Merge pull request #4 from itzmeanjan/pke

Saber Public Key Encryption

.clang-format

@@ -0,0 +1,216 @@
+---
+Language:        Cpp
+# BasedOnStyle:  Mozilla
+AccessModifierOffset: -2
+AlignAfterOpenBracket: Align
+AlignArrayOfStructures: None
+AlignConsecutiveAssignments:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  PadOperators:    true
+AlignConsecutiveBitFields:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  PadOperators:    false
+AlignConsecutiveDeclarations:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  PadOperators:    false
+AlignConsecutiveMacros:
+  Enabled:         false
+  AcrossEmptyLines: false
+  AcrossComments:  false
+  AlignCompound:   false
+  PadOperators:    false
+AlignEscapedNewlines: Right
+AlignOperands:   Align
+AlignTrailingComments: true
+AllowAllArgumentsOnNextLine: true
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortEnumsOnASingleLine: true
+AllowShortBlocksOnASingleLine: Never
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: Inline
+AllowShortLambdasOnASingleLine: All
+AllowShortIfStatementsOnASingleLine: Never
+AllowShortLoopsOnASingleLine: false
+AlwaysBreakAfterDefinitionReturnType: TopLevel
+AlwaysBreakAfterReturnType: TopLevel
+AlwaysBreakBeforeMultilineStrings: false
+AlwaysBreakTemplateDeclarations: Yes
+AttributeMacros:
+  - __capability
+BinPackArguments: false
+BinPackParameters: false
+BraceWrapping:
+  AfterCaseLabel:  false
+  AfterClass:      true
+  AfterControlStatement: Never
+  AfterEnum:       true
+  AfterFunction:   true
+  AfterNamespace:  false
+  AfterObjCDeclaration: false
+  AfterStruct:     true
+  AfterUnion:      true
+  AfterExternBlock: true
+  BeforeCatch:     false
+  BeforeElse:      false
+  BeforeLambdaBody: false
+  BeforeWhile:     false
+  IndentBraces:    false
+  SplitEmptyFunction: true
+  SplitEmptyRecord: false
+  SplitEmptyNamespace: true
+BreakBeforeBinaryOperators: None
+BreakBeforeConceptDeclarations: Always
+BreakBeforeBraces: Mozilla
+BreakBeforeInheritanceComma: false
+BreakInheritanceList: BeforeComma
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BreakConstructorInitializers: BeforeComma
+BreakAfterJavaFieldAnnotations: false
+BreakStringLiterals: true
+ColumnLimit:     88
+CommentPragmas:  '^ IWYU pragma:'
+QualifierAlignment: Leave
+CompactNamespaces: false
+ConstructorInitializerIndentWidth: 2
+ContinuationIndentWidth: 2
+Cpp11BracedListStyle: false
+DeriveLineEnding: true
+DerivePointerAlignment: false
+DisableFormat:   false
+EmptyLineAfterAccessModifier: Never
+EmptyLineBeforeAccessModifier: LogicalBlock
+ExperimentalAutoDetectBinPacking: false
+PackConstructorInitializers: BinPack
+BasedOnStyle:    ''
+ConstructorInitializerAllOnOneLineOrOnePerLine: false
+AllowAllConstructorInitializersOnNextLine: true
+FixNamespaceComments: false
+ForEachMacros:
+  - foreach
+  - Q_FOREACH
+  - BOOST_FOREACH
+IfMacros:
+  - KJ_IF_MAYBE
+IncludeBlocks:   Preserve
+IncludeCategories:
+  - Regex:           '^"(llvm|llvm-c|clang|clang-c)/'
+    Priority:        2
+    SortPriority:    0
+    CaseSensitive:   false
+  - Regex:           '^(<|"(gtest|gmock|isl|json)/)'
+    Priority:        3
+    SortPriority:    0
+    CaseSensitive:   false
+  - Regex:           '.*'
+    Priority:        1
+    SortPriority:    0
+    CaseSensitive:   false
+IncludeIsMainRegex: '(Test)?$'
+IncludeIsMainSourceRegex: ''
+IndentAccessModifiers: false
+IndentCaseLabels: true
+IndentCaseBlocks: false
+IndentGotoLabels: true
+IndentPPDirectives: None
+IndentExternBlock: AfterExternBlock
+IndentRequiresClause: true
+IndentWidth:     2
+IndentWrappedFunctionNames: false
+InsertBraces:    false
+InsertTrailingCommas: None
+JavaScriptQuotes: Leave
+JavaScriptWrapImports: true
+KeepEmptyLinesAtTheStartOfBlocks: true
+LambdaBodyIndentation: Signature
+MacroBlockBegin: ''
+MacroBlockEnd:   ''
+MaxEmptyLinesToKeep: 1
+NamespaceIndentation: None
+ObjCBinPackProtocolList: Auto
+ObjCBlockIndentWidth: 2
+ObjCBreakBeforeNestedBlockParam: true
+ObjCSpaceAfterProperty: true
+ObjCSpaceBeforeProtocolList: false
+PenaltyBreakAssignment: 2
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakFirstLessLess: 120
+PenaltyBreakOpenParenthesis: 0
+PenaltyBreakString: 1000
+PenaltyBreakTemplateDeclaration: 10
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 200
+PenaltyIndentedWhitespace: 0
+PointerAlignment: Left
+PPIndentWidth:   -1
+ReferenceAlignment: Pointer
+ReflowComments:  true
+RemoveBracesLLVM: false
+RequiresClausePosition: OwnLine
+SeparateDefinitionBlocks: Leave
+ShortNamespaceLines: 1
+SortIncludes:    CaseSensitive
+SortJavaStaticImport: Before
+SortUsingDeclarations: true
+SpaceAfterCStyleCast: false
+SpaceAfterLogicalNot: false
+SpaceAfterTemplateKeyword: false
+SpaceBeforeAssignmentOperators: true
+SpaceBeforeCaseColon: false
+SpaceBeforeCpp11BracedList: false
+SpaceBeforeCtorInitializerColon: true
+SpaceBeforeInheritanceColon: true
+SpaceBeforeParens: ControlStatements
+SpaceBeforeParensOptions:
+  AfterControlStatements: true
+  AfterForeachMacros: true
+  AfterFunctionDefinitionName: false
+  AfterFunctionDeclarationName: false
+  AfterIfMacros:   true
+  AfterOverloadedOperator: false
+  AfterRequiresInClause: false
+  AfterRequiresInExpression: false
+  BeforeNonEmptyParentheses: false
+SpaceAroundPointerQualifiers: Default
+SpaceBeforeRangeBasedForLoopColon: true
+SpaceInEmptyBlock: false
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInAngles:  Never
+SpacesInConditionalStatement: false
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInLineCommentPrefix:
+  Minimum:         1
+  Maximum:         -1
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+SpaceBeforeSquareBrackets: false
+BitFieldColonSpacing: Both
+Standard:        Latest
+StatementAttributeLikeMacros:
+  - Q_EMIT
+StatementMacros:
+  - Q_UNUSED
+  - QT_REQUIRE_VERSION
+TabWidth:        8
+UseCRLF:         false
+UseTab:          Never
+WhitespaceSensitiveMacros:
+  - STRINGIZE
+  - PP_STRINGIZE
+  - BOOST_PP_STRINGIZE
+  - NS_SWIFT_NAME
+  - CF_SWIFT_NAME
+...
+

