Botan 3.6.0
Crypto and TLS for C&
Public Types | Public Member Functions | Static Public Attributes | List of all members
Botan::DilithiumConstants Class Referencefinal

#include <dilithium_constants.h>

Public Types

enum  DilithiumBeta : uint32_t { _78 = 78 , _196 = 196 , _120 = 120 }
 
enum  DilithiumEta : uint32_t { _2 = 2 , _4 = 4 }
 
enum  DilithiumGamma1 : uint32_t { ToThe17th = (1 << 17) , ToThe19th = (1 << 19) }
 
enum  DilithiumGamma2 : uint32_t { Qminus1DevidedBy88 = (Q - 1) / 88 , Qminus1DevidedBy32 = (Q - 1) / 32 }
 
enum  DilithiumLambda : uint32_t { _128 = 128 , _192 = 192 , _256 = 256 }
 
enum  DilithiumOmega : uint32_t { _80 = 80 , _55 = 55 , _75 = 75 }
 
enum  DilithiumTau : uint32_t { _39 = 39 , _49 = 49 , _60 = 60 }
 
using T = int32_t
 base data type for most calculations
 

Public Member Functions

size_t canonical_parameter_set_identifier () const
 
 DilithiumConstants (const DilithiumConstants &other)
 
 DilithiumConstants (DilithiumConstants &&other)=default
 
 DilithiumConstants (DilithiumMode dimension)
 
bool is_aes () const
 
bool is_ml_dsa () const
 
bool is_modern () const
 
Dilithium_Keypair_Codeckeypair_codec () const
 
DilithiumMode mode () const
 
DilithiumConstantsoperator= (const DilithiumConstants &other)=delete
 
DilithiumConstantsoperator= (DilithiumConstants &&other)=default
 
Dilithium_Symmetric_Primitives_Basesymmetric_primitives () const
 
 ~DilithiumConstants ()
 
Foundational constants
DilithiumTau tau () const
 hamming weight of the polynomial 'c' sampled from the commitment's hash
 
DilithiumLambda lambda () const
 collision strength of the commitment hash function
 
DilithiumGamma1 gamma1 () const
 coefficient range of the randomly sampled mask 'y'
 
DilithiumGamma2 gamma2 () const
 low-order rounding range for decomposing the commitment from polynomial vector 'w'
 
uint8_t k () const
 dimensions of the expanded matrix A
 
uint8_t l () const
 dimensions of the expanded matrix A
 
DilithiumEta eta () const
 coefficient range of the private key's polynomial vectors 's1' and 's2'
 
DilithiumBeta beta () const
 tau * eta
 
DilithiumOmega omega () const
 maximal hamming weight of the hint polynomial vector 'h'
 
size_t public_key_hash_bytes () const
 length of the public key hash 'tr' in bytes (differs between R3 and ML-DSA)
 
size_t commitment_hash_full_bytes () const
 length of the entire commitment hash 'c~' in bytes (differs between R3 and ML-DSA)
 
Sizes of encoded data structures
size_t signature_bytes () const
 byte length of the encoded signature
 
size_t public_key_bytes () const
 byte length of the encoded public key
 
size_t private_key_bytes () const
 byte length of the encoded private key
 
size_t serialized_commitment_bytes () const
 byte length of the packed commitment polynomial vector 'w1'
 

Static Public Attributes

static constexpr T D = 13
 number of dropped bits from t (see FIPS 204 Section 5)
 
static constexpr T F = 8347681
 as specified in FIPS 204 (see Algorithm 36 (NTT^-1), f = 256^-1 mod Q)
 
static constexpr T N = 256
 number of coefficients in a polynomial
 
static constexpr size_t NTT_Degree = 256
 degree of the NTT polynomials
 
static constexpr T Q = 8380417
 modulus
 
static constexpr T ROOT_OF_UNITY = 1753
 the 512-th root of unity modulo Q (see FIPS 204 Section 8.5)
 
Byte length's of various hash outputs and seeds
static constexpr size_t SEED_RANDOMNESS_BYTES = 32
 
static constexpr size_t SEED_RHO_BYTES = 32
 
static constexpr size_t SEED_RHOPRIME_BYTES = 64
 
static constexpr size_t OPTIONAL_RANDOMNESS_BYTES = 32
 
static constexpr size_t SEED_SIGNING_KEY_BYTES = 32
 
static constexpr size_t MESSAGE_HASH_BYTES = 64
 
static constexpr size_t COMMITMENT_HASH_C1_BYTES = 32
 
Loop bounds for various rejection sampling loops (FIPS 204, Apx C)
static constexpr uint16_t SIGNING_LOOP_BOUND = 814
 
static constexpr uint16_t SAMPLE_POLY_FROM_XOF_BOUND = 481
 
static constexpr uint16_t SAMPLE_NTT_POLY_FROM_XOF_BOUND = 894
 
static constexpr uint16_t SAMPLE_IN_BALL_XOF_BOUND = 221
 

Detailed Description

Algorithm constants and parameter-set dependent values

Definition at line 25 of file dilithium_constants.h.

