#include <dilithium_round3_symmetric_primitives.h>

Inheritance diagram for Botan::Dilithium_Round3_Symmetric_Primitives:

Public Member Functions
	Dilithium_Symmetric_Primitives_Base (const Dilithium_Symmetric_Primitives_Base &)=delete

	Dilithium_Symmetric_Primitives_Base (const DilithiumConstants &mode, std::unique_ptr< DilithiumXOF > xof_adapter)

	Dilithium_Symmetric_Primitives_Base (Dilithium_Symmetric_Primitives_Base &&)=delete

virtual std::unique_ptr< DilithiumMessageHash >	get_message_hash (DilithiumHashedPublicKey tr) const

SHAKE_256_XOF &	H (StrongSpan< const DilithiumCommitmentHash > seed) const

DilithiumCommitmentHash	H (StrongSpan< const DilithiumMessageRepresentative > mu, StrongSpan< const DilithiumSerializedCommitment > w1) const

std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedK >	H (StrongSpan< const DilithiumSeedRandomness > seed) const

Botan::XOF &	H (StrongSpan< const DilithiumSeedRho > seed, uint16_t nonce) const

Botan::XOF &	H (StrongSpan< const DilithiumSeedRhoPrime > seed, uint16_t nonce) const

DilithiumHashedPublicKey	H (StrongSpan< const DilithiumSerializedPublicKey > pk) const

DilithiumSeedRhoPrime	H_maybe_randomized (StrongSpan< const DilithiumSigningSeedK > k, StrongSpan< const DilithiumMessageRepresentative > mu, std::optional< std::reference_wrapper< RandomNumberGenerator > > rng) const final

std::optional< std::array< uint8_t, 2 > >	seed_expansion_domain_separator () const final

StrongSpan< const DilithiumCommitmentHash >	truncate_commitment_hash (StrongSpan< const DilithiumCommitmentHash > seed) const final

Static Public Member Functions
static std::unique_ptr< Dilithium_Symmetric_Primitives_Base >	create (const DilithiumConstants &mode)

Protected Member Functions
template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT	H_256 (size_t outbytes, InTs &&... ins) const

Detailed Description

Definition at line 27 of file dilithium_round3_symmetric_primitives.h.

Member Function Documentation

◆ create()

std::unique_ptr< Dilithium_Symmetric_Primitives_Base > Botan::Dilithium_Symmetric_Primitives_Base::create ( const DilithiumConstants & mode )

staticinherited

Definition at line 28 of file dilithium_symmetric_primitives.cpp.

                                   {
#if defined(BOTAN_HAS_DILITHIUM)
   if(mode.is_modern() && !mode.is_ml_dsa()) {
      return std::make_unique<Dilithium_Symmetric_Primitives>(mode);
   }
#endif
 
#if defined(BOTAN_HAS_DILITHIUM_AES)
   if(mode.is_aes()) {
      return std::make_unique<Dilithium_AES_Symmetric_Primitives>(mode);
   }
#endif
 
#if defined(BOTAN_HAS_ML_DSA)
   if(mode.is_ml_dsa()) {
      return std::make_unique<ML_DSA_Symmetric_Primitives>(mode);
   }
#endif
 
   throw Not_Implemented("requested ML-DSA/Dilithium mode is not implemented in this build");
}

References Botan::DilithiumConstants::is_aes(), Botan::DilithiumConstants::is_ml_dsa(), and Botan::DilithiumConstants::is_modern().

Referenced by Botan::DilithiumConstants::DilithiumConstants().

◆ Dilithium_Symmetric_Primitives_Base() [1/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( const Dilithium_Symmetric_Primitives_Base & )

delete

◆ Dilithium_Symmetric_Primitives_Base() [2/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base	(	const DilithiumConstants &	mode,
		std::unique_ptr< DilithiumXOF >	xof_adapter )

inline

Definition at line 103 of file dilithium_symmetric_primitives.h.

