Refactor on Snova

gefeili · gefeili · commit 98409a833caa · 2025-04-03T17:26:02.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java b/core/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java
@@ -451,4 +451,53 @@ public interface BCObjectIdentifiers
     ASN1ObjectIdentifier mayo2 = mayo.branch("2");
     ASN1ObjectIdentifier mayo3 = mayo.branch("3");
     ASN1ObjectIdentifier mayo5 = mayo.branch("4");
+
+    /**
+     * Snova
+     */
+    ASN1ObjectIdentifier snova = bc_sig.branch("11");
+    ASN1ObjectIdentifier snova_24_5_4_ssk = snova.branch("1");
+    ASN1ObjectIdentifier snova_24_5_4_esk = snova.branch("2");
+    ASN1ObjectIdentifier snova_24_5_4_shake_ssk = snova.branch("3");
+    ASN1ObjectIdentifier snova_24_5_4_shake_esk = snova.branch("4");
+    ASN1ObjectIdentifier snova_24_5_5_ssk = snova.branch("5");
+    ASN1ObjectIdentifier snova_24_5_5_esk = snova.branch("6");
+    ASN1ObjectIdentifier snova_24_5_5_shake_ssk = snova.branch("7");
+    ASN1ObjectIdentifier snova_24_5_5_shake_esk = snova.branch("8");
+    ASN1ObjectIdentifier snova_25_8_3_ssk = snova.branch("9");
+    ASN1ObjectIdentifier snova_25_8_3_esk = snova.branch("10");
+    ASN1ObjectIdentifier snova_25_8_3_shake_ssk = snova.branch("11");
+    ASN1ObjectIdentifier snova_25_8_3_shake_esk = snova.branch("12");
+    ASN1ObjectIdentifier snova_29_6_5_ssk = snova.branch("13");
+    ASN1ObjectIdentifier snova_29_6_5_esk = snova.branch("14");
+    ASN1ObjectIdentifier snova_29_6_5_shake_ssk = snova.branch("15");
+    ASN1ObjectIdentifier snova_29_6_5_shake_esk = snova.branch("16");
+    ASN1ObjectIdentifier snova_37_8_4_ssk = snova.branch("17");
+    ASN1ObjectIdentifier snova_37_8_4_esk = snova.branch("18");
+    ASN1ObjectIdentifier snova_37_8_4_shake_ssk = snova.branch("19");
+    ASN1ObjectIdentifier snova_37_8_4_shake_esk = snova.branch("20");
+    ASN1ObjectIdentifier snova_37_17_2_ssk = snova.branch("21");
+    ASN1ObjectIdentifier snova_37_17_2_esk = snova.branch("22");
+    ASN1ObjectIdentifier snova_37_17_2_shake_ssk = snova.branch("23");
+    ASN1ObjectIdentifier snova_37_17_2_shake_esk = snova.branch("24");
+    ASN1ObjectIdentifier snova_49_11_3_ssk = snova.branch("25");
+    ASN1ObjectIdentifier snova_49_11_3_esk = snova.branch("26");
+    ASN1ObjectIdentifier snova_49_11_3_shake_ssk = snova.branch("27");
+    ASN1ObjectIdentifier snova_49_11_3_shake_esk = snova.branch("28");
+    ASN1ObjectIdentifier snova_56_25_2_ssk = snova.branch("29");
+    ASN1ObjectIdentifier snova_56_25_2_esk = snova.branch("30");
+    ASN1ObjectIdentifier snova_56_25_2_shake_ssk = snova.branch("31");
+    ASN1ObjectIdentifier snova_56_25_2_shake_esk = snova.branch("32");
+    ASN1ObjectIdentifier snova_60_10_4_ssk = snova.branch("33");
+    ASN1ObjectIdentifier snova_60_10_4_esk = snova.branch("34");
+    ASN1ObjectIdentifier snova_60_10_4_shake_ssk = snova.branch("35");
+    ASN1ObjectIdentifier snova_60_10_4_shake_esk = snova.branch("36");
+    ASN1ObjectIdentifier snova_66_15_3_ssk = snova.branch("37");
+    ASN1ObjectIdentifier snova_66_15_3_esk = snova.branch("38");
+    ASN1ObjectIdentifier snova_66_15_3_shake_ssk = snova.branch("39");
+    ASN1ObjectIdentifier snova_66_15_3_shake_esk = snova.branch("40");
+    ASN1ObjectIdentifier snova_75_33_2_ssk = snova.branch("41");
+    ASN1ObjectIdentifier snova_75_33_2_esk = snova.branch("42");
+    ASN1ObjectIdentifier snova_75_33_2_shake_ssk = snova.branch("43");
+    ASN1ObjectIdentifier snova_75_33_2_shake_esk = snova.branch("44");
 }
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/GF16Utils.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/GF16Utils.java
@@ -4,7 +4,7 @@
 
