From 8b4e0ba4ea4bc01512e1ba397eb928ccd393f5af Mon Sep 17 00:00:00 2001 From: Mirek Kratochvil Date: Sat, 7 Nov 2015 19:38:08 +0100 Subject: [PATCH] massive code cleanup and removal of dead code --- src/algos_enc.cpp | 5 +- src/base64.cpp | 4 +- src/decoding.cpp | 65 -------------- src/decoding.h | 7 -- src/factoryof.h | 1 + src/gf2m.cpp | 3 +- src/hashfile.cpp | 5 ++ src/keyring.h | 19 ++-- src/matrix.cpp | 140 ----------------------------- src/matrix.h | 9 -- src/mce.cpp | 199 ------------------------------------------ src/mce.h | 106 ---------------------- src/mce_qd.cpp | 4 +- src/mce_qd.h | 6 +- src/nd.cpp | 132 ---------------------------- src/nd.h | 107 ----------------------- src/permutation.cpp | 7 -- src/permutation.h | 2 - src/polynomial.cpp | 138 ----------------------------- src/polynomial.h | 7 -- src/serialization.cpp | 112 +----------------------- 21 files changed, 23 insertions(+), 1055 deletions(-) delete mode 100644 src/mce.cpp delete mode 100644 src/mce.h delete mode 100644 src/nd.cpp delete mode 100644 src/nd.h diff --git a/src/algos_enc.cpp b/src/algos_enc.cpp index b1c45b6..4745978 100644 --- a/src/algos_enc.cpp +++ b/src/algos_enc.cpp @@ -336,9 +336,7 @@ static int fo_decrypt (const bvector&cipher, bvector&plain, //get the McE part if (cipher.size() < ciphersize) return 5; bvector mce_cipher, mce_plain, ev; - mce_cipher.insert (mce_cipher.end(), - cipher.begin(), - cipher.begin() + ciphersize); + cipher.get_block (0, ciphersize, mce_cipher); //get and check the message size for later uint msize = cipher.size() - ciphersize; @@ -410,7 +408,6 @@ static int fo_decrypt (const bvector&cipher, bvector&plain, >> (i & 0x7)))) return 7; - //if the message seems okay, unpad and return it. pad_hash_type phf; if (!message_unpad (M, plain, phf)) return 8; diff --git a/src/base64.cpp b/src/base64.cpp index b2ea419..61bfcb1 100644 --- a/src/base64.cpp +++ b/src/base64.cpp @@ -167,7 +167,7 @@ bool base64_decode (const std::string& in, std::string&out) b64d_init = true; } - int idx = 0, idxmax = in.length(), tmp; + int idx = 0, idxmax = in.length(); out.clear(); out.reserve (3 * in.length() / 4); @@ -182,7 +182,7 @@ bool base64_decode (const std::string& in, std::string&out) if ( (c[0] == -1) || (c[1] == -1)) return false; if ( (c[2] == -1) && (c[3] != -1)) return false; - tmp = (c[0] << 18) | (c[1] << 12); + int tmp = (c[0] << 18) | (c[1] << 12); if (c[2] != -1) tmp |= c[2] << 6; if (c[3] != -1) tmp |= c[3]; diff --git a/src/decoding.cpp b/src/decoding.cpp index 7ab6b7a..fb6c279 100644 --- a/src/decoding.cpp +++ b/src/decoding.cpp @@ -18,37 +18,6 @@ #include "decoding.h" -void compute_goppa_error_locator (polynomial&syndrome, gf2m&fld, - polynomial& goppa, - std::vector& sqInv, - polynomial&out) -{ - if (syndrome.zero()) { - //ensure no roots - out.resize (1); - out[0] = 1; - return; - } - - polynomial v = syndrome; - v.inv (goppa, fld); // v=Synd^-1 mod goppa - - if (v.size() < 2) v.resize (2, 0); - v[1] = fld.add (1, v[1]); //add x - v.sqrt (sqInv, fld); //v = sqrt((1/s)+x) mod goppa - - polynomial a, b; - v.ext_euclid (a, b, goppa, fld, goppa.degree() / 2); - - a.square (fld); - b.square (fld); - b.shift (1); - a.add (b, fld); //new a = a^2 + x b^2 - - a.make_monic (fld); //now it is the error locator. - out = a; -} - void compute_alternant_error_locator (polynomial&syndrome, gf2m&fld, uint t, polynomial&out) { @@ -73,40 +42,6 @@ void compute_alternant_error_locator (polynomial&syndrome, gf2m&fld, //we don't care about error evaluator } -bool evaluate_error_locator_dumb (polynomial&a, bvector&ev, gf2m&fld) -{ - ev.clear(); - ev.resize (fld.n, 0); - - for (uint i = 0; i < fld.n; ++i) { - if (a.eval (i, fld) == 0) { - ev[i] = 1; - - //divide the polynomial by (found) linear factor - polynomial t, q, r; - t.resize (2, 0); - t[0] = i; - t[1] = 1; - a.divmod (t, q, r, fld); - - //if it doesn't divide, die. - if (r.degree() >= 0) { - ev.clear(); - return false; - } - a = q; - } - } - - //also if there's something left, die. - if (a.degree() > 0) { - ev.clear(); - return false; - } - - return true; -} - /* * berlekamp trace algorithm - we puncture roots of incoming polynomial into * the vector of size fld.n diff --git a/src/decoding.h b/src/decoding.h index a713157..50a8ff6 100644 --- a/src/decoding.h +++ b/src/decoding.h @@ -24,18 +24,11 @@ #include "gf2m.h" #include "bvector.h" -void compute_goppa_error_locator (polynomial&syndrome, - gf2m&fld, - polynomial&goppa, - std::vector& sqInv, - polynomial&loc); - void compute_alternant_error_locator (polynomial&syndrome, gf2m&fld, uint tt, polynomial&loc); -bool evaluate_error_locator_dumb (polynomial&el, bvector&ev, gf2m&fld); bool evaluate_error_locator_trace (polynomial&el, bvector&ev, gf2m&fld); #endif diff --git a/src/factoryof.h b/src/factoryof.h index 98b764a..6250e13 100644 --- a/src/factoryof.h +++ b/src/factoryof.h @@ -48,6 +48,7 @@ public: instanceof (const instanceof&x) : ptr (x.ptr), deletable (false) {} instanceof () { deletable = false; + ptr = 0; } void collect() { diff --git a/src/gf2m.cpp b/src/gf2m.cpp index cd8293b..2d8268c 100644 --- a/src/gf2m.cpp +++ b/src/gf2m.cpp @@ -44,10 +44,9 @@ uint gf2p_mod (uint a, uint p) uint gf2p_gcd (uint a, uint b) { - uint c; if (!a) return b; while (b) { - c = gf2p_mod (a, b); + uint c = gf2p_mod (a, b); a = b; b = c; } diff --git a/src/hashfile.cpp b/src/hashfile.cpp index 2d6ed2f..04ed87c 100644 --- a/src/hashfile.cpp +++ b/src/hashfile.cpp @@ -34,6 +34,11 @@ class size64proc : public hash_proc { uint64_t s; +public: + size64proc() { + init(); + } + uint size() { return 8; } diff --git a/src/keyring.h b/src/keyring.h index d010167..cc7429d 100644 --- a/src/keyring.h +++ b/src/keyring.h @@ -29,8 +29,8 @@ class keyring int lockfd; public: struct pubkey_entry { + std::string keyid, name, alg; sencode *key; - std::string name, alg, keyid; pubkey_entry() { key = NULL; @@ -39,17 +39,16 @@ public: pubkey_entry (const std::string& KID, const std::string& N, const std::string& A, - sencode*K) { - key = K; - name = N; - alg = A; - keyid = KID; - } + sencode*K) : + keyid (KID), + name (N), + alg (A), + key (K) {} }; struct keypair_entry { - sencode *privkey; pubkey_entry pub; + sencode *privkey; keypair_entry() { privkey = NULL; @@ -60,9 +59,7 @@ public: const std::string& A, sencode*PubK, sencode*PrivK) - : pub (KID, N, A, PubK) { - privkey = PrivK; - } + : pub (KID, N, A, PubK), privkey (PrivK) {} }; typedef std::map pubkey_storage; diff --git a/src/matrix.cpp b/src/matrix.cpp index 6529223..1f83339 100644 --- a/src/matrix.cpp +++ b/src/matrix.cpp @@ -129,77 +129,6 @@ bool matrix::compute_inversion (matrix&res, bool upper_tri, bool lower_tri) return true; } -void matrix::generate_random_invertible (uint size, prng & rng) -{ - matrix lt, ut; - uint i, j; - // random lower triangular - lt.resize (size); - for (i = 0; i < size; ++i) { - lt[i].resize (size); - lt[i][i] = 1; - for (j = i + 1; j < size; ++j) lt[i][j] = rng.random (2); - } - // random upper triangular - ut.resize (size); - for (i = 0; i < size; ++i) { - ut[i].resize (size); - ut[i][i] = 1; - for (j = 0; j < i; ++j) ut[i][j] = rng.random (2); - } - lt.mult (ut); - // permute - permutation p; - p.generate_random (size, rng); - p.permute (lt, *this); -} - -void matrix::generate_random_with_inversion (uint size, matrix&inversion, prng&rng) -{ - matrix lt, ut; - uint i, j; - // random lower triangular - lt.resize (size); - for (i = 0; i < size; ++i) { - lt[i].resize (size); - lt[i][i] = 1; - for (j = i + 1; j < size; ++j) lt[i][j] = rng.random (2); - } - // random upper triangular - ut.resize (size); - for (i = 0; i < size; ++i) { - ut[i].resize (size); - ut[i][i] = 1; - for (j = 0; j < i; ++j) ut[i][j] = rng.random (2); - } - *this = lt; - this->mult (ut); - ut.compute_inversion (inversion, true, false); - lt.compute_inversion (ut, false, true); - inversion.mult (ut); -} - - -bool matrix::get_left_square (matrix&r) -{ - uint h = height(); - if (width() < h) return false; - r.clear(); - r.resize (h); - for (uint i = 0; i < h; ++i) r[i] = item (i); - return true; -} - -bool matrix::strip_left_square (matrix&r) -{ - uint h = height(), w = width(); - if (w < h) return false; - r.clear(); - r.resize (w - h); - for (uint i = 0; i < w - h; ++i) r[i] = item (h + i); - return true; -} - bool matrix::get_right_square (matrix&r) { uint h = height(), w = width(); @@ -258,32 +187,6 @@ bool matrix::create_goppa_generator (matrix&g, const permutation&p) return true; } -bool matrix::mult_vecT_left (const bvector&a, bvector&r) -{ - uint w = width(), h = height(); - if (a.size() != h) return false; - r.clear(); - r.resize (w, 0); - for (uint i = 0; i < w; ++i) { - bool t = 0; - for (uint j = 0; j < h; ++j) - t ^= item (i) [j] & a[j]; - r[i] = t; - } - return true; -} - -bool matrix::mult_vec_right (const bvector&a, bvector&r) -{ - uint w = width(), h = height(); - if (a.size() != w) return false; - r.clear(); - r.resize (h, 0); - for (uint i = 0; i < w; ++i) - if (a[i]) r.add (item (i)); - return true; -} - bool matrix::set_block (uint x, uint y, const matrix&b) { uint h = b.height(), w = b.width(); @@ -293,46 +196,3 @@ bool matrix::set_block (uint x, uint y, const matrix&b) for (uint j = 0; j < h; ++j) item (x + i, y + j) = b.item (i, j); return true; } - -bool matrix::add_block (uint x, uint y, const matrix&b) -{ - uint h = b.height(), w = b.width(); - if (width() < x + w) return false; - if (height() < y + h) return false; - for (uint i = 0; i < w; ++i) - for (uint j = 0; j < h; ++j) - item (x + i, y + j) = - item (x + i, y + j) - ^ b.item (i, j); - return true; -} - -bool matrix::set_block_from (uint x, uint y, const matrix&b) -{ - uint h = b.height(), - w = b.width(), - mh = height(), - mw = width(); - if (mw > x + w) return false; - if (mh > y + h) return false; - for (uint i = 0; i < mw; ++i) - for (uint j = 0; j < mh; ++j) - item (i, j) = b.item (x + i, y + j); - return true; -} - -bool matrix::add_block_from (uint x, uint y, const matrix&b) -{ - uint h = b.height(), - w = b.width(), - mh = height(), - mw = width(); - if (mw > x + w) return false; - if (mh > y + h) return false; - for (uint i = 0; i < mw; ++i) - for (uint j = 0; j < mh; ++j) - item (i, j) = - item (i, j) - ^ b.item (x + i, y + j); - return true; -} diff --git a/src/matrix.h b/src/matrix.h index 1fbde7a..42185c4 100644 --- a/src/matrix.h +++ b/src/matrix.h @@ -54,25 +54,16 @@ public: void unit (uint); void compute_transpose (matrix&); - bool mult_vecT_left (const bvector&, bvector&); - bool mult_vec_right (const bvector&, bvector&); bool compute_inversion (matrix&, bool upper_tri = false, bool lower_tri = false); bool set_block (uint, uint, const matrix&); - bool add_block (uint, uint, const matrix&); - bool set_block_from (uint, uint, const matrix&); - bool add_block_from (uint, uint, const matrix&); - bool get_left_square (matrix&); - bool strip_left_square (matrix&); bool get_right_square (matrix&); bool strip_right_square (matrix&); void extend_left_compact (matrix&); - void generate_random_invertible (uint, prng&); - void generate_random_with_inversion (uint, matrix&, prng&); bool create_goppa_generator (matrix&, permutation&, prng&); bool create_goppa_generator (matrix&, const permutation&); diff --git a/src/mce.cpp b/src/mce.cpp deleted file mode 100644 index c3de535..0000000 --- a/src/mce.cpp +++ /dev/null @@ -1,199 +0,0 @@ - -/* - * This file is part of Codecrypt. - * - * Codecrypt is free software: you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or (at - * your option) any later version. - * - * Codecrypt is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public - * License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Codecrypt. If