exa/codecrypt
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

massive code cleanup and removal of dead code

Browse source
This commit is contained in:
Mirek Kratochvil 2015-11-07 19:38:08 +01:00
parent 17f77e16a4
commit 8b4e0ba4ea
21 changed files with 23 additions and 1055 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/algos_enc.cpp
View file

@ -336,9 +336,7 @@ static int fo_decrypt (const bvector&cipher, bvector&plain,
//get the McE part //get the McE part
if (cipher.size() < ciphersize) return 5; if (cipher.size() < ciphersize) return 5;
bvector mce_cipher, mce_plain, ev; bvector mce_cipher, mce_plain, ev;
mce_cipher.insert (mce_cipher.end(), cipher.get_block (0, ciphersize, mce_cipher);
cipher.begin(),
cipher.begin() + ciphersize);
//get and check the message size for later //get and check the message size for later
uint msize = cipher.size() - ciphersize; uint msize = cipher.size() - ciphersize;
@ -410,7 +408,6 @@ static int fo_decrypt (const bvector&cipher, bvector&plain,
>> (i & 0x7)))) >> (i & 0x7))))
return 7; return 7;
//if the message seems okay, unpad and return it. //if the message seems okay, unpad and return it.
pad_hash_type phf; pad_hash_type phf;
if (!message_unpad (M, plain, phf)) return 8; if (!message_unpad (M, plain, phf)) return 8;

4
src/base64.cpp
View file

@ -167,7 +167,7 @@ bool base64_decode (const std::string& in, std::string&out)
b64d_init = true; b64d_init = true;
} }
int idx = 0, idxmax = in.length(), tmp; int idx = 0, idxmax = in.length();
out.clear(); out.clear();
out.reserve (3 * in.length() / 4); out.reserve (3 * in.length() / 4);
@ -182,7 +182,7 @@ bool base64_decode (const std::string& in, std::string&out)
if ( (c[0] == -1) || (c[1] == -1)) return false; if ( (c[0] == -1) || (c[1] == -1)) return false;
if ( (c[2] == -1) && (c[3] != -1)) return false; if ( (c[2] == -1) && (c[3] != -1)) return false;
tmp = (c[0] << 18) | (c[1] << 12); int tmp = (c[0] << 18) | (c[1] << 12);
if (c[2] != -1) tmp |= c[2] << 6; if (c[2] != -1) tmp |= c[2] << 6;
if (c[3] != -1) tmp |= c[3]; if (c[3] != -1) tmp |= c[3];

65
src/decoding.cpp
View file

@ -18,37 +18,6 @@
#include "decoding.h" #include "decoding.h"
void compute_goppa_error_locator (polynomial&syndrome, gf2m&fld,
polynomial& goppa,
std::vector<polynomial>& sqInv,
polynomial&out)
{
if (syndrome.zero()) {
//ensure no roots
out.resize (1);
out[0] = 1;
return;
}
polynomial v = syndrome;
v.inv (goppa, fld); // v=Synd^-1 mod goppa
if (v.size() < 2) v.resize (2, 0);
v[1] = fld.add (1, v[1]); //add x
v.sqrt (sqInv, fld); //v = sqrt((1/s)+x) mod goppa
polynomial a, b;
v.ext_euclid (a, b, goppa, fld, goppa.degree() / 2);
a.square (fld);
b.square (fld);
b.shift (1);
a.add (b, fld); //new a = a^2 + x b^2
a.make_monic (fld); //now it is the error locator.
out = a;
}
void compute_alternant_error_locator (polynomial&syndrome, gf2m&fld, void compute_alternant_error_locator (polynomial&syndrome, gf2m&fld,
uint t, polynomial&out) uint t, polynomial&out)
{ {
@ -73,40 +42,6 @@ void compute_alternant_error_locator (polynomial&syndrome, gf2m&fld,
//we don't care about error evaluator //we don't care about error evaluator
} }
bool evaluate_error_locator_dumb (polynomial&a, bvector&ev, gf2m&fld)
{
ev.clear();
ev.resize (fld.n, 0);
for (uint i = 0; i < fld.n; ++i) {
if (a.eval (i, fld) == 0) {
ev[i] = 1;
//divide the polynomial by (found) linear factor
polynomial t, q, r;
t.resize (2, 0);
t[0] = i;
t[1] = 1;
a.divmod (t, q, r, fld);
//if it doesn't divide, die.
if (r.degree() >= 0) {
ev.clear();
return false;
}
a = q;
}
}
//also if there's something left, die.
if (a.degree() > 0) {
ev.clear();
return false;
}
return true;
}
/* /*
* berlekamp trace algorithm - we puncture roots of incoming polynomial into * berlekamp trace algorithm - we puncture roots of incoming polynomial into
* the vector of size fld.n * the vector of size fld.n

