Exendend api and modifications for allow generate keypair from fixed …

…seed for some sig algos. Exendend api and modifications for allow generate keypair from fixed seed for some sig algos. Supported algos all variants of Dilithium all variants of Falcon Todo add testvectors. ( tested over python calls by hands for now.) Todo in process generarion from exported privat key public key and sign with it. OQS_SIG_keypair_from_fseed(const OQS_SIG *sig, uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed); expect seed at args. ( 48 bit string for Falcon and 32 bit string for Dilithium)
open-quantum-safe · Dec 29, 2024 · fd4f9a4 · fd4f9a4
1 parent af78b87
commit fd4f9a4
Show file tree

Hide file tree

Showing 62 changed files with 2,073 additions and 0 deletions.
diff --git a/src/sig/dilithium/oldpqclean_dilithium2_aarch64/api.h b/src/sig/dilithium/oldpqclean_dilithium2_aarch64/api.h
@@ -19,6 +19,8 @@
 
 int PQCLEAN_DILITHIUM2_AARCH64_crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
+int PQCLEAN_DILITHIUM2_AARCH64_crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int PQCLEAN_DILITHIUM2_AARCH64_crypto_sign_signature(
     uint8_t *sig, size_t *siglen,
     const uint8_t *m, size_t mlen, const uint8_t *sk);

diff --git a/src/sig/dilithium/oldpqclean_dilithium2_aarch64/sign.c b/src/sig/dilithium/oldpqclean_dilithium2_aarch64/sign.c
@@ -96,6 +96,62 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) {
     return 0;
 }
 
+/*************************************************
+* Name:        crypto_sign_keypair from fixed seed.
+*
+* Description: Generates public and private key.
+*
+* Arguments:   - uint8_t *pk: pointer to output public key (allocated
+*                             array of CRYPTO_PUBLICKEYBYTES bytes)
+*              - uint8_t *sk: pointer to output private key (allocated
+*                             array of CRYPTO_SECRETKEYBYTES bytes)
+*
+* Returns 0 (success)
+**************************************************/
+int crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed) {
+    uint8_t seedbuf[2 * SEEDBYTES + CRHBYTES];
+    uint8_t tr[SEEDBYTES];
+    const uint8_t *rho, *rhoprime, *key;
+    polyvecl mat[K];
+    polyvecl s1, s1hat;
+    polyveck s2, t1, t0;
+
+    /* Use fixed seed for randomness for rho, rhoprime and key */
+    shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seed, SEEDBYTES);
+    rho = seedbuf;
+    rhoprime = rho + SEEDBYTES;
+    key = rhoprime + CRHBYTES;
+
+    /* Expand matrix */
+    polyvec_matrix_expand(mat, rho);
+
+    /* Sample short vectors s1 and s2 */
+    polyvecl_uniform_eta(&s1, rhoprime, 0);
+    polyveck_uniform_eta(&s2, rhoprime, L);
+
+    /* Matrix-vector multiplication */
+    s1hat = s1;
+    polyvecl_ntt(&s1hat);
+    polyvec_matrix_pointwise_montgomery(&t1, mat, &s1hat);
+    polyveck_reduce(&t1);
+    polyveck_invntt_tomont(&t1);
+
+    /* Add error vector s2 */
+    polyveck_add(&t1, &t1, &s2);
+
+    /* Extract t1 and write public key */
+    polyveck_caddq(&t1);
+    polyveck_power2round(&t1, &t0, &t1);
+    pack_pk(pk, rho, &t1);
+
+    /* Compute H(rho, t1) and write secret key */
+    shake256(tr, SEEDBYTES, pk, CRYPTO_PUBLICKEYBYTES);
+    pack_sk(sk, rho, tr, key, &t0, &s1, &s2);
+
+    return 0;
+}
+
+
 /*************************************************
 * Name:        crypto_sign_signature
 *

