Remove PublicKey class from Snova

gefeili · gefeili · commit a1544a849661 · 2025-04-01T16:55:46.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/MapGroup1.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/MapGroup1.java
@@ -28,23 +28,23 @@ public MapGroup1(SnovaParameters params)
         qAlpha2 = new byte[m][alpha][lsq];
     }
 
-    public void decode(byte[] input, SnovaParameters params, int len)
+    public void decode(byte[] input, int len)
     {
 //        int m = params.getM();
 //        int v = params.getV();
 //        int o = params.getO();
 //        int alpha = params.getAlpha();
-        int lsq = params.getLsq();
-        if ((lsq & 1) == 0)
-        {
-            int inOff = decodeP(input, 0, p11, len);
-            inOff += decodeP(input, inOff, p12, len - inOff);
-            inOff += decodeP(input, inOff, p21, len - inOff);
-            inOff += decodeAlpha(input, inOff, aAlpha, len - inOff);
-            inOff += decodeAlpha(input, inOff, bAlpha, len - inOff);
-            inOff += decodeAlpha(input, inOff, qAlpha1, len - inOff);
-            decodeAlpha(input, inOff, qAlpha2, len - inOff);
-        }
+//        int lsq = params.getLsq();
+//        if ((lsq & 1) == 0)
+//        {
+        int inOff = decodeP(input, 0, p11, len);
+        inOff += decodeP(input, inOff, p12, len - inOff);
+        inOff += decodeP(input, inOff, p21, len - inOff);
+        inOff += decodeAlpha(input, inOff, aAlpha, len - inOff);
+        inOff += decodeAlpha(input, inOff, bAlpha, len - inOff);
+        inOff += decodeAlpha(input, inOff, qAlpha1, len - inOff);
+        decodeAlpha(input, inOff, qAlpha2, len - inOff);
+//        }
 //        else
 //        {
 //
@@ -76,7 +76,7 @@ public void decode(byte[] input, SnovaParameters params, int len)
 //        }
 //    }
 
-    private int decodeP(byte[] input, int inOff, byte[][][][] p, int len)
+    static int decodeP(byte[] input, int inOff, byte[][][][] p, int len)
     {
         int rlt = 0;
         for (int i = 0; i < p.length; ++i)
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/PublicKey.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/PublicKey.java
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaEngine.java
@@ -468,7 +468,7 @@ void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)
         }
         if ((lsq & 1) == 0)
         {
-            map1.decode(prngOutput, params, (gf16sPrngPublic - qTemp.length) >> 1);
+            map1.decode(prngOutput, (gf16sPrngPublic - qTemp.length) >> 1);
         }
         else
         {
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyElements.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyElements.java
@@ -1,16 +1,12 @@
 package org.bouncycastle.pqc.crypto.snova;
 
-import org.bouncycastle.crypto.digests.SHAKEDigest;
-import org.bouncycastle.util.GF16;
-
 class SnovaKeyElements
 {
     public final MapGroup1 map1;
     public final byte[][][] T12;     // [v][o]
     public final MapGroup2 map2;
-    public final PublicKey publicKey;
     public byte[] ptPrivateKeySeed;
-    private final int length;
+
     byte[] fixedAbq;
 
     public SnovaKeyElements(SnovaParameters params)
@@ -22,48 +18,47 @@ public SnovaKeyElements(SnovaParameters params)
         map1 = new MapGroup1(params);
         T12 = new byte[v][o][lsq];
         map2 = new MapGroup2(params);
-        publicKey = new PublicKey(params);
-        length = o * params.getAlpha() * lsq * 4 + v * o * lsq + (o * v * v + o * v * o + o * o * v) * lsq;
+
         if (l < 4)
         {
             fixedAbq = SnovaParameters.fixedAbqSet.get(o);
         }
     }
 