 class GF16Utils
 {
-    public static void encodeMergeInHalf(byte[] m, int mlen, byte[] menc)
+    static void encodeMergeInHalf(byte[] m, int mlen, byte[] menc)
     {
         int i, half = (mlen + 1) >>> 1;
         // Process pairs of 4-bit values
@@ -19,7 +19,7 @@ public static void encodeMergeInHalf(byte[] m, int mlen, byte[] menc)
         }
     }
 
-    public static void decodeMergeInHalf(byte[] byteArray, byte[] gf16Array, int nGf16)
+    static void decodeMergeInHalf(byte[] byteArray, byte[] gf16Array, int nGf16)
     {
         int i, half = (nGf16 + 1) >>> 1;
         // Process pairs of 4-bit values
@@ -30,15 +30,15 @@ public static void decodeMergeInHalf(byte[] byteArray, byte[] gf16Array, int nGf
         }
     }
 
-    public static void gf16mTranMulMul(byte[] sign, byte[] a, byte[] b, byte[] q1, byte[] q2, byte[] tmp,
-                                       byte[] left, byte[] right, int rank)
+    static void gf16mTranMulMul(byte[] sign, int signOff, byte[] a, byte[] b, byte[] q1, byte[] q2, byte[] tmp,
+                                byte[] left, byte[] right, int rank)
     {
         for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)
         {
             for (int j = 0; j < rank; j++)
             {
                 byte result = 0;
-                for (int k = 0, aOff = j, bOff = i; k < rank; ++k, aOff += rank, bOff += rank)
+                for (int k = 0, aOff = signOff + j, bOff = i; k < rank; ++k, aOff += rank, bOff += rank)
                 {
                     result ^= GF16.mul(sign[aOff], q1[bOff]);
                 }
@@ -56,7 +56,7 @@ public static void gf16mTranMulMul(byte[] sign, byte[] a, byte[] b, byte[] q1, b
             }
             for (int j = 0; j < rank; j++)
             {
-                tmp[j] = GF16.innerProduct(q2, leftOff, sign, j, rank);
+                tmp[j] = GF16.innerProduct(q2, leftOff, sign, signOff + j, rank);
             }
 
             for (int j = 0; j < rank; j++)
@@ -67,7 +67,7 @@ public static void gf16mTranMulMul(byte[] sign, byte[] a, byte[] b, byte[] q1, b
     }
 
     // tmp = a * b, d = tmp * c -> d = (a * b) * c
-    public static void gf16mMulMul(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)
+    static void gf16mMulMul(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)
     {
         for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)
         {
@@ -83,7 +83,7 @@ public static void gf16mMulMul(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[]
         }
     }
 
-    public static void gf16mMul(byte[] a, byte[] b, byte[] c, int rank)
+    static void gf16mMul(byte[] a, byte[] b, byte[] c, int rank)
     {
         for (int i = 0, aOff = 0, cOff = 0; i < rank; i++, aOff += rank)
         {
@@ -94,7 +94,7 @@ public static void gf16mMul(byte[] a, byte[] b, byte[] c, int rank)
         }
     }
 
-    public static void gf16mMulMulTo(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)
+    static void gf16mMulMulTo(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)
     {
         for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)
         {
@@ -110,7 +110,7 @@ public static void gf16mMulMulTo(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[
         }
     }
 
-    public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)
+    static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)
     {
         for (int i = 0, aOff = 0, cOff = 0; i < rank; i++, aOff += rank)
         {
@@ -122,7 +122,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)
     }
 
