alternant decoder

include/codecrypt.h

@@ -215,6 +215,10 @@ public:
 	void shift (uint);
 
 	uint eval (uint, gf2m&) const;
+	uint head() {
+		if ( (t = degree() ) >= 0) return item (t);
+		else return 0;
+	}
 	void add (const polynomial&, gf2m&);
 	void mult (const polynomial&, gf2m&);
 	void add_mult (const polynomial&, uint mult, gf2m&);
@@ -228,6 +232,7 @@ public:
 	void sqrt (vector<polynomial>&, gf2m&);
 	polynomial gcd (polynomial, gf2m&);
 	void mod_to_fracton (polynomial&, polynomial&, polynomial&, gf2m&);
+	void ext_euclid (polynomial&, polynomial&, polynomial&, gf2m&, int);
 
 	bool is_irreducible (gf2m&) const;
 	void generate_random_irreducible (uint s, gf2m&, prng&);

lib/decoding.cpp

@@ -1,8 +1,10 @@
 
 #include "decoding.h"
 
-void compute_error_locator (polynomial&syndrome, gf2m&fld, polynomial& goppa,
+void compute_goppa_error_locator (polynomial&syndrome, gf2m&fld,
-                            std::vector<polynomial>& sqInv, polynomial&out)
+                                  polynomial& goppa,
+                                  std::vector<polynomial>& sqInv,
+                                  polynomial&out)
 {
 	if (syndrome.zero() ) {
 		//ensure no roots
@@ -30,6 +32,30 @@ void compute_error_locator (polynomial&syndrome, gf2m&fld, polynomial& goppa,
 	out = a;
 }
 
+void compute_alternant_error_locator (polynomial&syndrome, gf2m&fld,
+                                      uint t, polynomial&out)
+{
+	if (syndrome.zero() ) {
+		//ensure no roots
+		out.resize (1);
+		out[0] = 1;
+		return;
+	}
+
+	polynomial a, b;
+
+	polynomial x2t; //should be x^2t
+	x2t.clear();
+	x2t.resize (1, 1);
+	x2t.shift (2 * t);
+
+	syndrome.ext_euclid (a, b, x2t, fld, t - 1);
+	uint b0inv = fld.inv (b[0]);
+	for (uint i = 0; i < b.size(); ++i) b[i] = fld.mult (b[i], b0inv);
+	out = b;
+	//we don't care about error evaluator
+}
+
 bool evaluate_error_locator_dumb (polynomial&a, bvector&ev, gf2m&fld)
 {
 	ev.clear();

lib/decoding.h

@@ -6,12 +6,17 @@
 
 using namespace ccr;
 
-void compute_error_locator (polynomial&syndrome,
+void compute_goppa_error_locator (polynomial&syndrome,
                                   gf2m&fld,
                                   polynomial&goppa,
                                   std::vector<polynomial>& sqInv,
                                   polynomial&loc);
 
+void compute_alternant_error_locator (polynomial&syndrome,
+                                      gf2m&fld,
+                                      uint tt,
+                                      polynomial&loc);
+
 bool evaluate_error_locator_dumb (polynomial&el, bvector&ev, gf2m&fld);
 bool evaluate_error_locator_trace (polynomial&el, bvector&ev, gf2m&fld);
 

lib/mce.cpp

@@ -80,7 +80,7 @@ int privkey::decrypt (const bvector&in, bvector&out)
 	//decode
 	polynomial synd, loc;
 	syndrome.to_poly (synd, fld);
-	compute_error_locator (synd, fld, g, sqInv, loc);
+	compute_goppa_error_locator (synd, fld, g, sqInv, loc);
 
 	bvector ev;
 	if (!evaluate_error_locator_trace (loc, ev, fld) )
@@ -144,7 +144,7 @@ int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prn
 		}
 
 		synd.to_poly (Synd, fld);
-		compute_error_locator (Synd, fld, g, sqInv, loc);
+		compute_goppa_error_locator (Synd, fld, g, sqInv, loc);
 
 		if (evaluate_error_locator_trace (loc, e2, fld) ) {
 

lib/mce_oc.cpp

@@ -124,7 +124,7 @@ int privkey::sign (const bvector&in, bvector&out,
 			}
 
 			synd.to_poly (Synd, fld);
-			compute_error_locator (Synd, fld,
+			compute_goppa_error_locator (Synd, fld,
 			                             codes[ci].g,
 			                             codes[ci].sqInv, loc);
 

lib/nd.cpp

@@ -59,7 +59,7 @@ int privkey::decrypt (const bvector&in, bvector&out)
 
 	polynomial loc, synd;
 	unsc.to_poly (synd, fld);
-	compute_error_locator (synd, fld, g, sqInv, loc);
+	compute_goppa_error_locator (synd, fld, g, sqInv, loc);
 
 	bvector ev;
 	if (!evaluate_error_locator_trace (loc, ev, fld) )
@@ -93,7 +93,7 @@ int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prn
 		Sinv.mult_vec_right (synd, synd_unsc);
 
 		synd_unsc.to_poly (Synd, fld);
-		compute_error_locator (Synd, fld, g, sqInv, loc);
+		compute_goppa_error_locator (Synd, fld, g, sqInv, loc);
 
 		if (evaluate_error_locator_trace (loc, e, fld) ) {
 

lib/polynomial.cpp

@@ -339,9 +339,45 @@ void polynomial::inv (polynomial&m, gf2m&fld)
 	div (a, m, fld);
 }
 
+void polynomial::ext_euclid (polynomial&a_out, polynomial&b_out,
+                             polynomial&m, gf2m&fld, int deg)
+{
+	//TODO: speed this up (spare degree calculations)
+	polynomial A, B, a, b, tmp;
+	int j;
+	uint h;
+
+	A = *this;
+	a = m;
+	B.clear();
+	B.resize (1, 1);
+	b.clear();
+
+	while (a.degree() > deg) {
+		if (A.degree() < 0)
+			break;
+
+		A.swap (a);
+		B.swap (b);
+		while ( (j = A.degree() - a.degree() ) >= 0) {
+			h = fld.mult (A.head(), fld.inv (a.head() ) );
+			tmp = a;
+			tmp.shift (j);
+			A.add_mult (tmp, h, fld);
+			tmp = b;
+			tmp.shift (j);
+			B.add_mult (tmp, h, fld);
+		}
+	}
+
+	a.swap (a_out);
+	b.swap (b_out);
+}
+
 void polynomial::mod_to_fracton (polynomial&a, polynomial&b,
                                  polynomial&m, gf2m&fld)
 {
+	//TODO: replace with ext_euclid
 	int deg = m.degree() / 2;
 	polynomial a0, a1, b0, b1, q, r;
 	a0 = m;