Merge pull request #14 from itzmeanjan/full-kat-conformance

Ensure Conformance to ISO Submission of FrodoKEM using KATs
itzmeanjan · Sep 14, 2023 · ed51bc8 · ed51bc8
2 parents 1b36a04 + 627ed68
commit ed51bc8
Show file tree

Hide file tree

Showing 19 changed files with 4,253 additions and 2,853 deletions.
diff --git a/Makefile b/Makefile
@@ -58,7 +58,7 @@ perf: $(PERF_BINARY)
 .PHONY: format clean
 
 clean:
-	rm -rf build
+	rm -rf $(BUILD_DIR)
 
 format: $(FRODO_SOURCES) $(TEST_SOURCES) $(BENCHMARK_SOURCES)
 	clang-format -i --style=Mozilla $^
diff --git a/README.md b/README.md
diff --git a/benchmarks/bench_kem.cpp b/benchmarks/bench_kem.cpp
@@ -1,3 +1,9 @@
+#include "efrodo1344_kem.hpp"
+#include "efrodo640_kem.hpp"
+#include "efrodo976_kem.hpp"
+#include "frodo1344_kem.hpp"
+#include "frodo640_kem.hpp"
+#include "frodo976_kem.hpp"
 #include "kem.hpp"
 #include "prng.hpp"
 #include <algorithm>
@@ -10,13 +16,13 @@ namespace utils = frodo_utils;
 
 // Benchmark execution of Frodo key generation algorithm, for some specific
 // parameter set.
-template<const size_t n,
-         const size_t n̄,
-         const size_t lsec,
-         const size_t lSE,
-         const size_t lA,
-         const size_t B,
-         const size_t D>
+template<size_t n,
+         size_t n̄,
+         size_t lsec,
+         size_t lSE,
+         size_t lA,
+         size_t B,
+         size_t D>
 inline void
 keygen(benchmark::State& state)
 {
@@ -60,14 +66,14 @@ keygen(benchmark::State& state)
 
 // Benchmark execution of Frodo encapsulation algorithm, for some specific
 // parameter set.
-template<const size_t n,
-         const size_t n̄,
-         const size_t lsec,
-         const size_t lSE,
-         const size_t lA,
-         const size_t lsalt,
-         const size_t B,
-         const size_t D>
+template<size_t n,
+         size_t n̄,
+         size_t lsec,
+         size_t lSE,
+         size_t lA,
+         size_t lsalt,
+         size_t B,
+         size_t D>
 inline void
 encaps(benchmark::State& state)
 {
@@ -128,14 +134,14 @@ encaps(benchmark::State& state)
 
 // Benchmark execution of Frodo KEM decapsulation algorithm, for some specific
 // parameter set.
-template<const size_t n,
-         const size_t n̄,
-         const size_t lsec,
-         const size_t lSE,
-         const size_t lA,
-         const size_t lsalt,
-         const size_t B,
-         const size_t D>
+template<size_t n,
+         size_t n̄,
+         size_t lsec,
+         size_t lSE,
+         size_t lA,
+         size_t lsalt,
+         size_t B,
+         size_t D>
 inline void
 decaps(benchmark::State& state)
 {
@@ -197,26 +203,164 @@ decaps(benchmark::State& state)
   state.SetItemsProcessed(state.iterations());
 }
 