7
src/decoding.h
View file

@ -24,18 +24,11 @@
#include "gf2m.h" #include "gf2m.h"
#include "bvector.h" #include "bvector.h"
void compute_goppa_error_locator (polynomial&syndrome,
gf2m&fld,
polynomial&goppa,
std::vector<polynomial>& sqInv,
polynomial&loc);
void compute_alternant_error_locator (polynomial&syndrome, void compute_alternant_error_locator (polynomial&syndrome,
gf2m&fld, gf2m&fld,
uint tt, uint tt,
polynomial&loc); polynomial&loc);
bool evaluate_error_locator_dumb (polynomial&el, bvector&ev, gf2m&fld);
bool evaluate_error_locator_trace (polynomial&el, bvector&ev, gf2m&fld); bool evaluate_error_locator_trace (polynomial&el, bvector&ev, gf2m&fld);
#endif #endif

1
src/factoryof.h
View file

@ -48,6 +48,7 @@ public:
instanceof (const instanceof&x) : ptr (x.ptr), deletable (false) {} instanceof (const instanceof&x) : ptr (x.ptr), deletable (false) {}
instanceof () { instanceof () {
deletable = false; deletable = false;
ptr = 0;
} }
void collect() { void collect() {

3
src/gf2m.cpp
View file

@ -44,10 +44,9 @@ uint gf2p_mod (uint a, uint p)
uint gf2p_gcd (uint a, uint b) uint gf2p_gcd (uint a, uint b)
{ {
uint c;
if (!a) return b; if (!a) return b;
while (b) { while (b) {
c = gf2p_mod (a, b); uint c = gf2p_mod (a, b);
a = b; a = b;
b = c; b = c;
} }

5
src/hashfile.cpp
View file

@ -34,6 +34,11 @@ class size64proc : public hash_proc
{ {
uint64_t s; uint64_t s;
public:
size64proc() {
init();
}
uint size() { uint size() {
return 8; return 8;
} }

19
src/keyring.h
View file

@ -29,8 +29,8 @@ class keyring
int lockfd; int lockfd;
public: public:
struct pubkey_entry { struct pubkey_entry {
std::string keyid, name, alg;
sencode *key; sencode *key;
std::string name, alg, keyid;
pubkey_entry() { pubkey_entry() {
key = NULL; key = NULL;
@ -39,17 +39,16 @@ public:
pubkey_entry (const std::string& KID, pubkey_entry (const std::string& KID,
const std::string& N, const std::string& N,
const std::string& A, const std::string& A,
sencode*K) { sencode*K) :
key = K; keyid (KID),
name = N; name (N),
alg = A; alg (A),
keyid = KID; key (K) {}
}
}; };
struct keypair_entry { struct keypair_entry {
sencode *privkey;
pubkey_entry pub; pubkey_entry pub;
sencode *privkey;
keypair_entry() { keypair_entry() {
privkey = NULL; privkey = NULL;
@ -60,9 +59,7 @@ public:
const std::string& A, const std::string& A,
sencode*PubK, sencode*PubK,
sencode*PrivK) sencode*PrivK)
: pub (KID, N, A, PubK) { : pub (KID, N, A, PubK), privkey (PrivK) {}
privkey = PrivK;
}
}; };
typedef std::map<std::string, pubkey_entry> pubkey_storage; typedef std::map<std::string, pubkey_entry> pubkey_storage;

