Crypt-PQClean-Sign
view release on metacpan or search on metacpan
pqclean/crypto_sign/falcon-512/aarch64/inner.h view on Meta::CPAN
/*
* From a SHAKE256 context (must be already flipped), produce a new
* point. This is the non-constant-time version, which may leak enough
* information to serve as a stop condition on a brute force attack on
* the hashed message (provided that the nonce value is known).
*/
void PQCLEAN_FALCON512_AARCH64_hash_to_point_vartime(inner_shake256_context *sc,
uint16_t *x, unsigned logn);
/*
* From a SHAKE256 context (must be already flipped), produce a new
* point. The temporary buffer (tmp) must have room for 2*2^logn bytes.
* This function is constant-time but is typically more expensive than
* PQCLEAN_FALCON512_AARCH64_hash_to_point_vartime().
*
* tmp[] must have 16-bit alignment.
*/
void PQCLEAN_FALCON512_AARCH64_hash_to_point_ct(inner_shake256_context *sc,
uint16_t *x, unsigned logn, uint8_t *tmp);
/*
* Tell whether a given vector (2N coordinates, in two halves) is
* acceptable as a signature. This compares the appropriate norm of the
* vector with the acceptance bound. Returned value is 1 on success
* (vector is short enough to be acceptable), 0 otherwise.
*/
int PQCLEAN_FALCON512_AARCH64_is_short(const int16_t *s1, const int16_t *s2);
/*
* Tell whether a given vector (2N coordinates, in two halves) is
* acceptable as a signature. Instead of the first half s1, this
* function receives the "saturated squared norm" of s1, i.e. the
* sum of the squares of the coordinates of s1 (saturated at 2^32-1
* if the sum exceeds 2^31-1).
*
* Returned value is 1 on success (vector is short enough to be
* acceptable), 0 otherwise.
*/
int PQCLEAN_FALCON512_AARCH64_is_short_tmp(int16_t *s1tmp, int16_t *s2tmp,
const int16_t *hm, const double *t0,
const double *t1);
/* ==================================================================== */
/*
* Signature verification functions (vrfy.c).
*/
/*
* Convert a public key to NTT. Conversion is done in place.
*/
void PQCLEAN_FALCON512_AARCH64_to_ntt(int16_t *h);
/*
* Convert a public key to NTT + Montgomery format. Conversion is done
* in place.
*/
void PQCLEAN_FALCON512_AARCH64_to_ntt_monty(int16_t *h);
/*
* Internal signature verification code:
* c0[] contains the hashed nonce+message
* s2[] is the decoded signature
* h[] contains the public key, in NTT + Montgomery format
* logn is the degree log
* tmp[] temporary, must have at least 2*2^logn bytes
* Returned value is 1 on success, 0 on error.
*
* tmp[] must have 16-bit alignment.
*/
int PQCLEAN_FALCON512_AARCH64_verify_raw(const int16_t *c0, const int16_t *s2,
int16_t *h, int16_t *tmp);
/*
* Compute the public key h[], given the private key elements f[] and
* g[]. This computes h = g/f mod phi mod q, where phi is the polynomial
* modulus. This function returns 1 on success, 0 on error (an error is
* reported if f is not invertible mod phi mod q).
*
* The tmp[] array must have room for at least 2*2^logn elements.
* tmp[] must have 16-bit alignment.
*/
int PQCLEAN_FALCON512_AARCH64_compute_public(int16_t *h, const int8_t *f,
const int8_t *g, int16_t *tmp);
/*
* Recompute the fourth private key element. Private key consists in
* four polynomials with small coefficients f, g, F and G, which are
* such that fG - gF = q mod phi; furthermore, f is invertible modulo
* phi and modulo q. This function recomputes G from f, g and F.
*
* The tmp[] array must have room for at least 4*2^logn bytes.
*
* Returned value is 1 in success, 0 on error (f not invertible).
* tmp[] must have 16-bit alignment.
*/
int PQCLEAN_FALCON512_AARCH64_complete_private(int8_t *G, const int8_t *f,
const int8_t *g, const int8_t *F,
uint8_t *tmp);
/*
* Test whether a given polynomial is invertible modulo phi and q.
* Polynomial coefficients are small integers.
*
* tmp[] must have 16-bit alignment.
*/
int PQCLEAN_FALCON512_AARCH64_is_invertible(const int16_t *s2, uint8_t *tmp);
/*
* Count the number of elements of value zero in the NTT representation
* of the given polynomial: this is the number of primitive 2n-th roots
* of unity (modulo q = 12289) that are roots of the provided polynomial
* (taken modulo q).
*
* tmp[] must have 16-bit alignment.
*/
int PQCLEAN_FALCON512_AARCH64_count_nttzero(const int16_t *sig, uint8_t *tmp);
/*
* Internal signature verification with public key recovery:
* h[] receives the public key (NOT in NTT/Montgomery format)
* c0[] contains the hashed nonce+message
* s1[] is the first signature half
( run in 0.427 second using v1.01-cache-2.11-cpan-bbb979687b5 )