Member Typedef Documentation

◆ T

using Botan::DilithiumConstants::T = int32_t

base data type for most calculations

Definition at line 28 of file dilithium_constants.h.

Member Enumeration Documentation

◆ DilithiumBeta

enum Botan::DilithiumConstants::DilithiumBeta : uint32_t
Enumerator
_78 
_196 
_120 

Definition at line 83 of file dilithium_constants.h.

83: uint32_t { _78 = 78, _196 = 196, _120 = 120 };

◆ DilithiumEta

enum Botan::DilithiumConstants::DilithiumEta : uint32_t
Enumerator
_2 
_4 

Definition at line 81 of file dilithium_constants.h.

81: uint32_t { _2 = 2, _4 = 4 };

◆ DilithiumGamma1

enum Botan::DilithiumConstants::DilithiumGamma1 : uint32_t
Enumerator
ToThe17th 
ToThe19th 

Definition at line 77 of file dilithium_constants.h.

77: uint32_t { ToThe17th = (1 << 17), ToThe19th = (1 << 19) };

◆ DilithiumGamma2

enum Botan::DilithiumConstants::DilithiumGamma2 : uint32_t
Enumerator
Qminus1DevidedBy88 
Qminus1DevidedBy32 

Definition at line 79 of file dilithium_constants.h.

79: uint32_t { Qminus1DevidedBy88 = (Q - 1) / 88, Qminus1DevidedBy32 = (Q - 1) / 32 };
Botan::DilithiumConstants::Q
static constexpr T Q
modulus
Definition dilithium_constants.h:34

◆ DilithiumLambda

enum Botan::DilithiumConstants::DilithiumLambda : uint32_t
Enumerator
_128 
_192 
_256 

Definition at line 75 of file dilithium_constants.h.

75: uint32_t { _128 = 128, _192 = 192, _256 = 256 };

◆ DilithiumOmega

enum Botan::DilithiumConstants::DilithiumOmega : uint32_t
Enumerator
_80 
_55 
_75 

Definition at line 85 of file dilithium_constants.h.

85: uint32_t { _80 = 80, _55 = 55, _75 = 75 };

◆ DilithiumTau

enum Botan::DilithiumConstants::DilithiumTau : uint32_t
Enumerator
_39 
_49 
_60 

Definition at line 73 of file dilithium_constants.h.

73: uint32_t { _39 = 39, _49 = 49, _60 = 60 };

Constructor & Destructor Documentation

◆ DilithiumConstants() [1/3]

Botan::DilithiumConstants::DilithiumConstants ( DilithiumMode dimension)

Definition at line 59 of file dilithium_constants.cpp.