.github/workflows/test_ci.yml

@@ -35,6 +35,6 @@ jobs:
         popd
         popd
     - name: Execute Tests
-      run: make
+      run: make -j $(nproc --all)
     - name: Cleanup
       run: make clean

Makefile

@@ -13,7 +13,10 @@ tests/test_polynomial.o: tests/test_polynomial.cpp include/*.hpp
 tests/test_poly_matrix.o: tests/test_poly_matrix.cpp include/*.hpp
 	$(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) -c $< -o $@
 
-tests/a.out: tests/test_polynomial.o tests/test_poly_matrix.o
+tests/test_pke.o: tests/test_pke.cpp include/*.hpp
+	$(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) -c $< -o $@
+
+tests/a.out: tests/test_polynomial.o tests/test_poly_matrix.o tests/test_pke.o
 	$(CXX) $(OPT_FLAGS) $^ -lgtest -lgtest_main -o $@
 
 test: tests/a.out
@@ -23,4 +26,4 @@ clean:
 	find . -name '*.out' -o -name '*.o' -o -name '*.so' -o -name '*.gch' | xargs rm -rf
 
 format:
-	find . -name '*.cpp' -o -name '*.hpp' | xargs clang-format -i --style=Mozilla
+	find . -maxdepth 2 -name '*.cpp' -o -name '*.hpp' | xargs clang-format -i

include/consts.hpp

@@ -0,0 +1,56 @@
+#pragma once
+#include "poly_matrix.hpp"
+#include "polynomial.hpp"
+
+namespace saber_consts {
+
+// Compile-time compute constant polynomial h1 ∈ Rq, following section 2.3 of spec.
+template<const uint16_t moduli, const uint16_t εq, const uint16_t εp>
+inline constexpr poly::poly_t<moduli>
+compute_poly_h1()
+  requires((εq > εp) && (moduli == (1u << εq)))
+{
+  constexpr auto v = 1u << (εq - εp - 1);
+  constexpr zq::zq_t coeff(v);
+
+  poly::poly_t<moduli> h1;
+  for (size_t i = 0; i < poly::N; i++) {
+    h1[i] = coeff;
+  }
+
+  return h1;
+}
+
+// Compile-time compute constant vector h ∈ Rq^(lx1), following section 2.3 of spec.
+template<const size_t L, const uint16_t moduli, const uint16_t εq, const uint16_t εp>
+inline constexpr mat::poly_matrix_t<L, 1, moduli>
+compute_polyvec_h()
+{
+  const auto h1 = compute_poly_h1<moduli, εq, εp>();
+
+  mat::poly_matrix_t<L, 1, moduli> h;
+  for (size_t i = 0; i < L; i++) {
+    h[i] = h1;
+  }
+
+  return h;
+}
+
+// Compile-time compute constant polynomial h2 ∈ Rq, following section 2.3 of spec.
+template<const uint16_t moduli, const uint16_t εq, const uint16_t εp, const uint16_t εt>
+inline constexpr poly::poly_t<moduli>
+compute_poly_h2()
+  requires(((εq > εp) && (εp > εt)) && (moduli == (1u << εq)))
+{
+  constexpr auto v = (1u << (εp - 2)) - (1u << (εp - εt - 1)) + (1u << (εq - εp - 1));
+  constexpr zq::zq_t coeff(v);
+
+  poly::poly_t<moduli> h2;
+  for (size_t i = 0; i < poly::N; i++) {
+    h2[i] = coeff;
+  }
+
+  return h2;
+}
+
+}