140
src/matrix.cpp
View file

@ -129,77 +129,6 @@ bool matrix::compute_inversion (matrix&res, bool upper_tri, bool lower_tri)
return true; return true;
} }
void matrix::generate_random_invertible (uint size, prng & rng)
{
matrix lt, ut;
uint i, j;
// random lower triangular
lt.resize (size);
for (i = 0; i < size; ++i) {
lt[i].resize (size);
lt[i][i] = 1;
for (j = i + 1; j < size; ++j) lt[i][j] = rng.random (2);
}
// random upper triangular
ut.resize (size);
for (i = 0; i < size; ++i) {
ut[i].resize (size);
ut[i][i] = 1;
for (j = 0; j < i; ++j) ut[i][j] = rng.random (2);
}
lt.mult (ut);
// permute
permutation p;
p.generate_random (size, rng);
p.permute (lt, *this);
}
void matrix::generate_random_with_inversion (uint size, matrix&inversion, prng&rng)
{
matrix lt, ut;
uint i, j;
// random lower triangular
lt.resize (size);
for (i = 0; i < size; ++i) {
lt[i].resize (size);
lt[i][i] = 1;
for (j = i + 1; j < size; ++j) lt[i][j] = rng.random (2);
}
// random upper triangular
ut.resize (size);
for (i = 0; i < size; ++i) {
ut[i].resize (size);
ut[i][i] = 1;
for (j = 0; j < i; ++j) ut[i][j] = rng.random (2);
}
*this = lt;
this->mult (ut);
ut.compute_inversion (inversion, true, false);
lt.compute_inversion (ut, false, true);
inversion.mult (ut);
}
bool matrix::get_left_square (matrix&r)
{
uint h = height();
if (width() < h) return false;
r.clear();
r.resize (h);
for (uint i = 0; i < h; ++i) r[i] = item (i);
return true;
}
bool matrix::strip_left_square (matrix&r)
{
uint h = height(), w = width();
if (w < h) return false;
r.clear();
r.resize (w - h);
for (uint i = 0; i < w - h; ++i) r[i] = item (h + i);
return true;
}
bool matrix::get_right_square (matrix&r) bool matrix::get_right_square (matrix&r)
{ {
uint h = height(), w = width(); uint h = height(), w = width();
@ -258,32 +187,6 @@ bool matrix::create_goppa_generator (matrix&g, const permutation&p)
return true; return true;
} }
bool matrix::mult_vecT_left (const bvector&a, bvector&r)
{
uint w = width(), h = height();
if (a.size() != h) return false;
r.clear();
r.resize (w, 0);
for (uint i = 0; i < w; ++i) {
bool t = 0;
for (uint j = 0; j < h; ++j)
t ^= item (i) [j] & a[j];
r[i] = t;
}
return true;
}
bool matrix::mult_vec_right (const bvector&a, bvector&r)
{
uint w = width(), h = height();
if (a.size() != w) return false;
r.clear();
r.resize (h, 0);
for (uint i = 0; i < w; ++i)
if (a[i]) r.add (item (i));
return true;
}
bool matrix::set_block (uint x, uint y, const matrix&b) bool matrix::set_block (uint x, uint y, const matrix&b)
{ {
uint h = b.height(), w = b.width(); uint h = b.height(), w = b.width();
@ -293,46 +196,3 @@ bool matrix::set_block (uint x, uint y, const matrix&b)
for (uint j = 0; j < h; ++j) item (x + i, y + j) = b.item (i, j); for (uint j = 0; j < h; ++j) item (x + i, y + j) = b.item (i, j);
return true; return true;
} }
bool matrix::add_block (uint x, uint y, const matrix&b)
{
uint h = b.height(), w = b.width();
if (width() < x + w) return false;
if (height() < y + h) return false;
for (uint i = 0; i < w; ++i)
for (uint j = 0; j < h; ++j)
item (x + i, y + j) =
item (x + i, y + j)
^ b.item (i, j);
return true;
}
bool matrix::set_block_from (uint x, uint y, const matrix&b)
{
uint h = b.height(),
w = b.width(),
mh = height(),
mw = width();
if (mw > x + w) return false;
if (mh > y + h) return false;
for (uint i = 0; i < mw; ++i)
for (uint j = 0; j < mh; ++j)
item (i, j) = b.item (x + i, y + j);
return true;
}
bool matrix::add_block_from (uint x, uint y, const matrix&b)
{
uint h = b.height(),
w = b.width(),
mh = height(),
mw = width();
if (mw > x + w) return false;
if (mh > y + h) return false;
for (uint i = 0; i < mw; ++i)
for (uint j = 0; j < mh; ++j)
item (i, j) =
item (i, j)
^ b.item (x + i, y + j);
return true;
}

9
src/matrix.h
View file

@ -54,25 +54,16 @@ public:
void unit (uint); void unit (uint);
void compute_transpose (matrix&); void compute_transpose (matrix&);
bool mult_vecT_left (const bvector&, bvector&);
bool mult_vec_right (const bvector&, bvector&);
bool compute_inversion (matrix&, bool compute_inversion (matrix&,
bool upper_tri = false, bool upper_tri = false,
bool lower_tri = false); bool lower_tri = false);
bool set_block (uint, uint, const matrix&); bool set_block (uint, uint, const matrix&);
bool add_block (uint, uint, const matrix&);
bool set_block_from (uint, uint, const matrix&);
bool add_block_from (uint, uint, const matrix&);
bool get_left_square (matrix&);
bool strip_left_square (matrix&);
bool get_right_square (matrix&); bool get_right_square (matrix&);
bool strip_right_square (matrix&); bool strip_right_square (matrix&);
void extend_left_compact (matrix&); void extend_left_compact (matrix&);
void generate_random_invertible (uint, prng&);
void generate_random_with_inversion (uint, matrix&, prng&);
bool create_goppa_generator (matrix&, permutation&, prng&); bool create_goppa_generator (matrix&, permutation&, prng&);
bool create_goppa_generator (matrix&, const permutation&); bool create_goppa_generator (matrix&, const permutation&);

