doxygen/cmce__parameters_8cpp_source.html

/*

 * Classic McEliece Parameters

 * (C) 2023 Jack Lloyd

 *     2023,2024 Fabian Albert, Amos Treiber - Rohde & Schwarz Cybersecurity

 *

 * Botan is released under the Simplified BSD License (see license.txt)

 **/


#include <botan/internal/cmce_parameters.h>

#include <botan/internal/cmce_poly.h>


namespace Botan {


namespace {


CmceGfMod determine_poly_f(Classic_McEliece_Parameter_Set param_set) {

   switch(param_set.code()) {

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_348864:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f:

         // z^12 + z^3 + 1

         return CmceGfMod(0b0001000000001001);

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_460896:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf:

         // z^12 + z^3 + 1

         return CmceGfMod(0b0010000000011011);

   }

   BOTAN_ASSERT_UNREACHABLE();

}


Classic_McEliece_Polynomial_Ring determine_poly_ring(Classic_McEliece_Parameter_Set param_set) {

   CmceGfMod poly_f = determine_poly_f(param_set);


   switch(param_set.code()) {

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_348864:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f:

         // y^64 + y^3 + y + z

         return {{{3, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {1, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {0, Classic_McEliece_GF(CmceGfElem(2), poly_f)}},

                 poly_f,

                 64};

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_460896:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f:

         // y^96 + y^10 + y^9 + y^6 + 1

         return {{{10, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {9, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {6, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {0, Classic_McEliece_GF(CmceGfElem(1), poly_f)}},

                 poly_f,

                 96};

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf:

         // y^119 + y^8 + 1

         // clang-format off

         return {{{8, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {0, Classic_McEliece_GF(CmceGfElem(1), poly_f)}},

                  poly_f,

                  119};

         // clang-format on

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf:

         // y^128 + y^7 + y^2 + y + 1

         return {{{7, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {2, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {1, Classic_McEliece_GF(CmceGfElem(1), poly_f)},

                  {0, Classic_McEliece_GF(CmceGfElem(1), poly_f)}},

                 poly_f,

                 128};

   }

   BOTAN_ASSERT_UNREACHABLE();

}


}  //namespace


Classic_McEliece_Parameters Classic_McEliece_Parameters::create(Classic_McEliece_Parameter_Set set) {

   auto poly_ring = determine_poly_ring(set);


   switch(set.code()) {

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_348864:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f:

         return Classic_McEliece_Parameters(set, 12, 3488, std::move(poly_ring));


      case Classic_McEliece_Parameter_Set::ClassicMcEliece_460896:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f:

         return Classic_McEliece_Parameters(set, 13, 4608, std::move(poly_ring));


      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf:

         return Classic_McEliece_Parameters(set, 13, 6688, std::move(poly_ring));


      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf:

         return Classic_McEliece_Parameters(set, 13, 6960, std::move(poly_ring));


      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc:

      case Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf:

         return Classic_McEliece_Parameters(set, 13, 8192, std::move(poly_ring));

   }

   BOTAN_ASSERT_UNREACHABLE();

}

Classic_McEliece_Parameters Classic_McEliece_Parameters::create(Classic_McEliece_Parameter_Set set) {…}


Classic_McEliece_Parameters Classic_McEliece_Parameters::create(std::string_view name) {

   return Classic_McEliece_Parameters::create(Classic_McEliece_Parameter_Set::from_string(name));

}

Classic_McEliece_Parameters Classic_McEliece_Parameters::create(std::string_view name) {…}


Classic_McEliece_Parameters Classic_McEliece_Parameters::create(const OID& oid) {

   return create(Classic_McEliece_Parameter_Set::from_oid(oid));

}

Classic_McEliece_Parameters Classic_McEliece_Parameters::create(const OID& oid) {…}


OID Classic_McEliece_Parameters::object_identifier() const {

   return OID::from_string(m_set.to_string());

}

OID Classic_McEliece_Parameters::object_identifier() const  {…}


Classic_McEliece_Parameters::Classic_McEliece_Parameters(Classic_McEliece_Parameter_Set param_set,

                                                         size_t m,

                                                         size_t n,

                                                         Classic_McEliece_Polynomial_Ring poly_ring) :

      m_set(param_set), m_m(m), m_n(n), m_poly_ring(std::move(poly_ring)) {

   BOTAN_ASSERT(n % 8 == 0, "We require that n is a multiple of 8");

}


size_t Classic_McEliece_Parameters::estimated_strength() const {

   // Classic McEliece NIST Round 4 submission, Guide for security reviewers, Table 1:

   // For each instance, the minimal strength against the best attack (with free memory access)

   // is used as the overall security strength estimate. The strength is capped at 256, since the

   // seed is only 256 bits long.

   switch(m_set.code()) {

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_348864f:

         return 140;

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_460896f:

         return 179;

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128f:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pc:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6688128pcf:

         return 246;

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119f:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pc:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_6960119pcf:

         return 245;

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128f:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pc:

      case Botan::Classic_McEliece_Parameter_Set::ClassicMcEliece_8192128pcf:

         return 256;  // 275 in the document. Capped at 256 because of the seed length.

