Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | Protected Member Functions | List of all members
Botan::ML_DSA_Symmetric_Primitives Class Referencefinal

#include <ml_dsa_impl.h>

Inheritance diagram for Botan::ML_DSA_Symmetric_Primitives:
Botan::Dilithium_Symmetric_Primitives_Base

Public Member Functions

std::unique_ptr< DilithiumMessageHashget_message_hash (DilithiumHashedPublicKey tr) const override
std::unique_ptr< XOFH (StrongSpan< const DilithiumCommitmentHash > seed) const
DilithiumCommitmentHash H (StrongSpan< const DilithiumMessageRepresentative > mu, StrongSpan< const DilithiumSerializedCommitment > w1) const
std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedKH (StrongSpan< const DilithiumSeedRandomness > seed) const
std::unique_ptr< XOFH (StrongSpan< const DilithiumSeedRho > seed, uint16_t nonce) const
std::unique_ptr< XOFH (StrongSpan< const DilithiumSeedRhoPrime > seed, uint16_t nonce) const
DilithiumHashedPublicKey H (StrongSpan< const DilithiumSerializedPublicKey > pk) const
DilithiumSeedRhoPrime H_maybe_randomized (StrongSpan< const DilithiumSigningSeedK > k, StrongSpan< const DilithiumMessageRepresentative > mu, std::optional< std::reference_wrapper< RandomNumberGenerator > > rng) const override
 ML_DSA_Symmetric_Primitives (const DilithiumConstants &mode)
std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator () const override
StrongSpan< const DilithiumCommitmentHashtruncate_commitment_hash (StrongSpan< const DilithiumCommitmentHash > seed) const override

Static Public Member Functions

static std::unique_ptr< Dilithium_Symmetric_Primitives_Basecreate (const DilithiumConstants &mode)

Protected Member Functions

template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT H_256 (size_t outbytes, const InTs &... ins) const

Detailed Description

Definition at line 54 of file ml_dsa_impl.h.

Constructor & Destructor Documentation

◆ ML_DSA_Symmetric_Primitives()

Botan::ML_DSA_Symmetric_Primitives::ML_DSA_Symmetric_Primitives ( const DilithiumConstants & mode)
inlineexplicit

Definition at line 64 of file ml_dsa_impl.h.

64 :
65 Dilithium_Symmetric_Primitives_Base(mode, std::make_unique<DilithiumShakeXOF>()),
66 m_seed_expansion_domain_separator({mode.k(), mode.l()}) {}
Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base
Dilithium_Symmetric_Primitives_Base(const DilithiumConstants &mode, std::unique_ptr< DilithiumXOF > xof_adapter)
Definition dilithium_symmetric_primitives.cpp:39

References Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base(), Botan::DilithiumConstants::k(), and Botan::DilithiumConstants::l().

Member Function Documentation

◆ create()

std::unique_ptr< Dilithium_Symmetric_Primitives_Base > Botan::Dilithium_Symmetric_Primitives_Base::create ( const DilithiumConstants & mode)
staticinherited

Definition at line 46 of file dilithium_symmetric_primitives.cpp.

47 {
48#if defined(BOTAN_HAS_DILITHIUM)
49 if(mode.is_modern() && !mode.is_ml_dsa()) {
50 return std::make_unique<Dilithium_Symmetric_Primitives>(mode);
51 }
52#endif
53
54#if defined(BOTAN_HAS_DILITHIUM_AES)
55 if(mode.is_aes()) {
56 return std::make_unique<Dilithium_AES_Symmetric_Primitives>(mode);
57 }
58#endif
59
60#if defined(BOTAN_HAS_ML_DSA)
61 if(mode.is_ml_dsa()) {
62 return std::make_unique<ML_DSA_Symmetric_Primitives>(mode);
63 }
64#endif
65
66 throw Not_Implemented("requested ML-DSA/Dilithium mode is not implemented in this build");
67}

References Botan::DilithiumConstants::is_aes(), Botan::DilithiumConstants::is_ml_dsa(), and Botan::DilithiumConstants::is_modern().

Referenced by Botan::DilithiumConstants::DilithiumConstants().

