-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexpansion.go
63 lines (47 loc) · 1.42 KB
/
expansion.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package mldsa
import (
"math/bits"
)
func expandA(parameters ParameterSet, rho []byte) [][][]int32 {
A := make([][][]int32, parameters.K)
rhoLength := len(rho)
rhoPrime := make([]byte, rhoLength+2)
copy(rhoPrime, rho)
for r := range parameters.K {
A[r] = make([][]int32, parameters.L)
for s := range parameters.L {
rhoPrime[rhoLength] = integerToBytes(s, 1)[0]
rhoPrime[rhoLength+1] = integerToBytes(r, 1)[0]
A[r][s] = rejNttPoly(parameters, rhoPrime)
}
}
return A
}
func expandS(parameters ParameterSet, rho []byte) ([][]int32, [][]int32) {
rhoLength := len(rho)
rhoPrime := make([]byte, rhoLength+2)
copy(rhoPrime, rho)
s1 := make([][]int32, parameters.L)
s2 := make([][]int32, parameters.K)
for r := range parameters.L {
copy(rhoPrime[rhoLength:], integerToBytes(r, 2))
s1[r] = rejBoundedPoly(parameters, rhoPrime)
}
for r := range parameters.K {
copy(rhoPrime[rhoLength:], integerToBytes(r+parameters.L, 2))
s2[r] = rejBoundedPoly(parameters, rhoPrime)
}
return s1, s2
}
func expandMask(parameters ParameterSet, rho []byte, mu int32) [][]int32 {
c := 1 + bits.Len(uint(parameters.Gamma1-1))
rhoPrime := make([]byte, 66)
copy(rhoPrime[:64], rho)
y := make([][]int32, parameters.L)
for r := range parameters.L {
copy(rhoPrime[64:], integerToBytes(mu+r, 2))
v := concatenateBytesAndSHAKE256(int32(32*c), rhoPrime)
y[r] = bitUnpack(v, parameters.Gamma1-1, parameters.Gamma1)
}
return y
}