doxygen/dilithium__round3__symmetric__primitives_8h_source.html

/*

* Asymmetric primitives for Dilithium round 3

* (C) 2022 Jack Lloyd

*     2022 Manuel Glaser, Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity

*     2024 René Meusel - Rohde & Schwarz Cybersecurity

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_DILITHIUM_ROUND3_SYM_PRIMITIVES_H_

#define BOTAN_DILITHIUM_ROUND3_SYM_PRIMITIVES_H_


#include <botan/internal/dilithium_keys.h>

#include <botan/internal/dilithium_symmetric_primitives.h>


#include <botan/rng.h>


namespace Botan {


class Dilithium_Expanded_Keypair_Codec final : public Dilithium_Keypair_Codec {

   public:

      secure_vector<uint8_t> encode_keypair(DilithiumInternalKeypair keypair) const override;

      DilithiumInternalKeypair decode_keypair(std::span<const uint8_t> private_key,

                                              DilithiumConstants mode) const override;

};


class Dilithium_Round3_Symmetric_Primitives : public Dilithium_Symmetric_Primitives_Base {

   private:

      /// Rho prime (deterministic) computation for Dilithium R3 instances

      DilithiumSeedRhoPrime H(StrongSpan<const DilithiumSigningSeedK> k,

                              StrongSpan<const DilithiumMessageRepresentative> mu) const {

         return H_256<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES, k, mu);

      }


   public:

      using Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base;


      DilithiumSeedRhoPrime H_maybe_randomized(

         StrongSpan<const DilithiumSigningSeedK> k,

         StrongSpan<const DilithiumMessageRepresentative> mu,

         std::optional<std::reference_wrapper<RandomNumberGenerator>> rng) const final {

         // Dilitihium R3, Figure 4, l. 12:

         //   p' in {0, 1}^512 := H(K || mu) (or p' <- {0, 1}^512 for randomized signing)

         return (rng.has_value())

                   ? rng->get().random_vec<DilithiumSeedRhoPrime>(DilithiumConstants::SEED_RHOPRIME_BYTES)

                   : H(k, mu);

      }


      StrongSpan<const DilithiumCommitmentHash> truncate_commitment_hash(

         StrongSpan<const DilithiumCommitmentHash> seed) const final {

         return StrongSpan<const DilithiumCommitmentHash>(

            seed.get().first(DilithiumConstants::COMMITMENT_HASH_C1_BYTES));

      }


      std::optional<std::array<uint8_t, 2>> seed_expansion_domain_separator() const final {

         // Dilithium does not require domain separation when expanding its

         // seeds from the input randomness.

         return std::nullopt;

      }


};


}  // namespace Botan


#endif

Botan::DilithiumConstants
Definition dilithium_constants.h:25

Botan::DilithiumConstants::COMMITMENT_HASH_C1_BYTES
static constexpr size_t COMMITMENT_HASH_C1_BYTES
Definition dilithium_constants.h:58

Botan::DilithiumConstants::SEED_RHOPRIME_BYTES
static constexpr size_t SEED_RHOPRIME_BYTES
Definition dilithium_constants.h:54

Botan::Dilithium_Expanded_Keypair_Codec
Definition dilithium_round3_symmetric_primitives.h:20

Botan::Dilithium_Expanded_Keypair_Codec::encode_keypair
secure_vector< uint8_t > encode_keypair(DilithiumInternalKeypair keypair) const override
Definition dilithium_round3_symmetric_primitives.cpp:18

Botan::Dilithium_Expanded_Keypair_Codec::decode_keypair
DilithiumInternalKeypair decode_keypair(std::span< const uint8_t > private_key, DilithiumConstants mode) const override
Definition dilithium_round3_symmetric_primitives.cpp:22

Botan::Dilithium_Keypair_Codec
Definition dilithium_keys.h:23

Botan::Dilithium_Round3_Symmetric_Primitives
Definition dilithium_round3_symmetric_primitives.h:27

Botan::Dilithium_Round3_Symmetric_Primitives::truncate_commitment_hash
StrongSpan< const DilithiumCommitmentHash > truncate_commitment_hash(StrongSpan< const DilithiumCommitmentHash > seed) const final
Definition dilithium_round3_symmetric_primitives.h:49

Botan::Dilithium_Round3_Symmetric_Primitives::H_maybe_randomized
DilithiumSeedRhoPrime H_maybe_randomized(StrongSpan< const DilithiumSigningSeedK > k, StrongSpan< const DilithiumMessageRepresentative > mu, std::optional< std::reference_wrapper< RandomNumberGenerator > > rng) const final
Definition dilithium_round3_symmetric_primitives.h:38

Botan::Dilithium_Round3_Symmetric_Primitives::seed_expansion_domain_separator
std::optional< std::array< uint8_t, 2 > > seed_expansion_domain_separator() const final
Definition dilithium_round3_symmetric_primitives.h:55

Botan::Dilithium_Symmetric_Primitives_Base
Definition dilithium_symmetric_primitives.h:101

Botan::Dilithium_Symmetric_Primitives_Base::H_256
OutT H_256(size_t outbytes, InTs &&... ins) const
Definition dilithium_symmetric_primitives.h:191

Botan::Dilithium_Symmetric_Primitives_Base::Dilithium_Symmetric_Primitives_Base
Dilithium_Symmetric_Primitives_Base(const DilithiumConstants &mode, std::unique_ptr< DilithiumXOF > xof_adapter)
Definition dilithium_symmetric_primitives.h:103

Botan::StrongSpan
Definition strong_type.h:614

Botan::Strong
Definition strong_type.h:172

final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29

Botan
Definition alg_id.cpp:13

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61

Botan::DilithiumInternalKeypair
std::pair< std::shared_ptr< Dilithium_PublicKeyInternal >, std::shared_ptr< Dilithium_PrivateKeyInternal > > DilithiumInternalKeypair
Internal representation of a Dilithium key pair.
Definition dilithium_types.h:67