-    public void encodeMergerInHalf(byte[] output)
-    {
-        byte[] input = new byte[length];
-        int inOff = 0;
-        inOff = copy3d(map1.aAlpha, input, inOff);
-        inOff = copy3d(map1.bAlpha, input, inOff);
-        inOff = copy3d(map1.qAlpha1, input, inOff);
-        inOff = copy3d(map1.qAlpha2, input, inOff);
-        inOff = copy3d(T12, input, inOff);
-        inOff = copy4d(map2.f11, input, inOff);
-        inOff = copy4d(map2.f12, input, inOff);
-        copy4d(map2.f21, input, inOff);
-        GF16Utils.encodeMergeInHalf(input, length, output);
-    }
+//    public void encodeMergerInHalf(byte[] output)
+//    {
+//        byte[] input = new byte[length];
+//        int inOff = 0;
+//        inOff = copy3d(map1.aAlpha, input, inOff);
+//        inOff = copy3d(map1.bAlpha, input, inOff);
+//        inOff = copy3d(map1.qAlpha1, input, inOff);
+//        inOff = copy3d(map1.qAlpha2, input, inOff);
+//        inOff = copy3d(T12, input, inOff);
+//        inOff = copy4d(map2.f11, input, inOff);
+//        inOff = copy4d(map2.f12, input, inOff);
+//        copy4d(map2.f21, input, inOff);
+//        GF16Utils.encodeMergeInHalf(input, length, output);
+//    }
 
-    public void skUnpack(byte[] input)
-    {
-        byte[] tmp = new byte[(input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength) << 1];
-        GF16Utils.decodeMergeInHalf(input, tmp, tmp.length);
-        int inOff = 0;
-        inOff = copy3d(tmp, inOff, map1.aAlpha);
-        inOff = copy3d(tmp, inOff, map1.bAlpha);
-        inOff = copy3d(tmp, inOff, map1.qAlpha1);
-        inOff = copy3d(tmp, inOff, map1.qAlpha2);
-        inOff = copy3d(tmp, inOff, T12);
-        inOff = copy4d(tmp, inOff, map2.f11);
-        inOff = copy4d(tmp, inOff, map2.f12);
-        copy4d(tmp, inOff, map2.f21);
-        System.arraycopy(input, input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength, publicKey.publicKeySeed, 0, publicKey.publicKeySeed.length);
-        ptPrivateKeySeed = new byte[SnovaKeyPairGenerator.privateSeedLength];
-        System.arraycopy(input, input.length - SnovaKeyPairGenerator.privateSeedLength, ptPrivateKeySeed, 0, ptPrivateKeySeed.length);
-    }
+//    public void skUnpack(byte[] input)
+//    {
+//        byte[] tmp = new byte[(input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength) << 1];
+//        GF16Utils.decodeMergeInHalf(input, tmp, tmp.length);
+//        int inOff = 0;
+//        inOff = copy3d(tmp, inOff, map1.aAlpha);
+//        inOff = copy3d(tmp, inOff, map1.bAlpha);
+//        inOff = copy3d(tmp, inOff, map1.qAlpha1);
+//        inOff = copy3d(tmp, inOff, map1.qAlpha2);
+//        inOff = copy3d(tmp, inOff, T12);
+//        inOff = copy4d(tmp, inOff, map2.f11);
+//        inOff = copy4d(tmp, inOff, map2.f12);
+//        copy4d(tmp, inOff, map2.f21);
+//        System.arraycopy(input, input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength, publicKey.publicKeySeed, 0, publicKey.publicKeySeed.length);
+//        ptPrivateKeySeed = new byte[SnovaKeyPairGenerator.privateSeedLength];
+//        System.arraycopy(input, input.length - SnovaKeyPairGenerator.privateSeedLength, ptPrivateKeySeed, 0, ptPrivateKeySeed.length);
+//    }
 
-    private int copy3d(byte[][][] alpha, byte[] output, int outOff)
+    static int copy3d(byte[][][] alpha, byte[] output, int outOff)
     {
         for (int i = 0; i < alpha.length; ++i)
         {
@@ -76,7 +71,7 @@ private int copy3d(byte[][][] alpha, byte[] output, int outOff)
         return outOff;
     }
 
