Botan 3.6.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::ML_DSA_Symmetric_Primitives Class Referencefinal

#include <ml_dsa_impl.h>

Inheritance diagram for Botan::ML_DSA_Symmetric_Primitives:
Botan::Dilithium_Symmetric_Primitives_Base

Public Member Functions

std::unique_ptr< DilithiumMessageHashget_message_hash (DilithiumHashedPublicKey tr) const override
 
SHAKE_256_XOFH (StrongSpan< const DilithiumCommitmentHash > seed) const
 
DilithiumCommitmentHash H (StrongSpan< const DilithiumMessageRepresentative > mu, StrongSpan< const DilithiumSerializedCommitment > w1) const
 
std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedKH (StrongSpan< const DilithiumSeedRandomness > seed) const
 
Botan::XOFH (StrongSpan< const DilithiumSeedRho > seed, uint16_t nonce) const
 
Botan::XOFH (StrongSpan< const DilithiumSeedRhoPrime > seed, uint16_t nonce) const
 
DilithiumHashedPublicKey H (StrongSpan< const DilithiumSerializedPublicKey > pk) const
 
DilithiumSeedRhoPrime H_maybe_randomized (StrongSpan< const DilithiumSigningSeedK > k, StrongSpan< const DilithiumMessageRepresentative > mu, std::optional< std::reference_wrapper< RandomNumberGenerator > > rng) const override
 
 ML_DSA_Symmetric_Primitives (const DilithiumConstants &mode)
 
std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator () const override
 
StrongSpan< const DilithiumCommitmentHashtruncate_commitment_hash (StrongSpan< const DilithiumCommitmentHash > seed) const override
 

Static Public Member Functions

static std::unique_ptr< Dilithium_Symmetric_Primitives_Basecreate (const DilithiumConstants &mode)
 

Protected Member Functions

template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT H_256 (size_t outbytes, InTs &&... ins) const
 

Detailed Description

Definition at line 54 of file ml_dsa_impl.h.

Constructor & Destructor Documentation

◆ ML_DSA_Symmetric_Primitives()

Botan::ML_DSA_Symmetric_Primitives::ML_DSA_Symmetric_Primitives ( const DilithiumConstants & mode)
inline

Definition at line 64 of file ml_dsa_impl.h.

64 :
65 Dilithium_Symmetric_Primitives_Base(mode, std::make_unique<DilithiumShakeXOF>()),
66 m_seed_expansion_domain_separator({mode.k(), mode.l()}) {}
Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base
Dilithium_Symmetric_Primitives_Base(const DilithiumConstants &mode, std::unique_ptr< DilithiumXOF > xof_adapter)
Definition dilithium_symmetric_primitives.h:103

References Botan::DilithiumConstants::k(), and Botan::DilithiumConstants::l().

Member Function Documentation

◆ create()

std::unique_ptr< Dilithium_Symmetric_Primitives_Base > Botan::Dilithium_Symmetric_Primitives_Base::create ( const DilithiumConstants & mode)
staticinherited

Definition at line 28 of file dilithium_symmetric_primitives.cpp.

29 {
30#if defined(BOTAN_HAS_DILITHIUM)
31 if(mode.is_modern() && !mode.is_ml_dsa()) {
32 return std::make_unique<Dilithium_Symmetric_Primitives>(mode);
33 }
34#endif
35
36#if defined(BOTAN_HAS_DILITHIUM_AES)
37 if(mode.is_aes()) {
38 return std::make_unique<Dilithium_AES_Symmetric_Primitives>(mode);
39 }
40#endif
41
42#if defined(BOTAN_HAS_ML_DSA)
43 if(mode.is_ml_dsa()) {
44 return std::make_unique<ML_DSA_Symmetric_Primitives>(mode);
45 }
46#endif
47
48 throw Not_Implemented("requested ML-DSA/Dilithium mode is not implemented in this build");
49}

References Botan::DilithiumConstants::is_aes(), Botan::DilithiumConstants::is_ml_dsa(), and Botan::DilithiumConstants::is_modern().

Referenced by Botan::DilithiumConstants::DilithiumConstants().