199
src/mce.cpp
View file

@ -1,199 +0,0 @@
/*
* This file is part of Codecrypt.
*
* Codecrypt is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* Codecrypt is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Codecrypt. If not, see <http://www.gnu.org/licenses/>.
*/
#include "mce.h"
using namespace mce;
#include "decoding.h"
int mce::generate (pubkey&pub, privkey&priv, prng&rng, uint m, uint t)
{
//finite field
priv.fld.create (m);
//goppa polynomial
priv.g.generate_random_irreducible (t, priv.fld, rng);
//check and generator matrix
priv.g.compute_goppa_check_matrix (priv.h, priv.fld);
matrix generator;
for (;;) if (priv.h.create_goppa_generator
(generator, priv.hperm, rng)) break;
//scramble matrix
matrix S;
S.generate_random_with_inversion (generator.height(), priv.Sinv, rng);
//scramble permutation
priv.Pinv.generate_random (generator.width(), rng);
//public key
pub.t = t;
S.mult (generator);
priv.Pinv.permute_inv (S, pub.G);
return 0;
}
int pubkey::encrypt (const bvector& in, bvector&out, prng&rng)
{
uint s = cipher_size();
if (t > s) return 1;
//create error vector
bvector e;
e.resize (s, 0);
for (uint n = t; n > 0;) {
uint p = rng.random (s);
if (!e[p]) {
e[p] = 1;
--n;
}
}
return encrypt (in, out, e);
}
int pubkey::encrypt (const bvector&in, bvector&out, const bvector&errors)
{
if (in.size() != plain_size()) return 2;
if (errors.size() != cipher_size()) return 2;
G.mult_vecT_left (in, out);
out.add (errors);
return 0;
}
int privkey::decrypt (const bvector&in, bvector&out)
{
bvector tmp_errors;
return decrypt (in, out, tmp_errors);
}
int privkey::decrypt (const bvector&in, bvector&out, bvector&errors)
{
if (in.size() != cipher_size()) return 2;
//remove the P permutation
bvector not_permuted;
Pinv.permute (in, not_permuted);
//prepare for decoding
bvector canonical, syndrome;
hperm.permute_inv (not_permuted, canonical);
h.mult_vec_right (canonical, syndrome);
//decode
polynomial synd, loc;
syndrome.to_poly (synd, fld);
compute_goppa_error_locator (synd, fld, g, sqInv, loc);
bvector ev;
if (!evaluate_error_locator_trace (loc, ev, fld))
return 1; //if decoding somehow failed, fail as well.
//correct the errors
canonical.add (ev);
//shuffle back into systematic order
hperm.permute (canonical, not_permuted);
hperm.permute (ev, errors);
//get rid of redundancy bits
not_permuted.resize (plain_size());
//unscramble the result
Sinv.mult_vecT_left (not_permuted, out);
return 0;
}
int privkey::prepare ()
{
g.compute_goppa_check_matrix (h, fld);
g.compute_square_root_matrix (sqInv, fld);
return 0;
}
int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prng&rng)
{
uint i, s, t;
bvector p, e, synd, synd_orig, e2;
std::vector<uint> epos;
polynomial loc, Synd;
s = hash_size();
if (in.size() != s) return 2;
//first, prepare the codeword to canonical form for decoding
Pinv.permute (in, e2);
hperm.permute_inv (e2, p);
//prepare extra error vector
e.resize (s, 0);
epos.resize (delta, 0);
h.mult_vec_right (p, synd_orig);
for (t = 0; t < attempts; ++t) {
synd = synd_orig;
for (i = 0; i < delta; ++i) {
epos[i] = rng.random (s);
/* we don't care about (unlikely) error bit collisions
(they actually don't harm anything) */
if (!e[epos[i]]) synd.add (h[epos[i]]);
e[epos[i]] = 1;
}
synd.to_poly (Synd, fld);
compute_goppa_error_locator (Synd, fld, g, sqInv, loc);
if (evaluate_error_locator_trace (loc, e2, fld)) {
//recreate the decodable codeword
p.add (e);
p.add (e2);
hperm.permute (p, e2); //back to systematic
e2.resize (signature_size()); //strip to message
Sinv.mult_vecT_left (e2, out); //signature
return 0;
}
//if this round failed, we try a new error pattern.
for (i = 0; i < delta; ++i) {
//clear the errors for next cycle
e[epos[i]] = 0;
}
}
return 1; //couldn't decode
}
int pubkey::verify (const bvector&in, const bvector&hash, uint delta)
{
bvector tmp;
if (!G.mult_vecT_left (in, tmp)) return 2; //wrong size of input
if (hash.size() != tmp.size()) return 1; //wrong size of hash, not a sig.
tmp.add (hash);
if (tmp.hamming_weight() > (t + delta)) return 1; //not a signature
return 0; //sig OK
}