not, see . - */ - -#include "mce.h" - -using namespace mce; - -#include "decoding.h" - -int mce::generate (pubkey&pub, privkey&priv, prng&rng, uint m, uint t) -{ - //finite field - priv.fld.create (m); - - //goppa polynomial - priv.g.generate_random_irreducible (t, priv.fld, rng); - - //check and generator matrix - priv.g.compute_goppa_check_matrix (priv.h, priv.fld); - - matrix generator; - for (;;) if (priv.h.create_goppa_generator - (generator, priv.hperm, rng)) break; - - //scramble matrix - matrix S; - S.generate_random_with_inversion (generator.height(), priv.Sinv, rng); - - //scramble permutation - priv.Pinv.generate_random (generator.width(), rng); - - //public key - pub.t = t; - S.mult (generator); - priv.Pinv.permute_inv (S, pub.G); - - return 0; -} - -int pubkey::encrypt (const bvector& in, bvector&out, prng&rng) -{ - uint s = cipher_size(); - if (t > s) return 1; - - //create error vector - bvector e; - e.resize (s, 0); - for (uint n = t; n > 0;) { - uint p = rng.random (s); - if (!e[p]) { - e[p] = 1; - --n; - } - } - return encrypt (in, out, e); -} - -int pubkey::encrypt (const bvector&in, bvector&out, const bvector&errors) -{ - if (in.size() != plain_size()) return 2; - if (errors.size() != cipher_size()) return 2; - G.mult_vecT_left (in, out); - out.add (errors); - return 0; -} - -int privkey::decrypt (const bvector&in, bvector&out) -{ - bvector tmp_errors; - return decrypt (in, out, tmp_errors); -} - -int privkey::decrypt (const bvector&in, bvector&out, bvector&errors) -{ - if (in.size() != cipher_size()) return 2; - - //remove the P permutation - bvector not_permuted; - Pinv.permute (in, not_permuted); - - //prepare for decoding - bvector canonical, syndrome; - hperm.permute_inv (not_permuted, canonical); - h.mult_vec_right (canonical, syndrome); - - //decode - polynomial synd, loc; - syndrome.to_poly (synd, fld); - compute_goppa_error_locator (synd, fld, g, sqInv, loc); - - bvector ev; - if (!evaluate_error_locator_trace (loc, ev, fld)) - return 1; //if decoding somehow failed, fail as well. - - //correct the errors - canonical.add (ev); - - //shuffle back into systematic order - hperm.permute (canonical, not_permuted); - hperm.permute (ev, errors); - - //get rid of redundancy bits - not_permuted.resize (plain_size()); - - //unscramble the result - Sinv.mult_vecT_left (not_permuted, out); - - return 0; -} - -int privkey::prepare () -{ - g.compute_goppa_check_matrix (h, fld); - g.compute_square_root_matrix (sqInv, fld); - return 0; -} - -int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prng&rng) -{ - uint i, s, t; - bvector p, e, synd, synd_orig, e2; - std::vector epos; - polynomial loc, Synd; - - s = hash_size(); - - if (in.size() != s) return 2; - - //first, prepare the codeword to canonical form for decoding - Pinv.permute (in, e2); - hperm.permute_inv (e2, p); - - //prepare extra error vector - e.resize (s, 0); - epos.resize (delta, 0); - - h.mult_vec_right (p, synd_orig); - - for (t = 0; t < attempts; ++t) { - - synd = synd_orig; - - for (i = 0; i < delta; ++i) { - epos[i] = rng.random (s); - /* we don't care about (unlikely) error bit collisions - (they actually don't harm anything) */ - if (!e[epos[i]]) synd.add (h[epos[i]]); - e[epos[i]] = 1; - } - - synd.to_poly (Synd, fld); - compute_goppa_error_locator (Synd, fld, g, sqInv, loc); - - if (evaluate_error_locator_trace (loc, e2, fld)) { - - //recreate the decodable codeword - p.add (e); - p.add (e2); - - hperm.permute (p, e2); //back to systematic - e2.resize (signature_size()); //strip to message - Sinv.mult_vecT_left (e2, out); //signature - return 0; - } - - //if this round failed, we try a new error pattern. - - for (i = 0; i < delta; ++i) { - //clear the errors for next cycle - e[epos[i]] = 0; - } - } - return 1; //couldn't decode -} - -int pubkey::verify (const bvector&in, const bvector&hash, uint