◆ get_message_hash()

std::unique_ptr< DilithiumMessageHash > Botan::ML_DSA_Symmetric_Primitives::get_message_hash ( DilithiumHashedPublicKey tr) const
inlineoverridevirtual

Reimplemented from Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 88 of file ml_dsa_impl.h.

88 {
89 return std::make_unique<ML_DSA_MessageHash>(std::move(tr));
90 }

◆ H() [1/6]

SHAKE_256_XOF & Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumCommitmentHash > seed) const
inlineinherited

Definition at line 156 of file dilithium_symmetric_primitives.h.

156 {
157 m_xof_external.clear();
158 m_xof_external.update(truncate_commitment_hash(seed));
159 return m_xof_external;
160 }
Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash
virtual StrongSpan< const DilithiumCommitmentHash > truncate_commitment_hash(StrongSpan< const DilithiumCommitmentHash > seed) const =0
Botan::XOF::clear
void clear()
Definition xof.h:66
Botan::XOF::update
void update(std::span< const uint8_t > input)
Definition xof.h:142

References Botan::XOF::clear(), Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash(), and Botan::XOF::update().

◆ H() [2/6]

DilithiumCommitmentHash Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumMessageRepresentative > mu,
StrongSpan< const DilithiumSerializedCommitment > w1 ) const
inlineinherited

Definition at line 151 of file dilithium_symmetric_primitives.h.

152 {
153 return H_256<DilithiumCommitmentHash>(m_commitment_hash_length_bytes, mu, w1);
154 }
Botan::Dilithium_Symmetric_Primitives_Base::H_256
OutT H_256(size_t outbytes, InTs &&... ins) const
Definition dilithium_symmetric_primitives.h:191

References Botan::Dilithium_Symmetric_Primitives_Base::H_256().

◆ H() [3/6]

std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedK > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRandomness > seed) const
inlineinherited

Definition at line 133 of file dilithium_symmetric_primitives.h.

134 {
135 m_xof.update(seed);
136 if(auto domsep = seed_expansion_domain_separator()) {
137 m_xof.update(domsep.value());
138 }
139
140 // Note: The order of invocations in an initializer list is not
141 // guaranteed by the C++ standard. Hence, we have to store the
142 // results in variables to ensure the correct order of execution.
143 auto rho = m_xof.output<DilithiumSeedRho>(DilithiumConstants::SEED_RHO_BYTES);
144 auto rhoprime = m_xof.output<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES);
145 auto k = m_xof.output<DilithiumSigningSeedK>(DilithiumConstants::SEED_SIGNING_KEY_BYTES);
146 m_xof.clear();
147
148 return {std::move(rho), std::move(rhoprime), std::move(k)};
149 }
Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES
static constexpr size_t SEED_SIGNING_KEY_BYTES
Definition dilithium_constants.h:56
Botan::DilithiumConstants::SEED_RHOPRIME_BYTES
static constexpr size_t SEED_RHOPRIME_BYTES
Definition dilithium_constants.h:54
Botan::DilithiumConstants::SEED_RHO_BYTES
static constexpr size_t SEED_RHO_BYTES
Definition dilithium_constants.h:53
Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator
virtual std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator() const =0
Botan::XOF::output
T output(size_t bytes)
Definition xof.h:155
Botan::DilithiumSeedRhoPrime
Strong< secure_vector< uint8_t >, struct DilithiumSeedRhoPrime_ > DilithiumSeedRhoPrime
Private seed to sample the polynomial vectors s1 and s2 from.
Definition dilithium_types.h:36
Botan::rho
constexpr T rho(T x)
Definition rotate.h:51
Botan::DilithiumSigningSeedK
Strong< secure_vector< uint8_t >, struct DilithiumSeedK_ > DilithiumSigningSeedK
Private seed K used during signing.
Definition dilithium_types.h:42
Botan::DilithiumSeedRho
Strong< std::vector< uint8_t >, struct DilithiumPublicSeed_ > DilithiumSeedRho
Public seed to sample the polynomial matrix A from.
Definition dilithium_types.h:33

References Botan::XOF::clear(), Botan::XOF::output(), Botan::rho(), Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator(), Botan::DilithiumConstants::SEED_RHO_BYTES, Botan::DilithiumConstants::SEED_RHOPRIME_BYTES, Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES, and Botan::XOF::update().