106
src/mce.h
View file

@ -1,106 +0,0 @@
/*
* This file is part of Codecrypt.
*
* Codecrypt is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* Codecrypt is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Codecrypt. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _ccr_mce_h_
#define _ccr_mce_h_
#include "gf2m.h"
#include "matrix.h"
#include "permutation.h"
#include "polynomial.h"
#include "prng.h"
#include "sencode.h"
/*
* classical McEliece
*/
namespace mce
{
class privkey
{
public:
matrix Sinv;
permutation Pinv;
polynomial g;
permutation hperm;
gf2m fld;
// derivable things not needed in actual key
matrix h;
std::vector<polynomial> sqInv;
int prepare();
int decrypt (const bvector&, bvector&);
int decrypt (const bvector&, bvector&, bvector&);
int sign (const bvector&, bvector&, uint, uint, prng&);
uint cipher_size() {
return Pinv.size();
}
uint plain_size() {
return Sinv.width();
}
uint hash_size() {
return cipher_size();
}
uint signature_size() {
return plain_size();
}
uint error_count() {
return g.degree();
}
sencode* serialize();
bool unserialize (sencode*);
};
class pubkey
{
public:
matrix G;
uint t;
int encrypt (const bvector&, bvector&, prng&);
int encrypt (const bvector&, bvector&, const bvector&);
int verify (const bvector&, const bvector&, uint);
uint cipher_size() {
return G.width();
}
uint plain_size() {
return G.height();
}
uint hash_size() {
return cipher_size();
}
uint signature_size() {
return plain_size();
}
uint error_count() {
return t;
}
sencode* serialize();
bool unserialize (sencode*);
};
int generate (pubkey&, privkey&, prng&, uint m, uint t);
}
#endif

4
src/mce_qd.cpp
View file

@ -28,7 +28,7 @@ using namespace mce_qd;
static void print_attack_warning() static void print_attack_warning()
{ {
bool printed = false; static bool printed = false;
if (printed) return; if (printed) return;
err ("\n***MCEQD SECURITY WARNING***\n\n" err ("\n***MCEQD SECURITY WARNING***\n\n"
"Security of the QD-McEliece variant was greatly reduced to less than 2^50\n" "Security of the QD-McEliece variant was greatly reduced to less than 2^50\n"
@ -403,7 +403,7 @@ int pubkey::encrypt (const bvector & in, bvector & out, const bvector&errors)
//compute ciphertext //compute ciphertext
out = in; out = in;
out.insert (out.end(), cksum.begin(), cksum.end()); out.append (cksum);
out.add (errors); out.add (errors);
return 0; return 0;

6
src/mce_qd.h
View file

@ -34,10 +34,8 @@
* compact Quasi-dyadic McEliece * compact Quasi-dyadic McEliece
* according to Misoczki, Barreto, Compact McEliece Keys from Goppa Codes. * according to Misoczki, Barreto, Compact McEliece Keys from Goppa Codes.
* *
* Good security, extremely good speed with extremely reduced key size. * Needs plaintext conversion. Unfortunately broken by an algebraic attack, do
* Recommended for encryption, but NEEDS some plaintext conversion -- either * not use this.
* Fujisaki-Okamoto or Kobara-Imai are known to work good. Without the
* conversion, the encryption itself is extremely weak.
*/ */
namespace mce_qd namespace mce_qd
{ {