-BENCHMARK(keygen<640, 8, 128, 256, 128, 2, 15>)->Name("frodo640-keygen");
-BENCHMARK(encaps<640, 8, 128, 256, 128, 256, 2, 15>)->Name("frodo640-encaps");
-BENCHMARK(decaps<640, 8, 128, 256, 128, 256, 2, 15>)->Name("frodo640-decaps");
-
-BENCHMARK(keygen<976, 8, 192, 384, 128, 3, 16>)->Name("frodo976-keygen");
-BENCHMARK(encaps<976, 8, 192, 384, 128, 384, 3, 16>)->Name("frodo976-encaps");
-BENCHMARK(decaps<976, 8, 192, 384, 128, 384, 3, 16>)->Name("frodo976-decaps");
-
-BENCHMARK(keygen<1344, 8, 256, 512, 128, 4, 16>)->Name("frodo1344-keygen");
-BENCHMARK(encaps<1344, 8, 256, 512, 128, 512, 4, 16>)->Name("frodo1344-encaps");
-BENCHMARK(decaps<1344, 8, 256, 512, 128, 512, 4, 16>)->Name("frodo1344-decaps");
-
-BENCHMARK(keygen<640, 8, 128, 128, 128, 2, 15>)->Name("efrodo640-keygen");
-BENCHMARK(encaps<640, 8, 128, 128, 128, 0, 2, 15>)->Name("efrodo640-encaps");
-BENCHMARK(decaps<640, 8, 128, 128, 128, 0, 2, 15>)->Name("efrodo640-decaps");
-
-BENCHMARK(keygen<976, 8, 192, 192, 128, 3, 16>)->Name("efrodo976-keygen");
-BENCHMARK(encaps<976, 8, 192, 192, 128, 0, 3, 16>)->Name("efrodo976-encaps");
-BENCHMARK(decaps<976, 8, 192, 192, 128, 0, 3, 16>)->Name("efrodo976-decaps");
-
-BENCHMARK(keygen<1344, 8, 256, 256, 128, 4, 16>)->Name("efrodo1344-keygen");
-BENCHMARK(encaps<1344, 8, 256, 256, 128, 0, 4, 16>)->Name("efrodo1344-encaps");
-BENCHMARK(decaps<1344, 8, 256, 256, 128, 0, 4, 16>)->Name("efrodo1344-decaps");
+BENCHMARK(keygen<frodo640_kem::n,
+                 frodo640_kem::n̄,
+                 frodo640_kem::len_sec,
+                 frodo640_kem::len_SE,
+                 frodo640_kem::len_A,
+                 frodo640_kem::B,
+                 frodo640_kem::D>)
+  ->Name("frodo640-keygen");
+BENCHMARK(encaps<frodo640_kem::n,
+                 frodo640_kem::n̄,
+                 frodo640_kem::len_sec,
+                 frodo640_kem::len_SE,
+                 frodo640_kem::len_A,
+                 frodo640_kem::len_salt,
+                 frodo640_kem::B,
+                 frodo640_kem::D>)
+  ->Name("frodo640-encaps");
+BENCHMARK(decaps<frodo640_kem::n,
+                 frodo640_kem::n̄,
+                 frodo640_kem::len_sec,
+                 frodo640_kem::len_SE,
+                 frodo640_kem::len_A,
+                 frodo640_kem::len_salt,
+                 frodo640_kem::B,
+                 frodo640_kem::D>)
+  ->Name("frodo640-decaps");
+
+BENCHMARK(keygen<frodo976_kem::n,
+                 frodo976_kem::n̄,
+                 frodo976_kem::len_sec,
+                 frodo976_kem::len_SE,
+                 frodo976_kem::len_A,
+                 frodo976_kem::B,
+                 frodo976_kem::D>)
+  ->Name("frodo976-keygen");
+BENCHMARK(encaps<frodo976_kem::n,
+                 frodo976_kem::n̄,
+                 frodo976_kem::len_sec,
+                 frodo976_kem::len_SE,
+                 frodo976_kem::len_A,
+                 frodo976_kem::len_salt,
+                 frodo976_kem::B,
+                 frodo976_kem::D>)
+  ->Name("frodo976-encaps");
+BENCHMARK(decaps<frodo976_kem::n,
+                 frodo976_kem::n̄,
+                 frodo976_kem::len_sec,
+                 frodo976_kem::len_SE,
+                 frodo976_kem::len_A,
+                 frodo976_kem::len_salt,
+                 frodo976_kem::B,
+                 frodo976_kem::D>)
+  ->Name("frodo976-decaps");
+
+BENCHMARK(keygen<frodo1344_kem::n,
+                 frodo1344_kem::n̄,
+                 frodo1344_kem::len_sec,
+                 frodo1344_kem::len_SE,
+                 frodo1344_kem::len_A,
+                 frodo1344_kem::B,
+                 frodo1344_kem::D>)
+  ->Name("frodo1344-keygen");
+BENCHMARK(encaps<frodo1344_kem::n,
+                 frodo1344_kem::n̄,
+                 frodo1344_kem::len_sec,
+                 frodo1344_kem::len_SE,
+                 frodo1344_kem::len_A,
+                 frodo1344_kem::len_salt,
+                 frodo1344_kem::B,
+                 frodo1344_kem::D>)