     // d = a * b, e = b * c
-    public static void gf16mMulToTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int rank)
+    static void gf16mMulToTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int rank)
     {
         for (int i = 0, leftOff = 0, outOff = 0; i < rank; i++, leftOff += rank)
         {
@@ -134,7 +134,7 @@ public static void gf16mMulToTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e
         }
     }
 
-    public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int cOff, int rank)
+    static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int cOff, int rank)
     {
         for (int i = 0, aOff = 0; i < rank; i++, aOff += rank)
         {
@@ -146,7 +146,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int cOff, int rank)
     }
 
     // d ^= a * b + c * d
-    public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int eOff, int rank)
+    static void gf16mMulTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int eOff, int rank)
     {
         for (int i = 0, leftOff = 0; i < rank; i++, leftOff += rank)
         {
@@ -157,7 +157,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e,
         }
     }
 
-    public static void gf16mMulTo(byte[] a, byte[] b, int bOff, byte[] c, int cOff, int rank)
+    static void gf16mMulTo(byte[] a, byte[] b, int bOff, byte[] c, int cOff, int rank)
     {
         for (int i = 0, aOff = 0; i < rank; i++, aOff += rank)
         {
@@ -171,7 +171,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, int bOff, byte[] c, int cOff,
     /**
      * Conversion 4 bit -> 32 bit representation
      */
-    public static int gf16FromNibble(int idx)
+    static int gf16FromNibble(int idx)
     {
         int middle = idx | (idx << 4);
         return ((middle & 0x41) | ((middle << 2) & 0x208));
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java
@@ -563,11 +563,12 @@ public void genABQP(MapGroup1 map1, byte[] pkSeed)
         }
         else
         {
+            int oxalphaxlsq = o * alpha * lsq;
             byte[] fixedAbq = fixedAbqSet.get(o);
-            MapGroup1.fillAlpha(fixedAbq, 0, map1.aAlpha, m * o * alpha * lsq);
-            MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq, map1.bAlpha, (m - 1) * o * alpha * lsq);
-            MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq * 2, map1.qAlpha1, (m - 2) * o * alpha * lsq);
-            MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq * 3, map1.qAlpha2, (m - 3) * o * alpha * lsq);
+            MapGroup1.fillAlpha(fixedAbq, 0, map1.aAlpha, m * oxalphaxlsq);
+            MapGroup1.fillAlpha(fixedAbq, oxalphaxlsq, map1.bAlpha, (m - 1) * oxalphaxlsq);
+            MapGroup1.fillAlpha(fixedAbq, oxalphaxlsq * 2, map1.qAlpha1, (m - 2) * oxalphaxlsq);
+            MapGroup1.fillAlpha(fixedAbq, oxalphaxlsq * 3, map1.qAlpha2, (m - 3) * oxalphaxlsq);
         }
     }
 
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java
@@ -149,6 +149,7 @@ void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
         final int n = params.getN();
         final int mxlsq = m * lsq;
         final int oxlsq = o * lsq;
+        final int vxlsq = v * lsq;
         final int bytesHash = (oxlsq + 1) >>> 1;
         final int bytesSalt = 16;
 
@@ -161,12 +162,11 @@ void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
         byte[][][] Right = new byte[alpha][v][lsq];
         byte[] leftXTmp = new byte[lsq];
         byte[] rightXtmp = new byte[lsq];
-        byte[][] XInGF16Matrix = new byte[v][lsq];
         byte[] FvvGF16Matrix = new byte[lsq];
         byte[] hashInGF16 = new byte[mxlsq];
         byte[] vinegarGf16 = new byte[n * lsq];
         byte[] signedHash = new byte[bytesHash];
-        byte[] vinegarBytes = new byte[(v * lsq + 1) >>> 1];
+        byte[] vinegarBytes = new byte[(vxlsq + 1) >>> 1];
 
         // Temporary matrices
         byte[] gf16mTemp0 = new byte[l];
@@ -202,18 +202,20 @@ void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
             shake.doFinal(vinegarBytes, 0, vinegarBytes.length);
 