132
src/nd.cpp
View file

@ -1,132 +0,0 @@
/*
* This file is part of Codecrypt.
*
* Codecrypt is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* Codecrypt is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Codecrypt. If not, see <http://www.gnu.org/licenses/>.
*/
#include "nd.h"
using namespace nd;
#include "decoding.h"
int nd::generate (pubkey&pub, privkey&priv, prng&rng, uint m, uint t)
{
//galois field
priv.fld.create (m);
//goppa polynomial
priv.g.generate_random_irreducible (t, priv.fld, rng);
matrix h;
priv.g.compute_goppa_check_matrix (h, priv.fld);
//scrambler
matrix S;
S.generate_random_with_inversion (h.height(), priv.Sinv, rng);
//permutation
priv.Pinv.generate_random (h.width(), rng);
/*
* note: we actually don't need the inversion, as it inverts itself
* when permuting SH to pubkey.
*/
//pubkey
pub.t = t;
S.mult (h);
priv.Pinv.permute (S, pub.H);
return 0;
}
int privkey::prepare ()
{
g.compute_square_root_matrix (sqInv, fld);
return 0;
}
int pubkey::encrypt (const bvector& in, bvector&out)
{
if (in.size() != plain_size()) return 1;
H.mult_vec_right (in, out);
return 0;
}
int privkey::decrypt (const bvector&in, bvector&out)
{
if (in.size() != cipher_size()) return 2;
bvector unsc; //unscrambled
Sinv.mult_vec_right (in, unsc);
polynomial loc, synd;
unsc.to_poly (synd, fld);
compute_goppa_error_locator (synd, fld, g, sqInv, loc);
bvector ev;
if (!evaluate_error_locator_trace (loc, ev, fld))
return 1;
if ( (int) ev.hamming_weight() != g.degree())
return 1;
Pinv.permute (ev, out);
return 0;
}
int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prng&rng)
{
uint i, s, t;
bvector synd_unsc, synd, e;
polynomial loc, Synd;
s = hash_size();
if (in.size() != s) return 2;
for (t = 0; t < attempts; ++t) {
synd = in;
for (i = 0; i < delta; ++i) {
uint pos = rng.random (s);
synd[pos] = !synd[pos]; //flip a bit
}
Sinv.mult_vec_right (synd, synd_unsc);
synd_unsc.to_poly (Synd, fld);
compute_goppa_error_locator (Synd, fld, g, sqInv, loc);
if (evaluate_error_locator_trace (loc, e, fld)) {
Pinv.permute (e, out);
return 0;
}
}
return 1;
}
int pubkey::verify (const bvector&in, const bvector&hash, uint delta)
{
bvector tmp;
if (!H.mult_vec_right (in, tmp)) return 2;
if (hash.size() != tmp.size()) return 1;
tmp.add (hash);
if (tmp.hamming_weight() > delta) return 1;
return 0;
}

107
src/nd.h
View file

@ -1,107 +0,0 @@
/*
* This file is part of Codecrypt.
*
* Codecrypt is free software: you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or (at
* your option) any later version.
*
* Codecrypt is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Codecrypt. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _ccr_nd_h_
#define _ccr_nd_h_
#include "gf2m.h"
#include "matrix.h"
#include "permutation.h"
#include "polynomial.h"
#include "prng.h"
#include "sencode.h"
/*
* classical Niederreiter
*/
namespace nd
{
class privkey
{
public:
matrix Sinv;
permutation Pinv;
polynomial g;
gf2m fld;
//derivable.
std::vector<polynomial> sqInv;
int decrypt (const bvector&, bvector&);
int sign (const bvector&, bvector&, uint, uint, prng&);
int prepare();
uint cipher_size() {
return Sinv.size();
}
uint plain_size() {
return Pinv.size();
}
uint plain_weight() {
return g.degree();
}
uint hash_size() {
return cipher_size();
}
uint signature_size() {
return plain_size();
}
uint signature_weight() {
return plain_weight();
}
sencode* serialize();
bool unserialize (sencode*);
};
class pubkey
{
public:
matrix H;
uint t;
int encrypt (const bvector&, bvector&);
int verify (const bvector&, const bvector&, uint);
uint cipher_size() {
return H.height();
}
uint plain_size() {
return H.width();
}
uint plain_weight() {
return t;
}
uint hash_size() {
return cipher_size();
}
uint signature_size() {
return plain_size();
}
uint signature_weight() {
return plain_weight();
}
sencode* serialize();
bool unserialize (sencode*);
};
int generate (pubkey&, privkey&, prng&, uint m, uint t);
}
#endif

7
src/permutation.cpp
View file

@ -43,10 +43,3 @@ void permutation::generate_random (uint size, prng&rng)
} }
} }
} }
void permutation::permute_rows (const matrix&a, matrix&r) const
{
r.resize (a.size());
for (uint i = 0; i < a.size(); ++i) permute (a[i], r[i]);
}

2
src/permutation.h
View file

@ -54,8 +54,6 @@ public:
for (uint i = 0; i < size(); ++i) r[i] = a[item (i)]; for (uint i = 0; i < size(); ++i) r[i] = a[item (i)];
} }
void permute_rows (const matrix&, matrix&) const;
//work-alike for dyadic permutations. //work-alike for dyadic permutations.
template<class A, class R> static bool permute_dyadic template<class A, class R> static bool permute_dyadic
(uint sig, const A&a, R&r) { (uint sig, const A&a, R&r) {