diff --git a/src/sig/dilithium/oldpqclean_dilithium2_aarch64/sign.h b/src/sig/dilithium/oldpqclean_dilithium2_aarch64/sign.h
@@ -21,6 +21,9 @@ void challenge(poly *c, const uint8_t seed[SEEDBYTES]);
 #define crypto_sign_keypair DILITHIUM_NAMESPACE(crypto_sign_keypair)
 int crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
+#define crypto_sign_keypair_from_fseed DILITHIUM_NAMESPACE(keypair_from_fseed)
+int crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 #define crypto_sign_signature DILITHIUM_NAMESPACE(crypto_sign_signature)
 int crypto_sign_signature(uint8_t *sig, size_t *siglen,
                           const uint8_t *m, size_t mlen,

diff --git a/src/sig/dilithium/oldpqclean_dilithium3_aarch64/api.h b/src/sig/dilithium/oldpqclean_dilithium3_aarch64/api.h
@@ -19,6 +19,8 @@
 
 int PQCLEAN_DILITHIUM3_AARCH64_crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
+int PQCLEAN_DILITHIUM3_AARCH64_crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int PQCLEAN_DILITHIUM3_AARCH64_crypto_sign_signature(
     uint8_t *sig, size_t *siglen,
     const uint8_t *m, size_t mlen, const uint8_t *sk);

diff --git a/src/sig/dilithium/oldpqclean_dilithium3_aarch64/sign.c b/src/sig/dilithium/oldpqclean_dilithium3_aarch64/sign.c
@@ -96,6 +96,62 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) {
     return 0;
 }
 
+/*************************************************
+* Name:        crypto_sign_keypair from fixed seed.
+*
+* Description: Generates public and private key.
+*
+* Arguments:   - uint8_t *pk: pointer to output public key (allocated
+*                             array of CRYPTO_PUBLICKEYBYTES bytes)
+*              - uint8_t *sk: pointer to output private key (allocated
+*                             array of CRYPTO_SECRETKEYBYTES bytes)
+*
+* Returns 0 (success)
+**************************************************/
+int crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed) {
+    uint8_t seedbuf[2 * SEEDBYTES + CRHBYTES];
+    uint8_t tr[SEEDBYTES];
+    const uint8_t *rho, *rhoprime, *key;
+    polyvecl mat[K];
+    polyvecl s1, s1hat;
+    polyveck s2, t1, t0;
+
+    /* Use fixed seed for randomness for rho, rhoprime and key */
+    shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seed, SEEDBYTES);
+    rho = seedbuf;
+    rhoprime = rho + SEEDBYTES;
+    key = rhoprime + CRHBYTES;
+
+    /* Expand matrix */
+    polyvec_matrix_expand(mat, rho);
+
+    /* Sample short vectors s1 and s2 */
+    polyvecl_uniform_eta(&s1, rhoprime, 0);
+    polyveck_uniform_eta(&s2, rhoprime, L);
+
+    /* Matrix-vector multiplication */
+    s1hat = s1;
+    polyvecl_ntt(&s1hat);
+    polyvec_matrix_pointwise_montgomery(&t1, mat, &s1hat);
+    polyveck_reduce(&t1);
+    polyveck_invntt_tomont(&t1);
+
+    /* Add error vector s2 */
+    polyveck_add(&t1, &t1, &s2);
+
+    /* Extract t1 and write public key */
+    polyveck_caddq(&t1);
+    polyveck_power2round(&t1, &t0, &t1);
+    pack_pk(pk, rho, &t1);
+
+    /* Compute H(rho, t1) and write secret key */
+    shake256(tr, SEEDBYTES, pk, CRYPTO_PUBLICKEYBYTES);
+    pack_sk(sk, rho, tr, key, &t0, &s1, &s2);
+
+    return 0;
+}
+
+
 /*************************************************
 * Name:        crypto_sign_signature
 *

