Documentation
¶
Overview ¶
Package util implements the generic underlying algorithms from NIST FIPS 204.
This aux.go file contains the auxiliary internal functions needed to implement ML-DSA.
The implementations here have slightly more verbose function prototypes than FIPS-204, due to the need to parametrize the functions based on the actual parameter sets for the ML-DSA algorithm being used. The first parameters to all functions are constants to the specific instantiation of ML-DSA (e.g., k, l, or omega2).
Index ¶
- func AddVector(v, w []ring.Rq) []ring.Rq
- func AddVectorNTT(v, w []ring.Tq) []ring.Tq
- func BitPack(w ring.Rz, k uint8) []byte
- func BitPackClosed(w ring.Rz, k uint8) []byte
- func BitUnpack(b []byte, k uint8) (z ring.Rz)
- func BitUnpackClosed(b []byte, k uint8) (z ring.Rz, err error)
- func ExpandA(cfg *params.Cfg, rho []byte) [][]ring.Tq
- func ExpandMask(cfg *params.Cfg, rho []byte, mu uint16) []ring.Rz
- func ExpandS(cfg *params.Cfg, rho []byte) ([]ring.Rq, []ring.Rq)
- func H(out []byte, data []byte)
- func HintBitPack(k, omega uint8, h []ring.R2) []byte
- func HintBitUnpack(k, omega uint8, y []byte) ([]ring.R2, error)
- func IntegerToBits[T ~uint32](x T, a int) []byte
- func InvNttVec(w []ring.Tq) []ring.Rq
- func InverseNTT(wh ring.Tq) ring.Rq
- func MakeHint(cfg *params.Cfg, z, r []ring.Rq) []ring.R2
- func MatrixVectorNTT(M_hat [][]ring.Tq, v_hat []ring.Tq) []ring.Tq
- func NTT(w ring.Rq) (wh ring.Tq)
- func NegateVector(v []ring.Rq) []ring.Rq
- func NttVec(r []ring.Rq) []ring.Tq
- func Power2RoundVec(x []ring.Rq) ([]ring.Rz, []ring.Rz)
- func RejBoundedPoly(eta int, seed []byte) (a ring.Rq)
- func RejNTTPoly(seed []byte) (ah ring.Tq)
- func SKEncode(k, l, log_eta uint8, rho, K, tr []byte, s1, s2, t0 []ring.Rz) []byte
- func SampleInBall(cfg *params.Cfg, seed []byte) (c ring.Rz)
- func ScalarVector(c field.T, v []ring.Rq) []ring.Rq
- func ScalarVectorNTT(c_hat ring.Tq, v_hat []ring.Tq) []ring.Tq
- func SigDecode(cfg *params.Cfg, sig []byte) ([]byte, []ring.Rz, []ring.R2, error)
- func SigEncode(cfg *params.Cfg, c []byte, z []ring.Rq, h []ring.R2) []byte
- func SimpleBitPack(w ring.Rz, k uint8) []byte
- func SimpleBitUnpack(b []byte, k uint8) (z ring.Rz)
- func SubVector(v, w []ring.Rq) []ring.Rq
- func SubVectorNTT(v, w []ring.Tq) []ring.Tq
- func UseHint(cfg *params.Cfg, h []ring.R2, r []ring.Rq) []ring.Rz
- func W1Encode(cfg *params.Cfg, w1 []ring.Rz) []byte
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BitPackClosed ¶
Algorithm 17, specialized to values in the closed interval -2^k <= x <= 2^k 2^k is called eta in the context of FIPS 204
func BitUnpackClosed ¶
Algorithm 19, specialized to values in -eta <= x <= eta Returns an error if any value is out of range 2^k is called eta in the context of FIPS 204 k is always either 1 or 2. This is only used during sk decoding
func HintBitPack ¶
Algorithm 20 Does not need to be constant-time, as hints are public This is used during signature encoding
func HintBitUnpack ¶
Algorithm 21 This is used by signature verification, which does not need to be constant-time
func IntegerToBits ¶
Algorithm 9 Returns a length-`a` []byte with a distinct byte entry for each bit, in lsb order
func MakeHint ¶
Algorithm 39 Not constant time - inputs and outputs are public Returns nil when the number of 1s in the hint is greater than omega
func MatrixVectorNTT ¶
Algorithm 48
func ScalarVector ¶
Multiplies each element of a vector by a scalar
func SimpleBitPack ¶
Algorithm 16 Assumes that all coefficients are in the range 0 <= x < 2^k
func SubVectorNTT ¶
This is implied by Algorithm 46, but needed for Verify_internal()
Types ¶
This section is empty.
Source Files