• Home
• com.distrimind.bouncycastle
• core
• 1.71
• source code
• FrodoMatrixGenerator.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.distrimind.bouncycastle.pqc.crypto.frodo.FrodoMatrixGenerator Maven / Gradle / Ivy

package com.distrimind.bouncycastle.pqc.crypto.frodo;

import com.distrimind.bouncycastle.crypto.BufferedBlockCipher;
import com.distrimind.bouncycastle.crypto.InvalidCipherTextException;
import com.distrimind.bouncycastle.crypto.Xof;
import com.distrimind.bouncycastle.crypto.params.KeyParameter;
import com.distrimind.bouncycastle.util.Arrays;
import com.distrimind.bouncycastle.util.Exceptions;
import com.distrimind.bouncycastle.util.Pack;
import com.distrimind.bouncycastle.crypto.digests.SHAKEDigest;
import com.distrimind.bouncycastle.crypto.engines.AESEngine;

abstract class FrodoMatrixGenerator
{
    int n;
    int q;

    public FrodoMatrixGenerator(int n, int q)
    {
        this.n = n;
        this.q = q;
    }

    abstract short[] genMatrix(byte[] seedA);

    static class Shake128MatrixGenerator
            extends FrodoMatrixGenerator
    {
        public Shake128MatrixGenerator(int n, int q)
        {
            super(n, q);
        }

        short[] genMatrix(byte[] seedA)
        {
            short[] A = new short[n*n];
            short i, j;
            byte[] b, tmp = new byte[(16 * n) / 8];
            for (i = 0; i < n; i++)
            {
                // 1. b = i || seedA in {0,1}^{16 + len_seedA}, where i is encoded as a 16-bit integer in little-endian byte order
                b = Arrays.concatenate(Pack.shortToLittleEndian(i), seedA);

                // 2. c_{i,0} || c_{i,1} || ... || c_{i,n-1} = SHAKE128(b, 16n) (length in bits) where each c_{i,j} is parsed as a 16-bit integer in little-endian byte order format
                Xof digest = new SHAKEDigest(128);
                digest.update(b, 0, b.length);
                digest.doFinal(tmp, 0, tmp.length);
                for (j = 0; j < n; j++)
                {
                    A[i*n+j] = (short) (Pack.littleEndianToShort(tmp, 2 * j) % q);
                }
            }
            return A;
        }

    }
    static class Aes128MatrixGenerator
            extends FrodoMatrixGenerator
    {
        BufferedBlockCipher cipher;
        public Aes128MatrixGenerator(int n, int q)
        {
            super(n, q);
            cipher = new BufferedBlockCipher(new AESEngine());

        }

        short[] genMatrix(byte[] seedA)
        {
            //        """Generate matrix A using AES-128 (FrodoKEM specification, Algorithm 7)"""
            //        A = [[None for j in range(self.n)] for i in range(self.n)]
            short[] A = new short[n*n];
            byte[] b = new byte[16];
            byte[] c = new byte[16];

            // 1. for i = 0; i < n; i += 1
            for (int i = 0; i < n; i++)
            {
                // 2. for j = 0; j < n; j += 8
                for (int j = 0; j < n; j+=8)
                {

                    // 3. b = i || j || 0 || ... || 0 in {0,1}^128, where i and j are encoded as 16-bit integers in little-endian byte order
                    System.arraycopy(Pack.shortToLittleEndian((short) (i&0xffff)), 0, b, 0, 2);
                    System.arraycopy(Pack.shortToLittleEndian((short) (j&0xffff)), 0, b, 2, 2);
                    //                b = bytearray(16)
                    //                struct.pack_into('