QSC Post Quantum Cryptographic Library 1.0.0.6c (A6)
A post quantum secure library written in Ansi C
 
Loading...
Searching...
No Matches
dilithium_avx.h
1#ifndef QSC_DILITHIUM_AVX_H
2#define QSC_DILITHIUM_AVX_H
3
4#include "common.h"
5#include "intrinsics.h"
6#include <stddef.h>
7#include <stdint.h>
8#include <immintrin.h>
9
10#ifdef __cplusplus
11extern "C" {
12#endif
13
14// consts
15
16#define _8XQ 0
17#define _8XQINV 8
18#define _8XDIV_QINV 16
19#define _8XDIV 24
20#define _ZETAS_QINV 32
21#define _ZETAS 328
22
23/* The C ABI on MacOS exports all symbols with a leading
24 * underscore. This means that any symbols we refer to from
25 * C files (functions) can't be found, and all symbols we
26 * refer to from ASM also can't be found.
27 *
28 * This define helps us get around this
29 */
30#if defined(__WIN32__) || defined(__APPLE__)
31#define decorate(s) _##s
32#define _cdecl(s) decorate(s)
33#define cdecl(s) _cdecl(DILITHIUM_NAMESPACE(##s))
34#else
35#define cdecl(s) DILITHIUM_NAMESPACE(##s)
36#endif
37
38#define ALIGNED_UINT8(N) \
39 union { \
40 uint8_t coeffs[N]; \
41 __m256i vec[(N+31)/32]; \
42 }
43
44#define ALIGNED_INT32(N) \
45 union { \
46 int32_t coeffs[N]; \
47 __m256i vec[(N+7)/8]; \
48 }
49
50
51#define pqcrystals_dilithium2_PUBLICKEYBYTES 1312
52#define pqcrystals_dilithium2_SECRETKEYBYTES 2560
53#define pqcrystals_dilithium2_BYTES 2420
54
55#define pqcrystals_dilithium2_avx2_PUBLICKEYBYTES pqcrystals_dilithium2_PUBLICKEYBYTES
56#define pqcrystals_dilithium2_avx2_SECRETKEYBYTES pqcrystals_dilithium2_SECRETKEYBYTES
57#define pqcrystals_dilithium2_avx2_BYTES pqcrystals_dilithium2_BYTES
58
59int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk);
60
61int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen,
62 const uint8_t *m, size_t mlen,
63 const uint8_t *ctx, size_t ctxlen,
64 const uint8_t *sk);
65
66int pqcrystals_dilithium2_avx2(uint8_t *sm, size_t *smlen,
67 const uint8_t *m, size_t mlen,
68 const uint8_t *ctx, size_t ctxlen,
69 const uint8_t *sk);
70
71int pqcrystals_dilithium2_avx2_verify(const uint8_t *sig, size_t siglen,
72 const uint8_t *m, size_t mlen,
73 const uint8_t *ctx, size_t ctxlen,
74 const uint8_t *pk);
75
76int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen,
77 const uint8_t *sm, size_t smlen,
78 const uint8_t *ctx, size_t ctxlen,
79 const uint8_t *pk);
80
81
82#define pqcrystals_dilithium3_PUBLICKEYBYTES 1952
83#define pqcrystals_dilithium3_SECRETKEYBYTES 4032
84#define pqcrystals_dilithium3_BYTES 3309
85
86#define pqcrystals_dilithium3_avx2_PUBLICKEYBYTES pqcrystals_dilithium3_PUBLICKEYBYTES
87#define pqcrystals_dilithium3_avx2_SECRETKEYBYTES pqcrystals_dilithium3_SECRETKEYBYTES
88#define pqcrystals_dilithium3_avx2_BYTES pqcrystals_dilithium3_BYTES
89
90int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk);
91
92int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen,
93 const uint8_t *m, size_t mlen,
94 const uint8_t *ctx, size_t ctxlen,
95 const uint8_t *sk);
96
97int pqcrystals_dilithium3_avx2(uint8_t *sm, size_t *smlen,
98 const uint8_t *m, size_t mlen,
99 const uint8_t *ctx, size_t ctxlen,
100 const uint8_t *sk);
101
102int pqcrystals_dilithium3_avx2_verify(const uint8_t *sig, size_t siglen,
103 const uint8_t *m, size_t mlen,
104 const uint8_t *ctx, size_t ctxlen,
105 const uint8_t *pk);
106
107int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen,
108 const uint8_t *sm, size_t smlen,
109 const uint8_t *ctx, size_t ctxlen,
110 const uint8_t *pk);
111
112
113#define pqcrystals_dilithium5_PUBLICKEYBYTES 2592
114#define pqcrystals_dilithium5_SECRETKEYBYTES 4896
115#define pqcrystals_dilithium5_BYTES 4627
116
117#define pqcrystals_dilithium5_avx2_PUBLICKEYBYTES pqcrystals_dilithium5_PUBLICKEYBYTES
118#define pqcrystals_dilithium5_avx2_SECRETKEYBYTES pqcrystals_dilithium5_SECRETKEYBYTES
119#define pqcrystals_dilithium5_avx2_BYTES pqcrystals_dilithium5_BYTES
120
121int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk);
122
123int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen,
124 const uint8_t *m, size_t mlen,
125 const uint8_t *ctx, size_t ctxlen,
126 const uint8_t *sk);
127
