Botan 3.6.1
Crypto and TLS for C&
Public Types | Static Public Member Functions | Static Public Attributes | Protected Types | Static Protected Member Functions | Friends | List of all members
Botan::KyberPolyTraits Class Referencefinal

#include <kyber_polynomial.h>

Inheritance diagram for Botan::KyberPolyTraits:
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >

Public Types

using T
 

Static Public Member Functions

static constexpr void barrett_reduce (std::span< T, N > poly)
 
static constexpr void inverse_ntt (std::span< T, N > p)
 
static constexpr void ntt (std::span< T, N > p)
 
static constexpr void poly_add (std::span< T, N > result, std::span< const T, N > lhs, std::span< const T, N > rhs)
 
static constexpr void poly_cadd_q (std::span< T, N > coeffs)
 Adds Q if the coefficient is negative.
 
static constexpr void poly_pointwise_montgomery (std::span< T, N > result, std::span< const T, N > lhs, std::span< const T, N > rhs)
 
static constexpr void poly_sub (std::span< T, N > result, std::span< const T, N > lhs, std::span< const T, N > rhs)
 
static constexpr void polyvec_pointwise_acc_montgomery (std::span< T, N > w, std::span< const T > u, std::span< const T > v)
 Multiplication and accumulation of 2 polynomial vectors u and v.
 
static constexpr T to_montgomery (T a)
 

Static Public Attributes

static constexpr T N
 
static constexpr T Q
 

Protected Types

using T2
 

Static Protected Member Functions

static constexpr T fqmul (T a, T b)
 
static constexpr std::span< U, Npoly_in_polyvec (std::span< U > polyvec, size_t index)
 
static constexpr size_t polys_in_polyvec (std::span< const T > polyvec)
 

Static Protected Attributes

Pre-computed algorithm constants
static constexpr T Q_inverse
 
static constexpr T MONTY
 
static constexpr T MONTY_SQUARED
 
static constexpr T F_WITH_MONTY_SQUARED
 
static constexpr auto zetas
 

Friends

class CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >
 

Detailed Description

Definition at line 25 of file kyber_polynomial.h.

Member Typedef Documentation

◆ T

using Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::T
inherited

Definition at line 51 of file pqcrystals.h.

◆ T2

using Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::T2
protectedinherited

Definition at line 56 of file pqcrystals.h.

Member Function Documentation

◆ barrett_reduce()

static constexpr void Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::barrett_reduce ( std::span< T, N > poly)
inlinestaticconstexprinherited

Definition at line 120 of file pqcrystals.h.

120 {
121 for(auto& coeff : poly) {
122 coeff = DerivedT::barrett_reduce_coefficient(coeff);
123 }
124 }

Referenced by ntt().

◆ fqmul()

static constexpr T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::fqmul ( T a,
T b )
inlinestaticconstexprprotectedinherited

Definition at line 94 of file pqcrystals.h.

94{ return DerivedT::montgomery_reduce_coefficient(static_cast<T2>(a) * b); }
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::T2
next_longer_int_t< T > T2
Definition pqcrystals.h:56
Botan::b
const SIMD_8x32 & b
Definition simd_avx2_gfni.h:63

Referenced by inverse_ntt(), ntt(), and poly_pointwise_montgomery().

◆ inverse_ntt()

static constexpr void Botan::KyberPolyTraits::inverse_ntt ( std::span< T, N > p)
inlinestaticconstexpr

NIST FIPS 203, Algorithm 10 (NTT^-1)

The output is effectively multiplied by the montgomery parameter 2^16 mod q so that the input factors 2^(-16) mod q are eliminated. Note that factors 2^(-16) mod q are introduced by multiplication and reduction of values not in montgomery domain.

Produces the result of the inverse NTT transformation with a montgomery factor of (2^16 mod q) added (!). See above.

Definition at line 77 of file kyber_polynomial.h.

77 {
78 for(size_t len = 2, i = 127; len <= N / 2; len *= 2) {
79 for(size_t start = 0, j = 0; start < N; start = j + len) {
80 const auto zeta = zetas[i--];
81 for(j = start; j < start + len; ++j) {
82 const auto t = p[j];
83 p[j] = barrett_reduce_coefficient(t + p[j + len]);
84 p[j + len] = fqmul(zeta, p[j + len] - t);
85 }
86 }
87 }
88
89 for(auto& c : p) {
90 c = fqmul(c, F_WITH_MONTY_SQUARED);
91 }
92 }
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::F_WITH_MONTY_SQUARED
static constexpr T F_WITH_MONTY_SQUARED
Definition pqcrystals.h:71
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::N
static constexpr T N
Definition pqcrystals.h:52
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::fqmul
static constexpr T fqmul(T a, T b)
Definition pqcrystals.h:94
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::zetas
static constexpr auto zetas
Definition pqcrystals.h:73

References Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::F_WITH_MONTY_SQUARED, Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::fqmul(), Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::N, and Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::zetas.

