Skip to content

Commit 3afd4a0

Browse files
guanzhiguanzhi
committed
Update Kyber
1 parent 1f64cb7 commit 3afd4a0

File tree

6 files changed

+329
-398
lines changed

6 files changed

+329
-398
lines changed

include/gmssl/kyber.h

Lines changed: 70 additions & 93 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2014-2025 The GmSSL Project. All Rights Reserved.
2+
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
33
*
44
* Licensed under the Apache License, Version 2.0 (the License); you may
55
* not use this file except in compliance with the License.
@@ -29,13 +29,13 @@ extern "C" {
2929
#define KYBER_ETA2 2
3030
#define KYBER_POLY_NBYTES (256 * 12 / 8)
3131

32-
#define KYBER512_K 2
33-
#define KYBER768_K 3
34-
#define KYBER1024_K 4
32+
#define KYBER512_K 2
33+
#define KYBER768_K 3
34+
#define KYBER1024_K 4
3535

36-
#define KYBER512_ETA1 3
37-
#define KYBER768_ETA1 2
38-
#define KYBER1024_ETA1 2
36+
#define KYBER512_ETA1 3
37+
#define KYBER768_ETA1 2
38+
#define KYBER1024_ETA1 2
3939

4040
#define KYBER512_DU 10
4141
#define KYBER768_DU 10
@@ -73,46 +73,23 @@ CRYSTALS-Kyber Algorithm Specifications and Supporing Documentation (version 3.0
7373
*/
7474

7575

76-
typedef int16_t kyber_poly_t[256];
77-
78-
typedef struct {
79-
uint8_t t[KYBER_K][384];
80-
uint8_t rho[32];
81-
} KYBER_CPA_PUBLIC_KEY;
82-
83-
typedef struct {
84-
KYBER_CPA_PUBLIC_KEY public_key;
85-
uint8_t s[KYBER_K][384];
86-
} KYBER_CPA_PRIVATE_KEY;
87-
88-
typedef struct {
89-
uint8_t c1[KYBER_K][KYBER_C1_SIZE];
90-
uint8_t c2[KYBER_C2_SIZE];
91-
} KYBER_CPA_CIPHERTEXT;
9276

93-
int kyber_cpa_public_key_to_bytes(const KYBER_CPA_PUBLIC_KEY *key, uint8_t **out, size_t *outlen);
94-
int kyber_cpa_public_key_from_bytes(KYBER_CPA_PUBLIC_KEY *key, const uint8_t **in, size_t *inlen);
95-
int kyber_cpa_private_key_to_bytes(const KYBER_CPA_PRIVATE_KEY *key, uint8_t **out, size_t *outlen);
96-
int kyber_cpa_private_key_from_bytes(KYBER_CPA_PRIVATE_KEY *key, const uint8_t **in, size_t *inlen);
97-
98-
int kyber_cpa_ciphertext_to_bytes(const KYBER_CPA_CIPHERTEXT *ciphertext, uint8_t **out, size_t *outlen);
99-
int kyber_cpa_ciphertext_from_bytes(KYBER_CPA_CIPHERTEXT *ciphertext, const uint8_t **in, size_t *inlen);
10077

10178
void kyber_h_hash(const uint8_t *in, size_t inlen, uint8_t out[32]);
10279
void kyber_g_hash(const uint8_t *in, size_t inlen, uint8_t out[64]);
10380

10481

82+
83+
typedef int16_t kyber_poly_t[256];
10584
#define KYBER_FMT_POLY 1
10685
#define KYBER_FMT_HEX 2
10786

108-
int kyber_poly_print(FILE *fp, int fmt, int ind, const char *label, const kyber_poly_t a);
87+
int kyber_poly_print(FILE *fp, int fmt, int ind, const char *label, const kyber_poly_t a);
10988
void kyber_poly_set_zero(kyber_poly_t r);
110-
111-
112-
int kyber_poly_rand(kyber_poly_t r);
113-
int kyber_poly_uniform_sample(kyber_poly_t r, const uint8_t rho[32], uint8_t j, uint8_t i);
114-
int kyber_poly_cbd_sample(kyber_poly_t r, int eta, const uint8_t secret[32], uint8_t n);
115-
int kyber_poly_equ(const kyber_poly_t a, const kyber_poly_t b);
89+
int kyber_poly_rand(kyber_poly_t r);
90+
int kyber_poly_uniform_sample(kyber_poly_t r, const uint8_t rho[32], uint8_t j, uint8_t i);
91+
int kyber_poly_cbd_sample(kyber_poly_t r, int eta, const uint8_t secret[32], uint8_t n);
92+
int kyber_poly_equ(const kyber_poly_t a, const kyber_poly_t b);
11693
void kyber_poly_add(kyber_poly_t r, const kyber_poly_t a, const kyber_poly_t b);
11794
void kyber_poly_sub(kyber_poly_t r, const kyber_poly_t a, const kyber_poly_t b);
11895