138
src/polynomial.cpp
View file

@ -116,119 +116,6 @@ polynomial polynomial::gcd (polynomial b, gf2m&fld)
return polynomial(); return polynomial();
} }
bool polynomial::is_irreducible (gf2m&fld) const
{
//Ben-Or irreducibility test
polynomial xi; //x^(2^i) in our case
polynomial xmodf, t;
xmodf.resize (2); //precompute (x mod f) although it is usually just x
xmodf[0] = 0;
xmodf[1] = 1; //x
xi = xmodf;
xmodf.mod (*this, fld); //mod f
int d = degree();
if (d < 0) return false;
for (uint i = 1; i <= (uint) (d / 2); ++i) {
for (uint j = 0; j < fld.m; ++j) {
t = xi;
t.mult (xi, fld);
t.mod (*this, fld);
xi.swap (t);
}
t = xi;
t.add (xmodf, fld);
t = t.gcd (*this, fld);
if (t.degree() > 0)
return false;
}
return true;
}
void polynomial::generate_random_irreducible (uint s, gf2m&fld, prng& rng)
{
resize (s + 1);
item (s) = 1; //degree s
for (uint i = 0; i < s; ++i) item (i) = rng.random (fld.n);
while (!is_irreducible (fld))
item (rng.random (s)) = rng.random (fld.n);
}
bool polynomial::compute_square_root_matrix (std::vector<polynomial>&r,
gf2m&fld)
{
// step 1, generate a square matrix of squares mod poly.
int d = degree();
if (d < 0) return false;
std::vector<polynomial>l;
l.resize (d);
polynomial col, t;
for (int i = 0; i < d; ++i) {
col.clear();
col.resize (i + 1, 0);
col[i] = 1;
t = col;
col.mult (t, fld);
col.mod (*this, fld);
col.resize (d, 0);
l[i] = col;
}
// step 2, gauss-jordan inverse to unit matrix
r.resize (d);
for (int i = 0; i < d; ++i) {
r[i].clear();
r[i].resize (d, 0);
r[i][i] = 1;
}
#define add_row_mult(from,to,coeff) \
for(int c=0;c<d;++c) { \
l[c][to]=fld.add(l[c][to],fld.mult(l[c][from],coeff));\
r[c][to]=fld.add(r[c][to],fld.mult(r[c][from],coeff));\
}
#define row_mult(row,coeff) \
for(int c=0;c<d;++c) {\
l[c][row]=fld.mult(l[c][row],coeff);\
r[c][row]=fld.mult(r[c][row],coeff);\
}
//gauss
uint a;
int i, j;
for (i = 0; i < d; ++i) {
if (l[i][i] == 0) {
//find nonzero
for (j = i + 1; j < d; ++j) if (l[i][j] != 0) {
add_row_mult (j, i, 1);
break;
}
if (j == d) return false;
}
a = fld.inv (l[i][i]); //normalize
row_mult (i, a);
//zero the col
for (j = i + 1; j < d; ++j)
if (l[i][j] != 0) {
a = l[i][j]; //"minus". luckily on GF(2^m) x+x=0.
add_row_mult (i, j, a);
}
}
//jordan
for (i = d - 1; i >= 0; --i) {
for (j = 0; j < i; ++j) {
a = l[i][j];
if (a == 0) continue;
add_row_mult (i, j, a);
}
}
return true;
}
uint polynomial::eval (uint x, gf2m&fld) const uint polynomial::eval (uint x, gf2m&fld) const
{ {
uint r = 0; uint r = 0;
@ -238,31 +125,6 @@ uint polynomial::eval (uint x, gf2m&fld) const
return r; return r;
} }
void polynomial::compute_goppa_check_matrix (matrix&r, gf2m&fld)
{
if (degree() < 0) return; //wrongly initialized polynomial
r.resize (fld.n);
for (uint i = 0; i < fld.n; ++i) {
polynomial col;
col.resize (2);
col[0] = i;
col[1] = 1;
col.inv (*this, fld);
//i-th row of the check matrix is polynomial 1/(x-i)
r[i].from_poly (col, fld);
}
}
void polynomial::make_monic (gf2m&fld)
{
int d = degree();
if (d < 0) return;
uint m = fld.inv (item (d));
for (int i = 0; i <= d; ++i) item (i) = fld.mult (item (i), m);
}
void polynomial::shift (uint n) void polynomial::shift (uint n)
{ {
if (degree() < 0) return; if (degree() < 0) return;

7
src/polynomial.h
View file

@ -56,18 +56,11 @@ public:
void divmod (polynomial&, polynomial&, polynomial&, gf2m&); void divmod (polynomial&, polynomial&, polynomial&, gf2m&);
void square (gf2m&); void square (gf2m&);
void inv (polynomial&, gf2m&); void inv (polynomial&, gf2m&);
void make_monic (gf2m&);
void sqrt (std::vector<polynomial>&, gf2m&); void sqrt (std::vector<polynomial>&, gf2m&);
polynomial gcd (polynomial, gf2m&); polynomial gcd (polynomial, gf2m&);
void ext_euclid (polynomial&, polynomial&, polynomial&, gf2m&, int); void ext_euclid (polynomial&, polynomial&, polynomial&, gf2m&, int);
bool is_irreducible (gf2m&) const;
void generate_random_irreducible (uint s, gf2m&, prng&);
bool compute_square_root_matrix (std::vector<polynomial>&, gf2m&);
void compute_goppa_check_matrix (matrix&, gf2m&);
sencode* serialize(); sencode* serialize();
bool unserialize (sencode*); bool unserialize (sencode*);
}; };