             GF16.decode(vinegarBytes, vinegarGf16, vinegarBytes.length << 1);
-            fill(vinegarGf16, XInGF16Matrix, vinegarBytes.length << 1);
 
             for (int i = 0, ixlsq = 0; i < m; i++, ixlsq += lsq)
             {
                 Arrays.fill(FvvGF16Matrix, (byte)0);
                 // Evaluate vinegar part of central map
-                for (int a = 0; a < alpha; a++)
+                for (int a = 0, miPrime = i; a < alpha; a++, miPrime++)
                 {
-                    int miPrime = iPrime(i, a);
-                    for (int j = 0; j < v; j++)
+                    if (miPrime >= o)
+                    {
+                        miPrime -= o;
+                    }
+                    for (int j = 0, jxlsq = 0; j < v; j++, jxlsq += lsq)
                     {
-                        GF16Utils.gf16mTranMulMul(XInGF16Matrix[j], Aalpha[i][a], Balpha[i][a], Qalpha1[i][a],
+                        GF16Utils.gf16mTranMulMul(vinegarGf16, jxlsq, Aalpha[i][a], Balpha[i][a], Qalpha1[i][a],
                             Qalpha2[i][a], gf16mTemp0, Left[a][j], Right[a][j], l);
                     }
 
@@ -235,15 +237,18 @@ void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
                     }
                 }
 //            }
-//            // TODO: think about how this two loops can merge together?
+//            // TODO: think about why this two loops can merge together?
 //            // Compute the coefficients of Xo and put into Gauss matrix and compute the coefficients of Xo^t and add into Gauss matrix
 //            for (int i = 0, ixlsq = 0; i < m; ++i, ixlsq += lsq)
 //            {
                 for (int index = 0, idxlsq = 0; index < o; ++index, idxlsq += lsq)
                 {
-                    for (int a = 0; a < alpha; ++a)
+                    for (int a = 0, mi_prime = i; a < alpha; ++a, ++mi_prime)
                     {
-                        int mi_prime = iPrime(i, a);
+                        if (mi_prime >= o)
+                        {
+                            mi_prime -= o;
+                        }
                         // Initialize Temp to zero
                         for (int ti = 0; ti < lsq; ++ti)
                         {
@@ -311,49 +316,43 @@ void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
         }
 
         // Copy remaining oil variables
-        System.arraycopy(solution, 0, vinegarGf16, v * lsq, oxlsq);
+        System.arraycopy(solution, 0, vinegarGf16, vxlsq, oxlsq);
         GF16.encode(vinegarGf16, ptSignature, vinegarGf16.length);
 
         System.arraycopy(arraySalt, 0, ptSignature, ptSignature.length - bytesSalt, bytesSalt);
     }
 
     boolean verifySignatureCore(byte[] digest, byte[] signature, byte[] publicKeySeed, MapGroup1 map1, byte[][][][] p22)
     {
-        final int bytesHash = (params.getO() * params.getLsq() + 1) >>> 1;
-        final int bytesSalt = params.getSaltLength();
         final int lsq = params.getLsq();
+        final int o = params.getO();
+        final int oxlsq = o * lsq;
+        final int bytesHash = (oxlsq + 1) >>> 1;
+        final int bytesSalt = params.getSaltLength();
         final int m = params.getM();
         final int n = params.getN();
-        final int o = params.getO();
-        int bytesSignature = ((n * lsq) + 1) >>> 1;
+        final int nxlsq = n * lsq;
+
+        int bytesSignature = ((nxlsq) + 1) >>> 1;
 
         // Step 1: Regenerate signed hash using public key seed, digest and salt
         byte[] signedHash = new byte[bytesHash];
         createSignedHash(publicKeySeed, publicKeySeed.length, digest, digest.length,
             signature, bytesSignature, bytesSalt, signedHash, bytesHash);
 
         // Handle odd-length adjustment (if needed)
-        if (((o * lsq) & 1) != 0)
+        if (((oxlsq) & 1) != 0)
         {
             signedHash[bytesHash - 1] &= 0x0F;
         }
 
         // Step 2: Convert signature to GF16 matrices
-        byte[][] signatureGF16Matrix = new byte[n][lsq];
-        if ((lsq & 1) == 1)
-        {
-            byte[] decodedSig = new byte[n * lsq];
-            GF16.decode(signature, 0, decodedSig, 0, decodedSig.length);
-            fill(decodedSig, signatureGF16Matrix, decodedSig.length);
-        }
-        else
-        {
-            MapGroup1.decodeArray(signature, 0, signatureGF16Matrix, signature.length);
-        }
+        byte[] decodedSig = new byte[nxlsq];
+        GF16.decode(signature, 0, decodedSig, 0, decodedSig.length);
 