include/karatsuba.hpp

@@ -12,8 +12,7 @@ namespace karatsuba {
 // computing resulting polynomial of degree 2*N - 1
 template<const size_t N>
 static inline constexpr std::array<zq::zq_t, 2 * N>
-karatsuba(const std::array<zq::zq_t, N>& polya,
-          const std::array<zq::zq_t, N>& polyb)
+karatsuba(const std::array<zq::zq_t, N>& polya, const std::array<zq::zq_t, N>& polyb)
   requires(saber_params::is_power_of_2(N))
 {
   if constexpr (N == 1) {
@@ -64,8 +63,7 @@ karatsuba(const std::array<zq::zq_t, N>& polya,
 // https://github.com/itzmeanjan/falcon/blob/cce934dcd092c95808c0bdaeb034312ee7754d7e/include/karatsuba.hpp
 template<const size_t N>
 static inline constexpr std::array<zq::zq_t, N>
-karamul(const std::array<zq::zq_t, N>& polya,
-        const std::array<zq::zq_t, N>& polyb)
+karamul(const std::array<zq::zq_t, N>& polya, const std::array<zq::zq_t, N>& polyb)
 {
   const std::array<zq::zq_t, 2 * N> polyab = karatsuba(polya, polyb);
 

include/params.hpp

@@ -1,5 +1,6 @@
 #pragma once
 #include <bit>
+#include <cstddef>
 #include <cstdint>
 #include <type_traits>
 
@@ -27,4 +28,64 @@ log2(const T val)
   return std::countr_zero(val);
 }
 
+// Given an unsigned integer, this routine returns truth value if it's even.
+template<typename T>
+inline constexpr bool
+is_even(T val)
+  requires(std::is_unsigned_v<T>)
+{
+  return !static_cast<bool>(val & 1);
+}
+
+// Compile-time executable check for validating template arguments passed to Saber PKE
+// key generation routine.
+inline constexpr bool
+validate_pke_keygen_args(const size_t L,
+                         const size_t EQ,
+                         const size_t EP,
+                         const size_t MU,
+                         const size_t seedBytes,
+                         const size_t noiseBytes)
+{
+  return ((L == 2) && (EQ == 13) && (EP == 10) && (MU == 10) && (seedBytes == 32) &&
+          (noiseBytes == 32)) || // LightSaber
+         ((L == 3) && (EQ == 13) && (EP == 10) && (MU == 8) && (seedBytes == 32) &&
+          (noiseBytes == 32)) || // Saber
+         ((L == 4) && (EQ == 13) && (EP == 10) && (MU == 6) && (seedBytes == 32) &&
+          (noiseBytes == 32)); // FireSaber
+}
+
+// Compile-time executable check for validating template arguments passed to Saber PKE
+// encryption routine.
+inline constexpr bool
+validate_pke_encrypt_args(const size_t L,
+                          const size_t EQ,
+                          const size_t EP,
+                          const size_t ET,
+                          const size_t MU,
+                          const size_t seedBytes)
+{
+  return ((L == 2) && (EQ == 13) && (EP == 10) && (ET == 3) && (MU == 10) &&
+          (seedBytes == 32)) || // LightSaber
+         ((L == 3) && (EQ == 13) && (EP == 10) && (ET == 4) && (MU == 8) &&
+          (seedBytes == 32)) || // Saber
+         ((L == 4) && (EQ == 13) && (EP == 10) && (ET == 6) && (MU == 6) &&
+          (seedBytes == 32)); // FireSaber
+}
+
+// Compile-time executable check for validating template arguments passed to Saber PKE
+// decryption routine.
+inline constexpr bool
+validate_pke_decrypt_args(const size_t L,
+                          const size_t EQ,
+                          const size_t EP,
+                          const size_t ET,
+                          const size_t MU)
+{
+  return ((L == 2) && (EQ == 13) && (EP == 10) && (ET == 3) &&
+          (MU == 10)) || // LightSaber
+         ((L == 3) && (EQ == 13) && (EP == 10) && (ET == 4) && (MU == 8)) || // Saber
+         ((L == 4) && (EQ == 13) && (EP == 10) && (ET == 6) && (MU == 6)); // FireSaber
+}
+
 }