@@ -121,87 +98,87 @@ int16_t zeta[256];
12198

12299
void init_zeta(void);
123100

124-
int kyber_poly_ntt(int16_t a[256]);
125-
int kyber_poly_inv_ntt(int16_t a[256]);
126-
127-
int kyber_poly_ntt_mul(kyber_poly_t r, const kyber_poly_t a, const kyber_poly_t b);
101+
int kyber_poly_ntt(int16_t a[256]);
102+
int kyber_poly_inv_ntt(int16_t a[256]);
103+
int kyber_poly_ntt_mul(kyber_poly_t r, const kyber_poly_t a, const kyber_poly_t b);
128104
void kyber_poly_copy(kyber_poly_t r, const kyber_poly_t a);
129-
130-
int kyber_poly_mul(kyber_poly_t r, const kyber_poly_t a, const kyber_poly_t b);
131-
105+
int kyber_poly_mul(kyber_poly_t r, const kyber_poly_t a, const kyber_poly_t b);
132106
void kyber_poly_ntt_mul_scalar(kyber_poly_t r, int scalar, const kyber_poly_t a);
107+
int kyber_poly_to_signed(const kyber_poly_t a, kyber_poly_t r);
108+
int kyber_poly_from_signed(kyber_poly_t r, const kyber_poly_t a);
109+
int kyber_poly_compress(const kyber_poly_t a, int dbits, kyber_poly_t z);
110+
int kyber_poly_decompress(kyber_poly_t r, int dbits, const kyber_poly_t z);
111+
int kyber_poly_encode12(const kyber_poly_t a, uint8_t out[384]);
112+
int kyber_poly_decode12(kyber_poly_t r, const uint8_t in[384]);
113+
int kyber_poly_encode10(const kyber_poly_t a, uint8_t out[320]);
114+
int kyber_poly_decode10(kyber_poly_t r, const uint8_t in[320]);
115+
int kyber_poly_encode4(const kyber_poly_t a, uint8_t out[128]);
116+
void kyber_poly_decode4(kyber_poly_t r, const uint8_t in[128]);
117+
void kyber_poly_decode1(kyber_poly_t r, const uint8_t in[32]);
118+
int kyber_poly_encode1(const kyber_poly_t a, uint8_t out[32]);
133119

134-
int kyber_poly_to_signed(const kyber_poly_t a, kyber_poly_t r);
135-
136-
int kyber_poly_from_signed(kyber_poly_t r, const kyber_poly_t a);
137-
int kyber_poly_compress(const kyber_poly_t a, int dbits, kyber_poly_t z);
138-
int kyber_poly_decompress(kyber_poly_t r, int dbits, const kyber_poly_t z);
139-
int kyber_poly_encode12(const kyber_poly_t a, uint8_t out[384]);
140-
int kyber_poly_decode12(kyber_poly_t r, const uint8_t in[384]);
141-
142-
int kyber_poly_encode10(const kyber_poly_t a, uint8_t out[320]);
143-
144-
int kyber_poly_decode10(kyber_poly_t r, const uint8_t in[320]);
145120

146-
int kyber_poly_encode4(const kyber_poly_t a, uint8_t out[128]);
121+
typedef struct {
122+
uint8_t t[KYBER_K][384];
123+
uint8_t rho[32];
124+
} KYBER_CPA_PUBLIC_KEY;
147125

148-
void kyber_poly_decode4(kyber_poly_t r, const uint8_t in[128]);
149-
void kyber_poly_decode1(kyber_poly_t r, const uint8_t in[32]);
150-
int kyber_poly_encode1(const kyber_poly_t a, uint8_t out[32]);
126+
typedef struct {
127+
KYBER_CPA_PUBLIC_KEY public_key;
128+
uint8_t s[KYBER_K][384];
129+
} KYBER_CPA_KEY;
151130

131+
int kyber_cpa_key_generate_ex(KYBER_CPA_KEY *key, const uint8_t random[32]);
132+
int kyber_cpa_public_key_to_bytes(const KYBER_CPA_KEY *key, uint8_t **out, size_t *outlen);
133+
int kyber_cpa_public_key_from_bytes(KYBER_CPA_KEY *key, const uint8_t **in, size_t *inlen);
134+
int kyber_cpa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_KEY *pk);
135+
int kyber_cpa_private_key_to_bytes(const KYBER_CPA_KEY *key, uint8_t **out, size_t *outlen);
136+
int kyber_cpa_private_key_from_bytes(KYBER_CPA_KEY *key, const uint8_t **in, size_t *inlen);
137+
int kyber_cpa_private_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_KEY *sk);
138+
void kyber_cpa_key_cleanup(KYBER_CPA_KEY *key);
152139

140+
typedef struct {
141+
uint8_t c1[KYBER_K][KYBER_C1_SIZE];
142+
uint8_t c2[KYBER_C2_SIZE];
143+
} KYBER_CPA_CIPHERTEXT;
153144

