
gf16Mul(getGF16m(m, 1, off + i0), getGF16m(m, 2, off + i2)) ^
181-
gf16Mul(getGF16m(m, 1, off + i2), getGF16m(m, 2, off + i0)))) ^
182-
gf16Mul(getGF16m(m, 0, off + i2), (byte)(
183-
gf16Mul(getGF16m(m, 1, off + i0), getGF16m(m, 2, off + i1)) ^
184-
gf16Mul(getGF16m(m, 1, off + i1), getGF16m(m, 2, off + i0)))));
176+
GF16Utils.mul(getGF16m(m, 0, off + i0), (byte)(
177+
GF16Utils.mul(getGF16m(m, 1, off + i1), getGF16m(m, 2, off + i2)) ^
178+
GF16Utils.mul(getGF16m(m, 1, off + i2), getGF16m(m, 2, off + i1)))) ^
179+
GF16Utils.mul(getGF16m(m, 0, off + i1), (byte)(
180+
GF16Utils.mul(getGF16m(m, 1, off + i0), getGF16m(m, 2, off + i2)) ^
181+
GF16Utils.mul(getGF16m(m, 1, off + i2), getGF16m(m, 2, off + i0)))) ^
182+
GF16Utils.mul(getGF16m(m, 0, off + i2), (byte)(
183+
GF16Utils.mul(getGF16m(m, 1, off + i0), getGF16m(m, 2, off + i1)) ^
184+
GF16Utils.mul(getGF16m(m, 1, off + i1), getGF16m(m, 2, off + i0)))));
185185
}
186186

187187
private byte determinant4x4(byte[] m, int off)
188188
{
189-
byte d0 = gf16Mul(getGF16m(m, 0, off), (byte)(
190-
pod(m, off, 1, 2, 3, 3, 2) ^
191-
pod(m, off, 2, 1, 3, 3, 1) ^
192-
pod(m, off, 3, 1, 2, 2, 1)));
193-
194-
byte d1 = gf16Mul(getGF16m(m, 0, off + 1), (byte)(
195-
pod(m, off, 0, 2, 3, 3, 2) ^
196-
pod(m, off, 2, 0, 3, 3, 0) ^
197-
pod(m, off, 3, 0, 2, 2, 0)));
198-
199-
byte d2 = gf16Mul(getGF16m(m, 0, off + 2), (byte)(
200-
pod(m, off, 0, 1, 3, 3, 1) ^
201-
pod(m, off, 1, 0, 3, 3, 0) ^
202-
pod(m, off, 3, 0, 1, 1, 0)));
203-
204-
byte d3 = gf16Mul(getGF16m(m, 0, off + 3), (byte)(
205-
pod(m, off, 0, 1, 2, 2, 1) ^
206-
pod(m, off, 1, 0, 2, 2, 0) ^
207-
pod(m, off, 2, 0, 1, 1, 0)));
208-
209-
return (byte)(d0 ^ d1 ^ d2 ^ d3);
189+
byte m00 = m[off++];
190+
byte m01 = m[off++];
191+
byte m02 = m[off++];
192+
byte m03 = m[off++];
193+
byte m10 = m[off++];
194+
byte m11 = m[off++];
195+
byte m12 = m[off++];
196+
byte m13 = m[off++];
197+
byte m20 = m[off++];
198+
byte m21 = m[off++];
199+
byte m22 = m[off++];
200+
byte m23 = m[off++];
201+
byte m30 = m[off++];
202+
byte m31 = m[off++];
203+
byte m32 = m[off++];
204+
byte m33 = m[off];
205+
206+
byte m22xm33_m23xm32 = (byte)(GF16Utils.mul(m22, m33) ^ GF16Utils.mul(m23, m32));
207+
byte m21xm33_m23xm31 = (byte)(GF16Utils.mul(m21, m33) ^ GF16Utils.mul(m23, m31));
208+
byte m21xm32_m22xm31 = (byte)(GF16Utils.mul(m21, m32) ^ GF16Utils.mul(m22, m31));
209+
byte m20xm33_m23xm30 = (byte)(GF16Utils.mul(m20, m33) ^ GF16Utils.mul(m23, m30));
210+
byte m20xm32_m32xm30 = (byte)(GF16Utils.mul(m20, m32) ^ GF16Utils.mul(m22, m30));
211+
byte m20xm31_m21xm30 = (byte)(GF16Utils.mul(m20, m31) ^ GF16Utils.mul(m21, m30));
212+
// POD -> entry[a][b] * (entry[c][d] * entry[e][f] + entry[g][h] * entry[i][j])
213+
return (byte)(GF16Utils.mul(m00, (byte)(GF16Utils.mul(m11, m22xm33_m23xm32) ^
214+
GF16Utils.mul(m12, m21xm33_m23xm31) ^ GF16Utils.mul(m13, m21xm32_m22xm31))) ^
215+
GF16Utils.mul(m01, (byte)(GF16Utils.mul(m10, m22xm33_m23xm32) ^
216+
GF16Utils.mul(m12, m20xm33_m23xm30) ^ GF16Utils.mul(m13, m20xm32_m32xm30))) ^
217+
GF16Utils.mul(m02, (byte)(GF16Utils.mul(m10, m21xm33_m23xm31) ^
218+
GF16Utils.mul(m11, m20xm33_m23xm30) ^ GF16Utils.mul(m13, m20xm31_m21xm30))) ^
219+
GF16Utils.mul(m03, (byte)(GF16Utils.mul(m10, m21xm32_m22xm31) ^
220+
GF16Utils.mul(m11, m20xm32_m32xm30) ^ GF16Utils.mul(m12, m20xm31_m21xm30))));
210221
}
211222