   }

   BOTAN_ASSERT_UNREACHABLE();

}

size_t Classic_McEliece_Parameters::estimated_strength() const  {…}


std::unique_ptr<XOF> Classic_McEliece_Parameters::prg(std::span<const uint8_t> seed) const {

   BOTAN_ASSERT_EQUAL(seed.size(), 32, "Valid seed length");

   auto xof = XOF::create_or_throw("SHAKE-256");


   xof->update(std::array<uint8_t, 1>({64}));

   xof->update(seed);


   return xof;

}

std::unique_ptr<XOF> Classic_McEliece_Parameters::prg(std::span<const uint8_t> seed) const  {…}


}  // namespace Botan

BOTAN_ASSERT_EQUAL
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition assert.h:68

BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:50

BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:137

Botan::Classic_McEliece_Parameter_Set
Definition cmce_parameter_set.h:26

Botan::Classic_McEliece_Parameter_Set::to_string
std::string to_string() const
Get the parameter set name for a given parameter set.
Definition cmce_parameter_set.cpp:72

Botan::Classic_McEliece_Parameter_Set::from_string
static Classic_McEliece_Parameter_Set from_string(std::string_view param_name)
Get the parameter set for a given parameter set name.
Definition cmce_parameter_set.cpp:16

Botan::Classic_McEliece_Parameter_Set::code
Code code() const
Get the code for a given parameter set.
Definition cmce_parameter_set.h:73

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_460896
@ ClassicMcEliece_460896

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_348864f
@ ClassicMcEliece_348864f

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_8192128pcf
@ ClassicMcEliece_8192128pcf

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6960119f
@ ClassicMcEliece_6960119f

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6960119pc
@ ClassicMcEliece_6960119pc

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6688128
@ ClassicMcEliece_6688128

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_8192128pc
@ ClassicMcEliece_8192128pc

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6688128pcf
@ ClassicMcEliece_6688128pcf

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_348864
@ ClassicMcEliece_348864

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_8192128f
@ ClassicMcEliece_8192128f

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6688128f
@ ClassicMcEliece_6688128f

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_8192128
@ ClassicMcEliece_8192128

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6960119pcf
@ ClassicMcEliece_6960119pcf

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6960119
@ ClassicMcEliece_6960119

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_460896f
@ ClassicMcEliece_460896f

Botan::Classic_McEliece_Parameter_Set::Code::ClassicMcEliece_6688128pc
@ ClassicMcEliece_6688128pc

Botan::Classic_McEliece_Parameter_Set::from_oid
static Classic_McEliece_Parameter_Set from_oid(const OID &oid)
Get the parameter set for a given OID.
Definition cmce_parameter_set.cpp:110

Botan::Classic_McEliece_Parameters
Definition cmce_parameters.h:29

Botan::Classic_McEliece_Parameters::create
static Classic_McEliece_Parameters create(Classic_McEliece_Parameter_Set set)
Create Classic McEliece parameters from a parameter set.
Definition cmce_parameters.cpp:95

Botan::Classic_McEliece_Parameters::estimated_strength
size_t estimated_strength() const
The estimated bit security strength of the Classic McEliece instance.
Definition cmce_parameters.cpp:148

Botan::Classic_McEliece_Parameters::object_identifier
OID object_identifier() const
The OID for the Classic McEliece instance.
Definition cmce_parameters.cpp:136

Botan::Classic_McEliece_Parameters::prg
std::unique_ptr< XOF > prg(std::span< const uint8_t > seed) const
Create a seeded XOF object representing Classic McEliece's PRG. See Classic McEliece ISO 9....
Definition cmce_parameters.cpp:179

Botan::Classic_McEliece_Parameters::n
size_t n() const
The code length of the Classic McEliece instance.
Definition cmce_parameters.h:100

Botan::Classic_McEliece_Parameters::poly_ring
const Classic_McEliece_Polynomial_Ring & poly_ring() const
The underlying polynomial ring.
Definition cmce_parameters.h:241

Botan::Classic_McEliece_Polynomial_Ring
Represents the polynomial ring GF(q)[y]/F(y) where F(y) is the modulus polynomial in GF(q)[y] of degr...
Definition cmce_poly.h:104

Botan::OID
Definition asn1_obj.h:216

Botan::OID::from_string
static OID from_string(std::string_view str)
Definition asn1_oid.cpp:86

Botan::XOF::create_or_throw
static std::unique_ptr< XOF > create_or_throw(std::string_view algo_spec, std::string_view provider="")
Definition xof.cpp:42

name
std::string name
Definition commoncrypto_hash.cpp:24

Botan
Definition alg_id.cpp:13

Botan::CmceGfMod
Strong< uint16_t, struct CmceGfMod_ > CmceGfMod
Represents a GF(q) modulus.
Definition cmce_types.h:22

Botan::CmceGfElem
Strong< uint16_t, struct CmceGfElem_ > CmceGfElem
Represents a GF(q) element.
Definition cmce_types.h:19