Botan 3.10.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Classic_McEliece_Field_Ordering Class Reference

Represents a field ordering for the Classic McEliece cryptosystem. More...

#include <cmce_field_ordering.h>

Public Member Functions

void _const_time_poison () const
void _const_time_unpoison () const
std::vector< Classic_McEliece_GFalphas (size_t n) const
 Returns the field ordering as a vector of all alphas from alpha_0 to alpha_{n-1}.
secure_bitvector alphas_control_bits () const
 Generates the control bits of the benes network corresponding to the field ordering.
CT::Mask< uint16_t > ct_is_equal (const Classic_McEliece_Field_Ordering &other) const
 Constant time comparison of two field orderings.
void permute_with_pivots (const Classic_McEliece_Parameters &params, const CmceColumnSelection &pivots)
 Permute the field ordering with the given pivots.
CmcePermutationpi_ref ()
 The pi values representing the field ordering.
const CmcePermutationpi_ref () const
 The pi values representing the field ordering.

Static Public Member Functions

static std::optional< Classic_McEliece_Field_Ordering > create_field_ordering (const Classic_McEliece_Parameters &params, StrongSpan< const CmceOrderingBits > random_bits)
 Creates a field ordering from a random bit sequence. Corresponds to the algorithm described in Classic McEliece ISO Sec. 8.2.
static Classic_McEliece_Field_Ordering create_from_control_bits (const Classic_McEliece_Parameters &params, const secure_bitvector &control_bits)
 Create the field ordering from the control bits of a benes network.

Detailed Description

Represents a field ordering for the Classic McEliece cryptosystem.

Field ordering corresponds to the permutation pi defining the alpha sequence in the Classic McEliece specification (see Classic McEliece ISO Sec. 8.2.).

Definition at line 25 of file cmce_field_ordering.h.

Member Function Documentation

◆ _const_time_poison()

void Botan::Classic_McEliece_Field_Ordering::_const_time_poison ( ) const
inline

Definition at line 102 of file cmce_field_ordering.h.

102{ CT::poison(m_pi); }
Botan::CT::poison
constexpr void poison(const T *p, size_t n)
Definition ct_utils.h:54

References Botan::CT::poison().

◆ _const_time_unpoison()

void Botan::Classic_McEliece_Field_Ordering::_const_time_unpoison ( ) const
inline

Definition at line 104 of file cmce_field_ordering.h.

104{ CT::unpoison(m_pi); }
Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:65

References Botan::CT::unpoison().

◆ alphas()

std::vector< Classic_McEliece_GF > Botan::Classic_McEliece_Field_Ordering::alphas ( size_t n) const

Returns the field ordering as a vector of all alphas from alpha_0 to alpha_{n-1}.

Parameters
nThe number of alphas to return.
Returns
the vector of n alphas.

Definition at line 270 of file cmce_field_ordering.cpp.

270 {
271 BOTAN_ASSERT_NOMSG(m_poly_f.get() != 0);
272 BOTAN_ASSERT_NOMSG(m_pi.size() >= n);
273
274 std::vector<Classic_McEliece_GF> n_alphas_vec;
275
276 std::transform(m_pi.begin(), m_pi.begin() + n, std::back_inserter(n_alphas_vec), [this](uint16_t pi_elem) {
277 return from_pi(CmcePermutationElement(pi_elem), m_poly_f, Classic_McEliece_GF::log_q_from_mod(m_poly_f));
278 });
279
280 return n_alphas_vec;
281}
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75

References BOTAN_ASSERT_NOMSG.

◆ alphas_control_bits()

secure_bitvector Botan::Classic_McEliece_Field_Ordering::alphas_control_bits ( ) const

Generates the control bits of the benes network corresponding to the field ordering.

Returns
the control bits.

Definition at line 283 of file cmce_field_ordering.cpp.

283 {
284 // Each vector element contains one bit of the control bits
285 const auto control_bits_as_words = generate_control_bits_internal(m_pi.get());
286 auto control_bits = secure_bitvector(control_bits_as_words.size());
287 for(size_t i = 0; i < control_bits.size(); ++i) {
288 control_bits.at(i) = control_bits_as_words.at(i) != 0;
289 }
290
291 return control_bits;
292}
Botan::secure_bitvector
bitvector_base< secure_allocator > secure_bitvector
Definition bitvector.h:1303

◆ create_field_ordering()

std::optional< Classic_McEliece_Field_Ordering > Botan::Classic_McEliece_Field_Ordering::create_field_ordering ( const Classic_McEliece_Parameters & params,
StrongSpan< const CmceOrderingBits > random_bits )
static

Creates a field ordering from a random bit sequence. Corresponds to the algorithm described in Classic McEliece ISO Sec. 8.2.