-    private int copy4d(byte[][][][] alpha, byte[] output, int outOff)
+    static int copy4d(byte[][][][] alpha, byte[] output, int outOff)
     {
         for (int i = 0; i < alpha.length; ++i)
         {
@@ -85,7 +80,7 @@ private int copy4d(byte[][][][] alpha, byte[] output, int outOff)
         return outOff;
     }
 
-    private int copy3d(byte[] input, int inOff, byte[][][] alpha)
+    static int copy3d(byte[] input, int inOff, byte[][][] alpha)
     {
         for (int i = 0; i < alpha.length; ++i)
         {
@@ -98,7 +93,7 @@ private int copy3d(byte[] input, int inOff, byte[][][] alpha)
         return inOff;
     }
 
-    private int copy4d(byte[] input, int inOff, byte[][][][] alpha)
+    static int copy4d(byte[] input, int inOff, byte[][][][] alpha)
     {
         for (int i = 0; i < alpha.length; ++i)
         {
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaKeyPairGenerator.java
@@ -47,19 +47,35 @@ public AsymmetricCipherKeyPair generateKeyPair()
         byte[] ptPrivateKeySeed = Arrays.copyOfRange(seedPair, publicSeedLength, seedPair.length);
 
         SnovaKeyElements keyElements = new SnovaKeyElements(params);
-        generateKeysCore(keyElements, ptPublicKeySeed, ptPrivateKeySeed);
+        byte[] p22 = new byte[(params.getM() * params.getO() * params.getO() * params.getL() * params.getL() + 1) >> 1];
+        generateKeysCore(keyElements, ptPublicKeySeed, ptPrivateKeySeed, p22);
 
         // Pack public key components
         System.arraycopy(ptPublicKeySeed, 0, pk, 0, ptPublicKeySeed.length);
-        System.arraycopy(keyElements.publicKey.P22, 0, pk, ptPublicKeySeed.length, keyElements.publicKey.P22.length);
+        System.arraycopy(p22, 0, pk, ptPublicKeySeed.length, p22.length);
 
         if (params.isSkIsSeed())
         {
             sk = seedPair;
         }
         else
         {
-            keyElements.encodeMergerInHalf(sk);
+            int o = params.getO();
+            int lsq = params.getLsq();
+            int v = params.getV();
+            int length = o * params.getAlpha() * lsq * 4 + v * o * lsq + (o * v * v + o * v * o + o * o * v) * lsq;
+            //keyElements.encodeMergerInHalf(sk);
+            byte[] input = new byte[length];
+            int inOff = 0;
+            inOff = SnovaKeyElements.copy3d(keyElements.map1.aAlpha, input, inOff);
+            inOff = SnovaKeyElements.copy3d(keyElements.map1.bAlpha, input, inOff);
+            inOff = SnovaKeyElements.copy3d(keyElements.map1.qAlpha1, input, inOff);
+            inOff = SnovaKeyElements.copy3d(keyElements.map1.qAlpha2, input, inOff);
+            inOff = SnovaKeyElements.copy3d(keyElements.T12, input, inOff);
+            inOff = SnovaKeyElements.copy4d(keyElements.map2.f11, input, inOff);
+            inOff = SnovaKeyElements.copy4d(keyElements.map2.f12, input, inOff);
+            SnovaKeyElements.copy4d(keyElements.map2.f21, input, inOff);
+            GF16Utils.encodeMergeInHalf(input, length, sk);
             System.arraycopy(seedPair, 0, sk, sk.length - seedLength, seedLength);
         }
 
@@ -69,7 +85,7 @@ public AsymmetricCipherKeyPair generateKeyPair()
         );
     }
 
-    private void generateKeysCore(SnovaKeyElements keyElements, byte[] pkSeed, byte[] skSeed)
+    private void generateKeysCore(SnovaKeyElements keyElements, byte[] pkSeed, byte[] skSeed, byte[] p22)
     {
         // Generate T12 matrix
         engine.genSeedsAndT12(keyElements.T12, skSeed);
@@ -81,6 +97,6 @@ private void generateKeysCore(SnovaKeyElements keyElements, byte[] pkSeed, byte[
         engine.genF(keyElements.map2, keyElements.map1, keyElements.T12);
 
