Botan 3.3.0
Crypto and TLS for C&
dilithium_symmetric_primitives.cpp
Go to the documentation of this file.
1/**
2 * Asymmetric primitives for dilithium
3* (C) 2022-2023 Jack Lloyd
4* (C) 2022-2023 Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity
5* (C) 2022 Manuel Glaser - Rohde & Schwarz Cybersecurity
6 *
7 * Botan is released under the Simplified BSD License (see license.txt)
8 */
9
10#include <botan/internal/dilithium_symmetric_primitives.h>
11
12#if defined(BOTAN_HAS_DILITHIUM)
13 #include <botan/internal/dilithium_modern.h>
14#endif
15
16#if defined(BOTAN_HAS_DILITHIUM_AES)
17 #include <botan/internal/dilithium_aes.h>
18#endif
19
20namespace Botan {
21
22std::unique_ptr<Dilithium_Symmetric_Primitives> Dilithium_Symmetric_Primitives::create(DilithiumMode mode) {
23#if BOTAN_HAS_DILITHIUM
24 if(mode.is_modern()) {
25 return std::make_unique<Dilithium_Common_Symmetric_Primitives>();
26 }
27#endif
28
29#if BOTAN_HAS_DILITHIUM_AES
30 if(mode.is_aes()) {
31 return std::make_unique<Dilithium_AES_Symmetric_Primitives>();
32 }
33#endif
34
35 throw Not_Implemented("requested Dilithium mode is not enabled in this build");
36}
37
39 m_mode(mode), m_symmetric_primitives(Dilithium_Symmetric_Primitives::create(mode)) {
40 if(mode.is_modern()) {
41 m_stream128_blockbytes = DilithiumModeConstants::SHAKE128_RATE;
42 m_stream256_blockbytes = DilithiumModeConstants::SHAKE256_RATE;
43 } else {
44 m_stream128_blockbytes = AES256CTR_BLOCKBYTES;
45 m_stream256_blockbytes = AES256CTR_BLOCKBYTES;
46 }
47
48 switch(m_mode.mode()) {
51 m_k = 4;
52 m_l = 4;
53 m_eta = DilithiumEta::Eta2;
54 m_tau = 39;
55 m_beta = 78;
56 m_gamma1 = (1 << 17);
57 m_gamma2 = ((DilithiumModeConstants::Q - 1) / 88);
58 m_omega = 80;
59 m_nist_security_strength = 128;
60 m_polyz_packedbytes = 576;
61 m_polyw1_packedbytes = 192;
62 m_polyeta_packedbytes = 96;
63 m_poly_uniform_eta_nblocks = ((136 + m_stream128_blockbytes - 1) / m_stream128_blockbytes);
64 break;
67 m_k = 6;
68 m_l = 5;
69 m_eta = DilithiumEta::Eta4;
70 m_tau = 49;
71 m_beta = 196;
72 m_gamma1 = (1 << 19);
73 m_gamma2 = ((DilithiumModeConstants::Q - 1) / 32);
74 m_omega = 55;
75 m_nist_security_strength = 192;
76 m_polyz_packedbytes = 640;
77 m_polyw1_packedbytes = 128;
78 m_polyeta_packedbytes = 128;
79 m_poly_uniform_eta_nblocks = ((227 + m_stream128_blockbytes - 1) / m_stream128_blockbytes);
80 break;
83 m_k = 8;
84 m_l = 7;
85 m_eta = DilithiumEta::Eta2;
86 m_tau = 60;
87 m_beta = 120;
88 m_gamma1 = (1 << 19);
89 m_gamma2 = ((DilithiumModeConstants::Q - 1) / 32);
90 m_omega = 75;
91 m_nist_security_strength = 256;
92 m_polyz_packedbytes = 640;
93 m_polyw1_packedbytes = 128;
94 m_polyeta_packedbytes = 96;
95 m_poly_uniform_eta_nblocks = ((136 + m_stream128_blockbytes - 1) / m_stream128_blockbytes);
96 break;
97 }
98
99 if(m_gamma1 == (1 << 17)) {
100 m_poly_uniform_gamma1_nblocks = (576 + m_stream256_blockbytes - 1) / m_stream256_blockbytes;
101 } else {
102 BOTAN_ASSERT_NOMSG(m_gamma1 == (1 << 19));
103 m_poly_uniform_gamma1_nblocks = (640 + m_stream256_blockbytes - 1) / m_stream256_blockbytes;
104 }
105
106 // For all modes the same calculation
107 m_polyvech_packedbytes = m_omega + m_k;
108 m_poly_uniform_nblocks = ((768 + m_stream128_blockbytes - 1) / m_stream128_blockbytes);
110 m_crypto_bytes = DilithiumModeConstants::SEEDBYTES + m_l * m_polyz_packedbytes + m_polyvech_packedbytes;
111 m_private_key_bytes = (3 * DilithiumModeConstants::SEEDBYTES + m_l * m_polyeta_packedbytes +
112 m_k * m_polyeta_packedbytes + m_k * DilithiumModeConstants::POLYT0_PACKEDBYTES);
113}
114
115} // namespace Botan
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
Mode mode() const
Definition dilithium.h:40
bool is_aes() const
Definition dilithium.h:34
bool is_modern() const
Definition dilithium.h:38
static std::unique_ptr< Dilithium_Symmetric_Primitives > create(DilithiumMode mode)