From 9dbf4684a3310b6c9411a71ee7570cc31aef11ea Mon Sep 17 00:00:00 2001 From: Wind Wong Date: Fri, 9 Dec 2022 09:27:00 +0000 Subject: [PATCH] field arithmetic cleanup Co-authored-by: Armando Faz --- kem/mceliece/gen.go | 10 +++--- kem/mceliece/internal/fft_const.go | 12 +++---- kem/mceliece/internal/powers.go | 8 ++--- kem/mceliece/mceliece348864/mceliece.go | 34 +++++++++--------- kem/mceliece/mceliece348864f/mceliece.go | 34 +++++++++--------- kem/mceliece/mceliece460896/mceliece.go | 32 ++++++++--------- kem/mceliece/mceliece460896f/mceliece.go | 32 ++++++++--------- kem/mceliece/mceliece6688128/mceliece.go | 32 ++++++++--------- kem/mceliece/mceliece6688128f/mceliece.go | 32 ++++++++--------- kem/mceliece/mceliece6960119/mceliece.go | 32 ++++++++--------- kem/mceliece/mceliece6960119f/mceliece.go | 32 ++++++++--------- kem/mceliece/mceliece8192128/mceliece.go | 32 ++++++++--------- kem/mceliece/mceliece8192128f/mceliece.go | 32 ++++++++--------- kem/mceliece/templates/mceliece.templ.go | 6 ++-- math/{gf4096 => gf2e12}/gf4096.go | 36 +++++++++---------- math/{gf4096 => gf2e12}/gf_test.go | 31 +++++------------ math/{gf8192 => gf2e13}/gf8192.go | 42 +++++++++++------------ math/{gf8192 => gf2e13}/gf_test.go | 23 ++++++------- 18 files changed, 238 insertions(+), 254 deletions(-) rename math/{gf4096 => gf2e12}/gf4096.go (64%) rename math/{gf4096 => gf2e12}/gf_test.go (75%) rename math/{gf8192 => gf2e13}/gf8192.go (79%) rename math/{gf8192 => gf2e13}/gf_test.go (91%) diff --git a/kem/mceliece/gen.go b/kem/mceliece/gen.go index 3ca2bef5..440d34c0 100644 --- a/kem/mceliece/gen.go +++ b/kem/mceliece/gen.go @@ -57,7 +57,7 @@ func (m Instance) Is8192128() bool { var ( McElieceParam348864 = Param{ - Gf: "gf4096", + Gf: "gf2e12", PublicKeySize: 261120, PrivateKeySize: 6492, CiphertextSize: 96, @@ -65,7 +65,7 @@ var ( SysT: 64, } McElieceParam460896 = Param{ - Gf: "gf8192", + Gf: "gf2e13", PublicKeySize: 524160, PrivateKeySize: 13608, CiphertextSize: 156, @@ -73,7 +73,7 @@ var ( SysT: 96, } McElieceParam6688128 = Param{ - Gf: "gf8192", + Gf: "gf2e13", PublicKeySize: 1044992, PrivateKeySize: 13932, CiphertextSize: 208, @@ -81,7 +81,7 @@ var ( SysT: 128, } McElieceParam6960119 = Param{ - Gf: "gf8192", + Gf: "gf2e13", PublicKeySize: 1047319, PrivateKeySize: 13948, CiphertextSize: 194, @@ -89,7 +89,7 @@ var ( SysT: 119, } McElieceParam8192128 = Param{ - Gf: "gf8192", + Gf: "gf2e13", PublicKeySize: 1357824, PrivateKeySize: 14120, CiphertextSize: 208, diff --git a/kem/mceliece/internal/fft_const.go b/kem/mceliece/internal/fft_const.go index fa53575d..7e629f08 100644 --- a/kem/mceliece/internal/fft_const.go +++ b/kem/mceliece/internal/fft_const.go @@ -1,8 +1,8 @@ package internal import ( - "github.com/cloudflare/circl/math/gf4096" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e12" + "github.com/cloudflare/circl/math/gf2e13" ) var ButterfliesReversal4096 = [64]byte{ @@ -45,7 +45,7 @@ var RadixConversionsMask = [5][2]uint64{ {0xFFFF000000000000, 0x0000FFFF00000000}, } -var ButterfliesConst = [128][gf8192.GfBits]uint64{ +var ButterfliesConst = [128][gf2e13.Bits]uint64{ { 0x6969969669699696, 0x9966669966999966, @@ -1968,7 +1968,7 @@ var ButterfliesConst = [128][gf8192.GfBits]uint64{ }, } -var RadixConversionsS = [5][2][gf8192.GfBits]uint64{ +var RadixConversionsS = [5][2][gf2e13.Bits]uint64{ { { 0x3C3CF30C0000C003, @@ -2131,7 +2131,7 @@ var RadixConversionsS = [5][2][gf8192.GfBits]uint64{ }, } -var RadixConversionsS4096 = [5][gf4096.GfBits]uint64{ +var RadixConversionsS4096 = [5][gf2e12.Bits]uint64{ { 0xF3CFC030FC30F003, 0x3FCF0F003C00C00C, @@ -2204,7 +2204,7 @@ var RadixConversionsS4096 = [5][gf4096.GfBits]uint64{ }, } -var ButterfliesConsts4096 = [63][gf4096.GfBits]uint64{ +var ButterfliesConsts4096 = [63][gf2e12.Bits]uint64{ // 64 { 0xF00F0FF0F00F0FF0, diff --git a/kem/mceliece/internal/powers.go b/kem/mceliece/internal/powers.go index b7254864..3f048796 100644 --- a/kem/mceliece/internal/powers.go +++ b/kem/mceliece/internal/powers.go @@ -1,11 +1,11 @@ package internal import ( - "github.com/cloudflare/circl/math/gf4096" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e12" + "github.com/cloudflare/circl/math/gf2e13" ) -var Powers4096 = [64][gf4096.GfBits]uint64{ +var Powers4096 = [64][gf2e12.Bits]uint64{ { 0x0F0F0F0FF0F0F0F0, 0xFFFF0000FFFF0000, @@ -904,7 +904,7 @@ var Powers4096 = [64][gf4096.GfBits]uint64{ }, } -var Powers8192 = [128][gf8192.GfBits]uint64{ +var Powers8192 = [128][gf2e13.Bits]uint64{ { 0x5AA55AA5A55AA55A, 0x3CC33CC3C33CC33C, diff --git a/kem/mceliece/mceliece348864/mceliece.go b/kem/mceliece/mceliece348864/mceliece.go index 7a435dc4..43107144 100644 --- a/kem/mceliece/mceliece348864/mceliece.go +++ b/kem/mceliece/mceliece348864/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf4096" + "github.com/cloudflare/circl/math/gf2e12" ) const ( sysT = 64 // F(y) is 64 degree - gfBits = gf4096.GfBits - gfMask = gf4096.GfMask + gfBits = gf2e12.Bits + gfMask = gf2e12.Mask unusedBits = 16 - gfBits sysN = 3488 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf4096.Gf + gf = gf2e12.Elt randFunc = func(pool []byte) error ) @@ -332,10 +332,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf4096.Inv(gf4096.Mul(e, e)) + eInv := gf2e12.Inv(gf2e12.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf4096.Add(out[j], gf4096.Mul(eInv, c)) - eInv = gf4096.Mul(eInv, L[i]) + out[j] = gf2e12.Add(out[j], gf2e12.Mul(eInv, c)) + eInv = gf2e12.Mul(eInv, L[i]) } } } @@ -362,7 +362,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf4096.Mul(C[i], s[N-i]) + d ^= gf2e12.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -376,9 +376,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf4096.Div(d, b) + f = gf2e12.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf4096.Mul(f, B[i]) & mne + C[i] ^= gf2e12.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -488,16 +488,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf4096.Inv(mat[j][j]) + inv := gf2e12.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf4096.Mul(mat[c][j], inv) + mat[c][j] = gf2e12.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf4096.Mul(mat[c][j], t) + mat[c][k] ^= gf2e12.Mul(mat[c][j], t) } } } @@ -515,7 +515,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf4096.Mul(a[i], b[j]) + product[i+j] ^= gf2e12.Mul(a[i], b[j]) } } @@ -524,7 +524,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product[i-sysT+3] ^= product[i] product[i-sysT+1] ^= product[i] - product[i-sysT] ^= gf4096.Mul(product[i], 2) + product[i-sysT] ^= gf2e12.Mul(product[i], 2) } @@ -563,8 +563,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf4096.Mul(r, a) - r = gf4096.Add(r, f[i]) + r = gf2e12.Mul(r, a) + r = gf2e12.