◆ ntt()

static constexpr void Botan::KyberPolyTraits::ntt ( std::span< T, N > p)
inlinestaticconstexpr

NIST FIPS 203, Algorithm 9 (NTT)

Produces the result of the NTT transformation without any montgomery factors in the coefficients. Zetas are pre-computed and stored in the zetas array. The zeta values contain the montgomery factor 2^16 mod q.

Definition at line 51 of file kyber_polynomial.h.

51 {
52 for(size_t len = N / 2, i = 0; len >= 2; len /= 2) {
53 for(size_t start = 0, j = 0; start < N; start = j + len) {
54 const auto zeta = zetas[++i];
55 for(j = start; j < start + len; ++j) {
56 const auto t = fqmul(zeta, p[j + len]);
57 p[j + len] = p[j] - t;
58 p[j] = p[j] + t;
59 }
60 }
61 }
62
63 barrett_reduce(p);
64 }
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::barrett_reduce
static constexpr void barrett_reduce(std::span< T, N > poly)
Definition pqcrystals.h:120

References Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::barrett_reduce(), Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::fqmul(), Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::N, and Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::zetas.

◆ poly_add()

static constexpr void Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::poly_add ( std::span< T, N > result,
std::span< const T, N > lhs,
std::span< const T, N > rhs )
inlinestaticconstexprinherited

Definition at line 97 of file pqcrystals.h.

97 {
98 for(size_t i = 0; i < N; ++i) {
99 result[i] = lhs[i] + rhs[i];
100 }
101 }

◆ poly_cadd_q()

static constexpr void Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::poly_cadd_q ( std::span< T, N > coeffs)
inlinestaticconstexprinherited

Adds Q if the coefficient is negative.

Definition at line 110 of file pqcrystals.h.

110 {
111 for(auto& coeff : coeffs) {
112 using unsigned_T = std::make_unsigned_t<T>;
113 const auto is_negative = CT::Mask<unsigned_T>::expand_top_bit(static_cast<unsigned_T>(coeff));
114 coeff += is_negative.if_set_return(Q);
115 }
116 }
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::Q
static constexpr T Q
Definition pqcrystals.h:53
Botan::CT::Mask::expand_top_bit
static constexpr Mask< T > expand_top_bit(T v)
Definition ct_utils.h:407

◆ poly_in_polyvec()

static constexpr std::span< U, N > Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::poly_in_polyvec ( std::span< U > polyvec,
size_t index )
inlinestaticconstexprprotectedinherited
Returns
the index-th polynomial in the polynomial vector polyvec.

Definition at line 87 of file pqcrystals.h.

87 {
88 BOTAN_DEBUG_ASSERT(polyvec.size() % N == 0);
89 BOTAN_DEBUG_ASSERT(polyvec.size() / N > index);
90 auto polyspan = polyvec.subspan(index * N, N);
91 return std::span<U, N>{polyspan.data(), polyspan.size()};
92 }
BOTAN_DEBUG_ASSERT
#define BOTAN_DEBUG_ASSERT(expr)
Definition assert.h:98

◆ poly_pointwise_montgomery()

static constexpr void Botan::KyberPolyTraits::poly_pointwise_montgomery ( std::span< T, N > result,
std::span< const T, N > lhs,
std::span< const T, N > rhs )
inlinestaticconstexpr

NIST FIPS 203, Algorithms 11 (MultiplyNTTs) and 12 (BaseCaseMultiply)

The result contains factors of 2^(-16) mod q (i.e. the inverse montgomery factor). This factor is eliminated by the inverse NTT transformation, see above.

NIST FIPS 203, Algorithm 12 (BaseCaseMultiply)

Definition at line 100 of file kyber_polynomial.h.

102 {
103 /**
104 * NIST FIPS 203, Algorithm 12 (BaseCaseMultiply)
105 */
106 auto basemul = [](const auto a, const auto b, const T zeta) -> std::tuple<T, T> {
107 return {static_cast<T>(fqmul(a[0], b[0]) + fqmul(fqmul(a[1], b[1]), zeta)),
108 static_cast<T>(fqmul(a[0], b[1]) + fqmul(a[1], b[0]))};
109 };
110
111 auto Tq_elem_count = [](auto p) { return p.size() / 2; };
112
113 auto Tq_elem = [](auto p, size_t i) {
114 if constexpr(std::is_const_v<typename decltype(p)::element_type>) {
115 return std::array<T, 2>{p[2 * i], p[2 * i + 1]};
116 } else {
117 return std::tuple<T&, T&>{p[2 * i], p[2 * i + 1]};
118 }
119 };
120
121 for(size_t i = 0; i < Tq_elem_count(result) / 2; ++i) {
122 const auto zeta = zetas[64 + i];
123 Tq_elem(result, 2 * i) = basemul(Tq_elem(lhs, 2 * i), Tq_elem(rhs, 2 * i), zeta);
124 Tq_elem(result, 2 * i + 1) = basemul(Tq_elem(lhs, 2 * i + 1), Tq_elem(rhs, 2 * i + 1), -zeta);
125 }
126 }
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::T
typename ConstantsT::T T
Definition pqcrystals.h:51