         // Generate P22 matrix
-        engine.genP22(keyElements.publicKey.P22, keyElements.T12, keyElements.map1.p21, keyElements.map2.f12);
+        engine.genP22(p22, keyElements.T12, keyElements.map1.p21, keyElements.map2.f12);
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/snova/SnovaSigner.java
@@ -60,25 +60,40 @@ public byte[] generateSignature(byte[] message)
         random.nextBytes(salt);
         byte[] signature = new byte[((params.getN() * params.getLsq() + 1) >>> 1) + params.getSaltLength()];
         SnovaKeyElements keyElements = new SnovaKeyElements(params);
+        byte[] publicKeySeed;
         if (params.isSkIsSeed())
         {
             byte[] seedPair = privKey.getPrivateKey();
-            keyElements.publicKey.publicKeySeed = Arrays.copyOfRange(seedPair, 0, SnovaKeyPairGenerator.publicSeedLength);
+            publicKeySeed = Arrays.copyOfRange(seedPair, 0, SnovaKeyPairGenerator.publicSeedLength);
             keyElements.ptPrivateKeySeed = Arrays.copyOfRange(seedPair, SnovaKeyPairGenerator.publicSeedLength, seedPair.length);
             engine.genSeedsAndT12(keyElements.T12, keyElements.ptPrivateKeySeed);
 
             // Generate map components
-            engine.genABQP(keyElements.map1, keyElements.publicKey.publicKeySeed, keyElements.fixedAbq);
+            engine.genABQP(keyElements.map1, publicKeySeed, keyElements.fixedAbq);
 
             // Generate F matrices
             engine.genF(keyElements.map2, keyElements.map1, keyElements.T12);
         }
         else
         {
-            keyElements.skUnpack(privKey.getPrivateKey());
+            byte[] input = privKey.getPrivateKey();
+            byte[] tmp = new byte[(input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength) << 1];
+            GF16Utils.decodeMergeInHalf(input, tmp, tmp.length);
+            int inOff = 0;
+            inOff = SnovaKeyElements.copy3d(tmp, inOff, keyElements.map1.aAlpha);
+            inOff = SnovaKeyElements.copy3d(tmp, inOff, keyElements.map1.bAlpha);
+            inOff = SnovaKeyElements.copy3d(tmp, inOff, keyElements.map1.qAlpha1);
+            inOff = SnovaKeyElements.copy3d(tmp, inOff, keyElements.map1.qAlpha2);
+            inOff = SnovaKeyElements.copy3d(tmp, inOff, keyElements.T12);
+            inOff = SnovaKeyElements.copy4d(tmp, inOff, keyElements.map2.f11);
+            inOff = SnovaKeyElements.copy4d(tmp, inOff, keyElements.map2.f12);
+            SnovaKeyElements.copy4d(tmp, inOff, keyElements.map2.f21);
+            publicKeySeed = Arrays.copyOfRange(input, input.length - SnovaKeyPairGenerator.publicSeedLength - SnovaKeyPairGenerator.privateSeedLength, input.length - SnovaKeyPairGenerator.privateSeedLength);
+            keyElements.ptPrivateKeySeed = new byte[SnovaKeyPairGenerator.privateSeedLength];
+            System.arraycopy(input, input.length - SnovaKeyPairGenerator.privateSeedLength, keyElements.ptPrivateKeySeed, 0, keyElements.ptPrivateKeySeed.length);
         }
         signDigestCore(signature, hash, salt, keyElements.map1.aAlpha, keyElements.map1.bAlpha, keyElements.map1.qAlpha1, keyElements.map1.qAlpha2,
-            keyElements.T12, keyElements.map2.f11, keyElements.map2.f12, keyElements.map2.f21, keyElements.publicKey.publicKeySeed, keyElements.ptPrivateKeySeed);
+            keyElements.T12, keyElements.map2.f11, keyElements.map2.f12, keyElements.map2.f21, publicKeySeed, keyElements.ptPrivateKeySeed);
         return Arrays.concatenate(signature, message);
     }
 
