Refactor on Snova is almost done

Author: gefeili

core/src/main/java/org/bouncycastle/pqc/crypto/snova/GF16Utils.java

@@ -30,13 +30,55 @@ public static void decodeMergeInHalf(byte[] byteArray, byte[] gf16Array, int nGf
         }
     }
 
-    public static void gf16mTranMul(byte[] a, byte[] b, byte[] c, int rank)
+    public static void gf16mTranMulMul(byte[] sign, byte[] a, byte[] b, byte[] q1, byte[] q2, byte[] tmp,
+                                       byte[] left, byte[] right, int rank)
     {
-        for (int i = 0, cOff = 0; i < rank; i++)
+        for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)
         {
-            for (int j = 0, jl = 0; j < rank; j++, jl += rank)
+            for (int j = 0; j < rank; j++)
+            {
+                byte result = 0;
+                for (int k = 0, aOff = j, bOff = i; k < rank; ++k, aOff += rank, bOff += rank)
+                {
+                    result ^= GF16.mul(sign[aOff], q1[bOff]);
+                }
+                tmp[j] = result;
+            }
+
+            for (int j = 0, jxl = 0; j < rank; j++, jxl += rank)
+            {
+                byte result = 0;
+                for (int k = 0; k < rank; ++k)
+                {
+                    result ^= GF16.mul(a[jxl + k], tmp[k]);
+                }
+                left[i + jxl] = result;
+            }
+            for (int j = 0; j < rank; j++)
+            {
+                tmp[j] = GF16.innerProduct(q2, leftOff, sign, j, rank);
+            }
+
+            for (int j = 0; j < rank; j++)
             {
-                c[cOff++] = GF16.dotProduct(a, i, b, j, rank);
+                right[dOff++] = GF16.innerProduct(tmp, 0, b, j, rank);
+            }
+        }
+    }
+
+    // tmp = a * b, d = tmp * c -> d = (a * b) * c
+    public static void gf16mMulMul(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)
+    {
+        for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)
+        {
+            for (int j = 0; j < rank; j++)
+            {
+                tmp[j] = GF16.innerProduct(a, leftOff, b, j, rank);
+            }
+
+            for (int j = 0; j < rank; j++)
+            {
+                d[dOff++] = GF16.innerProduct(tmp, 0, c, j, rank);
             }
         }
     }
@@ -52,6 +94,22 @@ public static void gf16mMul(byte[] a, byte[] b, byte[] c, int rank)
         }
     }
 
+    public static void gf16mMulMulTo(byte[] a, byte[] b, byte[] c, byte[] tmp, byte[] d, int rank)
+    {
+        for (int i = 0, leftOff = 0, dOff = 0; i < rank; i++, leftOff += rank)
+        {
+            for (int j = 0; j < rank; j++)
+            {
+                tmp[j] = GF16.innerProduct(a, leftOff, b, j, rank);
+            }
+
+            for (int j = 0; j < rank; j++)
+            {
+                d[dOff++] ^= GF16.innerProduct(tmp, 0, c, j, rank);
+            }
+        }
+    }
+
     public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)
     {
         for (int i = 0, aOff = 0, cOff = 0; i < rank; i++, aOff += rank)
@@ -63,6 +121,42 @@ public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int rank)
         }
     }
 
+    // d = a * b, e = b * c
+    public static void gf16mMulToTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int rank)
+    {
+        for (int i = 0, leftOff = 0, outOff = 0; i < rank; i++, leftOff += rank)
+        {
+            for (int j = 0; j < rank; j++)
+            {
+                d[outOff] ^= GF16.innerProduct(a, leftOff, b, j, rank);
+                e[outOff++] ^= GF16.innerProduct(b, leftOff, c, j, rank);
+            }
+        }
+    }
+
+    public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, int cOff, int rank)
+    {
+        for (int i = 0, aOff = 0; i < rank; i++, aOff += rank)
+        {
+            for (int j = 0; j < rank; j++)
+            {
+                c[cOff++] ^= GF16.innerProduct(a, aOff, b, j, rank);
+            }
+        }
+    }
+
+    // d ^= a * b + c * d
+    public static void gf16mMulTo(byte[] a, byte[] b, byte[] c, byte[] d, byte[] e, int eOff, int rank)
+    {
+        for (int i = 0, leftOff = 0; i < rank; i++, leftOff += rank)
+        {
+            for (int j = 0; j < rank; j++)
+            {
+                e[eOff++] ^= GF16.innerProduct(a, leftOff, b, j, rank) ^ GF16.innerProduct(c, leftOff, d, j, rank);
+            }
+        }
+    }
+
     public static void gf16mMulTo(byte[] a, byte[] b, int bOff, byte[] c, int cOff, int rank)
     {
         for (int i = 0, aOff = 0; i < rank; i++, aOff += rank)

core/src/main/java/org/bouncycastle/pqc/crypto/snova/MapGroup1.java

@@ -28,16 +28,9 @@ public MapGroup1(SnovaParameters params)
         qAlpha2 = new byte[m][alpha][lsq];
     }
 