delta) -{ - bvector tmp; - if (!G.mult_vecT_left (in, tmp)) return 2; //wrong size of input - if (hash.size() != tmp.size()) return 1; //wrong size of hash, not a sig. - tmp.add (hash); - if (tmp.hamming_weight() > (t + delta)) return 1; //not a signature - return 0; //sig OK -} diff --git a/src/mce.h b/src/mce.h deleted file mode 100644 index eee8ec0..0000000 --- a/src/mce.h +++ /dev/null @@ -1,106 +0,0 @@ - -/* - * This file is part of Codecrypt. - * - * Codecrypt is free software: you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or (at - * your option) any later version. - * - * Codecrypt is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public - * License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Codecrypt. If not, see . - */ - -#ifndef _ccr_mce_h_ -#define _ccr_mce_h_ - -#include "gf2m.h" -#include "matrix.h" -#include "permutation.h" -#include "polynomial.h" -#include "prng.h" -#include "sencode.h" - -/* - * classical McEliece - */ -namespace mce -{ -class privkey -{ -public: - matrix Sinv; - permutation Pinv; - polynomial g; - permutation hperm; - gf2m fld; - - // derivable things not needed in actual key - matrix h; - std::vector sqInv; - - int prepare(); - int decrypt (const bvector&, bvector&); - int decrypt (const bvector&, bvector&, bvector&); - int sign (const bvector&, bvector&, uint, uint, prng&); - - uint cipher_size() { - return Pinv.size(); - } - uint plain_size() { - return Sinv.width(); - } - uint hash_size() { - return cipher_size(); - } - uint signature_size() { - return plain_size(); - } - uint error_count() { - return g.degree(); - } - - sencode* serialize(); - bool unserialize (sencode*); -}; - -class pubkey -{ -public: - matrix G; - uint t; - - int encrypt (const bvector&, bvector&, prng&); - int encrypt (const bvector&, bvector&, const bvector&); - int verify (const bvector&, const bvector&, uint); - - uint cipher_size() { - return G.width(); - } - uint plain_size() { - return G.height(); - } - uint hash_size() { - return cipher_size(); - } - uint signature_size() { - return plain_size(); - } - uint error_count() { - return t; - } - - sencode* serialize(); - bool unserialize (sencode*); -}; - -int generate (pubkey&, privkey&, prng&, uint m, uint t); -} - -#endif - diff --git a/src/mce_qd.cpp b/src/mce_qd.cpp index 504801f..e925687 100644 --- a/src/mce_qd.cpp +++ b/src/mce_qd.cpp @@ -28,7 +28,7 @@ using namespace mce_qd; static void print_attack_warning() { - bool printed = false; + static bool printed = false; if (printed) return; err ("\n***MCEQD SECURITY WARNING***\n\n" "Security of the QD-McEliece variant was greatly reduced to less than 2^50\n" @@ -403,7 +403,7 @@ int pubkey::encrypt (const bvector & in, bvector & out, const bvector&errors) //compute ciphertext out = in; - out.insert (out.end(), cksum.begin(), cksum.end()); + out.append (cksum); out.add (errors); return 0; diff --git a/src/mce_qd.h b/src/mce_qd.h index ebb4c96..f653c53 100644 --- a/src/mce_qd.h +++ b/src/mce_qd.h @@ -34,10 +34,8 @@ * compact Quasi-dyadic McEliece * according to Misoczki, Barreto, Compact McEliece Keys from Goppa Codes. * - * Good security, extremely good speed with extremely reduced key size. - * Recommended for encryption, but NEEDS some plaintext conversion -- either - * Fujisaki-Okamoto or Kobara-Imai are known to work good. Without the - * conversion, the encryption itself is extremely weak. + * Needs plaintext conversion. Unfortunately broken by an algebraic attack, do + * not use this. */ namespace mce_qd { diff --git a/src/nd.cpp b/src/nd.cpp deleted file mode 100644 index fd0d234..0000000 --- a/src/nd.cpp +++ /dev/null @@ -1,132 +0,0 @@ - -/* - * This file is part of Codecrypt. - * - * Codecrypt is free software: you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or (at - * your option) any later version. - * - * Codecrypt is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public - * License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Codecrypt. If not, see . - */ - -#include "nd.h" - -using namespace nd; - -#include "decoding.h" - -int nd::generate (pubkey&pub, privkey&priv, prng&rng, uint m, uint t) -{ - //galois field - priv.fld.create (m); - - //goppa polynomial - priv.g.generate_random_irreducible (t, priv.fld, rng); - - matrix h; - priv.g.compute_goppa_check_matrix (h, priv.fld); - - //scrambler - matrix S; - S.generate_random_with_inversion (h.height(), priv.Sinv, rng); - - //permutation - priv.Pinv.generate_random (h.width(), rng); - - /* - * note: we actually don't need the inversion, as it inverts itself - * when permuting SH to pubkey. - */ - - //pubkey - pub.t = t; - S.mult (h); - priv.Pinv.permute (S, pub.H); - - return 0; -} - -int privkey::prepare () -{ - g.compute_square_root_matrix (sqInv, fld); - return 0; -} - -int pubkey::encrypt (const bvector& in, bvector&out) -{ - if (in.size() != plain_size()) return 1; - H.mult_vec_right (in, out); - return 0; -} - -int privkey::decrypt (const bvector&in, bvector&out) -{ - if (in.size() != cipher_size()) return 2; - - bvector unsc; //unscrambled - Sinv.mult_vec_right (in, unsc); - - polynomial loc, synd; - unsc.to_poly (synd, fld); - compute_goppa_error_locator (synd, fld, g, sqInv, loc); - - bvector ev; - if (!evaluate_error_locator_trace (loc, ev, fld)) - return 1; - - if ( (int) ev.hamming_weight() != g.degree()) - return 1; - - Pinv.permute (ev, out); - return 0; -} - -int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prng&rng) -{ - uint i, s, t; - - bvector synd_unsc, synd, e; - polynomial loc, Synd; - - s = hash_size(); - if (in.size() != s) return 2; - - for (t = 0; t < attempts; ++t) { - - synd = in; - for (i = 0; i < delta; ++i) { - uint pos = rng.random (s); - synd[pos] = !synd[pos]; //flip a bit - } - - Sinv.mult_vec_right (synd, synd_unsc); - - synd_unsc.to_poly (Synd, fld); - compute_goppa_error_locator (Synd, fld, g, sqInv, loc); - - if (evaluate_error_locator_trace (loc, e, fld)) { - - Pinv.permute (e, out); - return 0; - } - } - - return 1; -} - -int pubkey::verify (const bvector&in, const bvector&hash, uint delta) -{ - bvector tmp; - if (!H.mult_vec_right (in, tmp)) return 2; - if (hash.size() != tmp.size()) return 1; - tmp.add (hash); - if (tmp.hamming_weight() > delta) return 1; - return 0; -} diff --git a/src/nd.h b/src/nd.h deleted file mode 100644 index 15e497d..0000000 --- a/src/nd.h +++ /dev/null @@ -1,107 +0,0 @@ - -/* - * This file is part of Codecrypt. - * - * Codecrypt is free software: you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or (at - * your option) any later version. - * - * Codecrypt is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public - * License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with Codecrypt. If not, see . - */ - -#ifndef _ccr_nd_h_ -#define _ccr_nd_h_ - -#include "gf2m.h" -#include "matrix.h" -#include "permutation.h" -#include "polynomial.h" -#include "prng.h" -#include "sencode.h" - -/* - * classical Niederreiter - */ -namespace nd -{ -class privkey -{ -public: - matrix Sinv; - permutation Pinv; - polynomial g; - gf2m fld; - - //derivable. - std::vector sqInv; - - int decrypt (const bvector&, bvector&); - int sign (const bvector&, bvector&, uint, uint, prng&); - int prepare(); - - uint cipher_size() { - return Sinv.size(); - } - uint plain_size() { - return Pinv.size(); - } - uint plain_weight() { - return g.degree(); - } - uint hash_size() { - return cipher_size(); - } - uint signature_size() { - return plain_size(); - } - uint signature_weight() { - return plain_weight(); - } - - sencode* serialize(); - bool unserialize (sencode*); -}; - -class pubkey -{ -public: - matrix H; - uint t; - - int encrypt (const bvector&, bvector&); - int verify (const bvector&, const bvector&, uint); - - uint cipher_size() { - return H.height(); - } - uint