◆ get_message_hash()

std::unique_ptr< DilithiumMessageHash > Botan::ML_DSA_Symmetric_Primitives::get_message_hash ( DilithiumHashedPublicKey tr) const
inlineoverridevirtual

Reimplemented from Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 88 of file ml_dsa_impl.h.

88 {
89 return std::make_unique<ML_DSA_MessageHash>(std::move(tr));
90 }

◆ H() [1/6]

std::unique_ptr< XOF > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumCommitmentHash > seed) const
inlineinherited

Definition at line 147 of file dilithium_symmetric_primitives.h.

147 {
148 auto xof = XOF::create_or_throw("SHAKE-256");
149 xof->update(truncate_commitment_hash(seed));
150 return xof;
151 }
Botan::Dilithium_Symmetric_Primitives_Base::truncate_commitment_hash
virtual StrongSpan< const DilithiumCommitmentHash > truncate_commitment_hash(StrongSpan< const DilithiumCommitmentHash > seed) const =0
Botan::XOF::create_or_throw
static std::unique_ptr< XOF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition xof.cpp:54

References Botan::XOF::create_or_throw(), and truncate_commitment_hash().

◆ H() [2/6]

DilithiumCommitmentHash Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumMessageRepresentative > mu,
StrongSpan< const DilithiumSerializedCommitment > w1 ) const
inlineinherited

Definition at line 142 of file dilithium_symmetric_primitives.h.

143 {
144 return H_256<DilithiumCommitmentHash>(m_commitment_hash_length_bytes, mu, w1);
145 }
Botan::Dilithium_Symmetric_Primitives_Base::H_256
OutT H_256(size_t outbytes, const InTs &... ins) const
Definition dilithium_symmetric_primitives.h:178

References H_256().

◆ H() [3/6]

std::tuple< DilithiumSeedRho, DilithiumSeedRhoPrime, DilithiumSigningSeedK > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRandomness > seed) const
inlineinherited

Definition at line 124 of file dilithium_symmetric_primitives.h.

125 {
126 auto xof = XOF::create_or_throw("SHAKE-256");
127 xof->update(seed);
128 if(auto domsep = seed_expansion_domain_separator()) {
129 xof->update(domsep.value());
130 }
131
132 // Note: The order of invocations in an initializer list is not
133 // guaranteed by the C++ standard. Hence, we have to store the
134 // results in variables to ensure the correct order of execution.
135 auto rho = xof->output<DilithiumSeedRho>(DilithiumConstants::SEED_RHO_BYTES);
136 auto rhoprime = xof->output<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES);
137 auto k = xof->output<DilithiumSigningSeedK>(DilithiumConstants::SEED_SIGNING_KEY_BYTES);
138
139 return {std::move(rho), std::move(rhoprime), std::move(k)};
140 }
Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES
static constexpr size_t SEED_SIGNING_KEY_BYTES
Definition dilithium_constants.h:56
Botan::DilithiumConstants::SEED_RHOPRIME_BYTES
static constexpr size_t SEED_RHOPRIME_BYTES
Definition dilithium_constants.h:54
Botan::DilithiumConstants::SEED_RHO_BYTES
static constexpr size_t SEED_RHO_BYTES
Definition dilithium_constants.h:53
Botan::Dilithium_Symmetric_Primitives_Base::seed_expansion_domain_separator
virtual std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator() const =0
Botan::DilithiumSeedRhoPrime
Strong< secure_vector< uint8_t >, struct DilithiumSeedRhoPrime_ > DilithiumSeedRhoPrime
Private seed to sample the polynomial vectors s1 and s2 from.
Definition dilithium_types.h:36
Botan::DilithiumSigningSeedK
Strong< secure_vector< uint8_t >, struct DilithiumSeedK_ > DilithiumSigningSeedK
Private seed K used during signing.
Definition dilithium_types.h:42
Botan::DilithiumSeedRho
Strong< std::vector< uint8_t >, struct DilithiumPublicSeed_ > DilithiumSeedRho
Public seed to sample the polynomial matrix A from.
Definition dilithium_types.h:33
Botan::rho
BOTAN_FORCE_INLINE constexpr T rho(T x)
Definition rotate.h:53

References Botan::XOF::create_or_throw(), Botan::rho(), seed_expansion_domain_separator(), Botan::DilithiumConstants::SEED_RHO_BYTES, Botan::DilithiumConstants::SEED_RHOPRIME_BYTES, and Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES.