@@ -90,14 +105,22 @@ public boolean verifySignature(byte[] message, byte[] signature)
         shake.doFinal(hash, 0);
         SnovaKeyElements keyElements = new SnovaKeyElements(params);
         byte[] pk = pubKey.getEncoded();
-        System.arraycopy(pk, 0, keyElements.publicKey.publicKeySeed, 0, SnovaKeyPairGenerator.publicSeedLength);
-        System.arraycopy(pk, SnovaKeyPairGenerator.publicSeedLength, keyElements.publicKey.P22, 0, keyElements.publicKey.P22.length);
-        engine.genABQP(keyElements.map1, keyElements.publicKey.publicKeySeed, keyElements.fixedAbq);
-        byte[] p22_gf16s = new byte[keyElements.publicKey.P22.length << 1];
-        GF16.decode(keyElements.publicKey.P22, p22_gf16s, p22_gf16s.length);
+        byte[] publicKeySeed = Arrays.copyOf(pk, SnovaKeyPairGenerator.publicSeedLength);
+        byte[] p22_source = Arrays.copyOfRange(pk, SnovaKeyPairGenerator.publicSeedLength, pk.length);
+        engine.genABQP(keyElements.map1, publicKeySeed, keyElements.fixedAbq);
         byte[][][][] p22 = new byte[params.getM()][params.getO()][params.getO()][params.getLsq()];
-        MapGroup1.fillP(p22_gf16s, 0, p22, p22_gf16s.length);
-        return verifySignatureCore(hash, signature, keyElements.publicKey, keyElements.map1, p22);
+        if ((params.getLsq() & 1) == 0)
+        {
+            MapGroup1.decodeP(p22_source, 0, p22, p22_source.length << 1);
+        }
+        else
+        {
+            byte[] p22_gf16s = new byte[p22_source.length << 1];
+            GF16.decode(p22_source, p22_gf16s, p22_gf16s.length);
+            MapGroup1.fillP(p22_gf16s, 0, p22, p22_gf16s.length);
+        }
+
+        return verifySignatureCore(hash, signature, publicKeySeed, keyElements.map1, p22);
     }
 
     public void createSignedHash(
@@ -326,7 +349,7 @@ public void signDigestCore(byte[] ptSignature, byte[] digest, byte[] arraySalt,
         System.arraycopy(arraySalt, 0, ptSignature, ptSignature.length - bytesSalt, bytesSalt);
     }
 
-    public boolean verifySignatureCore(byte[] digest, byte[] signature, PublicKey pkx, MapGroup1 map1, byte[][][][] p22)
+    public boolean verifySignatureCore(byte[] digest, byte[] signature, byte[] publicKeySeed, MapGroup1 map1, byte[][][][] p22)
     {
         final int bytesHash = (params.getO() * params.getLsq() + 1) >>> 1;
         final int bytesSalt = params.getSaltLength();
@@ -339,7 +362,7 @@ public boolean verifySignatureCore(byte[] digest, byte[] signature, PublicKey pk
         // Step 1: Regenerate signed hash using public key seed, digest and salt
         byte[] signedHash = new byte[bytesHash];
 
-        shake.update(pkx.publicKeySeed, 0, pkx.publicKeySeed.length);
+        shake.update(publicKeySeed, 0, publicKeySeed.length);
         shake.update(digest, 0, digest.length);
         shake.update(signature, bytesSignature, bytesSalt);
         shake.doFinal(signedHash, 0, bytesHash);

Original file line number	Diff line number	Diff line change
`@@ -468,7 +468,7 @@ void genABQP(MapGroup1 map1, byte[] pkSeed, byte[] fixedAbq)`
`468`	`468`	`}`
`469`	`469`	`if ((lsq & 1) == 0)`
`470`	`470`	`{`
`471`		`- map1.decode(prngOutput, params, (gf16sPrngPublic - qTemp.length) >> 1);`
	`471`	`+ map1.decode(prngOutput, (gf16sPrngPublic - qTemp.length) >> 1);`
`472`	`472`	`}`
`473`	`473`	`else`
`474`	`474`	`{`