59 :
60 m_mode(mode),
61 m_public_key_hash_bytes(public_key_hash_size(m_mode)),
62 m_commitment_hash_full_bytes(commitment_hash_full_size(m_mode)) {
63 switch(m_mode.mode()) {
64 case Botan::DilithiumMode::Dilithium4x4:
65 case Botan::DilithiumMode::Dilithium4x4_AES:
66 case Botan::DilithiumMode::ML_DSA_4x4:
67 m_tau = DilithiumTau::_39;
68 m_lambda = DilithiumLambda::_128;
69 m_gamma1 = DilithiumGamma1::ToThe17th;
70 m_gamma2 = DilithiumGamma2::Qminus1DevidedBy88;
71 m_k = 4;
72 m_l = 4;
73 m_eta = DilithiumEta::_2;
74 m_beta = DilithiumBeta::_78;
75 m_omega = DilithiumOmega::_80;
76 break;
77 case Botan::DilithiumMode::Dilithium6x5:
78 case Botan::DilithiumMode::Dilithium6x5_AES:
79 case Botan::DilithiumMode::ML_DSA_6x5:
80 m_tau = DilithiumTau::_49;
81 m_lambda = DilithiumLambda::_192;
82 m_gamma1 = DilithiumGamma1::ToThe19th;
83 m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
84 m_k = 6;
85 m_l = 5;
86 m_eta = DilithiumEta::_4;
87 m_beta = DilithiumBeta::_196;
88 m_omega = DilithiumOmega::_55;
89 break;
90 case Botan::DilithiumMode::Dilithium8x7:
91 case Botan::DilithiumMode::Dilithium8x7_AES:
92 case Botan::DilithiumMode::ML_DSA_8x7:
93 m_tau = DilithiumTau::_60;
94 m_lambda = DilithiumLambda::_256;
95 m_gamma1 = DilithiumGamma1::ToThe19th;
96 m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
97 m_k = 8;
98 m_l = 7;
99 m_eta = DilithiumEta::_2;
100 m_beta = DilithiumBeta::_120;
101 m_omega = DilithiumOmega::_75;
102 break;
103 default:
104 BOTAN_ASSERT_UNREACHABLE();
105 }
106
107 const auto s1_bytes = 32 * m_l * bitlen(2 * m_eta);
108 const auto s2_bytes = 32 * m_k * bitlen(2 * m_eta);
109 const auto t0_bytes = 32 * m_k * D;
110 const auto t1_bytes = 32 * m_k * (bitlen(static_cast<uint32_t>(Q) - 1) - D);
111 const auto z_bytes = 32 * m_l * (1 + bitlen(m_gamma1 - 1));
112 const auto hint_bytes = m_omega + m_k;
113
114 m_private_key_bytes =
115 SEED_RHO_BYTES + SEED_SIGNING_KEY_BYTES + m_public_key_hash_bytes + s1_bytes + s2_bytes + t0_bytes;
116 m_public_key_bytes = SEED_RHO_BYTES + t1_bytes;
117 m_signature_bytes = m_commitment_hash_full_bytes + z_bytes + hint_bytes;
118 m_serialized_commitment_bytes = 32 * m_k * bitlen(((Q - 1) / (2 * m_gamma2)) - 1);
119
120 m_symmetric_primitives = Dilithium_Symmetric_Primitives_Base::create(*this);
121 m_keypair_codec = Dilithium_Keypair_Codec::create(mode);
122}
BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:137
Botan::DilithiumConstants::D
static constexpr T D
number of dropped bits from t (see FIPS 204 Section 5)
Definition dilithium_constants.h:37
Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES
static constexpr size_t SEED_SIGNING_KEY_BYTES
Definition dilithium_constants.h:56
Botan::DilithiumConstants::SEED_RHO_BYTES
static constexpr size_t SEED_RHO_BYTES
Definition dilithium_constants.h:53
Botan::DilithiumMode::mode
Mode mode() const
Definition dilithium.h:52
Botan::Dilithium_Keypair_Codec::create
static std::unique_ptr< Dilithium_Keypair_Codec > create(DilithiumMode mode)
Definition dilithium_keys.cpp:22
Botan::Dilithium_Symmetric_Primitives_Base::create
static std::unique_ptr< Dilithium_Symmetric_Primitives_Base > create(const DilithiumConstants &mode)
Definition dilithium_symmetric_primitives.cpp:28
Botan::bitlen
constexpr auto bitlen(size_t x)
Definition pqcrystals_helpers.h:98

References Botan::bitlen(), Botan::Dilithium_Keypair_Codec::create(), Botan::Dilithium_Symmetric_Primitives_Base::create(), D, mode(), Botan::DilithiumMode::mode(), Q, SEED_RHO_BYTES, and SEED_SIGNING_KEY_BYTES.

◆ ~DilithiumConstants()

Botan::DilithiumConstants::~DilithiumConstants ( )
default

◆ DilithiumConstants() [2/3]

Botan::DilithiumConstants::DilithiumConstants ( const DilithiumConstants & other)
inline

Definition at line 90 of file dilithium_constants.h.

90: DilithiumConstants(other.m_mode) {}
Botan::DilithiumConstants::DilithiumConstants
DilithiumConstants(DilithiumMode dimension)
Definition dilithium_constants.cpp:59

◆ DilithiumConstants() [3/3]

Botan::DilithiumConstants::DilithiumConstants ( DilithiumConstants && other)
default

Member Function Documentation

◆ beta()

DilithiumBeta Botan::DilithiumConstants::beta ( ) const
inline

tau * eta

Definition at line 128 of file dilithium_constants.h.

