-
Notifications
You must be signed in to change notification settings - Fork 26
/
lowmc_pars.h
95 lines (80 loc) · 2.18 KB
/
lowmc_pars.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/*
* This file is part of the optimized implementation of the Picnic signature scheme.
* See the accompanying documentation for complete details.
*
* The code is provided under the MIT license, see LICENSE for
* more details.
* SPDX-License-Identifier: MIT
*/
#ifndef LOWMC_PARS_H
#define LOWMC_PARS_H
#include <stddef.h>
#include "mzd_additional.h"
typedef mzd_local_t lowmc_key_t;
#define MAX_LOWMC_BLOCK_SIZE 32
#define MAX_LOWMC_BLOCK_SIZE_BITS (MAX_LOWMC_BLOCK_SIZE * 8)
#define MAX_LOWMC_KEY_SIZE MAX_LOWMC_BLOCK_SIZE
#define MAX_LOWMC_KEY_SIZE_BITS (MAX_LOWMC_KEY_SIZE * 8)
#define MAX_LOWMC_ROUNDS 38
/**
* Masks for 10 S-boxes.
*/
#define MASK_X0I UINT64_C(0x2492492400000000)
#define MASK_X1I UINT64_C(0x4924924800000000)
#define MASK_X2I UINT64_C(0x9249249000000000)
#define MASK_MASK UINT64_C(0x00000003ffffffff)
/**
* LowMC parameters
*/
typedef struct {
uint16_t n; // == k
uint8_t m;
uint8_t r;
} lowmc_parameters_t;
/**
* LowMC round with full Sblox layer
*/
typedef struct {
const mzd_local_t* k_matrix;
const mzd_local_t* l_matrix;
const mzd_local_t* li_matrix;
const mzd_local_t* constant;
} lowmc_round_t;
/**
* LowMC definition with full Sbox layer
*/
typedef struct {
const mzd_local_t* k0_matrix; // K_0
const mzd_local_t* ki0_matrix; // inverse of K_0
const lowmc_round_t* rounds;
} lowmc_t;
/**
* LowMC round with partial Sblox layer
*/
typedef struct {
const mzd_local_t* z_matrix;
const mzd_local_t* r_matrix;
const word r_mask;
} lowmc_partial_round_t;
/**
* LowMC definition with partial Sbox layer
*/
typedef struct {
const mzd_local_t* k0_matrix; // K_0 + precomputed
const mzd_local_t* zr_matrix; // combined linear layers
const lowmc_partial_round_t* rounds;
const mzd_local_t* precomputed_non_linear_part_matrix;
const mzd_local_t* precomputed_constant_linear;
const mzd_local_t* precomputed_constant_non_linear;
} lowmc_partial_t;
/**
* Unique identifier for a LowMC instance
*/
#define LOWMC_ID(n, m) ((((uint32_t)n) << 16) | (uint32_t)m)
/**
* Obtain unique LowMC instance identifier
*/
static inline ATTR_PURE uint32_t lowmc_get_id(const lowmc_parameters_t* lowmc) {
return LOWMC_ID(lowmc->n, lowmc->m);
}
#endif