         // Step 3: Evaluate signature using public key
         byte[] computedHashBytes = new byte[m * lsq];
-        evaluation(computedHashBytes, map1, p22, signatureGF16Matrix);
+        evaluation(computedHashBytes, map1, p22, decodedSig);//signatureGF16Matrix);
 
         // Convert computed hash matrix to bytes
         byte[] encodedHash = new byte[bytesHash];
@@ -363,13 +362,14 @@ boolean verifySignatureCore(byte[] digest, byte[] signature, byte[] publicKeySee
         return Arrays.areEqual(signedHash, encodedHash);
     }
 
-    private void evaluation(byte[] hashMatrix, MapGroup1 map1, byte[][][][] p22, byte[][] signature)
+    private void evaluation(byte[] hashMatrix, MapGroup1 map1, byte[][][][] p22, byte[] signature)
     {
         final int m = params.getM();
         final int alpha = params.getAlpha();
         final int n = params.getN();
         final int l = params.getL();
         final int lsq = params.getLsq();
+        final int o = params.getO();
 
         byte[][][] Left = new byte[alpha][n][lsq];
         byte[][][] Right = new byte[alpha][n][lsq];
@@ -378,21 +378,24 @@ private void evaluation(byte[] hashMatrix, MapGroup1 map1, byte[][][][] p22, byt
         // Evaluate Left and Right matrices
         for (int mi = 0, mixlsq = 0; mi < m; mi++, mixlsq += lsq)
         {
-            for (int si = 0; si < n; si++)
+            for (int si = 0, sixlsq = 0; si < n; si++, sixlsq += lsq)
             {
                 for (int a = 0; a < alpha; a++)
                 {
                     // Left[mi][a][si] = Aalpha * (sig^T * Qalpha1)
                     // Right[mi][a][si] = (Qalpha2 * sig) * Balpha
-                    GF16Utils.gf16mTranMulMul(signature[si], map1.aAlpha[mi][a], map1.bAlpha[mi][a], map1.qAlpha1[mi][a],
+                    GF16Utils.gf16mTranMulMul(signature, sixlsq, map1.aAlpha[mi][a], map1.bAlpha[mi][a], map1.qAlpha1[mi][a],
                         map1.qAlpha2[mi][a], temp, Left[a][si], Right[a][si], l);
                 }
             }
 
             // Process P matrices and accumulate results
-            for (int a = 0; a < alpha; a++)
+            for (int a = 0, miPrime = mi; a < alpha; a++, miPrime++)
             {
-                int miPrime = iPrime(mi, a);
+                if (miPrime >= o)
+                {
+                    miPrime -= o;
+                }
                 for (int ni = 0; ni < n; ni++)
                 {
                     // sum_t0 = sum(P[miPrime][ni][nj] * Right[mi][a][nj])
@@ -499,23 +502,6 @@ private int performGaussianElimination(byte[][] Gauss, byte[] solution, int size
         return 0;
     }
 
-    private int iPrime(int mi, int alpha)
-    {
-        // Implement index calculation based on SNOVA specification
-        return (mi + alpha) % params.getO();
-    }
-
-    static void fill(byte[] input, byte[][] output, int len)
-    {
-        int rlt = 0;
-        for (int i = 0; i < output.length; ++i)
-        {
-            int tmp = Math.min(output[i].length, len - rlt);
-            System.arraycopy(input, rlt, output[i], 0, tmp);
-            rlt += tmp;
-        }
-    }
-
     private byte[] getMessageHash(byte[] message)
     {
         byte[] hash = new byte[shake.getDigestSize()];
diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/snova/SnovaKeyFactorySpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/snova/SnovaKeyFactorySpi.java
diff --git a/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/snova/SnovaKeyPairGeneratorSpi.java b/prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/snova/SnovaKeyPairGeneratorSpi.java

