org.bouncycastle.pqc.crypto.sphincs.Wots Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of polaris-all Show documentation
Show all versions of polaris-all Show documentation
All in one project for polaris-java
package org.bouncycastle.pqc.crypto.sphincs;
class Wots
{
static final int WOTS_LOGW = 4;
static final int WOTS_W = (1 << WOTS_LOGW);
static final int WOTS_L1 = ((256 + WOTS_LOGW - 1) / WOTS_LOGW);
//#define WOTS_L 133 // for WOTS_W == 4
//#define WOTS_L 90 // for WOTS_W == 8
static final int WOTS_L = 67; // for WOTS_W == 16
static final int WOTS_LOG_L = 7; // for WOTS_W == 16
static final int WOTS_SIGBYTES = (WOTS_L * SPHINCS256Config.HASH_BYTES);
static void expand_seed(byte[] outseeds, int outOff, byte[] inseed, int inOff)
{
clear(outseeds, outOff, WOTS_L * SPHINCS256Config.HASH_BYTES);
Seed.prg(outseeds, outOff, WOTS_L * SPHINCS256Config.HASH_BYTES, inseed, inOff);
}
private static void clear(byte[] bytes, int offSet, int length)
{
for (int i = 0; i != length; i++)
{
bytes[i + offSet] = 0;
}
}
static void gen_chain(HashFunctions hs, byte[] out, int outOff, byte[] seed, int seedOff, byte[] masks, int masksOff, int chainlen)
{
int i, j;
for (j = 0; j < SPHINCS256Config.HASH_BYTES; j++)
out[j + outOff] = seed[j + seedOff];
for (i = 0; i < chainlen && i < WOTS_W; i++)
hs.hash_n_n_mask(out, outOff, out, outOff, masks, masksOff + (i * SPHINCS256Config.HASH_BYTES));
}
void wots_pkgen(HashFunctions hs, byte[] pk, int pkOff, byte[] sk, int skOff, byte[] masks, int masksOff)
{
int i;
expand_seed(pk, pkOff, sk, skOff);
for (i = 0; i < WOTS_L; i++)
gen_chain(hs, pk, pkOff + i * SPHINCS256Config.HASH_BYTES, pk, pkOff + i * SPHINCS256Config.HASH_BYTES, masks, masksOff, WOTS_W - 1);
}
void wots_sign(HashFunctions hs, byte[] sig, int sigOff, byte[] msg, byte[] sk, byte[] masks)
{
int[] basew = new int[WOTS_L];
int i, c = 0;
for (i = 0; i < WOTS_L1; i += 2)
{
basew[i] = msg[i / 2] & 0xf;
basew[i + 1] = (msg[i / 2] & 0xff) >>> 4;
c += WOTS_W - 1 - basew[i];
c += WOTS_W - 1 - basew[i + 1];
}
for (; i < WOTS_L; i++)
{
basew[i] = c & 0xf;
c >>>= 4;
}
expand_seed(sig, sigOff, sk, 0);
for (i = 0; i < WOTS_L; i++)
gen_chain(hs, sig, sigOff + i * SPHINCS256Config.HASH_BYTES, sig, sigOff + i * SPHINCS256Config.HASH_BYTES, masks, 0, basew[i]);
}
void wots_verify(HashFunctions hs, byte[] pk, byte[] sig, int sigOff, byte[] msg, byte[] masks)
{
int[] basew = new int[WOTS_L];
int i, c = 0;
for (i = 0; i < WOTS_L1; i += 2)
{
basew[i] = msg[i / 2] & 0xf;
basew[i + 1] = (msg[i / 2] & 0xff) >>> 4;
c += WOTS_W - 1 - basew[i];
c += WOTS_W - 1 - basew[i + 1];
}
for (; i < WOTS_L; i++)
{
basew[i] = c & 0xf;
c >>>= 4;
}
for (i = 0; i < WOTS_L; i++)
gen_chain(hs, pk, i * SPHINCS256Config.HASH_BYTES, sig, sigOff + i * SPHINCS256Config.HASH_BYTES, masks, (basew[i] * SPHINCS256Config.HASH_BYTES), WOTS_W - 1 - basew[i]);
}
}