212223
private byte determinant5x5(byte[] m, int off)
213224
{
214-
byte result = gf16Mul(determinant3x3(m, off, 0, 1, 2),
215-
(byte)(gf16Mul(getGF16m(m, 3, off + 3), getGF16m(m, 4, off + 4)) ^ gf16Mul(getGF16m(m, 3, off + 4), getGF16m(m, 4, off + 3))));
216-
result ^= gf16Mul(determinant3x3(m, off, 0, 1, 3),
217-
(byte)(gf16Mul(getGF16m(m, 3, off + 2), getGF16m(m, 4, off + 4)) ^ gf16Mul(getGF16m(m, 3, off + 4), getGF16m(m, 4, off + 2))));
218-
result ^= gf16Mul(determinant3x3(m, off, 0, 1, 4),
219-
(byte)(gf16Mul(getGF16m(m, 3, off + 2), getGF16m(m, 4, off + 3)) ^ gf16Mul(getGF16m(m, 3, off + 3), getGF16m(m, 4, off + 2))));
220-
result ^= gf16Mul(determinant3x3(m, off, 0, 2, 3),
221-
(byte)(gf16Mul(getGF16m(m, 3, off + 1), getGF16m(m, 4, off + 4)) ^ gf16Mul(getGF16m(m, 3, off + 4), getGF16m(m, 4, off + 1))));
222-
result ^= gf16Mul(determinant3x3(m, off, 0, 2, 4),
223-
(byte)(gf16Mul(getGF16m(m, 3, off + 1), getGF16m(m, 4, off + 3)) ^ gf16Mul(getGF16m(m, 3, off + 3), getGF16m(m, 4, off + 1))));
224-
result ^= gf16Mul(determinant3x3(m, off, 0, 3, 4),
225-
(byte)(gf16Mul(getGF16m(m, 3, off + 1), getGF16m(m, 4, off + 2)) ^ gf16Mul(getGF16m(m, 3, off + 2), getGF16m(m, 4, off + 1))));
226-
result ^= gf16Mul(determinant3x3(m, off, 1, 2, 3),
227-
(byte)(gf16Mul(getGF16m(m, 3, off), getGF16m(m, 4, off + 4)) ^ gf16Mul(getGF16m(m, 3, off + 4), getGF16m(m, 4, off))));
228-
result ^= gf16Mul(determinant3x3(m, off, 1, 2, 4),
229-
(byte)(gf16Mul(getGF16m(m, 3, off), getGF16m(m, 4, off + 3)) ^ gf16Mul(getGF16m(m, 3, off + 3), getGF16m(m, 4, off))));
230-
result ^= gf16Mul(determinant3x3(m, off, 1, 3, 4),
231-
(byte)(gf16Mul(getGF16m(m, 3, off), getGF16m(m, 4, off + 2)) ^ gf16Mul(getGF16m(m, 3, off + 2), getGF16m(m, 4, off))));
232-
result ^= gf16Mul(determinant3x3(m, off, 2, 3, 4),
233-
(byte)(gf16Mul(getGF16m(m, 3, off), getGF16m(m, 4, off + 1)) ^ gf16Mul(getGF16m(m, 3, off + 1), getGF16m(m, 4, off))));
225+
byte m30 = getGF16m(m, 3, off);
226+
byte m31 = getGF16m(m, 3, off + 1);
227+
byte m32 = getGF16m(m, 3, off + 2);
228+
byte m33 = getGF16m(m, 3, off + 3);
229+
byte m34 = getGF16m(m, 3, off + 4);
230+
231+
byte m40 = getGF16m(m, 4, off);
232+
byte m41 = getGF16m(m, 4, off + 1);
233+
byte m42 = getGF16m(m, 4, off + 2);
234+
byte m43 = getGF16m(m, 4, off + 3);
235+
byte m44 = getGF16m(m, 4, off + 4);
236+
byte result = GF16Utils.mul(determinant3x3(m, off, 0, 1, 2),
237+
(byte)(GF16Utils.mul(m33, m44) ^ GF16Utils.mul(m34, m43)));
238+
result ^= GF16Utils.mul(determinant3x3(m, off, 0, 1, 3),
239+
(byte)(GF16Utils.mul(m32, m44) ^ GF16Utils.mul(m34, m42)));
240+
result ^= GF16Utils.mul(determinant3x3(m, off, 0, 1, 4),
241+
(byte)(GF16Utils.mul(m32, m43) ^ GF16Utils.mul(m33, m42)));
242+
result ^= GF16Utils.mul(determinant3x3(m, off, 0, 2, 3),
243+
(byte)(GF16Utils.mul(m31, m44) ^ GF16Utils.mul(m34, m41)));
244+
result ^= GF16Utils.mul(determinant3x3(m, off, 0, 2, 4),
245+
(byte)(GF16Utils.mul(m31, m43) ^ GF16Utils.mul(m33, m41)));
246+
result ^= GF16Utils.mul(determinant3x3(m, off, 0, 3, 4),
247+
(byte)(GF16Utils.mul(m31, m42) ^ GF16Utils.mul(m32, m41)));
248+
result ^= GF16Utils.mul(determinant3x3(m, off, 1, 2, 3),
249+
(byte)(GF16Utils.mul(m30, m44) ^ GF16Utils.mul(m34, m40)));
250+
result ^= GF16Utils.mul(determinant3x3(m, off, 1, 2, 4),
251+
(byte)(GF16Utils.mul(m30, m43) ^ GF16Utils.mul(m33, m40)));
252+
result ^= GF16Utils.mul(determinant3x3(m, off, 1, 3, 4),
253+
(byte)(GF16Utils.mul(m30, m42) ^ GF16Utils.mul(m32, m40)));
254+
result ^= GF16Utils.mul(determinant3x3(m, off, 2, 3, 4),
255+
(byte)(GF16Utils.mul(m30, m41) ^ GF16Utils.mul(m31, m40)));
234256
return result;
235257
}
236258