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece348864f/mceliece.go b/kem/mceliece/mceliece348864f/mceliece.go index f7b7f5f7..01dc2beb 100644 --- a/kem/mceliece/mceliece348864f/mceliece.go +++ b/kem/mceliece/mceliece348864f/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf4096" + "github.com/cloudflare/circl/math/gf2e12" ) const ( sysT = 64 // F(y) is 64 degree - gfBits = gf4096.GfBits - gfMask = gf4096.GfMask + gfBits = gf2e12.Bits + gfMask = gf2e12.Mask unusedBits = 16 - gfBits sysN = 3488 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf4096.Gf + gf = gf2e12.Elt randFunc = func(pool []byte) error ) @@ -332,10 +332,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf4096.Inv(gf4096.Mul(e, e)) + eInv := gf2e12.Inv(gf2e12.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf4096.Add(out[j], gf4096.Mul(eInv, c)) - eInv = gf4096.Mul(eInv, L[i]) + out[j] = gf2e12.Add(out[j], gf2e12.Mul(eInv, c)) + eInv = gf2e12.Mul(eInv, L[i]) } } } @@ -362,7 +362,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf4096.Mul(C[i], s[N-i]) + d ^= gf2e12.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -376,9 +376,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf4096.Div(d, b) + f = gf2e12.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf4096.Mul(f, B[i]) & mne + C[i] ^= gf2e12.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -488,16 +488,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf4096.Inv(mat[j][j]) + inv := gf2e12.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf4096.Mul(mat[c][j], inv) + mat[c][j] = gf2e12.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf4096.Mul(mat[c][j], t) + mat[c][k] ^= gf2e12.Mul(mat[c][j], t) } } } @@ -515,7 +515,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf4096.Mul(a[i], b[j]) + product[i+j] ^= gf2e12.Mul(a[i], b[j]) } } @@ -524,7 +524,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product[i-sysT+3] ^= product[i] product[i-sysT+1] ^= product[i] - product[i-sysT] ^= gf4096.Mul(product[i], 2) + product[i-sysT] ^= gf2e12.Mul(product[i], 2) } @@ -563,8 +563,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf4096.Mul(r, a) - r = gf4096.Add(r, f[i]) + r = gf2e12.Mul(r, a) + r = gf2e12.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece460896/mceliece.go b/kem/mceliece/mceliece460896/mceliece.go index 59b1c2ee..662c63b7 100644 --- a/kem/mceliece/mceliece460896/mceliece.go +++ b/kem/mceliece/mceliece460896/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 96 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 4608 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -332,10 +332,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -362,7 +362,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -376,9 +376,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -488,16 +488,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -515,7 +515,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -564,8 +564,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece460896f/mceliece.go b/kem/mceliece/mceliece460896f/mceliece.go index 388b0bd6..bc9f0d2a 100644 --- a/kem/mceliece/mceliece460896f/mceliece.go +++ b/kem/mceliece/mceliece460896f/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 96 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 4608 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -332,10 +332,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -362,7 +362,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -376,9 +376,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -488,16 +488,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -515,7 +515,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -564,8 +564,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece6688128/mceliece.go b/kem/mceliece/mceliece6688128/mceliece.go index 564f8f4a..9fc1491c 100644 --- a/kem/mceliece/mceliece6688128/mceliece.go +++ b/kem/mceliece/mceliece6688128/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 128 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 6688 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -332,10 +332,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -362,7 +362,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -376,9 +376,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -488,16 +488,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -515,7 +515,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -564,8 +564,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece6688128f/mceliece.go b/kem/mceliece/mceliece6688128f/mceliece.go index 4d8c0fe9..0d004559 100644 --- a/kem/mceliece/mceliece6688128f/mceliece.go +++ b/kem/mceliece/mceliece6688128f/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 128 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 6688 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -332,10 +332,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -362,7 +362,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -376,9 +376,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -488,16 +488,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -515,7 +515,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -564,8 +564,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece6960119/mceliece.go b/kem/mceliece/mceliece6960119/mceliece.go index f689e971..099e5ed5 100644 --- a/kem/mceliece/mceliece6960119/mceliece.go +++ b/kem/mceliece/mceliece6960119/mceliece.go @@ -23,13 +23,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 119 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 6960 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -55,7 +55,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -322,10 +322,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -352,7 +352,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -366,9 +366,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -478,16 +478,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -505,7 +505,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -552,8 +552,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece6960119f/mceliece.go b/kem/mceliece/mceliece6960119f/mceliece.go index 21256b7e..94e5808c 100644 --- a/kem/mceliece/mceliece6960119f/mceliece.go +++ b/kem/mceliece/mceliece6960119f/mceliece.go @@ -23,13 +23,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 119 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 6960 