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`
`5`	`5`	`class GF16Utils`
`6`	`6`	`{`
`7`		`- public static void encodeMergeInHalf(byte[] m, int mlen, byte[] menc)`
	`7`	`+ static void encodeMergeInHalf(byte[] m, int mlen, byte[] menc)`
`8`	`8`	`{`
`9`	`9`	`int i, half = (mlen + 1) >>> 1;`
`10`	`10`	`// Process pairs of 4-bit values`
`@@ -19,7 +19,7 @@ public static void encodeMergeInHalf(byte[] m, int mlen, byte[] menc)`
`19`	`19`	`}`
`20`	`20`	`}`
`21`	`21`
`22`		`- public static void decodeMergeInHalf(byte[] byteArray, byte[] gf16Array, int nGf16)`
	`22`	`+ static void decodeMergeInHalf(byte[] byteArray, byte[] gf16Array, int nGf16)`
`23`	`23`	`{`
`24`	`24`	`int i, half = (nGf16 + 1) >>> 1;`
`25`	`25`	`// Process pairs of 4-bit values`
`@@ -30,15 +30,15 @@ public static void decodeMergeInHalf(byte[] byteArray, byte[] gf16Array, int nGf`
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`
`33`		`- public static void gf16mTranMulMul(byte[] sign, byte[] a, byte[] b, byte[] q1, byte[] q2, byte[] tmp,`
`34`		`- byte[] left, byte[] right, int rank)`
	`33`	`+ static void gf16mTranMulMul(byte[] sign, int signOff, byte[] a, byte[] b, byte[] q1, byte[] q2, byte[] tmp,`
	`34`	`+ byte[] left, byte[] right, int rank)`
`35`	`35`	`{`
`36`	`36`	`for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)`
`37`	`37`	`{`
`38`	`38`	`for (int j = 0; j < rank; j++)`
`39`	`39`	`{`
`40`	`40`	`byte result = 0;`
`41`		`- for (int k = 0, aOff = j, bOff = i; k < rank; ++k, aOff += rank, bOff += rank)`
	`41`	`+ for (int k = 0, aOff = signOff + j, bOff = i; k < rank; ++k, aOff += rank, bOff += rank)`
`42`	`42`	`{`
`43`	`43`	`result ^= GF16.mul(sign[aOff], q1[bOff]);`
`44`	`44`	`}`
`@@ -56,7 +56,7 @@ public static void gf16mTranMulMul(byte[] sign, byte[] a, byte[] b, byte[] q1, b`
`56`	`56`	`}`
`57`	`57`	`for (int j = 0; j < rank; j++)`
`58`	`58`	`{`
`59`		`- tmp[j] = GF16.innerProduct(q2, leftOff, sign, j, rank);`
	`59`	`+ tmp[j] = GF16.innerProduct(q2, leftOff, sign, signOff + j, rank);`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`for (int j = 0; j < rank; j++)`
`@@ -67,7 +67,7 @@ public static void gf16mTranMulMul(byte[] sign, byte[] a, byte[] b, byte[] q1, b`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`// tmp = a * b, d = tmp * c -> d = (a * b) * c`
`70`		`- public static void gf16mMulMul(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)`
	`70`	`+ static void gf16mMulMul(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)`
`71`	`71`	`{`
`72`	`72`	`for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)`
`73`	`73`	`{`
`@@ -83,7 +83,7 @@ public static void gf16mMulMul(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[]`
`83`	`83`	`}`
`84`	`84`	`}`
`85`	`85`
`86`		`- public static void gf16mMul(byte[] a, byte[] b, byte[] c, int rank)`
	`86`	`+ static void gf16mMul(byte[] a, byte[] b, byte[] c, int rank)`
`87`	`87`	`{`
`88`	`88`	`for (int i = 0, aOff = 0, cOff = 0; i < rank; i++, aOff += rank)`
`89`	`89`	`{`
`@@ -94,7 +94,7 @@ public static void gf16mMul(byte[] a, byte[] b, byte[] c, int rank)`
`94`	`94`	`}`
`95`	`95`	`}`
`96`	`96`
`97`		`- public static void gf16mMulMulTo(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)`
	`97`	`+ static void gf16mMulMulTo(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)`
`98`	`98`	`{`
`99`	`99`	`for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)`
`100`	`100`	`{`
`@@ -110,7 +110,7 @@ public static void gf16mMulMulTo(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[`
`110`	`110`	`}`
`111`	`111`	`}`