128int pqcrystals_dilithium5_avx2(uint8_t *sm, size_t *smlen,
129 const uint8_t *m, size_t mlen,
130 const uint8_t *ctx, size_t ctxlen,
131 const uint8_t *sk);
132
133int pqcrystals_dilithium5_avx2_verify(const uint8_t *sig, size_t siglen,
134 const uint8_t *m, size_t mlen,
135 const uint8_t *ctx, size_t ctxlen,
136 const uint8_t *pk);
137
138int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen,
139 const uint8_t *sm, size_t smlen,
140 const uint8_t *ctx, size_t ctxlen,
141 const uint8_t *pk);
142
143// fips202.h
144
145#define SHAKE128_RATE 168
146#define SHAKE256_RATE 136
147#define SHA3_256_RATE 136
148#define SHA3_512_RATE 72
149
150typedef struct
151{
152 uint64_t s[25];
153 unsigned int pos;
154} keccak_state;
155
156#define KeccakF_RoundConstants FIPS202_NAMESPACE(KeccakF_RoundConstants)
157extern const uint64_t KeccakF_RoundConstants[];
158
159void shake128_init(keccak_state *state);
160void shake128_absorb(keccak_state *state, const uint8_t *in, size_t inlen);
161void shake128_finalize(keccak_state *state);
162void shake128_squeeze(uint8_t *out, size_t outlen, keccak_state *state);
163void shake128_absorb_once(keccak_state *state, const uint8_t *in, size_t inlen);
164void shake128_squeezeblocks(uint8_t *out, size_t nblocks, keccak_state *state);
165void shake256_init(keccak_state *state);
166void shake256_absorb(keccak_state *state, const uint8_t *in, size_t inlen);
167void shake256_finalize(keccak_state *state);
168void shake256_squeeze(uint8_t *out, size_t outlen, keccak_state *state);
169void shake256_absorb_once(keccak_state *state, const uint8_t *in, size_t inlen);
170void shake256_squeezeblocks(uint8_t *out, size_t nblocks, keccak_state *state);
171void shake128(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen);
172void shake256(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen);
173void sha3_256(uint8_t h[32], const uint8_t *in, size_t inlen);
174void sha3_512(uint8_t h[64], const uint8_t *in, size_t inlen);
175
176// fips202x4
177
178typedef struct {
179 __m256i s[25];
180} keccakx4_state;
181
182void f1600x4(__m256i *s, const uint64_t *rc);
183void shake128x4_absorb_once(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
184void shake128x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks, keccakx4_state *state);
185void shake256x4_absorb_once(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
186void shake256x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks, keccakx4_state *state);
187void shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
188void shake256x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
189
190// poly.h
191
192typedef ALIGNED_INT32(N) poly;
193
194void poly_reduce(poly *a);
195void poly_caddq(poly *a);
196void poly_add(poly *c, const poly *a, const poly *b);
197void poly_sub(poly *c, const poly *a, const poly *b);
198void poly_shiftl(poly *a);
199void poly_ntt(poly *a);
200void poly_invntt_tomont(poly *a);
201void poly_nttunpack(poly *a);
202void poly_pointwise_montgomery(poly *c, const poly *a, const poly *b);
203void poly_power2round(poly *a1, poly *a0, const poly *a);
204void poly_decompose(poly *a1, poly *a0, const poly *a);
205unsigned int poly_make_hint(uint8_t hint[N], const poly *a0, const poly *a1);
206void poly_use_hint(poly *b, const poly *a, const poly *h);
207int poly_chknorm(const poly *a, int32_t B);
208void poly_uniform_preinit(poly *a, stream128_state *state);
209void poly_uniform(poly *a, const uint8_t seed[SEEDBYTES], uint16_t nonce);
210void poly_uniform_eta_preinit(poly *a, stream256_state *state);
211void poly_uniform_eta(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce);
212void poly_uniform_gamma1_preinit(poly *a, stream256_state *state);
213void poly_uniform_gamma1(poly *a, const uint8_t seed[CRHBYTES], uint16_t nonce);
214void poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]);
215void poly_uniform_4x(poly *a0, poly *a1, poly *a2, poly *a3, const uint8_t seed[SEEDBYTES], uint16_t nonce0, uint16_t nonce1, uint16_t nonce2, uint16_t nonce3);
216void poly_uniform_eta_4x(poly *a0, poly *a1, poly *a2, poly *a3, const uint8_t seed[CRHBYTES], uint16_t nonce0, uint16_t nonce1, uint16_t nonce2, uint16_t nonce3);