128{ return m_beta; }

◆ canonical_parameter_set_identifier()

size_t Botan::DilithiumConstants::canonical_parameter_set_identifier ( ) const
inline
Returns
one of {44, 65, 87}

Definition at line 161 of file dilithium_constants.h.

161{ return k() * 10 + l(); }
Botan::DilithiumConstants::l
uint8_t l() const
dimensions of the expanded matrix A
Definition dilithium_constants.h:122
Botan::DilithiumConstants::k
uint8_t k() const
dimensions of the expanded matrix A
Definition dilithium_constants.h:119

References k(), and l().

◆ commitment_hash_full_bytes()

size_t Botan::DilithiumConstants::commitment_hash_full_bytes ( ) const
inline

length of the entire commitment hash 'c~' in bytes (differs between R3 and ML-DSA)

Definition at line 137 of file dilithium_constants.h.

137{ return m_commitment_hash_full_bytes; }

Referenced by Botan::Dilithium_Algos::decode_signature().

◆ eta()

DilithiumEta Botan::DilithiumConstants::eta ( ) const
inline

coefficient range of the private key's polynomial vectors 's1' and 's2'

Definition at line 125 of file dilithium_constants.h.

125{ return m_eta; }

◆ gamma1()

DilithiumGamma1 Botan::DilithiumConstants::gamma1 ( ) const
inline

coefficient range of the randomly sampled mask 'y'

Definition at line 113 of file dilithium_constants.h.

113{ return m_gamma1; }

◆ gamma2()

DilithiumGamma2 Botan::DilithiumConstants::gamma2 ( ) const
inline

low-order rounding range for decomposing the commitment from polynomial vector 'w'

Definition at line 116 of file dilithium_constants.h.

116{ return m_gamma2; }

Referenced by Botan::Dilithium_Algos::decompose(), Botan::Dilithium_Algos::make_hint(), and Botan::Dilithium_Algos::use_hint().

◆ is_aes()

bool Botan::DilithiumConstants::is_aes ( ) const
inline

Definition at line 98 of file dilithium_constants.h.

98{ return m_mode.is_aes(); }
Botan::DilithiumMode::is_aes
bool is_aes() const
Definition dilithium.cpp:98

References Botan::DilithiumMode::is_aes().

Referenced by Botan::Dilithium_Symmetric_Primitives_Base::create().

◆ is_ml_dsa()

bool Botan::DilithiumConstants::is_ml_dsa ( ) const
inline

Definition at line 100 of file dilithium_constants.h.

100{ return m_mode.is_ml_dsa(); }
Botan::DilithiumMode::is_ml_dsa
bool is_ml_dsa() const
Definition dilithium.cpp:106

References Botan::DilithiumMode::is_ml_dsa().

Referenced by Botan::Dilithium_Symmetric_Primitives_Base::create().

◆ is_modern()

bool Botan::DilithiumConstants::is_modern ( ) const
inline

Definition at line 96 of file dilithium_constants.h.

96{ return m_mode.is_modern(); }
Botan::DilithiumMode::is_modern
bool is_modern() const
Definition dilithium.cpp:102

References Botan::DilithiumMode::is_modern().

Referenced by Botan::Dilithium_Symmetric_Primitives_Base::create().

◆ k()

uint8_t Botan::DilithiumConstants::k ( ) const
inline

dimensions of the expanded matrix A

Definition at line 119 of file dilithium_constants.h.

119{ return m_k; }

Referenced by canonical_parameter_set_identifier(), Botan::Dilithium_Algos::decode_public_key(), Botan::Dilithium_Algos::decode_signature(), Botan::Dilithium_Algos::expand_A(), Botan::Dilithium_Algos::expand_s(), and Botan::ML_DSA_Symmetric_Primitives::ML_DSA_Symmetric_Primitives().

◆ keypair_codec()

Dilithium_Keypair_Codec & Botan::DilithiumConstants::keypair_codec ( ) const
inline

Definition at line 165 of file dilithium_constants.h.

165{ return *m_keypair_codec; }

Referenced by Botan::Dilithium_PrivateKey::Dilithium_PrivateKey().

◆ l()

uint8_t Botan::DilithiumConstants::l ( ) const
inline

dimensions of the expanded matrix A

Definition at line 122 of file dilithium_constants.h.