154-
int kyber_cpa_keygen(KYBER_CPA_PUBLIC_KEY *pk, KYBER_CPA_PRIVATE_KEY *sk);
155-
int kyber_cpa_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_CIPHERTEXT *c);
156-
int kyber_cpa_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_CIPHERTEXT *c);
157-
int kyber_cpa_public_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_PUBLIC_KEY *pk);
158-
int kyber_cpa_private_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_PRIVATE_KEY *sk);
159-
int kyber_cpa_encrypt(const KYBER_CPA_PUBLIC_KEY *pk, const uint8_t in[32],
145+
int kyber_cpa_encrypt(const KYBER_CPA_KEY *pk, const uint8_t in[32],
160146
const uint8_t rand[32], KYBER_CPA_CIPHERTEXT *out);
161-
int kyber_cpa_decrypt(const KYBER_CPA_PRIVATE_KEY *sk, const KYBER_CPA_CIPHERTEXT *in, uint8_t out[32]);
147+
int kyber_cpa_decrypt(const KYBER_CPA_KEY *sk, const KYBER_CPA_CIPHERTEXT *in,
148+
uint8_t out[32]);
149+
int kyber_cpa_ciphertext_to_bytes(const KYBER_CPA_CIPHERTEXT *ciphertext, uint8_t **out, size_t *outlen);
150+
int kyber_cpa_ciphertext_from_bytes(KYBER_CPA_CIPHERTEXT *ciphertext, const uint8_t **in, size_t *inlen);
151+
int kyber_cpa_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CPA_CIPHERTEXT *c);
162152

163153

164154
typedef KYBER_CPA_PUBLIC_KEY KYBER_PUBLIC_KEY;
165155

166-
167156
typedef struct {
168-
KYBER_CPA_PUBLIC_KEY pk;
169-
KYBER_CPA_PRIVATE_KEY sk;
157+
KYBER_CPA_KEY cpa_key;
170158
uint8_t pk_hash[32];
171159
uint8_t z[32];
172-
} KYBER_PRIVATE_KEY;
173-
160+
} KYBER_KEY;
174161

175162
#define KYBER_PUBLIC_KEY_SIZE sizeof(KYBER_PUBLIC_KEY)
176-
#define KYBER_PRIVATE_KEY_SIZE sizeof(KYBER_PRIVATE_KEY)
177-
163+
#define KYBER_PRIVATE_KEY_SIZE sizeof(KYBER_KEY)
178164

165+
int kyber_key_generate_ex(KYBER_KEY *key, const uint8_t random[32]);
166+
int kyber_public_key_to_bytes(const KYBER_KEY *key, uint8_t **out, size_t *outlen);
167+
int kyber_public_key_from_bytes(KYBER_KEY *key, const uint8_t **in, size_t *inlen);
168+
int kyber_public_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_KEY *pk);
169+
int kyber_private_key_to_bytes(const KYBER_KEY *key, uint8_t **out, size_t *outlen);
170+
int kyber_private_key_from_bytes(KYBER_KEY *key, const uint8_t **in, size_t *inlen);
171+
int kyber_private_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_KEY *sk);
172+
void kyber_key_cleanup(KYBER_KEY *key);
179173

180174
typedef KYBER_CPA_CIPHERTEXT KYBER_CIPHERTEXT;
181175

182-
int kyber_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CIPHERTEXT *c);
183-
184176
int kyber_ciphertext_to_bytes(const KYBER_CIPHERTEXT *ciphertext, uint8_t **out, size_t *outlen);
185177
int kyber_ciphertext_from_bytes(KYBER_CIPHERTEXT *ciphertext, const uint8_t **in, size_t *inlen);
178+
int kyber_ciphertext_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_CIPHERTEXT *c);
186179

187-
void kyber_key_cleanup(KYBER_PRIVATE_KEY *key);
188-
189-
int kyber_key_generate(KYBER_PRIVATE_KEY *key);
190-
191-
// generate a single key
192-
int kyber_keygen(KYBER_PUBLIC_KEY *pk, KYBER_PRIVATE_KEY *sk);
193-
194-
195-
int kyber_private_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_PRIVATE_KEY *sk);
196-
197-
int kyber_public_key_print(FILE *fp, int fmt, int ind, const char *label, const KYBER_PRIVATE_KEY *pk);
198-
int kyber_encap(const KYBER_PUBLIC_KEY *pk, KYBER_CIPHERTEXT *c, uint8_t K[32]);
199-
int kyber_decap(const KYBER_PRIVATE_KEY *sk, const KYBER_CIPHERTEXT *c, uint8_t K[32]);
200-
201-
int kyber_public_key_to_bytes(const KYBER_PRIVATE_KEY *key, uint8_t **out, size_t *outlen);
202-
int kyber_public_key_from_bytes(KYBER_PRIVATE_KEY *key, const uint8_t **in, size_t *inlen);
203-
int kyber_private_key_to_bytes(const KYBER_PRIVATE_KEY *key, uint8_t **out, size_t *outlen);
204-
int kyber_private_key_from_bytes(KYBER_PRIVATE_KEY *key, const uint8_t **in, size_t *inlen);
180+
int kyber_encap(const KYBER_KEY *pk, KYBER_CIPHERTEXT *c, uint8_t K[32]);
181+
int kyber_decap(const KYBER_KEY *sk, const KYBER_CIPHERTEXT *c, uint8_t K[32]);
205182

206183

207184
#ifdef __cplusplus

0 commit comments

Comments
 (0)