plain_size() { - return H.width(); - } - uint plain_weight() { - return t; - } - uint hash_size() { - return cipher_size(); - } - uint signature_size() { - return plain_size(); - } - uint signature_weight() { - return plain_weight(); - } - - sencode* serialize(); - bool unserialize (sencode*); -}; - -int generate (pubkey&, privkey&, prng&, uint m, uint t); -} - -#endif diff --git a/src/permutation.cpp b/src/permutation.cpp index d2905ba..e4b6218 100644 --- a/src/permutation.cpp +++ b/src/permutation.cpp @@ -43,10 +43,3 @@ void permutation::generate_random (uint size, prng&rng) } } } - -void permutation::permute_rows (const matrix&a, matrix&r) const -{ - r.resize (a.size()); - for (uint i = 0; i < a.size(); ++i) permute (a[i], r[i]); -} - diff --git a/src/permutation.h b/src/permutation.h index c8bce91..0bf6a0a 100644 --- a/src/permutation.h +++ b/src/permutation.h @@ -54,8 +54,6 @@ public: for (uint i = 0; i < size(); ++i) r[i] = a[item (i)]; } - void permute_rows (const matrix&, matrix&) const; - //work-alike for dyadic permutations. template static bool permute_dyadic (uint sig, const A&a, R&r) { diff --git a/src/polynomial.cpp b/src/polynomial.cpp index d6f64f9..a19de93 100644 --- a/src/polynomial.cpp +++ b/src/polynomial.cpp @@ -116,119 +116,6 @@ polynomial polynomial::gcd (polynomial b, gf2m&fld) return polynomial(); } -bool polynomial::is_irreducible (gf2m&fld) const -{ - //Ben-Or irreducibility test - polynomial xi; //x^(2^i) in our case - polynomial xmodf, t; - - xmodf.resize (2); //precompute (x mod f) although it is usually just x - xmodf[0] = 0; - xmodf[1] = 1; //x - xi = xmodf; - xmodf.mod (*this, fld); //mod f - - int d = degree(); - if (d < 0) return false; - for (uint i = 1; i <= (uint) (d / 2); ++i) { - for (uint j = 0; j < fld.m; ++j) { - t = xi; - t.mult (xi, fld); - t.mod (*this, fld); - xi.swap (t); - } - t = xi; - t.add (xmodf, fld); - - t = t.gcd (*this, fld); - if (t.degree() > 0) - return false; - } - return true; -} - -void polynomial::generate_random_irreducible (uint s, gf2m&fld, prng& rng) -{ - resize (s + 1); - item (s) = 1; //degree s - for (uint i = 0; i < s; ++i) item (i) = rng.random (fld.n); - while (!is_irreducible (fld)) - item (rng.random (s)) = rng.random (fld.n); -} - -bool polynomial::compute_square_root_matrix (std::vector&r, - gf2m&fld) -{ - // step 1, generate a square matrix of squares mod poly. - int d = degree(); - if (d < 0) return false; - std::vectorl; - l.resize (d); - polynomial col, t; - for (int i = 0; i < d; ++i) { - col.clear(); - col.resize (i + 1, 0); - col[i] = 1; - t = col; - col.mult (t, fld); - col.mod (*this, fld); - col.resize (d, 0); - l[i] = col; - } - // step 2, gauss-jordan inverse to unit matrix - r.resize (d); - for (int i = 0; i < d; ++i) { - r[i].clear(); - r[i].resize (d, 0); - r[i][i] = 1; - } - - -#define add_row_mult(from,to,coeff) \ -for(int c=0;c= 0; --i) { - for (j = 0; j < i; ++j) { - a = l[i][j]; - if (a == 0) continue; - add_row_mult (i, j, a); - } - } - - return true; -} - uint polynomial::eval (uint x, gf2m&fld) const { uint r = 0; @@ -238,31 +125,6 @@ uint polynomial::eval (uint x, gf2m&fld) const return r; } -void polynomial::compute_goppa_check_matrix (matrix&r, gf2m&fld) -{ - if (degree() < 0) return; //wrongly initialized polynomial - - r.resize (fld.n); - - for (uint i = 0; i < fld.n; ++i) { - polynomial col; - col.resize (2); - col[0] = i; - col[1] = 1; - col.inv (*this, fld); - //i-th row of the check matrix is polynomial 1/(x-i) - r[i].from_poly (col, fld); - } -} - -void polynomial::make_monic (gf2m&fld) -{ - int d = degree(); - if (d < 0) return; - uint m = fld.inv (item (d)); - for (int i = 0; i <= d; ++i) item (i) = fld.mult (item (i), m); -} - void polynomial::shift (uint n) { if (degree() < 0) return; diff --git a/src/polynomial.h b/src/polynomial.h index e7ceb85..a6e3eb1 100644 --- a/src/polynomial.h +++ b/src/polynomial.h @@ -56,18 +56,11 @@ public: void divmod (polynomial&, polynomial&, polynomial&, gf2m&); void square (gf2m&); void inv (polynomial&, gf2m&); - void make_monic (gf2m&); void sqrt (std::vector&, gf2m&); polynomial gcd (polynomial, gf2m&); void ext_euclid (polynomial&, polynomial&, polynomial&, gf2m&, int); - bool is_irreducible (gf2m&) const; - void generate_random_irreducible (uint s, gf2m&, prng&); - - bool compute_square_root_matrix (std::vector&, gf2m&); - void compute_goppa_check_matrix (matrix&, gf2m&); - sencode* serialize(); bool unserialize (sencode*); }; diff --git a/src/serialization.cpp b/src/serialization.cpp index fa334ef..1a54361 100644 --- a/src/serialization.cpp +++ b/src/serialization.cpp @@ -171,116 +171,6 @@ bool polynomial::unserialize (sencode* s) #define PUBKEY_IDENT "CCR-PUBLIC-KEY-" #define PRIVKEY_IDENT "CCR-PRIVATE-KEY-" -sencode* mce::privkey::serialize() -{ - sencode_list*l = new sencode_list; - l->items.resize (6); - l->items[0] = new sencode_bytes (PRIVKEY_IDENT "MCE"); - l->items[1] = fld.serialize(); - l->items[2] = g.serialize(); - l->items[3] = hperm.serialize(); - l->items[4] = Pinv.serialize(); - l->items[5] = Sinv.serialize(); - return l; -} - -bool mce::privkey::unserialize (sencode* s) -{ - sencode_list*CAST_LIST (s, l); - if (l->items.size() != 6) return false; - - sencode_bytes*CAST_BYTES (l->items[0], ident); - if (ident->b.compare (PRIVKEY_IDENT "MCE")) return false; - - if (! (fld.unserialize (l->items[1]) && - g.unserialize (l->items[2]) && - hperm.unserialize (l->items[3]) && - Pinv.unserialize (l->items[4]) && - Sinv.unserialize (l->items[5]))) return false; - - return true; -} - -sencode* mce::pubkey::serialize() -{ - sencode_list*l = new sencode_list; - l->items.resize (3); - l->items[0] = new sencode_bytes (PUBKEY_IDENT "MCE"); - l->items[1] = new sencode_int (t); - l->items[2] = G.serialize(); - return l; -} - -bool mce::pubkey::unserialize (sencode* s) -{ - sencode_list*CAST_LIST (s, l); - if (l->items.size() != 3) return false; - - sencode_bytes*CAST_BYTES (l->items[0], ident); - if (ident->b.compare (PUBKEY_IDENT "MCE")) return false; - - sencode_int*CAST_INT (l->items[0], p); - t = p->i; - - if (!G.unserialize (l->items[1])) return false; - - return true; -} - -sencode* nd::privkey::serialize() -{ - sencode_list*l = new sencode_list; - l->items.resize (5); - l->items[0] = new sencode_bytes (PRIVKEY_IDENT "ND"); - l->items[1] = fld.serialize(); - l->items[2] = g.serialize(); - l->items[3] = Pinv.serialize(); - l->items[4] = Sinv.serialize(); - return l; -} - -bool nd::privkey::unserialize (sencode* s) -{ - sencode_list*CAST_LIST (s, l); - if (l->items.size() != 5) return false; - - sencode_bytes*CAST_BYTES (l->items[0], ident); - if (ident->b.compare (PRIVKEY_IDENT "ND")) return false; - - if (! (fld.unserialize (l->items[1]) && - g.unserialize (l->items[2]) && - Pinv.unserialize (l->items[3]) && - Sinv.unserialize (l->items[4]))) return false; - - return true; -} - -sencode* nd::pubkey::serialize() -{ - sencode_list*l = new sencode_list; - l->items.resize (3); - l->items[0] = new sencode_bytes (PRIVKEY_IDENT "ND"); - l->items[1] = new sencode_int (t); - l->items[2] = H.serialize(); - return l; -} - -bool nd::pubkey::unserialize (sencode* s) -{ - sencode_list*CAST_LIST (s, l); - if (l->items.size() != 3) return false; - - sencode_bytes*CAST_BYTES (l->items[0], ident); - if (ident->b.compare (PRIVKEY_IDENT "ND")) return false; - - sencode_int*CAST_INT (l->items[1], p); - t = p->i; - - if (!H.unserialize (l->items[2])) return false; - - return true; -} - sencode* mce_qd::privkey::serialize() { sencode_list*l = new sencode_list; @@ -325,7 +215,7 @@ sencode* mce_qd::pubkey::serialize() return l; } -bool mce_qd::pubkey::unserialize (sencode* s) +bool mce_qd::pubkey::unserialize (sencode*s) { sencode_list*CAST_LIST (s, l); if (l->items.size() != 3) return false;