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -55,7 +55,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -322,10 +322,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -352,7 +352,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -366,9 +366,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -478,16 +478,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -505,7 +505,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -552,8 +552,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece8192128/mceliece.go b/kem/mceliece/mceliece8192128/mceliece.go index 19835f31..6b1c3932 100644 --- a/kem/mceliece/mceliece8192128/mceliece.go +++ b/kem/mceliece/mceliece8192128/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 128 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 8192 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -313,10 +313,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -343,7 +343,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -357,9 +357,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -469,16 +469,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -496,7 +496,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -545,8 +545,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/mceliece8192128f/mceliece.go b/kem/mceliece/mceliece8192128f/mceliece.go index f5447a85..3e792636 100644 --- a/kem/mceliece/mceliece8192128f/mceliece.go +++ b/kem/mceliece/mceliece8192128f/mceliece.go @@ -22,13 +22,13 @@ import ( "github.com/cloudflare/circl/internal/sha3" "github.com/cloudflare/circl/kem" "github.com/cloudflare/circl/kem/mceliece/internal" - "github.com/cloudflare/circl/math/gf8192" + "github.com/cloudflare/circl/math/gf2e13" ) const ( sysT = 128 // F(y) is 64 degree - gfBits = gf8192.GfBits - gfMask = gf8192.GfMask + gfBits = gf2e13.Bits + gfMask = gf2e13.Mask unusedBits = 16 - gfBits sysN = 8192 condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -54,7 +54,7 @@ type PrivateKey struct { } type ( - gf = gf8192.Gf + gf = gf2e13.Elt randFunc = func(pool []byte) error ) @@ -313,10 +313,10 @@ func synd(out *[sysT * 2]gf, f *[sysT + 1]gf, L *[sysN]gf, r *[sysN / 8]byte) { for i := 0; i < sysN; i++ { c := uint16(r[i/8]>>(i%8)) & 1 e := eval(f, L[i]) - eInv := gf8192.Inv(gf8192.Mul(e, e)) + eInv := gf2e13.Inv(gf2e13.Mul(e, e)) for j := 0; j < 2*sysT; j++ { - out[j] = gf8192.Add(out[j], gf8192.Mul(eInv, c)) - eInv = gf8192.Mul(eInv, L[i]) + out[j] = gf2e13.Add(out[j], gf2e13.Mul(eInv, c)) + eInv = gf2e13.Mul(eInv, L[i]) } } } @@ -343,7 +343,7 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for N := 0; N < 2*sysT; N++ { d = 0 for i := 0; i <= min(N, sysT); i++ { - d ^= gf8192.Mul(C[i], s[N-i]) + d ^= gf2e13.Mul(C[i], s[N-i]) } mne = d mne -= 1 @@ -357,9 +357,9 @@ func bm(out *[sysT + 1]gf, s *[2 * sysT]gf) { for i := 0; i <= sysT; i++ { T[i] = C[i] } - f = gf8192.Div(d, b) + f = gf2e13.Div(d, b) for i := 0; i <= sysT; i++ { - C[i] ^= gf8192.Mul(f, B[i]) & mne + C[i] ^= gf2e13.Mul(f, B[i]) & mne } L = (L & ^mle) | ((uint16(N) + 1 - L) & mle) @@ -469,16 +469,16 @@ func minimalPolynomial(out *[sysT]gf, f *[sysT]gf) bool { return false } - inv := gf8192.Inv(mat[j][j]) + inv := gf2e13.Inv(mat[j][j]) for c := 0; c <= sysT; c++ { - mat[c][j] = gf8192.Mul(mat[c][j], inv) + mat[c][j] = gf2e13.Mul(mat[c][j], inv) } for