Botan::Classic_McEliece_Field_Ordering Class Reference

Represents a field ordering for the Classic McEliece cryptosystem. More...

#include <cmce_field_ordering.h>

Public Member Functions
void	_const_time_poison () const
void	_const_time_unpoison () const
std::vector< Classic_McEliece_GF >	alphas (size_t n) const
	Returns the field ordering as a vector of all alphas from alpha_0 to alpha_{n-1}.
secure_bitvector	alphas_control_bits () const
	Generates the control bits of the benes network corresponding to the field ordering.
CT::Mask< uint16_t >	ct_is_equal (const Classic_McEliece_Field_Ordering &other) const
	Constant time comparison of two field orderings.
void	permute_with_pivots (const Classic_McEliece_Parameters &params, const CmceColumnSelection &pivots)
	Permute the field ordering with the given pivots.
CmcePermutation &	pi_ref ()
	The pi values representing the field ordering.
const CmcePermutation &	pi_ref () const
	The pi values representing the field ordering.

Static Public Member Functions
static std::optional< Classic_McEliece_Field_Ordering >	create_field_ordering (const Classic_McEliece_Parameters &params, StrongSpan< const CmceOrderingBits > random_bits)
	Creates a field ordering from a random bit sequence. Corresponds to the algorithm described in Classic McEliece ISO Sec. 8.2.
static Classic_McEliece_Field_Ordering	create_from_control_bits (const Classic_McEliece_Parameters &params, const secure_bitvector &control_bits)
	Create the field ordering from the control bits of a benes network.

Detailed Description

Represents a field ordering for the Classic McEliece cryptosystem.

Field ordering corresponds to the permutation pi defining the alpha sequence in the Classic McEliece specification (see Classic McEliece ISO Sec. 8.2.).

Definition at line 25 of file cmce_field_ordering.h.

Member Function Documentation

_const_time_poison()

void Botan::Classic_McEliece_Field_Ordering::_const_time_poison ( ) const

inline

Definition at line 102 of file cmce_field_ordering.h.

{ CT::poison(m_pi); }

_const_time_unpoison()

void Botan::Classic_McEliece_Field_Ordering::_const_time_unpoison ( ) const

inline

Definition at line 104 of file cmce_field_ordering.h.

{ CT::unpoison(m_pi); }

alphas()

std::vector< Classic_McEliece_GF > Botan::Classic_McEliece_Field_Ordering::alphas

(

size_t

n

)

const

Returns the field ordering as a vector of all alphas from alpha_0 to alpha_{n-1}.

Parameters

n	The number of alphas to return.

Returns

the vector of n alphas.

Definition at line 272 of file cmce_field_ordering.cpp.

                                                                                     {
   BOTAN_ASSERT_NOMSG(m_poly_f.get() != 0);
   BOTAN_ASSERT_NOMSG(m_pi.size() >= n);
 
   std::vector<Classic_McEliece_GF> n_alphas_vec;
 
   std::transform(m_pi.begin(), m_pi.begin() + n, std::back_inserter(n_alphas_vec), [this](uint16_t pi_elem) {
      return from_pi(CmcePermutationElement(pi_elem), m_poly_f, Classic_McEliece_GF::log_q_from_mod(m_poly_f));
   });
 
   return n_alphas_vec;
}

References BOTAN_ASSERT_NOMSG, and Botan::detail::Strong_Base< T >::get().

alphas_control_bits()

secure_bitvector Botan::Classic_McEliece_Field_Ordering::alphas_control_bits

(

)

const

Generates the control bits of the benes network corresponding to the field ordering.

Returns

the control bits.

Definition at line 285 of file cmce_field_ordering.cpp.

                                                                            {
   // Each vector element contains one bit of the control bits
   const auto control_bits_as_words = generate_control_bits_internal(m_pi.get());
   auto control_bits = secure_bitvector(control_bits_as_words.size());
   for(size_t i = 0; i < control_bits.size(); ++i) {
      control_bits.at(i) = control_bits_as_words.at(i);
   }
 
   return control_bits;
}

References Botan::detail::Strong_Base< T >::get().

Referenced by Botan::Classic_McEliece_PrivateKeyInternal::serialize().

create_field_ordering()

std::optional< Classic_McEliece_Field_Ordering > Botan::Classic_McEliece_Field_Ordering::create_field_ordering ( const Classic_McEliece_Parameters & params, StrongSpan< const CmceOrderingBits > random_bits )

static

Creates a field ordering from a random bit sequence. Corresponds to the algorithm described in Classic McEliece ISO Sec. 8.2.

Parameters

params	The McEliece parameters.
random_bits	The random bit sequence.

Returns

The field ordering.

Definition at line 259 of file cmce_field_ordering.cpp.

                                                                                              {
   BOTAN_ARG_CHECK(random_bits.size() == (params.sigma2() * params.q()) / 8, "Wrong random bits size");
 
   auto a = load_le<secure_vector<uint32_t>>(random_bits);  // contains a_0, a_1, ...
   auto [sorted_a, pi] = create_pi(std::move(a));
   if(ct_has_adjacent_duplicates(sorted_a).as_bool()) {
      return std::nullopt;
   }
 
   return Classic_McEliece_Field_Ordering(std::move(pi), params.poly_f());
}

References BOTAN_ARG_CHECK, Botan::load_le(), Botan::Classic_McEliece_Parameters::poly_f(), Botan::Classic_McEliece_Parameters::q(), Botan::Classic_McEliece_Parameters::sigma2(), and Botan::StrongSpan< T >::size().

