exa/codecrypt
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

little refactor of decoding

Browse source
This commit is contained in:
Mirek Kratochvil 2012-06-03 23:28:18 +02:00
parent c13fb3c414
commit d0810664d7
4 changed files with 48 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
lib/decoding.cpp
View file

@ -1,14 +1,15 @@
#include "decoding.h" #include "decoding.h"
bool syndrome_decode (bvector&syndrome, gf2m&fld, polynomial& goppa, void compute_error_locator (bvector&syndrome, gf2m&fld, polynomial& goppa,
std::vector<polynomial>& sqInv, bvector&ev, std::vector<polynomial>& sqInv, polynomial&out)
bool check_failure)
{ {
ev.clear(); if (syndrome.zero() ) {
ev.resize (fld.n, 0); //ensure no roots
if (syndrome.zero() ) return true; out.resize (1);
out[0] = 1;
return;
}
polynomial v; polynomial v;
syndrome.to_poly (v, fld); syndrome.to_poly (v, fld);
@ -28,20 +29,26 @@ bool syndrome_decode (bvector&syndrome, gf2m&fld, polynomial& goppa,
a.add (b, fld); //new a = a^2 + x b^2 a.add (b, fld); //new a = a^2 + x b^2
a.make_monic (fld); //now it is the error locator. a.make_monic (fld); //now it is the error locator.
out = a;
}
bool evaluate_error_locator_dumb (polynomial&a, bvector&ev, gf2m&fld)
{
ev.clear();
ev.resize (fld.n, 0);
for (uint i = 0; i < fld.n; ++i) { for (uint i = 0; i < fld.n; ++i) {
if (a.eval (i, fld) == 0) { if (a.eval (i, fld) == 0) {
ev[i] = 1; ev[i] = 1;
if (!check_failure) continue; //divide the polynomial by (found) linear factor
//check if the error locator splits over GF(2^m).
//We simplify it to the assumption that all roots are
//also roots of linear factors.
polynomial t, q, r; polynomial t, q, r;
t.resize (2, 0); t.resize (2, 0);
t[0] = i; t[0] = i;
t[1] = 1; t[1] = 1;
a.divmod (t, q, r, fld); a.divmod (t, q, r, fld);
//if it doesn't divide, die.
if (r.degree() >= 0) { if (r.degree() >= 0) {
ev.clear(); ev.clear();
return false; return false;
@ -50,7 +57,8 @@ bool syndrome_decode (bvector&syndrome, gf2m&fld, polynomial& goppa,
} }
} }
if (check_failure && a.degree() > 0) { //also if there's something left, die.
if (a.degree() > 0) {
ev.clear(); ev.clear();
return false; return false;
} }

15
lib/decoding.h
View file

@ -5,11 +5,14 @@
#include "codecrypt.h" #include "codecrypt.h"
using namespace ccr; using namespace ccr;
bool syndrome_decode (bvector&syndrome,
gf2m&fld, void compute_error_locator (bvector&syndrome,
polynomial& gp, gf2m&fld,
std::vector<polynomial>& sqInv, polynomial&goppa,
bvector&ev, std::vector<polynomial>& sqInv,
bool check_failure = true); polynomial&loc);
bool evaluate_error_locator_dumb (polynomial&el, bvector&ev, gf2m&fld);
bool evaluate_error_locator_trace (polynomial&el, bvector&ev, gf2m&fld);
#endif #endif

12
lib/mce.cpp
View file

@ -79,13 +79,18 @@ int privkey::decrypt (const bvector&in, bvector&out)
h.mult_vec_right (canonical, syndrome); h.mult_vec_right (canonical, syndrome);
//decode //decode
polynomial loc;
compute_error_locator (syndrome, fld, g, sqInv, loc);
bvector ev; bvector ev;
if (!syndrome_decode (syndrome, fld, g, sqInv, ev) ) if (!evaluate_error_locator_dumb (loc, ev, fld) )
return 1; //if decoding somehow failed, fail as well. return 1; //if decoding somehow failed, fail as well.
// check the error vector, it should have exactly t == deg (g) errors // check the error vector, it should have exactly t == deg (g) errors
if ( (int) ev.hamming_weight() != g.degree() ) if ( (int) ev.hamming_weight() != g.degree() )
return 1; return 1;
//TODO cryptoanalysis suggests omitting this check for preventing
//bit-flipping attack
//correct the errors //correct the errors
canonical.add (ev); canonical.add (ev);
@ -115,6 +120,7 @@ int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prn
bvector p, e, synd, synd_orig, e2; bvector p, e, synd, synd_orig, e2;
std::vector<uint> epos; std::vector<uint> epos;
permutation hpermInv; permutation hpermInv;
polynomial loc;
s = hash_size(); s = hash_size();
@ -143,7 +149,9 @@ int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prn
synd.add (h[epos[i]]); synd.add (h[epos[i]]);
} }
if (syndrome_decode (synd, fld, g, sqInv, e2, true) ) { compute_error_locator (synd, fld, g, sqInv, loc);
if (evaluate_error_locator_dumb (loc, e2, fld) ) {
//create the decodable message //create the decodable message
p.add (e); p.add (e);

11
lib/nd.cpp
View file

@ -58,8 +58,11 @@ int privkey::decrypt (const bvector&in, bvector&out)
bvector unsc; //unscrambled bvector unsc; //unscrambled
Sinv.mult_vec_right (in, unsc); Sinv.mult_vec_right (in, unsc);
polynomial loc;
compute_error_locator (unsc, fld, g, sqInv, loc);
bvector ev; bvector ev;
if (!syndrome_decode (unsc, fld, g, sqInv, ev) ) if (!evaluate_error_locator_dumb (loc, ev, fld) )
return 1; return 1;
if ( (int) ev.hamming_weight() != g.degree() ) if ( (int) ev.hamming_weight() != g.degree() )
@ -75,6 +78,8 @@ int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prn
bvector synd_unsc, synd, e; bvector synd_unsc, synd, e;
polynomial loc;
s = hash_size(); s = hash_size();
if (in.size() != s) return 2; if (in.size() != s) return 2;
@ -88,7 +93,9 @@ int privkey::sign (const bvector&in, bvector&out, uint delta, uint attempts, prn
Sinv.mult_vec_right (synd, synd_unsc); Sinv.mult_vec_right (synd, synd_unsc);
if (syndrome_decode (synd_unsc, fld, g, sqInv, e, true) ) { compute_error_locator (synd_unsc, fld, g, sqInv, loc);
if (evaluate_error_locator_dumb (loc, e, fld) ) {
Pinv.permute (e, out); Pinv.permute (e, out);
return 0; return 0;