Merge pull request #11 from itzmeanjan/correct-packing

Correct packing/ unpacking Matrices modulo Q ( `= 2^D` )
itzmeanjan · May 20, 2023 · 11bef1e · 11bef1e
2 parents 83771ec + 1a12e68
commit 11bef1e
Showing 1 changed file with 47 additions and 41 deletions.
diff --git a/include/packing.hpp b/include/packing.hpp
@@ -23,7 +23,13 @@ pack(const matrix::matrix<n1, n2, Q>& mat,
   constexpr size_t D = frodo_utils::log2(Q);
 
   if constexpr (D == 15ul) {
-    constexpr uint32_t mask8 = 0xffu;
+    constexpr uint32_t mask14 = 0x3fffu;
+    constexpr uint32_t mask13 = mask14 >> 1;
+    constexpr uint32_t mask12 = mask13 >> 1;
+    constexpr uint32_t mask11 = mask12 >> 1;
+    constexpr uint32_t mask10 = mask11 >> 1;
+    constexpr uint32_t mask9 = mask10 >> 1;
+    constexpr uint32_t mask8 = mask9 >> 1;
     constexpr uint32_t mask7 = mask8 >> 1;
     constexpr uint32_t mask6 = mask7 >> 1;
     constexpr uint32_t mask5 = mask6 >> 1;
@@ -39,39 +45,39 @@ pack(const matrix::matrix<n1, n2, Q>& mat,
       const auto v0 = mat[moff + 0].get_value();
       const auto v1 = mat[moff + 1].get_value();
 
-      arr[boff + 0] = v0 & mask8;
-      arr[boff + 1] = ((v1 & mask1) << 7) | ((v0 >> 8) & mask7);
+      arr[boff + 0] = (v0 >> 7) & mask8;
+      arr[boff + 1] = ((v0 & mask7) << 1) | ((v1 >> 14) & mask1);
 
       const auto v2 = mat[moff + 2].get_value();
 
-      arr[boff + 2] = (v1 >> 1) & mask8;
-      arr[boff + 3] = ((v2 & mask2) << 6) | ((v1 >> 9) & mask6);
+      arr[boff + 2] = (v1 & mask14) >> 6;
+      arr[boff + 3] = ((v1 & mask6) << 2) | ((v2 >> 13) & mask2);
 
       const auto v3 = mat[moff + 3].get_value();
 
-      arr[boff + 4] = (v2 >> 2) & mask8;
-      arr[boff + 5] = ((v3 & mask3) << 5) | ((v2 >> 10) & mask5);
+      arr[boff + 4] = (v2 & mask13) >> 5;
+      arr[boff + 5] = ((v2 & mask5) << 3) | ((v3 >> 12) & mask3);
 
       const auto v4 = mat[moff + 4].get_value();
 
-      arr[boff + 6] = (v3 >> 3) & mask8;
-      arr[boff + 7] = ((v4 & mask4) << 4) | ((v3 >> 11) & mask4);
+      arr[boff + 6] = (v3 & mask12) >> 4;
+      arr[boff + 7] = ((v3 & mask4) << 4) | ((v4 >> 11) & mask4);
 
       const auto v5 = mat[moff + 5].get_value();
 
-      arr[boff + 8] = (v4 >> 4) & mask8;
-      arr[boff + 9] = ((v5 & mask5) << 3) | ((v4 >> 12) & mask3);
+      arr[boff + 8] = (v4 & mask11) >> 3;
+      arr[boff + 9] = ((v4 & mask3) << 5) | ((v5 >> 10) & mask5);
 
       const auto v6 = mat[moff + 6].get_value();
 
-      arr[boff + 10] = (v5 >> 5) & mask8;
-      arr[boff + 11] = ((v6 & mask6) << 2) | ((v5 >> 13) & mask2);
+      arr[boff + 10] = (v5 & mask10) >> 2;
+      arr[boff + 11] = ((v5 & mask2) << 6) | ((v6 >> 9) & mask6);
 
       const auto v7 = mat[moff + 7].get_value();
 
-      arr[boff + 12] = (v6 >> 6) & mask8;
-      arr[boff + 13] = ((v7 & mask7) << 1) | ((v6 >> 14) & mask1);
-      arr[boff + 14] = (v7 >> 7) & mask8;
+      arr[boff + 12] = (v6 & mask9) >> 1;
+      arr[boff + 13] = ((v6 & mask1) << 7) | ((v7 >> 8) & mask7);
+      arr[boff + 14] = v7 & mask8;
 
       moff += 8;
       boff += 15;
@@ -85,8 +91,8 @@ pack(const matrix::matrix<n1, n2, Q>& mat,
     while (moff < mat.element_count()) {
       const auto v = mat[moff].get_value();
 