217void poly_uniform_gamma1_4x(poly *a0, poly *a1, poly *a2, poly *a3, const uint8_t seed[CRHBYTES], uint16_t nonce0, uint16_t nonce1, uint16_t nonce2, uint16_t nonce3);
218void polyeta_pack(uint8_t r[POLYETA_PACKEDBYTES], const poly *a);
219void polyeta_unpack(poly *r, const uint8_t a[POLYETA_PACKEDBYTES]);
220void polyt1_pack(uint8_t r[POLYT1_PACKEDBYTES], const poly *a);
221void polyt1_unpack(poly *r, const uint8_t a[POLYT1_PACKEDBYTES]);
222void polyt0_pack(uint8_t r[POLYT0_PACKEDBYTES], const poly *a);
223void polyt0_unpack(poly *r, const uint8_t a[POLYT0_PACKEDBYTES]);
224void polyz_pack(uint8_t r[POLYZ_PACKEDBYTES], const poly *a);
225void polyz_unpack(poly *r, const uint8_t *a);
226void polyw1_pack(uint8_t *r, const poly *a);
227
228// polyvec.h
229
230/* Vectors of polynomials of length L */
231typedef struct {
232 poly vec[L];
233} polyvecl;
234
235void polyvecl_uniform_eta(polyvecl *v, const uint8_t seed[CRHBYTES], uint16_t nonce);
236void polyvecl_uniform_gamma1(polyvecl *v, const uint8_t seed[CRHBYTES], uint16_t nonce);
237void polyvecl_reduce(polyvecl *v);
238void polyvecl_add(polyvecl *w, const polyvecl *u, const polyvecl *v);
239void polyvecl_ntt(polyvecl *v);
240void polyvecl_invntt_tomont(polyvecl *v);
241void polyvecl_pointwise_poly_montgomery(polyvecl *r, const poly *a, const polyvecl *v);
242void polyvecl_pointwise_acc_montgomery(poly *w, const polyvecl *u, const polyvecl *v);
243int polyvecl_chknorm(const polyvecl *v, int32_t B);
244
245/* Vectors of polynomials of length K */
246typedef struct {
247 poly vec[K];
248} polyveck;
249
250void polyveck_uniform_eta(polyveck *v, const uint8_t seed[CRHBYTES], uint16_t nonce);
251void polyveck_reduce(polyveck *v);
252void polyveck_caddq(polyveck *v);
253void polyveck_add(polyveck *w, const polyveck *u, const polyveck *v);
254void polyveck_sub(polyveck *w, const polyveck *u, const polyveck *v);
255void polyveck_shiftl(polyveck *v);
256
257void polyveck_ntt(polyveck *v);
258void polyveck_invntt_tomont(polyveck *v);
259void polyveck_pointwise_poly_montgomery(polyveck *r, const poly *a, const polyveck *v);
260int polyveck_chknorm(const polyveck *v, int32_t B);
261void polyveck_power2round(polyveck *v1, polyveck *v0, const polyveck *v);
262void polyveck_decompose(polyveck *v1, polyveck *v0, const polyveck *v);
263unsigned int polyveck_make_hint(uint8_t *hint, const polyveck *v0, const polyveck *v1);
264void polyveck_use_hint(polyveck *w, const polyveck *v, const polyveck *h);
265void polyveck_pack_w1(uint8_t r[K*POLYW1_PACKEDBYTES], const polyveck *w1);
266void polyvec_matrix_expand(polyvecl mat[K], const uint8_t rho[SEEDBYTES]);
267
268void polyvec_matrix_expand_row0(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
269void polyvec_matrix_expand_row1(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
270void polyvec_matrix_expand_row2(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
271void polyvec_matrix_expand_row3(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
272void polyvec_matrix_expand_row4(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
273void polyvec_matrix_expand_row5(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
274void polyvec_matrix_expand_row6(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
275void polyvec_matrix_expand_row7(polyvecl *rowa, polyvecl *rowb, const uint8_t rho[SEEDBYTES]);
276void polyvec_matrix_pointwise_montgomery(polyveck *t, const polyvecl mat[K], const polyvecl *v);
277
278// ntt.h
279
280void ntt_avx(__m256i *a, const __m256i *qdata);
281void invntt_avx(__m256i *a, const __m256i *qdata);
282void nttunpack_avx(__m256i *a);
283void pointwise_avx(__m256i *c, const __m256i *a, const __m256i *b, const __m256i *qdata);
284void pointwise_acc_avx(__m256i *c, const __m256i *a, const __m256i *b, const __m256i *qdata);
285
286#ifdef __cplusplus
287}
288#endif
289
290#endif
common.h
Contains common definitions for the Quantum Secure Cryptographic (QSC) library.
keccak_state
Definition dilithium_avx.h:151
keccakx4_state
Definition dilithium_avx.h:178
polyveck
Definition dilithium_avx.h:246
polyvecl
Definition dilithium_avx.h:231