k := 0; k < sysT; k++ { if k != j { t := mat[j][k] for c := 0; c <= sysT; c++ { - mat[c][k] ^= gf8192.Mul(mat[c][j], t) + mat[c][k] ^= gf2e13.Mul(mat[c][j], t) } } } @@ -496,7 +496,7 @@ func polyMul(out *[sysT]gf, a *[sysT]gf, b *[sysT]gf) { product := [sysT*2 - 1]gf{} for i := 0; i < sysT; i++ { for j := 0; j < sysT; j++ { - product[i+j] ^= gf8192.Mul(a[i], b[j]) + product[i+j] ^= gf2e13.Mul(a[i], b[j]) } } @@ -545,8 +545,8 @@ func transpose64x64(out, in *[64]uint64) { func eval(f *[sysT + 1]gf, a gf) gf { r := f[sysT] for i := sysT - 1; i >= 0; i-- { - r = gf8192.Mul(r, a) - r = gf8192.Add(r, f[i]) + r = gf2e13.Mul(r, a) + r = gf2e13.Add(r, f[i]) } return r } diff --git a/kem/mceliece/templates/mceliece.templ.go b/kem/mceliece/templates/mceliece.templ.go index fdbf7a0c..efb9ba2b 100644 --- a/kem/mceliece/templates/mceliece.templ.go +++ b/kem/mceliece/templates/mceliece.templ.go @@ -32,8 +32,8 @@ import ( const ( sysT = {{.Param.SysT}}// F(y) is 64 degree - gfBits = {{.Param.Gf}}.GfBits - gfMask = {{.Param.Gf}}.GfMask + gfBits = {{.Param.Gf}}.Bits + gfMask = {{.Param.Gf}}.Mask unusedBits = 16 - gfBits sysN = {{.Param.SysN}} condBytes = (1 << (gfBits - 4)) * (2*gfBits - 1) @@ -59,7 +59,7 @@ type PrivateKey struct { } type ( - gf = {{.Param.Gf}}.Gf + gf = {{.Param.Gf}}.Elt randFunc = func(pool []byte) error ) diff --git a/math/gf4096/gf4096.go b/math/gf2e12/gf4096.go similarity index 64% rename from math/gf4096/gf4096.go rename to math/gf2e12/gf4096.go index bc4b9db3..1832eca0 100644 --- a/math/gf4096/gf4096.go +++ b/math/gf2e12/gf4096.go @@ -1,22 +1,22 @@ -// Package gf4096 provides finite field arithmetic over GF(2^12). -package gf4096 +// Package gf2e12 provides finite field arithmetic over GF(2^12). +package gf2e12 -// Gf is a field element of characteristic 2 modulo z^12 + z^3 + 1 -type Gf = uint16 +// Elt is a field element of characteristic 2 modulo z^12 + z^3 + 1 +type Elt = uint16 const ( - GfBits = 12 - GfMask = (1 << GfBits) - 1 + Bits = 12 + Mask = (1 << Bits) - 1 ) -// Add two Gf elements together. Since an addition in Gf(2) is the same as XOR, +// Add two Elt elements together. Since an addition in Elt(2) is the same as XOR, // this implementation uses a simple XOR for addition. -func Add(a, b Gf) Gf { +func Add(a, b Elt) Elt { return a ^ b } -// Mul calculate the product of two Gf elements. -func Mul(a, b Gf) Gf { +// Mul calculate the product of two Elt elements. +func Mul(a, b Elt) Elt { a64 := uint64(a) b64 := uint64(b) @@ -24,7 +24,7 @@ func Mul(a, b Gf) Gf { tmp := a64 & -(b64 & 1) // check if i-th bit of b64 is set, add a64 shifted by i bits if so - for i := 1; i < GfBits; i++ { + for i := 1; i < Bits; i++ { tmp ^= a64 * (b64 & (1 << i)) } @@ -37,11 +37,11 @@ func Mul(a, b Gf) Gf { tmp ^= t >> 9 tmp ^= t >> 12 - return uint16(tmp & GfMask) + return Elt(tmp & Mask) } -// sqr calculates the square of Gf element a -func sqr(a Gf) Gf { +// sqr calculates the square of Elt element a +func sqr(a Elt) Elt { a32 := uint32(a) a32 = (a32 | (a32 << 8)) & 0x00FF00FF a32 = (a32 | (a32 << 4)) & 0x0F0F0F0F @@ -56,11 +56,11 @@ func sqr(a Gf) Gf { a32 ^= t >> 9 a32 ^= t >> 12 - return uint16(a32 & GfMask) + return uint16(a32 & Mask) } -// Inv calculates the multiplicative inverse of Gf element a -func