diff --git a/src/sig/dilithium/oldpqclean_dilithium3_aarch64/sign.h b/src/sig/dilithium/oldpqclean_dilithium3_aarch64/sign.h
@@ -21,6 +21,9 @@ void challenge(poly *c, const uint8_t seed[SEEDBYTES]);
 #define crypto_sign_keypair DILITHIUM_NAMESPACE(crypto_sign_keypair)
 int crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
+#define crypto_sign_keypair_from_fseed DILITHIUM_NAMESPACE(keypair_from_fseed)
+int crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 #define crypto_sign_signature DILITHIUM_NAMESPACE(crypto_sign_signature)
 int crypto_sign_signature(uint8_t *sig, size_t *siglen,
                           const uint8_t *m, size_t mlen,

diff --git a/src/sig/dilithium/oldpqclean_dilithium5_aarch64/api.h b/src/sig/dilithium/oldpqclean_dilithium5_aarch64/api.h
@@ -20,6 +20,8 @@
 
 int PQCLEAN_DILITHIUM5_AARCH64_crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
+int PQCLEAN_DILITHIUM5_AARCH64_crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int PQCLEAN_DILITHIUM5_AARCH64_crypto_sign_signature(
     uint8_t *sig, size_t *siglen,
     const uint8_t *m, size_t mlen, const uint8_t *sk);

diff --git a/src/sig/dilithium/oldpqclean_dilithium5_aarch64/sign.c b/src/sig/dilithium/oldpqclean_dilithium5_aarch64/sign.c
@@ -96,6 +96,61 @@ int crypto_sign_keypair(uint8_t *pk, uint8_t *sk) {
     return 0;
 }
 
+/*************************************************
+* Name:        crypto_sign_keypair from fixed seed.
+*
+* Description: Generates public and private key.
+*
+* Arguments:   - uint8_t *pk: pointer to output public key (allocated
+*                             array of CRYPTO_PUBLICKEYBYTES bytes)
+*              - uint8_t *sk: pointer to output private key (allocated
+*                             array of CRYPTO_SECRETKEYBYTES bytes)
+*
+* Returns 0 (success)
+**************************************************/
+int crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed) {
+    uint8_t seedbuf[2 * SEEDBYTES + CRHBYTES];
+    uint8_t tr[SEEDBYTES];
+    const uint8_t *rho, *rhoprime, *key;
+    polyvecl mat[K];
+    polyvecl s1, s1hat;
+    polyveck s2, t1, t0;
+
+    /* Use fixed seed for randomness for rho, rhoprime and key */
+    shake256(seedbuf, 2*SEEDBYTES + CRHBYTES, seed, SEEDBYTES);
+    rho = seedbuf;
+    rhoprime = rho + SEEDBYTES;
+    key = rhoprime + CRHBYTES;
+
+    /* Expand matrix */
+    polyvec_matrix_expand(mat, rho);
+
+    /* Sample short vectors s1 and s2 */
+    polyvecl_uniform_eta(&s1, rhoprime, 0);
+    polyveck_uniform_eta(&s2, rhoprime, L);
+
+    /* Matrix-vector multiplication */
+    s1hat = s1;
+    polyvecl_ntt(&s1hat);
+    polyvec_matrix_pointwise_montgomery(&t1, mat, &s1hat);
+    polyveck_reduce(&t1);
+    polyveck_invntt_tomont(&t1);
+
+    /* Add error vector s2 */
+    polyveck_add(&t1, &t1, &s2);
+
+    /* Extract t1 and write public key */
+    polyveck_caddq(&t1);
+    polyveck_power2round(&t1, &t0, &t1);
+    pack_pk(pk, rho, &t1);
+
+    /* Compute H(rho, t1) and write secret key */
+    shake256(tr, SEEDBYTES, pk, CRYPTO_PUBLICKEYBYTES);
+    pack_sk(sk, rho, tr, key, &t0, &s1, &s2);
+
+    return 0;
+}
+
 /*************************************************
 * Name:        crypto_sign_signature
 *

diff --git a/src/sig/dilithium/oldpqclean_dilithium5_aarch64/sign.h b/src/sig/dilithium/oldpqclean_dilithium5_aarch64/sign.h
@@ -21,6 +21,9 @@ void challenge(poly *c, const uint8_t seed[SEEDBYTES]);
 #define crypto_sign_keypair DILITHIUM_NAMESPACE(crypto_sign_keypair)
 int crypto_sign_keypair(uint8_t *pk, uint8_t *sk);
 