@@ -245,16 +267,11 @@ private void generateASMatrix(byte[] target, byte a)
245267
{
246268
coefficient = 9;
247269
}
248-
setGF16m(target, i, j, gf16Mul(coefficient, a));
270+
setGF16m(target, i, j, GF16Utils.mul(coefficient, a));
249271
}
250272
}
251273
}
252274

253-
// POD -> entry[a][b] * (entry[c][d] * entry[e][f] + entry[g][h] * entry[i][j])
254-
private byte pod(byte[] m, int off, int b, int d, int f, int h, int j)
255-
{
256-
return gf16Mul(getGF16m(m, 1, off + b), (byte)(gf16Mul(getGF16m(m, 2, off + d), getGF16m(m, 3, off + f)) ^ gf16Mul(getGF16m(m, 2, off + h), getGF16m(m, 3, off + j))));
257-
}
258275

259276
private void addMatrices(byte[] a, int aOff, byte[] b, int bOff, byte[] c, int cOff)
260277
{
@@ -267,12 +284,6 @@ private void addMatrices(byte[] a, int aOff, byte[] b, int bOff, byte[] c, int c
267284
}
268285
}
269286

270-
// GF(16) multiplication using lookup table
271-
private static byte gf16Mul(byte a, byte b)
272-
{
273-
return GF16Utils.mul(a, b);
274-
}
275-
276287
public void genAFqS(byte[] c, int cOff, byte[] ptMatrix, int off)
277288
{
278289
byte[] temp = new byte[l * l];
@@ -302,7 +313,7 @@ private void gf16mScale(byte[] a, byte k, byte[] result)
302313
{
303314
for (int j = 0; j < l; ++j)
304315
{
305-
setGF16m(result, i, j, gf16Mul(getGF16m(a, i, j), k));
316+
setGF16m(result, i, j, GF16Utils.mul(getGF16m(a, i, j), k));
306317
}
307318
}
308319
}

0 commit comments

Comments
 (0)