`112`	`112`
`113`		`- public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)`
	`113`	`+ static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)`
`114`	`114`	`{`
`115`	`115`	`for (int i = 0, aOff = 0, cOff = 0; i < rank; i++, aOff += rank)`
`116`	`116`	`{`
`@@ -122,7 +122,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)`
`122`	`122`	`}`
`123`	`123`
`124`	`124`	`// d = a * b, e = b * c`
`125`		`- public static void gf16mMulToTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int rank)`
	`125`	`+ static void gf16mMulToTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int rank)`
`126`	`126`	`{`
`127`	`127`	`for (int i = 0, leftOff = 0, outOff = 0; i < rank; i++, leftOff += rank)`
`128`	`128`	`{`
`@@ -134,7 +134,7 @@ public static void gf16mMulToTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e`
`134`	`134`	`}`
`135`	`135`	`}`
`136`	`136`
`137`		`- public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int cOff, int rank)`
	`137`	`+ static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int cOff, int rank)`
`138`	`138`	`{`
`139`	`139`	`for (int i = 0, aOff = 0; i < rank; i++, aOff += rank)`
`140`	`140`	`{`
`@@ -146,7 +146,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int cOff, int rank)`
`146`	`146`	`}`
`147`	`147`
`148`	`148`	`// d ^= a * b + c * d`
`149`		`- public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int eOff, int rank)`
	`149`	`+ static void gf16mMulTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int eOff, int rank)`
`150`	`150`	`{`
`151`	`151`	`for (int i = 0, leftOff = 0; i < rank; i++, leftOff += rank)`
`152`	`152`	`{`
`@@ -157,7 +157,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e,`
`157`	`157`	`}`
`158`	`158`	`}`
`159`	`159`
`160`		`- public static void gf16mMulTo(byte[] a, byte[] b, int bOff, byte[] c, int cOff, int rank)`
	`160`	`+ static void gf16mMulTo(byte[] a, byte[] b, int bOff, byte[] c, int cOff, int rank)`
`161`	`161`	`{`
`162`	`162`	`for (int i = 0, aOff = 0; i < rank; i++, aOff += rank)`
`163`	`163`	`{`
`@@ -171,7 +171,7 @@ public static void gf16mMulTo(byte[] a, byte[] b, int bOff, byte[] c, int cOff,`
`171`	`171`	`/**`
`172`	`172`	`* Conversion 4 bit -> 32 bit representation`
`173`	`173`	`*/`
`174`		`- public static int gf16FromNibble(int idx)`
	`174`	`+ static int gf16FromNibble(int idx)`
`175`	`175`	`{`
`176`	`176`	`int middle = idx \| (idx << 4);`
`177`	`177`	`return ((middle & 0x41) \| ((middle << 2) & 0x208));`
Original file line number	Diff line number	Diff line change
`@@ -563,11 +563,12 @@ public void genABQP(MapGroup1 map1, byte[] pkSeed)`
`563`	`563`	`}`
`564`	`564`	`else`
`565`	`565`	`{`
	`566`	`+ int oxalphaxlsq = o * alpha * lsq;`
`566`	`567`	`byte[] fixedAbq = fixedAbqSet.get(o);`
`567`		`- MapGroup1.fillAlpha(fixedAbq, 0, map1.aAlpha, m * o * alpha * lsq);`
`568`		`- MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq, map1.bAlpha, (m - 1) * o * alpha * lsq);`
`569`		`- MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq * 2, map1.qAlpha1, (m - 2) * o * alpha * lsq);`
`570`		`- MapGroup1.fillAlpha(fixedAbq, o * alpha * lsq * 3, map1.qAlpha2, (m - 3) * o * alpha * lsq);`
	`568`	`+ MapGroup1.fillAlpha(fixedAbq, 0, map1.aAlpha, m * oxalphaxlsq);`
	`569`	`+ MapGroup1.fillAlpha(fixedAbq, oxalphaxlsq, map1.bAlpha, (m - 1) * oxalphaxlsq);`
	`570`	`+ MapGroup1.fillAlpha(fixedAbq, oxalphaxlsq * 2, map1.qAlpha1, (m - 2) * oxalphaxlsq);`
	`571`	`+ MapGroup1.fillAlpha(fixedAbq, oxalphaxlsq * 3, map1.qAlpha2, (m - 3) * oxalphaxlsq);`
`571`	`572`	`}`
`572`	`573`	`}`
`573`	`574`