+#define crypto_sign_keypair_from_fseed DILITHIUM_NAMESPACE(keypair_from_fseed)
+int crypto_sign_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 #define crypto_sign_signature DILITHIUM_NAMESPACE(crypto_sign_signature)
 int crypto_sign_signature(uint8_t *sig, size_t *siglen,
                           const uint8_t *m, size_t mlen,

diff --git a/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/api.h b/src/sig/dilithium/pqcrystals-dilithium_dilithium2_avx2/api.h
@@ -14,6 +14,8 @@
 
 int pqcrystals_dilithium2_avx2_keypair(uint8_t *pk, uint8_t *sk);
 
+int pqcrystals_dilithium2_avx2_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int pqcrystals_dilithium2_avx2_signature(uint8_t *sig, size_t *siglen,
                                         const uint8_t *m, size_t mlen,
                                         const uint8_t *sk);
@@ -36,6 +38,8 @@ int pqcrystals_dilithium2_avx2_open(uint8_t *m, size_t *mlen,
 
 int pqcrystals_dilithium2aes_avx2_keypair(uint8_t *pk, uint8_t *sk);
 
+int pqcrystals_dilithium2aes_avx2_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int pqcrystals_dilithium2aes_avx2_signature(uint8_t *sig, size_t *siglen,
                                            const uint8_t *m, size_t mlen,
                                            const uint8_t *sk);
@@ -62,6 +66,8 @@ int pqcrystals_dilithium2aes_avx2_open(uint8_t *m, size_t *mlen,
 
 int pqcrystals_dilithium3_avx2_keypair(uint8_t *pk, uint8_t *sk);
 
+int pqcrystals_dilithium3_avx2_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int pqcrystals_dilithium3_avx2_signature(uint8_t *sig, size_t *siglen,
                                         const uint8_t *m, size_t mlen,
                                         const uint8_t *sk);
@@ -84,6 +90,8 @@ int pqcrystals_dilithium3_avx2_open(uint8_t *m, size_t *mlen,
 
 int pqcrystals_dilithium3aes_avx2_keypair(uint8_t *pk, uint8_t *sk);
 
+int pqcrystals_dilithium3aes_avx2_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int pqcrystals_dilithium3aes_avx2_signature(uint8_t *sig, size_t *siglen,
                                            const uint8_t *m, size_t mlen,
                                            const uint8_t *sk);
@@ -110,6 +118,8 @@ int pqcrystals_dilithium3aes_avx2_open(uint8_t *m, size_t *mlen,
 
 int pqcrystals_dilithium5_avx2_keypair(uint8_t *pk, uint8_t *sk);
 
+int pqcrystals_dilithium5_avx2_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int pqcrystals_dilithium5_avx2_signature(uint8_t *sig, size_t *siglen,
                                         const uint8_t *m, size_t mlen,
                                         const uint8_t *sk);
@@ -132,6 +142,8 @@ int pqcrystals_dilithium5_avx2_open(uint8_t *m, size_t *mlen,
 
 int pqcrystals_dilithium5aes_avx2_keypair(uint8_t *pk, uint8_t *sk);
 
+int pqcrystals_dilithium5aes_avx2_keypair_from_fseed(uint8_t *pk, uint8_t *sk, const uint8_t *seed);
+
 int pqcrystals_dilithium5aes_avx2_signature(uint8_t *sig, size_t *siglen,
                                            const uint8_t *m, size_t mlen,
                                            const uint8_t *sk);