doxygen/cmce__matrix_8h_source.html

/*

 * Classic McEliece Matrix Logic

 *

 * (C) 2023 Jack Lloyd

 *     2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 **/


#ifndef BOTAN_CMCE_MATRIX_H_

#define BOTAN_CMCE_MATRIX_H_


#include <botan/internal/bitvector.h>

#include <botan/internal/cmce_field_ordering.h>

#include <botan/internal/cmce_parameters.h>

#include <botan/internal/cmce_poly.h>

#include <botan/internal/cmce_types.h>


namespace Botan {


/**

 * @brief Representation of the binary Classic McEliece matrix H, with H = (I_mt | T).

 *

 * Only the bytes of the submatrix T are stored.

 */


class BOTAN_TEST_API Classic_McEliece_Matrix {

   public:

      /**

       * @brief Create the matrix H for a Classic McEliece instance given its

       * parameters, field ordering and minimal polynomial.

       *

       * Output is a pair of the matrix and the pivot vector c that was used to

       * create it in the semi-systematic form as described in Classic McEliece ISO

       * Section 9.2.11.

       *

       * The update of alpha values as per Classic McEliece ISO Section 7.2.3 Step 5

       * is not performed by this method because it is only used for public key loading

       * where the values are already permuted and field_ordering cannot be altered.

       *

       * @param params Classic McEliece parameters

       * @param field_ordering Field ordering

       * @param g Minimal polynomial

       * @return Pair(the matrix H, pivot vector c)

       */

      static std::optional<std::pair<Classic_McEliece_Matrix, CmceColumnSelection>> create_matrix(

         const Classic_McEliece_Parameters& params,

         const Classic_McEliece_Field_Ordering& field_ordering,

         const Classic_McEliece_Minimal_Polynomial& g);


      /**

       * @brief Create the matrix H for a Classic McEliece instance given its

       * parameters, field ordering and minimal polynomial.

       *

       * Output is a pair of the matrix and the pivot vector c that was used to

       * create it in the semi-systematic form as described in Classic McEliece ISO

       * Section 9.2.11.

       *

       * This method directly updates the field ordering values as described in Classic McEliece

       * ISO Section 7.2.3 Step 5 (for f parameter sets).

       *

       * @param params Classic McEliece parameters

       * @param field_ordering Field ordering (will be updated)

       * @param g Minimal polynomial

       * @return Pair(the matrix H, pivot vector c)

       */

      static std::optional<std::pair<Classic_McEliece_Matrix, CmceColumnSelection>> create_matrix_and_apply_pivots(

         const Classic_McEliece_Parameters& params,

         Classic_McEliece_Field_Ordering& field_ordering,

         const Classic_McEliece_Minimal_Polynomial& g);


      /**

       * @brief The bytes of the submatrix T, with H=(I_mt, T) as defined in Classic

       * McEliece ISO Section 9.2.7.

       *

       * @return The matrix bytes

       */

      const std::vector<uint8_t>& bytes() const { return m_mat_bytes; }


      /**

       * @brief Create a Classic_McEliece_Matrix from bytes.

       *

       * @param mat_bytes The bytes of the submatrix T as defined in Classic McEliece ISO Section 9.2.7.

       */


      Classic_McEliece_Matrix(const Classic_McEliece_Parameters& params, std::vector<uint8_t> mat_bytes) :

            m_mat_bytes(std::move(mat_bytes)) {

         BOTAN_ARG_CHECK(m_mat_bytes.size() == params.pk_size_bytes(), "Invalid byte size for matrix");

         if(params.pk_no_cols() % 8 == 0) {

            return;

         }

         // Check padding of mat_bytes rows

         BOTAN_ASSERT_NOMSG(m_mat_bytes.size() == params.pk_no_rows() * params.pk_row_size_bytes());

         for(size_t row = 0; row < params.pk_no_rows(); ++row) {

            uint8_t padded_byte = m_mat_bytes[(row + 1) * params.pk_row_size_bytes() - 1];

            CT::unpoison(padded_byte);

            BOTAN_ARG_CHECK(padded_byte >> (params.pk_no_cols() % 8) == 0, "Valid padding of unused bytes");

         }

      }


      /**

       * @brief Multiply the Classic McEliece matrix H with a bitvector e.