122{ return m_l; }

Referenced by canonical_parameter_set_identifier(), Botan::Dilithium_Algos::decode_signature(), Botan::Dilithium_Algos::expand_A(), Botan::Dilithium_Algos::expand_mask(), Botan::Dilithium_Algos::expand_s(), and Botan::ML_DSA_Symmetric_Primitives::ML_DSA_Symmetric_Primitives().

◆ lambda()

DilithiumLambda Botan::DilithiumConstants::lambda ( ) const
inline

collision strength of the commitment hash function

Definition at line 110 of file dilithium_constants.h.

110{ return m_lambda; }

◆ mode()

DilithiumMode Botan::DilithiumConstants::mode ( ) const
inline

Definition at line 158 of file dilithium_constants.h.

158{ return m_mode; }

Referenced by Botan::Dilithium_Expanded_Keypair_Codec::decode_keypair(), Botan::Dilithium_PrivateKey::Dilithium_PrivateKey(), Botan::Dilithium_PublicKey::Dilithium_PublicKey(), and DilithiumConstants().

◆ omega()

DilithiumOmega Botan::DilithiumConstants::omega ( ) const
inline

maximal hamming weight of the hint polynomial vector 'h'

Definition at line 131 of file dilithium_constants.h.

131{ return m_omega; }

Referenced by Botan::Dilithium_Algos::decode_signature().

◆ operator=() [1/2]

DilithiumConstants & Botan::DilithiumConstants::operator= ( const DilithiumConstants & other)
delete

◆ operator=() [2/2]

DilithiumConstants & Botan::DilithiumConstants::operator= ( DilithiumConstants && other)
default

◆ private_key_bytes()

size_t Botan::DilithiumConstants::private_key_bytes ( ) const
inline

byte length of the encoded private key

Definition at line 151 of file dilithium_constants.h.

151{ return m_private_key_bytes; }

Referenced by Botan::Dilithium_Expanded_Keypair_Codec::decode_keypair().

◆ public_key_bytes()

size_t Botan::DilithiumConstants::public_key_bytes ( ) const
inline

byte length of the encoded public key

Definition at line 148 of file dilithium_constants.h.

148{ return m_public_key_bytes; }

Referenced by Botan::Dilithium_Algos::decode_public_key(), Botan::Dilithium_PublicKey::Dilithium_PublicKey(), and Botan::Dilithium_Algos::encode_public_key().

◆ public_key_hash_bytes()

size_t Botan::DilithiumConstants::public_key_hash_bytes ( ) const
inline

length of the public key hash 'tr' in bytes (differs between R3 and ML-DSA)

Definition at line 134 of file dilithium_constants.h.

134{ return m_public_key_hash_bytes; }

◆ serialized_commitment_bytes()

size_t Botan::DilithiumConstants::serialized_commitment_bytes ( ) const
inline

byte length of the packed commitment polynomial vector 'w1'

Definition at line 154 of file dilithium_constants.h.

154{ return m_serialized_commitment_bytes; }

Referenced by Botan::Dilithium_Algos::encode_commitment().

◆ signature_bytes()

size_t Botan::DilithiumConstants::signature_bytes ( ) const
inline

byte length of the encoded signature

Definition at line 145 of file dilithium_constants.h.

145{ return m_signature_bytes; }

Referenced by Botan::Dilithium_Algos::decode_signature(), and Botan::Dilithium_Algos::encode_signature().

◆ symmetric_primitives()

Dilithium_Symmetric_Primitives_Base & Botan::DilithiumConstants::symmetric_primitives ( ) const
inline

Definition at line 163 of file dilithium_constants.h.

163{ return *m_symmetric_primitives; }

Referenced by Botan::Dilithium_Algos::expand_keypair(), Botan::Dilithium_Algos::expand_mask(), and Botan::Dilithium_Algos::sample_in_ball().

◆ tau()

DilithiumTau Botan::DilithiumConstants::tau ( ) const
inline

hamming weight of the polynomial 'c' sampled from the commitment's hash

Definition at line 107 of file dilithium_constants.h.

107{ return m_tau; }

Referenced by Botan::Dilithium_Algos::sample_in_ball().

Member Data Documentation

◆ COMMITMENT_HASH_C1_BYTES

size_t Botan::DilithiumConstants::COMMITMENT_HASH_C1_BYTES = 32
staticconstexpr

Definition at line 58 of file dilithium_constants.h.

Referenced by Botan::Dilithium_Round3_Symmetric_Primitives::truncate_commitment_hash().