                                                                                                                   :
            m_commitment_hash_length_bytes(mode.commitment_hash_full_bytes()),
            m_public_key_hash_bytes(mode.public_key_hash_bytes()),
            m_mode(mode.mode()),
            m_xof_adapter(std::move(xof_adapter)) {}

◆ Dilithium_Symmetric_Primitives_Base() [3/3]

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base ( Dilithium_Symmetric_Primitives_Base && )

delete

◆ get_message_hash()

virtual std::unique_ptr< DilithiumMessageHash > Botan::Dilithium_Symmetric_Primitives_Base::get_message_hash ( DilithiumHashedPublicKey tr ) const

inlinevirtualinherited

Reimplemented in Botan::ML_DSA_Symmetric_Primitives.

Definition at line 118 of file dilithium_symmetric_primitives.h.

                                                                                                      {
         return std::make_unique<DilithiumMessageHash>(std::move(tr));
      }

◆ H() [1/6]

SHAKE_256_XOF & Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumCommitmentHash > seed ) const

inlineinherited

Definition at line 156 of file dilithium_symmetric_primitives.h.

                                                                             {
         m_xof_external.clear();
         m_xof_external.update(truncate_commitment_hash(seed));
         return m_xof_external;
      }

References Botan::XOF::clear(), Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash(), and Botan::XOF::update().

◆ H() [2/6]

DilithiumCommitmentHash Botan::Dilithium_Symmetric_Primitives_Base::H	(	StrongSpan< const DilithiumMessageRepresentative >	mu,
		StrongSpan< const DilithiumSerializedCommitment >	w1 ) const

inlineinherited

Definition at line 151 of file dilithium_symmetric_primitives.h.

                                                                                          {
         return H_256<DilithiumCommitmentHash>(m_commitment_hash_length_bytes, mu, w1);
      }

References Botan::Dilithium_Symmetric_Primitives_Base::H_256().

◆ H() [3/6]

std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedK > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRandomness > seed ) const

inlineinherited

Definition at line 133 of file dilithium_symmetric_primitives.h.

                                                               {
         m_xof.update(seed);
         if(auto domsep = seed_expansion_domain_separator()) {
            m_xof.update(domsep.value());
         }
 
         // Note: The order of invocations in an initializer list is not
         //       guaranteed by the C++ standard. Hence, we have to store the
         //       results in variables to ensure the correct order of execution.
         auto rho = m_xof.output<DilithiumSeedRho>(DilithiumConstants::SEED_RHO_BYTES);
         auto rhoprime = m_xof.output<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES);
         auto k = m_xof.output<DilithiumSigningSeedK>(DilithiumConstants::SEED_SIGNING_KEY_BYTES);
         m_xof.clear();
 
         return {std::move(rho), std::move(rhoprime), std::move(k)};
      }

References Botan::XOF::clear(), Botan::XOF::output(), Botan::rho(), Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator(), Botan::DilithiumConstants::SEED_RHO_BYTES, Botan::DilithiumConstants::SEED_RHOPRIME_BYTES, Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES, and Botan::XOF::update().

◆ H() [4/6]

Botan::XOF & Botan::Dilithium_Symmetric_Primitives_Base::H	(	StrongSpan< const DilithiumSeedRho >	seed,
		uint16_t	nonce ) const

inlineinherited

Definition at line 164 of file dilithium_symmetric_primitives.h.

                                                                                 {
         return m_xof_adapter->XOF128(seed, nonce);
      }

◆ H() [5/6]

Botan::XOF & Botan::Dilithium_Symmetric_Primitives_Base::H	(	StrongSpan< const DilithiumSeedRhoPrime >	seed,
		uint16_t	nonce ) const

inlineinherited

Definition at line 170 of file dilithium_symmetric_primitives.h.

                                                                                      {
         return m_xof_adapter->XOF256(seed, nonce);
      }

◆ H() [6/6]

DilithiumHashedPublicKey Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSerializedPublicKey > pk ) const

inlineinherited

Definition at line 129 of file dilithium_symmetric_primitives.h.