-    public void decode(byte[] input, int len, boolean isl4or5)
+    void decode(byte[] input, int len, boolean isl4or5)
     {
-//        int m = params.getM();
-//        int v = params.getV();
-//        int o = params.getO();
-//        int alpha = params.getAlpha();
-//        int lsq = params.getLsq();
-//        if ((lsq & 1) == 0)
-//        {
-
+        //TODO: when (lsq & 1) == 1
         int inOff = decodeP(input, 0, p11, len);
         inOff += decodeP(input, inOff, p12, len - inOff);
         inOff += decodeP(input, inOff, p21, len - inOff);
@@ -48,38 +41,8 @@ public void decode(byte[] input, int len, boolean isl4or5)
             inOff += decodeAlpha(input, inOff, qAlpha1, len - inOff);
             decodeAlpha(input, inOff, qAlpha2, len - inOff);
         }
-//        }
-//        else
-//        {
-//
-//        }
     }
 
-//    public boolean decodeArrayLsqOdd(byte[] input, int inOff, boolean isLower, byte[] output, int lsqHalf)
-//    {
-//        int outOff = 0;
-//        if (isLower)
-//        {
-//            for (int i = 0; i < lsqHalf; ++i)
-//            {
-//                output[outOff++] = (byte)(input[inOff] & 0x0F);
-//                output[outOff++] = (byte)((input[inOff++] >>> 4) & 0x0F);
-//            }
-//            output[outOff] = (byte)(input[inOff] & 0x0F);
-//            return false;
-//        }
-//        else
-//        {
-//            for (int i = 0; i < lsqHalf; ++i)
-//            {
-//                output[outOff++] = (byte)((input[inOff++] >>> 4) & 0x0F);
-//                output[outOff++] = (byte)(input[inOff] & 0x0F);
-//            }
-//            output[outOff] = (byte)((input[inOff] >>> 4) & 0x0F);
-//            return true;
-//        }
-//    }
-
     static int decodeP(byte[] input, int inOff, byte[][][][] p, int len)
     {
         int rlt = 0;
@@ -114,29 +77,7 @@ static int decodeArray(byte[] input, int inOff, byte[][] array, int len)
         return rlt;
     }
 
-//    private int decodeP(byte[] input, int inOff, boolean isLower,byte[][][][] p, int lsqHalf)
-//    {
-//        for (int i = 0; i < p.length; ++i)
-//        {
-//            inOff = decodeAlpha(input, inOff, p[i]);
-//        }
-//        return inOff;
-//    }
-
-//    private boolean decodeAlpha(byte[] input, int inOff, boolean isLower, byte[][][] alpha, int lsqHalf)
-//    {
-//        for (int i = 0; i < alpha.length; ++i)
-//        {
-//            for (int j = 0; j < alpha[i].length; ++j)
-//            {
-//                isLower = decodeArrayLsqOdd(input, inOff, isLower, alpha[i][j], lsqHalf);
-//                inOff += lsqHalf + (isLower ? 1 : 0);
-//            }
-//        }
-//        return isLower;
-//    }
-
-    public void fill(byte[] input, boolean isl4or5)
+    void fill(byte[] input, boolean isl4or5)
     {
         int inOff = fillP(input, 0, p11, input.length);
         inOff += fillP(input, inOff, p12, input.length - inOff);

core/src/main/java/org/bouncycastle/pqc/crypto/snova/MapGroup2.java

@@ -11,7 +11,7 @@ public MapGroup2(SnovaParameters params)
         int m = params.getM();
         int v = params.getV();
         int o = params.getO();
-        int lsq = params.getL() * params.getL();
+        int lsq = params.getLsq();
         f11 = new byte[m][v][v][lsq];
         f12 = new byte[m][v][o][lsq];
         f21 = new byte[m][o][v][lsq];