       *

       * @param params Classic McEliece parameters

       * @param e The bitvector e

       * @return H*e

       */

      CmceCodeWord mul(const Classic_McEliece_Parameters& params, const CmceErrorVector& e) const;


      constexpr void _const_time_unpoison() const { CT::unpoison(m_mat_bytes); }


   private:

      /// The bytes of the submatrix T

      const std::vector<uint8_t> m_mat_bytes;  // can we use bitvector?

};


}  // namespace Botan


#endif  // BOTAN_CMCE_MATRIX_H_

BOTAN_TEST_API
#define BOTAN_TEST_API
Definition api.h:39

BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:61

BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition assert.h:31

Botan::Classic_McEliece_Field_Ordering
Represents a field ordering for the Classic McEliece cryptosystem.
Definition cmce_field_ordering.h:25

Botan::Classic_McEliece_Matrix::create_matrix
static std::optional< std::pair< Classic_McEliece_Matrix, CmceColumnSelection > > create_matrix(const Classic_McEliece_Parameters &params, const Classic_McEliece_Field_Ordering &field_ordering, const Classic_McEliece_Minimal_Polynomial &g)
Create the matrix H for a Classic McEliece instance given its parameters, field ordering and minimal ...
Definition cmce_matrix.cpp:243

Botan::Classic_McEliece_Matrix::_const_time_unpoison
constexpr void _const_time_unpoison() const
Definition cmce_matrix.h:108

Botan::Classic_McEliece_Matrix::bytes
const std::vector< uint8_t > & bytes() const
The bytes of the submatrix T, with H=(I_mt, T) as defined in Classic McEliece ISO Section 9....
Definition cmce_matrix.h:77

Botan::Classic_McEliece_Matrix::create_matrix_and_apply_pivots
static std::optional< std::pair< Classic_McEliece_Matrix, CmceColumnSelection > > create_matrix_and_apply_pivots(const Classic_McEliece_Parameters &params, Classic_McEliece_Field_Ordering &field_ordering, const Classic_McEliece_Minimal_Polynomial &g)
Create the matrix H for a Classic McEliece instance given its parameters, field ordering and minimal ...
Definition cmce_matrix.cpp:261

Botan::Classic_McEliece_Matrix::Classic_McEliece_Matrix
Classic_McEliece_Matrix(const Classic_McEliece_Parameters &params, std::vector< uint8_t > mat_bytes)
Create a Classic_McEliece_Matrix from bytes.
Definition cmce_matrix.h:84

Botan::Classic_McEliece_Minimal_Polynomial
Representation of a minimal polynomial in GF(q)[y].
Definition cmce_poly.h:81

Botan::Classic_McEliece_Parameters
Definition cmce_parameters.h:29

Botan::Classic_McEliece_Parameters::pk_no_rows
size_t pk_no_rows() const
The number of rows in the public key's matrix.
Definition cmce_parameters.h:191

Botan::Classic_McEliece_Parameters::pk_row_size_bytes
size_t pk_row_size_bytes() const
The number of bytes for each row in the public key's matrix.
Definition cmce_parameters.h:205

Botan::Classic_McEliece_Parameters::pk_no_cols
size_t pk_no_cols() const
The number of columns in the public key's matrix.
Definition cmce_parameters.h:200

Botan::Classic_McEliece_Parameters::pk_size_bytes
size_t pk_size_bytes() const
The number of bytes for the public key.
Definition cmce_parameters.h:212

Botan::CT::unpoison
constexpr void unpoison(const T *p, size_t n)
Definition ct_utils.h:65

Botan
Definition alg_id.cpp:13

Botan::CmceCodeWord
Strong< secure_bitvector, struct CmceCodeWord_ > CmceCodeWord
Represents C of decapsulation.
Definition cmce_types.h:52

Botan::CmceErrorVector
Strong< secure_bitvector, struct CmceErrorVector_ > CmceErrorVector
Represents e of encapsulation.
Definition cmce_types.h:49