+  ->Name("frodo1344-encaps");
+BENCHMARK(decaps<frodo1344_kem::n,
+                 frodo1344_kem::n̄,
+                 frodo1344_kem::len_sec,
+                 frodo1344_kem::len_SE,
+                 frodo1344_kem::len_A,
+                 frodo1344_kem::len_salt,
+                 frodo1344_kem::B,
+                 frodo1344_kem::D>)
+  ->Name("frodo1344-decaps");
+
+BENCHMARK(keygen<efrodo640_kem::n,
+                 efrodo640_kem::n̄,
+                 efrodo640_kem::len_sec,
+                 efrodo640_kem::len_SE,
+                 efrodo640_kem::len_A,
+                 efrodo640_kem::B,
+                 efrodo640_kem::D>)
+  ->Name("efrodo640-keygen");
+BENCHMARK(encaps<efrodo640_kem::n,
+                 efrodo640_kem::n̄,
+                 efrodo640_kem::len_sec,
+                 efrodo640_kem::len_SE,
+                 efrodo640_kem::len_A,
+                 efrodo640_kem::len_salt,
+                 efrodo640_kem::B,
+                 efrodo640_kem::D>)
+  ->Name("efrodo640-encaps");
+BENCHMARK(decaps<efrodo640_kem::n,
+                 efrodo640_kem::n̄,
+                 efrodo640_kem::len_sec,
+                 efrodo640_kem::len_SE,
+                 efrodo640_kem::len_A,
+                 efrodo640_kem::len_salt,
+                 efrodo640_kem::B,
+                 efrodo640_kem::D>)
+  ->Name("efrodo640-decaps");
+
+BENCHMARK(keygen<efrodo976_kem::n,
+                 efrodo976_kem::n̄,
+                 efrodo976_kem::len_sec,
+                 efrodo976_kem::len_SE,
+                 efrodo976_kem::len_A,
+                 efrodo976_kem::B,
+                 efrodo976_kem::D>)
+  ->Name("efrodo976-keygen");
+BENCHMARK(encaps<efrodo976_kem::n,
+                 efrodo976_kem::n̄,
+                 efrodo976_kem::len_sec,
+                 efrodo976_kem::len_SE,
+                 efrodo976_kem::len_A,
+                 efrodo976_kem::len_salt,
+                 efrodo976_kem::B,
+                 efrodo976_kem::D>)
+  ->Name("efrodo976-encaps");
+BENCHMARK(decaps<efrodo976_kem::n,
+                 efrodo976_kem::n̄,
+                 efrodo976_kem::len_sec,
+                 efrodo976_kem::len_SE,
+                 efrodo976_kem::len_A,
+                 efrodo976_kem::len_salt,
+                 efrodo976_kem::B,
+                 efrodo976_kem::D>)
+  ->Name("efrodo976-decaps");
+
+BENCHMARK(keygen<efrodo1344_kem::n,
+                 efrodo1344_kem::n̄,
+                 efrodo1344_kem::len_sec,
+                 efrodo1344_kem::len_SE,
+                 efrodo1344_kem::len_A,
+                 efrodo1344_kem::B,
+                 efrodo1344_kem::D>)
+  ->Name("efrodo1344-keygen");
+BENCHMARK(encaps<efrodo1344_kem::n,
+                 efrodo1344_kem::n̄,
+                 efrodo1344_kem::len_sec,
+                 efrodo1344_kem::len_SE,
+                 efrodo1344_kem::len_A,
+                 efrodo1344_kem::len_salt,
+                 efrodo1344_kem::B,
+                 efrodo1344_kem::D>)
+  ->Name("efrodo1344-encaps");
+BENCHMARK(decaps<efrodo1344_kem::n,
+                 efrodo1344_kem::n̄,
+                 efrodo1344_kem::len_sec,
+                 efrodo1344_kem::len_SE,
+                 efrodo1344_kem::len_A,
+                 efrodo1344_kem::len_salt,
+                 efrodo1344_kem::B,
+                 efrodo1344_kem::D>)
+  ->Name("efrodo1344-decaps");
diff --git a/examples/efrodo640_kem.cpp b/examples/efrodo640_kem.cpp
@@ -13,11 +13,11 @@
 int
 main()
 {
-  constexpr size_t S_LEN = 16;
-  constexpr size_t SEED_SE_LEN = 16;
-  constexpr size_t Z_LEN = 16;
-  constexpr size_t μ_LEN = 16;
-  constexpr size_t SS_LEN = 16; // shared secret
+  constexpr size_t S_LEN = efrodo640_kem::len_sec / 8;
+  constexpr size_t SEED_SE_LEN = efrodo640_kem::len_SE / 8;
+  constexpr size_t Z_LEN = efrodo640_kem::len_A / 8;
+  constexpr size_t μ_LEN = efrodo640_kem::len_sec / 8;
+  constexpr size_t SS_LEN = efrodo640_kem::len_sec / 8; // shared secret
 