Inv(a Gf) Gf { +// Inv calculates the multiplicative inverse of Elt element a +func Inv(a Elt) Elt { out := sqr(a) tmp3 := Mul(out, a) // a^3 @@ -78,6 +78,6 @@ func Inv(a Gf) Gf { } // Div calculates a / b -func Div(a, b Gf) Gf { +func Div(a, b Elt) Elt { return Mul(Inv(b), a) } diff --git a/math/gf4096/gf_test.go b/math/gf2e12/gf_test.go similarity index 75% rename from math/gf4096/gf_test.go rename to math/gf2e12/gf_test.go index 0bdadaeb..bef164b7 100644 --- a/math/gf4096/gf_test.go +++ b/math/gf2e12/gf_test.go @@ -1,4 +1,4 @@ -package gf4096 +package gf2e12 import ( "testing" @@ -7,16 +7,17 @@ import ( ) type ( - tadd func(x, y Gf) Gf - tmul func(x, y Gf) Gf - tsqr func(x Gf) Gf - tinv func(x Gf) Gf - tdiv func(x, y Gf) Gf + tadd func(x, y Elt) Elt + tmul func(x, y Elt) Elt + tsqr func(x Elt) Elt + tinv func(x Elt) Elt + tdiv func(x, y Elt) Elt ) -func assertEq(t *testing.T, a, b Gf) { +func assertEq(t *testing.T, a, b Elt) { + t.Helper() if a != b { - test.ReportError(t, b, a) + test.ReportError(t, a, b) } } @@ -29,14 +30,10 @@ func TestGeneric(t *testing.T) { } func testDiv(t *testing.T, div tdiv) { - assertEq(t, div(6733, 1), 2637) assertEq(t, div(0, 2), 0) assertEq(t, div(4, 2), 2) - assertEq(t, div(4096, 2), 0) assertEq(t, div(9, 3), 7) - assertEq(t, div(4591, 5), 99) assertEq(t, div(10, 550), 3344) - assertEq(t, div(3, 5501), 1763) } func testInv(t *testing.T, inv tinv) { @@ -46,10 +43,6 @@ func testInv(t *testing.T, inv tinv) { assertEq(t, inv(3), 4088) assertEq(t, inv(4), 1026) assertEq(t, inv(4095), 1539) - assertEq(t, inv(4096), 0) - assertEq(t, inv(8191), 1539) - assertEq(t, inv(8192), 0) - assertEq(t, inv(0xFFFF), 1539) } func testSqr(t *testing.T, sqr tsqr) { @@ -59,10 +52,6 @@ func testSqr(t *testing.T, sqr tsqr) { assertEq(t, sqr(3), 5) assertEq(t, sqr(4), 16) assertEq(t, sqr(4095), 2746) - assertEq(t, sqr(4096), 0) - assertEq(t, sqr(8191), 2746) - assertEq(t, sqr(8192), 0) - assertEq(t, sqr(0xFFFF), 2746) } func testMul(t *testing.T, mul tmul) { @@ -83,8 +72,6 @@ func testMul(t *testing.T, mul tmul) { assertEq(t, mul(37, 125), 3625) assertEq(t, mul(4095, 1), 4095) assertEq(t, mul(1, 4095), 4095) - assertEq(t, mul(8191, 1), 4086) - assertEq(t, mul(1, 8191), 4095) assertEq(t, mul(550, 3344), 10) assertEq(t, mul(3344, 550), 10) } diff --git a/math/gf8192/gf8192.go b/math/gf2e13/gf8192.go similarity index 79% rename from math/gf8192/gf8192.go rename to math/gf2e13/gf8192.go index 0a7d94ec..10ddfab8 100644 --- a/math/gf8192/gf8192.go +++ b/math/gf2e13/gf8192.go @@ -1,22 +1,22 @@ -// Package gf8192 provides finite field arithmetic over GF(2^13). -package gf8192 +// Package gf2e13 provides finite field arithmetic over GF(2^13). +package gf2e13 -// Gf is a field element of characteristic 2 modulo z^13 + z^4 + z^3 + z + 1 -type Gf = uint16 +// Elt is a field element of characteristic 2 modulo z^13 + z^4 + z^3 + z + 1 +type Elt = uint16 const ( - GfBits = 13 - GfMask = (1 << GfBits) - 1 + Bits = 13 + Mask = (1 << Bits) - 1 ) -// Add two Gf elements together. Since an addition in Gf(2) is the same as XOR, +// Add two Elt elements together. Since an addition in Elt(2) is the same as XOR, // this implementation uses a simple XOR for addition. -func Add(a, b Gf) Gf { +func Add(a, b Elt) Elt { return a ^ b } -// Mul