◆ H() [4/6]

Botan::XOF & Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRho > seed,
uint16_t nonce ) const
inlineinherited

Definition at line 164 of file dilithium_symmetric_primitives.h.

164 {
165 return m_xof_adapter->XOF128(seed, nonce);
166 }

◆ H() [5/6]

Botan::XOF & Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRhoPrime > seed,
uint16_t nonce ) const
inlineinherited

Definition at line 170 of file dilithium_symmetric_primitives.h.

170 {
171 return m_xof_adapter->XOF256(seed, nonce);
172 }

◆ H() [6/6]

DilithiumHashedPublicKey Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSerializedPublicKey > pk) const
inlineinherited

Definition at line 129 of file dilithium_symmetric_primitives.h.

129 {
130 return H_256<DilithiumHashedPublicKey>(m_public_key_hash_bytes, pk);
131 }

References Botan::Dilithium_Symmetric_Primitives_Base::H_256().

Referenced by Botan::Dilithium_Algos::expand_mask(), and Botan::Dilithium_Algos::sample_in_ball().

◆ H_256()

template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT Botan::Dilithium_Symmetric_Primitives_Base::H_256 ( size_t outbytes,
InTs &&... ins ) const
inlineprotectedinherited

Definition at line 191 of file dilithium_symmetric_primitives.h.

191 {
192 scoped_cleanup clean([this]() { m_xof.clear(); });
193 (m_xof.update(ins), ...);
194 return m_xof.output<OutT>(outbytes);
195 }

References Botan::XOF::clear(), Botan::XOF::output(), and Botan::XOF::update().

Referenced by Botan::Dilithium_Symmetric_Primitives_Base::H(), and Botan::Dilithium_Symmetric_Primitives_Base::H().

◆ H_maybe_randomized()

DilithiumSeedRhoPrime Botan::ML_DSA_Symmetric_Primitives::H_maybe_randomized ( StrongSpan< const DilithiumSigningSeedK > k,
StrongSpan< const DilithiumMessageRepresentative > mu,
std::optional< std::reference_wrapper< RandomNumberGenerator > > rng ) const
inlineoverridevirtual

Computes the private random seed rho prime used for signing if a rng is given, the seed is randomized

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 68 of file ml_dsa_impl.h.

71 {
72 // NIST FIPS 204, Algorithm 2 (ML-DSA.Sign), line 5-8:
73 const auto rnd = [&] {
74 DilithiumOptionalRandomness optional_randomness(DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES);
75 if(rng.has_value()) {
76 rng->get().randomize(optional_randomness);
77 }
78 return optional_randomness;
79 }();
80 return H(k, rnd, mu);
81 }
Botan::DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES
static constexpr size_t OPTIONAL_RANDOMNESS_BYTES
Definition dilithium_constants.h:55
Botan::DilithiumOptionalRandomness
Strong< secure_vector< uint8_t >, struct DilithiumOptionalRandomness_ > DilithiumOptionalRandomness
Optional randomness 'rnd' used for rho prime computation in ML-DSA.
Definition dilithium_types.h:39

References Botan::DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES.

◆ seed_expansion_domain_separator()

std::optional< std::array< uint8_t, 2 > > Botan::ML_DSA_Symmetric_Primitives::seed_expansion_domain_separator ( ) const
inlineoverridevirtual

Creates the domain separator for the initial seed expansion. The return value may be std::nullopt meaning that no domain separation is required (for Dilithium).

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 92 of file ml_dsa_impl.h.

92 {
93 return m_seed_expansion_domain_separator;
94 }

◆ truncate_commitment_hash()

StrongSpan< const DilithiumCommitmentHash > Botan::ML_DSA_Symmetric_Primitives::truncate_commitment_hash ( StrongSpan< const DilithiumCommitmentHash > seed) const
inlineoverridevirtual

Implemented by the derived classes to truncate the commitment hash to the correct length. This is a customization point to enable support for the final ML-DSA standard.

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 83 of file ml_dsa_impl.h.

84 {
85 return seed;
86 }
The documentation for this class was generated from the following file:
Generated by doxygen 1.12.0