Botan 3.6.1
Crypto and TLS for C&
dilithium_constants.cpp
Go to the documentation of this file.
1/*
2 * Crystals Dilithium Constants
3 *
4 * (C) 2022-2023 Jack Lloyd
5 * (C) 2022 Manuel Glaser - Rohde & Schwarz Cybersecurity
6 * (C) 2022-2023 Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity
7 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
8 *
9 * Botan is released under the Simplified BSD License (see license.txt)
10 */
11
12#include <botan/internal/dilithium_constants.h>
13
14#include <botan/internal/dilithium_keys.h>
15#include <botan/internal/dilithium_symmetric_primitives.h>
16
17namespace Botan {
18
19namespace {
20uint32_t public_key_hash_size(DilithiumMode mode) {
21 switch(mode.mode()) {
22 case DilithiumMode::ML_DSA_4x4:
23 case DilithiumMode::ML_DSA_6x5:
24 case DilithiumMode::ML_DSA_8x7:
25 return 64;
26 case DilithiumMode::Dilithium4x4:
27 case DilithiumMode::Dilithium4x4_AES:
28 case DilithiumMode::Dilithium6x5:
29 case DilithiumMode::Dilithium6x5_AES:
30 case DilithiumMode::Dilithium8x7:
31 case DilithiumMode::Dilithium8x7_AES:
32 return 32;
33 }
34 BOTAN_ASSERT_UNREACHABLE();
35}
36
37uint32_t commitment_hash_full_size(DilithiumMode mode) {
38 switch(mode.mode()) {
39 case DilithiumMode::Dilithium4x4:
40 case DilithiumMode::Dilithium4x4_AES:
41 case DilithiumMode::Dilithium6x5:
42 case DilithiumMode::Dilithium6x5_AES:
43 case DilithiumMode::Dilithium8x7:
44 case DilithiumMode::Dilithium8x7_AES:
45 case DilithiumMode::ML_DSA_4x4:
46 return 32;
47 case DilithiumMode::ML_DSA_6x5:
48 return 48;
49 case DilithiumMode::ML_DSA_8x7:
50 return 64;
51 }
52 BOTAN_ASSERT_UNREACHABLE();
53}
54
55} // namespace
56
57DilithiumConstants::~DilithiumConstants() = default;
58
59DilithiumConstants::DilithiumConstants(DilithiumMode mode) :
60 m_mode(mode),
61 m_public_key_hash_bytes(public_key_hash_size(m_mode)),
62 m_commitment_hash_full_bytes(commitment_hash_full_size(m_mode)) {
63 switch(m_mode.mode()) {
64 case Botan::DilithiumMode::Dilithium4x4:
65 case Botan::DilithiumMode::Dilithium4x4_AES:
66 case Botan::DilithiumMode::ML_DSA_4x4:
67 m_tau = DilithiumTau::_39;
68 m_lambda = DilithiumLambda::_128;
69 m_gamma1 = DilithiumGamma1::ToThe17th;
70 m_gamma2 = DilithiumGamma2::Qminus1DevidedBy88;
71 m_k = 4;
72 m_l = 4;
73 m_eta = DilithiumEta::_2;
74 m_beta = DilithiumBeta::_78;
75 m_omega = DilithiumOmega::_80;
76 break;
77 case Botan::DilithiumMode::Dilithium6x5:
78 case Botan::DilithiumMode::Dilithium6x5_AES:
79 case Botan::DilithiumMode::ML_DSA_6x5:
80 m_tau = DilithiumTau::_49;
81 m_lambda = DilithiumLambda::_192;
82 m_gamma1 = DilithiumGamma1::ToThe19th;
83 m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
84 m_k = 6;
85 m_l = 5;
86 m_eta = DilithiumEta::_4;
87 m_beta = DilithiumBeta::_196;
88 m_omega = DilithiumOmega::_55;
89 break;
90 case Botan::DilithiumMode::Dilithium8x7:
91 case Botan::DilithiumMode::Dilithium8x7_AES:
92 case Botan::DilithiumMode::ML_DSA_8x7:
93 m_tau = DilithiumTau::_60;
94 m_lambda = DilithiumLambda::_256;
95 m_gamma1 = DilithiumGamma1::ToThe19th;
96 m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
97 m_k = 8;
98 m_l = 7;
99 m_eta = DilithiumEta::_2;
100 m_beta = DilithiumBeta::_120;
101 m_omega = DilithiumOmega::_75;
102 break;
103 default:
104 BOTAN_ASSERT_UNREACHABLE();
105 }
106
107 const auto s1_bytes = 32 * m_l * bitlen(2 * m_eta);
108 const auto s2_bytes = 32 * m_k * bitlen(2 * m_eta);
109 const auto t0_bytes = 32 * m_k * D;
110 const auto t1_bytes = 32 * m_k * (bitlen(static_cast<uint32_t>(Q) - 1) - D);
111 const auto z_bytes = 32 * m_l * (1 + bitlen(m_gamma1 - 1));
112 const auto hint_bytes = m_omega + m_k;
113
114 m_private_key_bytes =
115 SEED_RHO_BYTES + SEED_SIGNING_KEY_BYTES + m_public_key_hash_bytes + s1_bytes + s2_bytes + t0_bytes;
116 m_public_key_bytes = SEED_RHO_BYTES + t1_bytes;
117 m_signature_bytes = m_commitment_hash_full_bytes + z_bytes + hint_bytes;
118 m_serialized_commitment_bytes = 32 * m_k * bitlen(((Q - 1) / (2 * m_gamma2)) - 1);
119
120 m_symmetric_primitives = Dilithium_Symmetric_Primitives_Base::create(*this);
121 m_keypair_codec = Dilithium_Keypair_Codec::create(mode);
122}
123
124} // namespace Botan
BOTAN_ASSERT_UNREACHABLE
#define BOTAN_ASSERT_UNREACHABLE()
Definition assert.h:137
Botan::DilithiumConstants::Q
static constexpr T Q
modulus
Definition dilithium_constants.h:34
Botan::DilithiumConstants::D
static constexpr T D
number of dropped bits from t (see FIPS 204 Section 5)
Definition dilithium_constants.h:37
Botan::DilithiumConstants::DilithiumConstants
DilithiumConstants(DilithiumMode dimension)
Definition dilithium_constants.cpp:59
Botan::DilithiumConstants::SEED_SIGNING_KEY_BYTES
static constexpr size_t SEED_SIGNING_KEY_BYTES
Definition dilithium_constants.h:56
Botan::DilithiumConstants::SEED_RHO_BYTES
static constexpr size_t SEED_RHO_BYTES
Definition dilithium_constants.h:53
Botan::DilithiumMode::mode
Mode mode() const
Definition dilithium.h:52
Botan::Dilithium_Keypair_Codec::create
static std::unique_ptr< Dilithium_Keypair_Codec > create(DilithiumMode mode)
Definition dilithium_keys.cpp:22
Botan::Dilithium_Symmetric_Primitives_Base::create
static std::unique_ptr< Dilithium_Symmetric_Primitives_Base > create(const DilithiumConstants &mode)
Definition dilithium_symmetric_primitives.cpp:28
Botan::bitlen
constexpr auto bitlen(size_t x)
Definition pqcrystals_helpers.h:98
Generated by doxygen 1.12.0