◆ H() [4/6]

std::unique_ptr< XOF > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRho > seed,
uint16_t nonce ) const
inlineinherited

Definition at line 153 of file dilithium_symmetric_primitives.h.

153 {
154 return m_xof_adapter->XOF128(seed, nonce);
155 }

◆ H() [5/6]

std::unique_ptr< XOF > Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSeedRhoPrime > seed,
uint16_t nonce ) const
inlineinherited

Definition at line 157 of file dilithium_symmetric_primitives.h.

157 {
158 return m_xof_adapter->XOF256(seed, nonce);
159 }

◆ H() [6/6]

DilithiumHashedPublicKey Botan::Dilithium_Symmetric_Primitives_Base::H ( StrongSpan< const DilithiumSerializedPublicKey > pk) const
inlineinherited

Definition at line 120 of file dilithium_symmetric_primitives.h.

120 {
121 return H_256<DilithiumHashedPublicKey>(m_public_key_hash_bytes, pk);
122 }

References H_256().

Referenced by Botan::Dilithium_Algos::expand_mask(), and Botan::Dilithium_Algos::sample_in_ball().

◆ H_256()

template<concepts::resizable_byte_buffer OutT, ranges::spanable_range... InTs>
OutT Botan::Dilithium_Symmetric_Primitives_Base::H_256 ( size_t outbytes,
const InTs &... ins ) const
inlineprotectedinherited

Definition at line 178 of file dilithium_symmetric_primitives.h.

178 {
179 auto xof = XOF::create_or_throw("SHAKE-256");
180 (xof->update(ins), ...);
181 return xof->output<OutT>(outbytes);
182 }

References Botan::XOF::create_or_throw().

Referenced by H(), and H().

◆ H_maybe_randomized()

DilithiumSeedRhoPrime Botan::ML_DSA_Symmetric_Primitives::H_maybe_randomized ( StrongSpan< const DilithiumSigningSeedK > k,
StrongSpan< const DilithiumMessageRepresentative > mu,
std::optional< std::reference_wrapper< RandomNumberGenerator > > rng ) const
inlineoverridevirtual

Computes the private random seed rho prime used for signing if a rng is given, the seed is randomized

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 68 of file ml_dsa_impl.h.

71 {
72 // NIST FIPS 204, Algorithm 2 (ML-DSA.Sign), line 5-8:
73 const auto rnd = [&] {
74 DilithiumOptionalRandomness optional_randomness(DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES);
75 if(rng.has_value()) {
76 rng->get().randomize(optional_randomness);
77 }
78 return optional_randomness;
79 }();
80 return H(k, rnd, mu);
81 }
Botan::DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES
static constexpr size_t OPTIONAL_RANDOMNESS_BYTES
Definition dilithium_constants.h:55
Botan::DilithiumOptionalRandomness
Strong< secure_vector< uint8_t >, struct DilithiumOptionalRandomness_ > DilithiumOptionalRandomness
Optional randomness 'rnd' used for rho prime computation in ML-DSA.
Definition dilithium_types.h:39

References Botan::DilithiumConstants::OPTIONAL_RANDOMNESS_BYTES.

◆ seed_expansion_domain_separator()

std::optional< std::array< uint8_t, 2 > > Botan::ML_DSA_Symmetric_Primitives::seed_expansion_domain_separator ( ) const
inlineoverridevirtual

Creates the domain separator for the initial seed expansion. The return value may be std::nullopt meaning that no domain separation is required (for Dilithium).

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 92 of file ml_dsa_impl.h.

92 {
93 return m_seed_expansion_domain_separator;
94 }

◆ truncate_commitment_hash()

StrongSpan< const DilithiumCommitmentHash > Botan::ML_DSA_Symmetric_Primitives::truncate_commitment_hash ( StrongSpan< const DilithiumCommitmentHash > seed) const
inlineoverridevirtual

Implemented by the derived classes to truncate the commitment hash to the correct length. This is a customization point to enable support for the final ML-DSA standard.

Implements Botan::Dilithium_Symmetric_Primitives_Base.

Definition at line 83 of file ml_dsa_impl.h.

84 {
85 return seed;
86 }
The documentation for this class was generated from the following file:
Generated by doxygen 1.15.0