Parameters
paramsThe McEliece parameters.
random_bitsThe random bit sequence.
Returns
The field ordering.

Definition at line 257 of file cmce_field_ordering.cpp.

258 {
259 BOTAN_ARG_CHECK(random_bits.size() == (params.sigma2() * params.q()) / 8, "Wrong random bits size");
260
261 auto a = load_le<secure_vector<uint32_t>>(random_bits); // contains a_0, a_1, ...
262 auto [sorted_a, pi] = create_pi(std::move(a));
263 if(ct_has_adjacent_duplicates(sorted_a).as_bool()) {
264 return std::nullopt;
265 }
266
267 return Classic_McEliece_Field_Ordering(std::move(pi), params.poly_f());
268}
BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:33
Botan::load_le
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:495

References BOTAN_ARG_CHECK, Botan::load_le(), Botan::Classic_McEliece_Parameters::poly_f(), Botan::Classic_McEliece_Parameters::q(), Botan::Classic_McEliece_Parameters::sigma2(), and Botan::StrongSpan< T >::size().

Referenced by Botan::Classic_McEliece_PrivateKeyInternal::check_key().

◆ create_from_control_bits()

Classic_McEliece_Field_Ordering Botan::Classic_McEliece_Field_Ordering::create_from_control_bits ( const Classic_McEliece_Parameters & params,
const secure_bitvector & control_bits )
static

Create the field ordering from the control bits of a benes network.

Parameters
paramsThe McEliece parameters.
control_bitsThe control bits of the benes network.
Returns
The field ordering.

Definition at line 296 of file cmce_field_ordering.cpp.

297 {
298 BOTAN_ASSERT_NOMSG(control_bits.size() == (2 * params.m() - 1) << (params.m() - 1));
299 const uint16_t n = uint16_t(1) << params.m();
300 CmcePermutation pi(n);
301 std::iota(pi.begin(), pi.end(), static_cast<uint16_t>(0));
302 for(size_t i = 0; i < 2 * params.m() - 1; ++i) {
303 const size_t gap = size_t(1) << std::min(i, 2 * params.m() - 2 - i);
304 for(size_t j = 0; j < size_t(n) / 2; ++j) {
305 const size_t pos = (j % gap) + 2 * gap * (j / gap);
306 auto mask = CT::Mask<uint16_t>::expand_bool(control_bits[i * n / 2 + j]);
307 mask.conditional_swap(pi[pos], pi[pos + gap]);
308 }
309 }
310
311 return Classic_McEliece_Field_Ordering(std::move(pi), params.poly_f());
312}
Botan::CT::Mask::expand_bool
static constexpr Mask< T > expand_bool(bool v)
Definition ct_utils.h:425
Botan::CmcePermutation
Strong< secure_vector< uint16_t >, struct CmcePermutation_ > CmcePermutation
Represents a permutation (pi in spec). Used in field ordering creation.
Definition cmce_types.h:28

References Botan::detail::Container_Strong_Adapter_Base< T >::begin(), BOTAN_ASSERT_NOMSG, Botan::detail::Container_Strong_Adapter_Base< T >::end(), Botan::CT::Mask< T >::expand_bool(), Botan::Classic_McEliece_Parameters::m(), Botan::Classic_McEliece_Parameters::poly_f(), and Botan::bitvector_base< AllocatorT >::size().

Referenced by Botan::Classic_McEliece_PrivateKeyInternal::from_bytes(), and Botan::Classic_McEliece_PrivateKeyInternal::serialize().

◆ ct_is_equal()

CT::Mask< uint16_t > Botan::Classic_McEliece_Field_Ordering::ct_is_equal ( const Classic_McEliece_Field_Ordering & other) const
inline

Constant time comparison of two field orderings.

Parameters
otherThe other field ordering.
Returns
Mask of equality value

Definition at line 83 of file cmce_field_ordering.h.