References Botan::b, Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::fqmul(), and Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::zetas.

◆ poly_sub()

static constexpr void Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::poly_sub ( std::span< T, N > result,
std::span< const T, N > lhs,
std::span< const T, N > rhs )
inlinestaticconstexprinherited

Definition at line 103 of file pqcrystals.h.

103 {
104 for(size_t i = 0; i < N; ++i) {
105 result[i] = lhs[i] - rhs[i];
106 }
107 }

◆ polys_in_polyvec()

static constexpr size_t Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::polys_in_polyvec ( std::span< const T > polyvec)
inlinestaticconstexprprotectedinherited
Returns
the number of polynomials in the polynomial vector polyvec.

Definition at line 79 of file pqcrystals.h.

79 {
80 BOTAN_DEBUG_ASSERT(polyvec.size() % N == 0);
81 return polyvec.size() / N;
82 }

◆ polyvec_pointwise_acc_montgomery()

static constexpr void Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::polyvec_pointwise_acc_montgomery ( std::span< T, N > w,
std::span< const T > u,
std::span< const T > v )
inlinestaticconstexprinherited

Multiplication and accumulation of 2 polynomial vectors u and v.

Definition at line 127 of file pqcrystals.h.

129 {
130 clear_mem(w);
131 std::array<T, N> t;
132 for(size_t i = 0; i < polys_in_polyvec(u); ++i) {
133 DerivedT::poly_pointwise_montgomery(t, poly_in_polyvec(u, i), poly_in_polyvec(v, i));
134 poly_add(w, w, t);
135 }
136 barrett_reduce(w);
137 }
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::poly_add
static constexpr void poly_add(std::span< T, N > result, std::span< const T, N > lhs, std::span< const T, N > rhs)
Definition pqcrystals.h:97
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::polys_in_polyvec
static constexpr size_t polys_in_polyvec(std::span< const T > polyvec)
Definition pqcrystals.h:79
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::poly_in_polyvec
static constexpr std::span< U, N > poly_in_polyvec(std::span< U > polyvec, size_t index)
Definition pqcrystals.h:87
Botan::clear_mem
constexpr void clear_mem(T *ptr, size_t n)
Definition mem_ops.h:120

◆ to_montgomery()

static constexpr T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::to_montgomery ( T a)
inlinestaticconstexprinherited

Definition at line 118 of file pqcrystals.h.

118{ return fqmul(a, MONTY_SQUARED); }
Botan::CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >::MONTY_SQUARED
static constexpr T MONTY_SQUARED
Definition pqcrystals.h:63

Friends And Related Symbol Documentation

◆ CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >

friend class CRYSTALS::Trait_Base< KyberConstants, KyberPolyTraits >
friend

Definition at line 25 of file kyber_polynomial.h.

Member Data Documentation

◆ F_WITH_MONTY_SQUARED

T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::F_WITH_MONTY_SQUARED
staticconstexprprotectedinherited

Definition at line 71 of file pqcrystals.h.

Referenced by inverse_ntt().

◆ MONTY

T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::MONTY
staticconstexprprotectedinherited

Definition at line 62 of file pqcrystals.h.

◆ MONTY_SQUARED

T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::MONTY_SQUARED
staticconstexprprotectedinherited

Definition at line 63 of file pqcrystals.h.

◆ N

T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::N
staticconstexprinherited

Definition at line 52 of file pqcrystals.h.

Referenced by inverse_ntt(), and ntt().

◆ Q

T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::Q
staticconstexprinherited

Definition at line 53 of file pqcrystals.h.

◆ Q_inverse

T Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::Q_inverse
staticconstexprprotectedinherited

Definition at line 61 of file pqcrystals.h.

◆ zetas

auto Botan::CRYSTALS::Trait_Base< ConstantsT, KyberPolyTraits >::zetas
staticconstexprprotectedinherited

Definition at line 73 of file pqcrystals.h.

Referenced by inverse_ntt(), ntt(), and poly_pointwise_montgomery().

The documentation for this class was generated from the following file:
Generated by doxygen 1.12.0