◆ D

T Botan::DilithiumConstants::D = 13
staticconstexpr

number of dropped bits from t (see FIPS 204 Section 5)

Definition at line 37 of file dilithium_constants.h.

Referenced by DilithiumConstants(), and Botan::Dilithium_Algos::power2round().

◆ F

T Botan::DilithiumConstants::F = 8347681
staticconstexpr

as specified in FIPS 204 (see Algorithm 36 (NTT^-1), f = 256^-1 mod Q)

Definition at line 40 of file dilithium_constants.h.

◆ MESSAGE_HASH_BYTES

size_t Botan::DilithiumConstants::MESSAGE_HASH_BYTES = 64
staticconstexpr

Definition at line 57 of file dilithium_constants.h.

Referenced by Botan::DilithiumMessageHash::final(), and Botan::DilithiumMessageHash::name().

◆ N

T Botan::DilithiumConstants::N = 256
staticconstexpr

number of coefficients in a polynomial

Definition at line 31 of file dilithium_constants.h.

◆ NTT_Degree

size_t Botan::DilithiumConstants::NTT_Degree = 256
staticconstexpr

degree of the NTT polynomials

Definition at line 46 of file dilithium_constants.h.

◆ OPTIONAL_RANDOMNESS_BYTES

size_t Botan::DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES = 32
staticconstexpr

Definition at line 55 of file dilithium_constants.h.

Referenced by Botan::ML_DSA_Symmetric_Primitives::H_maybe_randomized().

◆ Q

T Botan::DilithiumConstants::Q = 8380417
staticconstexpr

modulus

Definition at line 34 of file dilithium_constants.h.

Referenced by DilithiumConstants(), Botan::Dilithium_Algos::infinity_norm_within_bound(), Botan::Dilithium_Algos::make_hint(), and Botan::Dilithium_Algos::use_hint().

◆ ROOT_OF_UNITY

T Botan::DilithiumConstants::ROOT_OF_UNITY = 1753
staticconstexpr

the 512-th root of unity modulo Q (see FIPS 204 Section 8.5)

Definition at line 43 of file dilithium_constants.h.

◆ SAMPLE_IN_BALL_XOF_BOUND

uint16_t Botan::DilithiumConstants::SAMPLE_IN_BALL_XOF_BOUND = 221
staticconstexpr

Definition at line 68 of file dilithium_constants.h.

◆ SAMPLE_NTT_POLY_FROM_XOF_BOUND

uint16_t Botan::DilithiumConstants::SAMPLE_NTT_POLY_FROM_XOF_BOUND = 894
staticconstexpr

Definition at line 67 of file dilithium_constants.h.

◆ SAMPLE_POLY_FROM_XOF_BOUND

uint16_t Botan::DilithiumConstants::SAMPLE_POLY_FROM_XOF_BOUND = 481
staticconstexpr

Definition at line 66 of file dilithium_constants.h.

◆ SEED_RANDOMNESS_BYTES

size_t Botan::DilithiumConstants::SEED_RANDOMNESS_BYTES = 32
staticconstexpr

Definition at line 52 of file dilithium_constants.h.

Referenced by Botan::Dilithium_PrivateKey::Dilithium_PrivateKey().

◆ SEED_RHO_BYTES

size_t Botan::DilithiumConstants::SEED_RHO_BYTES = 32
staticconstexpr

Definition at line 53 of file dilithium_constants.h.

Referenced by Botan::Dilithium_Algos::decode_public_key(), DilithiumConstants(), and Botan::Dilithium_Symmetric_Primitives_Base::H().

◆ SEED_RHOPRIME_BYTES

size_t Botan::DilithiumConstants::SEED_RHOPRIME_BYTES = 64
staticconstexpr

Definition at line 54 of file dilithium_constants.h.

Referenced by Botan::Dilithium_Symmetric_Primitives_Base::H(), and Botan::Dilithium_Round3_Symmetric_Primitives::H_maybe_randomized().

◆ SEED_SIGNING_KEY_BYTES

size_t Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES = 32
staticconstexpr

Definition at line 56 of file dilithium_constants.h.

Referenced by DilithiumConstants(), and Botan::Dilithium_Symmetric_Primitives_Base::H().

◆ SIGNING_LOOP_BOUND

uint16_t Botan::DilithiumConstants::SIGNING_LOOP_BOUND = 814
staticconstexpr

Definition at line 65 of file dilithium_constants.h.

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0