83 {
84 BOTAN_ARG_CHECK(other.pi_ref().size() == pi_ref().size(), "Field orderings must have the same size");
85 return CT::is_equal(pi_ref().data(), other.pi_ref().data(), pi_ref().size());
86 }
Botan::Classic_McEliece_Field_Ordering::pi_ref
CmcePermutation & pi_ref()
The pi values representing the field ordering.
Definition cmce_field_ordering.h:68
Botan::detail::Strong_Adapter< T >::data
decltype(auto) data() noexcept(noexcept(this->get().data()))
Definition strong_type.h:179
Botan::CT::is_equal
constexpr CT::Mask< T > is_equal(const T x[], const T y[], size_t len)
Definition ct_utils.h:826

References BOTAN_ARG_CHECK, Botan::detail::Strong_Adapter< T >::data(), Botan::CT::is_equal(), pi_ref(), and Botan::detail::Container_Strong_Adapter_Base< T >::size().

◆ permute_with_pivots()

void Botan::Classic_McEliece_Field_Ordering::permute_with_pivots ( const Classic_McEliece_Parameters & params,
const CmceColumnSelection & pivots )

Permute the field ordering with the given pivots.

For example: If the pivot vector is 10101, the first, third and fifth element of the field ordering are permuted to positions 0, 1 and 2, respectively. The remaining elements are put at the end.

The permutation is done for the elements from position m*t - mu,..., m*t + mu (excl.). This function implements Classic McEliece ISO Sec. 7.2.3 Steps 4-5.

Parameters
paramsThe McEliece parameters.
pivotsThe pivot vector.

Definition at line 314 of file cmce_field_ordering.cpp.

315 {
316 auto col_offset = params.pk_no_rows() - Classic_McEliece_Parameters::mu();
317
318 for(size_t p_idx = 1; p_idx <= Classic_McEliece_Parameters::mu(); ++p_idx) {
319 size_t p_counter = 0;
320 for(size_t col = 0; col < Classic_McEliece_Parameters::nu(); ++col) {
321 auto mask_is_pivot_set = CT::Mask<size_t>::expand_bool(pivots.at(col));
322 p_counter += mask_is_pivot_set.if_set_return(1);
323 auto mask_is_current_pivot = CT::Mask<size_t>::is_equal(p_idx, p_counter);
324 (mask_is_pivot_set & mask_is_current_pivot)
325 .conditional_swap(m_pi.get().at(col_offset + col), m_pi.get().at(col_offset + p_idx - 1));
326 }
327 }
328}
Botan::CT::Mask::is_equal
static constexpr Mask< T > is_equal(T x, T y)
Definition ct_utils.h:470
Botan::Classic_McEliece_Parameters::nu
static constexpr size_t nu()
Constant nu for semi-systematic matrix creation. (see Classic McEliece ISO 7.2.3).
Definition cmce_parameters.h:130
Botan::Classic_McEliece_Parameters::mu
static constexpr size_t mu()
Constant mu for semi-systematic matrix creation. (see Classic McEliece ISO 7.2.3).
Definition cmce_parameters.h:125
Botan::CT::conditional_swap
constexpr void conditional_swap(bool cnd, T &x, T &y)
Definition ct_utils.h:796

References Botan::detail::Strong_Adapter< T >::at(), Botan::CT::Mask< T >::expand_bool(), Botan::CT::Mask< T >::is_equal(), Botan::Classic_McEliece_Parameters::mu(), Botan::Classic_McEliece_Parameters::nu(), and Botan::Classic_McEliece_Parameters::pk_no_rows().

Referenced by Botan::Classic_McEliece_Matrix::create_matrix_and_apply_pivots().

◆ pi_ref() [1/2]

CmcePermutation & Botan::Classic_McEliece_Field_Ordering::pi_ref ( )
inline

The pi values representing the field ordering.

Returns
pi values.

Definition at line 68 of file cmce_field_ordering.h.

68{ return m_pi; }

Referenced by ct_is_equal().

◆ pi_ref() [2/2]

const CmcePermutation & Botan::Classic_McEliece_Field_Ordering::pi_ref ( ) const
inline

The pi values representing the field ordering.

Returns
pi values.

Definition at line 75 of file cmce_field_ordering.h.

75{ return m_pi; }
The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0