                                                                                          {
         return H_256<DilithiumHashedPublicKey>(m_public_key_hash_bytes, pk);
      }

References Botan::Dilithium_Symmetric_Primitives_Base::H_256().

Referenced by Botan::Dilithium_Algos::expand_mask(), and Botan::Dilithium_Algos::sample_in_ball().

◆ H_256()

template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>

OutT Botan::Dilithium_Symmetric_Primitives_Base::H_256	(	size_t	outbytes,
		InTs &&...	ins ) const

inlineprotectedinherited

Definition at line 191 of file dilithium_symmetric_primitives.h.

                                                       {
         scoped_cleanup clean([this]() { m_xof.clear(); });
         (m_xof.update(ins), ...);
         return m_xof.output<OutT>(outbytes);
      }

References Botan::XOF::clear(), Botan::XOF::output(), and Botan::XOF::update().

Referenced by Botan::Dilithium_Symmetric_Primitives_Base::H(), and Botan::Dilithium_Symmetric_Primitives_Base::H().

◆ H_maybe_randomized()

DilithiumSeedRhoPrime Botan::Dilithium_Round3_Symmetric_Primitives::H_maybe_randomized	(	StrongSpan< const DilithiumSigningSeedK >	k,
		StrongSpan< const DilithiumMessageRepresentative >	mu,
		std::optional< std::reference_wrapper< RandomNumberGenerator > >	rng ) const

inlinefinalvirtual

Computes the private random seed rho prime used for signing if a rng is given, the seed is randomized

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 38 of file dilithium_round3_symmetric_primitives.h.

                                                                                   {
         // Dilitihium R3, Figure 4, l. 12:
         //   p' in {0, 1}^512 := H(K || mu) (or p' <- {0, 1}^512 for randomized signing)
         return (rng.has_value())
                   ? rng->get().random_vec<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES)
                   : H(k, mu);
      }

References Botan::DilithiumConstants::SEED_RHOPRIME_BYTES.

◆ seed_expansion_domain_separator()

std::optional< std::array< uint8_t, 2 > > Botan::Dilithium_Round3_Symmetric_Primitives::seed_expansion_domain_separator ( ) const

inlinefinalvirtual

Creates the domain separator for the initial seed expansion. The return value may be std::nullopt meaning that no domain separation is required (for Dilithium).

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 55 of file dilithium_round3_symmetric_primitives.h.

                                                                                      {
         // Dilithium does not require domain separation when expanding its
         // seeds from the input randomness.
         return std::nullopt;
      }

◆ truncate_commitment_hash()

StrongSpan< const DilithiumCommitmentHash > Botan::Dilithium_Round3_Symmetric_Primitives::truncate_commitment_hash ( StrongSpan< const DilithiumCommitmentHash > seed ) const

inlinefinalvirtual

Implemented by the derived classes to truncate the commitment hash to the correct length. This is a customization point to enable support for the final ML-DSA standard.

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 49 of file dilithium_round3_symmetric_primitives.h.

                                                                     {
         return StrongSpan<const DilithiumCommitmentHash>(
            seed.get().first(DilithiumConstants::COMMITMENT_HASH_C1_BYTES));
      }

References Botan::DilithiumConstants::COMMITMENT_HASH_C1_BYTES.

The documentation for this class was generated from the following file:

src/lib/pubkey/dilithium/dilithium_round3/dilithium_round3_symmetric_primitives.h

Public Member Functions

Static Public Member Functions

Protected Member Functions

Detailed Description

Member Function Documentation

◆ create()

◆ Dilithium_Symmetric_Primitives_Base() [1/3]

◆ Dilithium_Symmetric_Primitives_Base() [2/3]

◆ Dilithium_Symmetric_Primitives_Base() [3/3]

◆ get_message_hash()

◆ H() [1/6]

◆ H() [2/6]

◆ H() [3/6]

◆ H() [4/6]

◆ H() [5/6]

◆ H() [6/6]

◆ H_256()

◆ H_maybe_randomized()

◆ seed_expansion_domain_separator()

◆ truncate_commitment_hash()