   std::vector<uint8_t> s(S_LEN, 0);
   std::vector<uint8_t> seedSE(SEED_SE_LEN, 0);

diff --git a/examples/frodo640_kem.cpp b/examples/frodo640_kem.cpp
@@ -13,12 +13,12 @@
 int
 main()
 {
-  constexpr size_t S_LEN = 16;
-  constexpr size_t SEED_SE_LEN = 32;
-  constexpr size_t Z_LEN = 16;
-  constexpr size_t μ_LEN = 16;
-  constexpr size_t SALT_LEN = 32;
-  constexpr size_t SS_LEN = 16; // shared secret
+  constexpr size_t S_LEN = frodo640_kem::len_sec / 8;
+  constexpr size_t SEED_SE_LEN = frodo640_kem::len_SE / 8;
+  constexpr size_t Z_LEN = frodo640_kem::len_A / 8;
+  constexpr size_t μ_LEN = frodo640_kem::len_sec / 8;
+  constexpr size_t SALT_LEN = frodo640_kem::len_salt / 8;
+  constexpr size_t SS_LEN = frodo640_kem::len_sec / 8; // shared secret
 
   std::vector<uint8_t> s(S_LEN, 0);
   std::vector<uint8_t> seedSE(SEED_SE_LEN, 0);

diff --git a/include/encoding.hpp b/include/encoding.hpp
@@ -12,7 +12,7 @@ namespace encoding {
 // integer k ∈ [0, 2^B), which is encoded as an element of Zq s.t. q = 2^D and B
 // <= D using `ec()` function, returning a matrix of dimension m x n over Zq,
 // following algorithm described in section 7.2 of FrodoKEM specification.
-template<const size_t m, const size_t n, const size_t D, const size_t B>
+template<size_t m, size_t n, size_t D, size_t B>
 inline constexpr matrix::matrix<m, n, D>
 encode(std::span<const uint8_t, (m * n * B + 7) / 8> arr)
   requires((m == n) && frodo_params::check_b(B) && (B <= D))
@@ -84,7 +84,7 @@ encode(std::span<const uint8_t, (m * n * B + 7) / 8> arr)
 // the B most significant bits of each matrix entry, by applying `dc()`
 // function, returning a byte array of length (m x n x B + 7)/ 8 -bytes,
 // following algorithm described in section 7.2 of FrodoKEM specification.
-template<const size_t m, const size_t n, const size_t D, const size_t B>
+template<size_t m, size_t n, size_t D, size_t B>
 inline constexpr void
 decode(const matrix::matrix<m, n, D>& mat,
        std::span<uint8_t, (m * n * B + 7) / 8> arr)

diff --git a/include/kem.hpp b/include/kem.hpp
@@ -27,13 +27,13 @@ using namespace frodo_utils;
 // as input, this routine can be used for deterministically generating a new
 // Frodo KEM public/ private keypair, following algorithm definition in
 // section 8.1 of FrodoKEM specification.
-template<const size_t n,
-         const size_t n̄,
-         const size_t len_sec,
-         const size_t len_SE,
-         const size_t len_A,
-         const size_t B,
-         const size_t D>
+template<size_t n,
+         size_t n̄,
+         size_t len_sec,
+         size_t len_SE,
+         size_t len_A,
+         size_t B,
+         size_t D>
 inline void
 keygen(std::span<const uint8_t, len_sec / 8> s,
        std::span<const uint8_t, len_SE / 8> seedSE,
@@ -139,14 +139,14 @@ keygen(std::span<const uint8_t, len_sec / 8> s,
 // corresponding private key can be used for decrypting the cipher text ), this
 // routine can be used for computing a cipher text and a shared secret,
 // following algorithm definition in section 8.2 of FrodoKEM specification.
-template<const size_t n,
-         const size_t n̄,
-         const size_t len_sec,
-         const size_t len_SE,
-         const size_t len_A,
-         const size_t len_salt,
-         const size_t B,
-         const size_t D>
+template<size_t n,
+         size_t n̄,
+         size_t len_sec,
+         size_t len_SE,
+         size_t len_A,
+         size_t len_salt,
+         size_t B,
+         size_t D>
 inline void
 encaps(std::span<const uint8_t, len_sec / 8> μ,
        std::span<const uint8_t, len_salt / 8> salt,
@@ -276,14 +276,14 @@ encaps(std::span<const uint8_t, len_sec / 8> μ,
 // public key, using which the cipher text was computed, this routine can be
 // used for decrypting the cipher text, recovering shared secret, following
 // algorithm definition in section 8.3 of FrodoKEM specification.
-template<const size_t n,
-         const size_t n̄,
-         const size_t len_sec,
-         const size_t len_SE,
-         const size_t len_A,
-         const size_t len_salt,
-         const size_t B,
-         const size_t D>
+template<size_t n,
+         size_t n̄,
+         size_t len_sec,
+         size_t len_SE,
+         size_t len_A,
+         size_t len_salt,
+         size_t B,
+         size_t D>
 inline void
 decaps(std::span<const uint8_t, kem_sec_key_len(n, n̄, len_sec, len_A, D)> skey,
        std::span<const uint8_t, kem_cipher_text_len(n, n̄, len_salt, D)> enc,