112
src/serialization.cpp
View file

@ -171,116 +171,6 @@ bool polynomial::unserialize (sencode* s)
#define PUBKEY_IDENT "CCR-PUBLIC-KEY-" #define PUBKEY_IDENT "CCR-PUBLIC-KEY-"
#define PRIVKEY_IDENT "CCR-PRIVATE-KEY-" #define PRIVKEY_IDENT "CCR-PRIVATE-KEY-"
sencode* mce::privkey::serialize()
{
sencode_list*l = new sencode_list;
l->items.resize (6);
l->items[0] = new sencode_bytes (PRIVKEY_IDENT "MCE");
l->items[1] = fld.serialize();
l->items[2] = g.serialize();
l->items[3] = hperm.serialize();
l->items[4] = Pinv.serialize();
l->items[5] = Sinv.serialize();
return l;
}
bool mce::privkey::unserialize (sencode* s)
{
sencode_list*CAST_LIST (s, l);
if (l->items.size() != 6) return false;
sencode_bytes*CAST_BYTES (l->items[0], ident);
if (ident->b.compare (PRIVKEY_IDENT "MCE")) return false;
if (! (fld.unserialize (l->items[1]) &&
g.unserialize (l->items[2]) &&
hperm.unserialize (l->items[3]) &&
Pinv.unserialize (l->items[4]) &&
Sinv.unserialize (l->items[5]))) return false;
return true;
}
sencode* mce::pubkey::serialize()
{
sencode_list*l = new sencode_list;
l->items.resize (3);
l->items[0] = new sencode_bytes (PUBKEY_IDENT "MCE");
l->items[1] = new sencode_int (t);
l->items[2] = G.serialize();
return l;
}
bool mce::pubkey::unserialize (sencode* s)
{
sencode_list*CAST_LIST (s, l);
if (l->items.size() != 3) return false;
sencode_bytes*CAST_BYTES (l->items[0], ident);
if (ident->b.compare (PUBKEY_IDENT "MCE")) return false;
sencode_int*CAST_INT (l->items[0], p);
t = p->i;
if (!G.unserialize (l->items[1])) return false;
return true;
}
sencode* nd::privkey::serialize()
{
sencode_list*l = new sencode_list;
l->items.resize (5);
l->items[0] = new sencode_bytes (PRIVKEY_IDENT "ND");
l->items[1] = fld.serialize();
l->items[2] = g.serialize();
l->items[3] = Pinv.serialize();
l->items[4] = Sinv.serialize();
return l;
}
bool nd::privkey::unserialize (sencode* s)
{
sencode_list*CAST_LIST (s, l);
if (l->items.size() != 5) return false;
sencode_bytes*CAST_BYTES (l->items[0], ident);
if (ident->b.compare (PRIVKEY_IDENT "ND")) return false;
if (! (fld.unserialize (l->items[1]) &&
g.unserialize (l->items[2]) &&
Pinv.unserialize (l->items[3]) &&
Sinv.unserialize (l->items[4]))) return false;
return true;
}
sencode* nd::pubkey::serialize()
{
sencode_list*l = new sencode_list;
l->items.resize (3);
l->items[0] = new sencode_bytes (PRIVKEY_IDENT "ND");
l->items[1] = new sencode_int (t);
l->items[2] = H.serialize();
return l;
}
bool nd::pubkey::unserialize (sencode* s)
{
sencode_list*CAST_LIST (s, l);
if (l->items.size() != 3) return false;
sencode_bytes*CAST_BYTES (l->items[0], ident);
if (ident->b.compare (PRIVKEY_IDENT "ND")) return false;
sencode_int*CAST_INT (l->items[1], p);
t = p->i;
if (!H.unserialize (l->items[2])) return false;
return true;
}
sencode* mce_qd::privkey::serialize() sencode* mce_qd::privkey::serialize()
{ {
sencode_list*l = new sencode_list; sencode_list*l = new sencode_list;
@ -325,7 +215,7 @@ sencode* mce_qd::pubkey::serialize()
return l; return l;
} }
bool mce_qd::pubkey::unserialize (sencode* s) bool mce_qd::pubkey::unserialize (sencode*s)
{ {
sencode_list*CAST_LIST (s, l); sencode_list*CAST_LIST (s, l);
if (l->items.size() != 3) return false; if (l->items.size() != 3) return false;