Referenced by Botan::Classic_McEliece_PrivateKeyInternal::check_key().

create_from_control_bits()

Classic_McEliece_Field_Ordering Botan::Classic_McEliece_Field_Ordering::create_from_control_bits ( const Classic_McEliece_Parameters & params, const secure_bitvector & control_bits )

static

Create the field ordering from the control bits of a benes network.

Parameters

params	The McEliece parameters.
control_bits	The control bits of the benes network.

Returns

The field ordering.

Definition at line 298 of file cmce_field_ordering.cpp.

                                                                                    {
   BOTAN_ASSERT_NOMSG(control_bits.size() == (2 * params.m() - 1) << (params.m() - 1));
   const uint16_t n = uint16_t(1) << params.m();
   CmcePermutation pi(n);
   std::iota(pi.begin(), pi.end(), static_cast<uint16_t>(0));
   for(size_t i = 0; i < 2 * params.m() - 1; ++i) {
      const size_t gap = size_t(1) << std::min(i, 2 * params.m() - 2 - i);
      for(size_t j = 0; j < size_t(n / 2); ++j) {
         const size_t pos = (j % gap) + 2 * gap * (j / gap);
         auto mask = CT::Mask<uint16_t>::expand(control_bits[i * n / 2 + j]);
         mask.conditional_swap(pi[pos], pi[pos + gap]);
      }
   }
 
   return Classic_McEliece_Field_Ordering(std::move(pi), params.poly_f());
}

References BOTAN_ASSERT_NOMSG, Botan::CT::Mask< T >::expand(), Botan::Classic_McEliece_Parameters::m(), Botan::Classic_McEliece_Parameters::poly_f(), and Botan::bitvector_base< AllocatorT >::size().

Referenced by Botan::Classic_McEliece_PrivateKeyInternal::from_bytes(), and Botan::Classic_McEliece_PrivateKeyInternal::serialize().

ct_is_equal()

CT::Mask< uint16_t > Botan::Classic_McEliece_Field_Ordering::ct_is_equal ( const Classic_McEliece_Field_Ordering & other ) const

inline

Constant time comparison of two field orderings.

Parameters

other

The other field ordering.

Returns

Mask of equality value

Definition at line 83 of file cmce_field_ordering.h.

                                                                                       {
         BOTAN_ARG_CHECK(other.pi_ref().size() == pi_ref().size(), "Field orderings must have the same size");
         return CT::is_equal(pi_ref().data(), other.pi_ref().data(), pi_ref().size());
      }

References BOTAN_ARG_CHECK, and pi_ref().

permute_with_pivots()

void Botan::Classic_McEliece_Field_Ordering::permute_with_pivots	(	const Classic_McEliece_Parameters &	params,
		const CmceColumnSelection &	pivots )

Permute the field ordering with the given pivots.

For example: If the pivot vector is 10101, the first, third and fifth element of the field ordering are permuted to positions 0, 1 and 2, respectively. The remaining elements are put at the end.

The permutation is done for the elements from position m*t - mu,..., m*t + mu (excl.). This function implements Classic McEliece ISO Sec. 7.2.3 Steps 4-5.

Parameters

params	The McEliece parameters.
pivots	The pivot vector.

Definition at line 316 of file cmce_field_ordering.cpp.

                                                                                             {
   auto col_offset = params.pk_no_rows() - Classic_McEliece_Parameters::mu();
 
   for(size_t p_idx = 1; p_idx <= Classic_McEliece_Parameters::mu(); ++p_idx) {
      size_t p_counter = 0;
      for(size_t col = 0; col < Classic_McEliece_Parameters::nu(); ++col) {
         auto mask_is_pivot_set = CT::Mask<size_t>::expand(pivots.at(col));
         p_counter += CT::Mask<size_t>::expand(pivots.at(col)).if_set_return(1);
         auto mask_is_current_pivot = CT::Mask<size_t>::is_equal(p_idx, p_counter);
         (mask_is_pivot_set & mask_is_current_pivot)
            .conditional_swap(m_pi.get().at(col_offset + col), m_pi.get().at(col_offset + p_idx - 1));
      }
   }
}

References Botan::CT::Mask< T >::expand(), Botan::detail::Strong_Base< T >::get(), Botan::CT::Mask< T >::is_equal(), Botan::Classic_McEliece_Parameters::mu(), Botan::Classic_McEliece_Parameters::nu(), and Botan::Classic_McEliece_Parameters::pk_no_rows().

Referenced by Botan::Classic_McEliece_Matrix::create_matrix_and_apply_pivots().

pi_ref() [1/2]

CmcePermutation & Botan::Classic_McEliece_Field_Ordering::pi_ref ( )

inline

The pi values representing the field ordering.

Returns

pi values.

Definition at line 68 of file cmce_field_ordering.h.

{ return m_pi; }

Referenced by ct_is_equal().

pi_ref() [2/2]

const CmcePermutation & Botan::Classic_McEliece_Field_Ordering::pi_ref ( ) const

inline

The pi values representing the field ordering.

Returns

pi values.

Definition at line 75 of file cmce_field_ordering.h.

{ return m_pi; }

---

The documentation for this class was generated from the following files:

• src/lib/pubkey/classic_mceliece/cmce_field_ordering.h
• src/lib/pubkey/classic_mceliece/cmce_field_ordering.cpp