calculate the product of two Gf elements. -func Mul(a, b Gf) Gf { +// Mul calculate the product of two Elt elements. +func Mul(a, b Elt) Elt { a64 := uint64(a) b64 := uint64(b) @@ -24,7 +24,7 @@ func Mul(a, b Gf) Gf { tmp := a64 & -(b64 & 1) // check if i-th bit of b64 is set, add a64 shifted by i bits if so - for i := 1; i < GfBits; i++ { + for i := 1; i < Bits; i++ { tmp ^= a64 * (b64 & (1 << i)) } @@ -35,11 +35,11 @@ func Mul(a, b Gf) Gf { t = tmp & 0x000E000 tmp ^= (t >> 9) ^ (t >> 10) ^ (t >> 12) ^ (t >> 13) - return uint16(tmp & GfMask) + return uint16(tmp & Mask) } // sqr2 calculates a^4 -func sqr2(a Gf) Gf { +func sqr2(a Elt) Elt { a64 := uint64(a) a64 = (a64 | (a64 << 24)) & 0x000000FF000000FF a64 = (a64 | (a64 << 12)) & 0x000F000F000F000F @@ -55,11 +55,11 @@ func sqr2(a Gf) Gf { t = a64 & 0x00000000003FE000 a64 ^= (t >> 9) ^ (t >> 10) ^ (t >> 12) ^ (t >> 13) - return uint16(a64 & GfMask) + return uint16(a64 & Mask) } // sqrMul calculates the product of a^2 and b -func sqrMul(a, b Gf) Gf { +func sqrMul(a, b Elt) Elt { a64 := uint64(a) b64 := uint64(b) @@ -79,11 +79,11 @@ func sqrMul(a, b Gf) Gf { t = x & 0x000000000007E000 x ^= (t >> 9) ^ (t >> 10) ^ (t >> 12) ^ (t >> 13) - return uint16(x & GfMask) + return uint16(x & Mask) } // sqr2Mul calculates the product of a^4 and b -func sqr2Mul(a, b Gf) Gf { +func sqr2Mul(a, b Elt) Elt { a64 := uint64(a) b64 := uint64(b) @@ -109,16 +109,16 @@ func sqr2Mul(a, b Gf) Gf { t = x & 0x000000000001E000 x ^= (t >> 9) ^ (t >> 10) ^ (t >> 12) ^ (t >> 13) - return uint16(x & GfMask) + return uint16(x & Mask) } -// Inv calculates the multiplicative inverse of Gf element a -func Inv(a Gf) Gf { +// Inv calculates the multiplicative inverse of Elt element a +func Inv(a Elt) Elt { return Div(1, a) } // Div calculates a / b -func Div(a, b Gf) Gf { +func Div(a, b Elt) Elt { tmp3 := sqrMul(b, b) // b^3 tmp15 := sqr2Mul(tmp3, tmp3) // b^15 = b^(3*2*2+3) out := sqr2(tmp15) diff --git a/math/gf8192/gf_test.go b/math/gf2e13/gf_test.go similarity index 91% rename from math/gf8192/gf_test.go rename to math/gf2e13/gf_test.go index 375e4156..16758a0d 100644 --- a/math/gf8192/gf_test.go +++ b/math/gf2e13/gf_test.go @@ -1,4 +1,4 @@ -package gf8192 +package gf2e13 import ( "testing" @@ -7,16 +7,17 @@ import ( ) type ( - tadd func(x, y Gf) Gf - tmul func(x, y Gf) Gf - tsqr2 func(x Gf) Gf - tsqrmul func(x, y Gf) Gf - tsqr2mul func(x, y Gf) Gf - tinv func(x Gf) Gf - tdiv func(x, y Gf) Gf + tadd func(x, y Elt) Elt + tmul func(x, y Elt) Elt + tsqr2 func(x Elt) Elt + tsqrmul func(x, y Elt) Elt + tsqr2mul func(x, y Elt) Elt + tinv func(x Elt) Elt + tdiv func(x, y Elt) Elt ) -func assertEq(t *testing.T, a, b Gf) { +func assertEq(t *testing.T, a, b Elt) { + t.Helper() if a != b { test.ReportError(t, b, a) } @@ -96,8 +97,6 @@ func testInv(t *testing.T, inv tinv) { assertEq(t, inv(4095), 4657) assertEq(t, inv(4096), 911) assertEq(t, inv(8191), 5953) - assertEq(t, inv(8192), 0) - assertEq(t, inv(0xFFFF), 4378) } func testSqr2(t *testing.T, sqr2 tsqr2) { @@ -109,8 +108,6 @@ func testSqr2(t *testing.T, sqr2 tsqr2) { assertEq(t, sqr2(4095), 2883) assertEq(t, sqr2(4096), 7941) assertEq(t, sqr2(8191), 5190) - assertEq(t, sqr2(8192), 0) - assertEq(t, sqr2(0xFFFF), 5190) } func testMul(t *testing.T, mul tmul) {