-      arr[boff + 0] = (v >> 0) & mask;
-      arr[boff + 1] = (v >> 8) & mask;
+      arr[boff + 0] = (v >> 8) & mask;
+      arr[boff + 1] = (v >> 0) & mask;
 
       moff += 1;
       boff += 2;
@@ -124,28 +130,28 @@ unpack(std::span<const uint8_t, (n1 * n2 * frodo_utils::log2(Q) + 7) / 8> arr)
     size_t moff = 0;
 
     while (boff < byte_len) {
-      mat[moff + 0] = Zq((static_cast<uint32_t>(arr[boff + 1] & mask7) << 8) |
-                         static_cast<uint32_t>(arr[boff + 0]));
-      mat[moff + 1] = Zq((static_cast<uint32_t>(arr[boff + 3] & mask6) << 9) |
-                         (static_cast<uint32_t>(arr[boff + 2]) << 1) |
-                         static_cast<uint32_t>(arr[boff + 1] >> 7));
-      mat[moff + 2] = Zq((static_cast<uint32_t>(arr[boff + 5] & mask5) << 10) |
-                         (static_cast<uint32_t>(arr[boff + 4]) << 2) |
-                         static_cast<uint32_t>(arr[boff + 3] >> 6));
-      mat[moff + 3] = Zq((static_cast<uint32_t>(arr[boff + 7] & mask4) << 11) |
-                         (static_cast<uint32_t>(arr[boff + 6]) << 3) |
-                         static_cast<uint32_t>(arr[boff + 5] >> 5));
-      mat[moff + 4] = Zq((static_cast<uint32_t>(arr[boff + 9] & mask3) << 12) |
-                         (static_cast<uint32_t>(arr[boff + 8]) << 4) |
+      mat[moff + 0] = Zq((static_cast<uint32_t>(arr[boff + 0]) << 7) |
+                         static_cast<uint32_t>(arr[boff + 1] >> 1));
+      mat[moff + 1] = Zq((static_cast<uint32_t>(arr[boff + 1] & mask1) << 14) |
+                         (static_cast<uint32_t>(arr[boff + 2]) << 6) |
+                         static_cast<uint32_t>(arr[boff + 3] >> 2));
+      mat[moff + 2] = Zq((static_cast<uint32_t>(arr[boff + 3] & mask2) << 13) |
+                         (static_cast<uint32_t>(arr[boff + 4]) << 5) |
+                         static_cast<uint32_t>(arr[boff + 5] >> 3));
+      mat[moff + 3] = Zq((static_cast<uint32_t>(arr[boff + 5] & mask3) << 12) |
+                         (static_cast<uint32_t>(arr[boff + 6]) << 4) |
                          static_cast<uint32_t>(arr[boff + 7] >> 4));
-      mat[moff + 5] = Zq((static_cast<uint32_t>(arr[boff + 11] & mask2) << 13) |
-                         (static_cast<uint32_t>(arr[boff + 10]) << 5) |
-                         static_cast<uint32_t>(arr[boff + 9] >> 3));
-      mat[moff + 6] = Zq((static_cast<uint32_t>(arr[boff + 13] & mask1) << 14) |
-                         (static_cast<uint32_t>(arr[boff + 12]) << 6) |
-                         static_cast<uint32_t>(arr[boff + 11] >> 2));
-      mat[moff + 7] = Zq((static_cast<uint32_t>(arr[boff + 14]) << 7) |
-                         static_cast<uint32_t>(arr[boff + 13] >> 1));
+      mat[moff + 4] = Zq((static_cast<uint32_t>(arr[boff + 7] & mask4) << 11) |
+                         (static_cast<uint32_t>(arr[boff + 8]) << 3) |
+                         static_cast<uint32_t>(arr[boff + 9] >> 5));
+      mat[moff + 5] = Zq((static_cast<uint32_t>(arr[boff + 9] & mask5) << 10) |
+                         (static_cast<uint32_t>(arr[boff + 10]) << 2) |
+                         static_cast<uint32_t>(arr[boff + 11] >> 6));
+      mat[moff + 6] = Zq((static_cast<uint32_t>(arr[boff + 11] & mask6) << 9) |
+                         (static_cast<uint32_t>(arr[boff + 12]) << 1) |
+                         static_cast<uint32_t>(arr[boff + 13] >> 7));
+      mat[moff + 7] = Zq((static_cast<uint32_t>(arr[boff + 13] & mask7) << 8) |
+                         static_cast<uint32_t>(arr[boff + 14]));
 
       boff += 15;
       moff += 8;
@@ -155,8 +161,8 @@ unpack(std::span<const uint8_t, (n1 * n2 * frodo_utils::log2(Q) + 7) / 8> arr)
     size_t moff = 0;
 
     while (boff < byte_len) {
-      mat[moff] = Zq((static_cast<uint32_t>(arr[boff + 1]) << 8) |
-                     static_cast<uint32_t>(arr[boff + 0]));
+      mat[moff] = Zq((static_cast<uint32_t>(arr[boff + 0]) << 8) |
+                     static_cast<uint32_t>(arr[boff + 1]));
 
       boff += 2;
       moff += 1;