Search in sources :

Example 1 with GF2Vector

use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.

the class McElieceCCA2Primitives method decryptionPrimitive.

/**
 * The McEliece decryption primitive.
 *
 * @param privKey the private key
 * @param c       the ciphertext vector <tt>c = m*G + z</tt>
 * @return the message vector <tt>m</tt> and the error vector <tt>z</tt>
 */
public static GF2Vector[] decryptionPrimitive(McElieceCCA2PrivateKeyParameters privKey, GF2Vector c) {
    // obtain values from private key
    int k = privKey.getK();
    Permutation p = privKey.getP();
    GF2mField field = privKey.getField();
    PolynomialGF2mSmallM gp = privKey.getGoppaPoly();
    GF2Matrix h = privKey.getH();
    PolynomialGF2mSmallM[] q = privKey.getQInv();
    // compute inverse permutation P^-1
    Permutation pInv = p.computeInverse();
    // multiply c with permutation P^-1
    GF2Vector cPInv = (GF2Vector) c.multiply(pInv);
    // compute syndrome of cP^-1
    GF2Vector syndVec = (GF2Vector) h.rightMultiply(cPInv);
    // decode syndrome
    GF2Vector errors = GoppaCode.syndromeDecode(syndVec, field, gp, q);
    GF2Vector mG = (GF2Vector) cPInv.add(errors);
    // multiply codeword and error vector with P
    mG = (GF2Vector) mG.multiply(p);
    errors = (GF2Vector) errors.multiply(p);
    // extract plaintext vector (last k columns of mG)
    GF2Vector m = mG.extractRightVector(k);
    // return vectors
    return new GF2Vector[] { m, errors };
}
Also used : GF2mField(com.github.zhenwei.core.pqc.math.linearalgebra.GF2mField) PolynomialGF2mSmallM(com.github.zhenwei.core.pqc.math.linearalgebra.PolynomialGF2mSmallM) GF2Matrix(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Matrix) Permutation(com.github.zhenwei.core.pqc.math.linearalgebra.Permutation) GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector)

Example 2 with GF2Vector

use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.

the class McElieceCipher method messageDecrypt.

/**
 * Decrypt a cipher text.
 *
 * @param input the cipher text
 * @return the plain text
 * @throws InvalidCipherTextException if the cipher text is invalid.
 */
public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
    if (forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    GF2Vector vec = GF2Vector.OS2VP(n, input);
    McEliecePrivateKeyParameters privKey = (McEliecePrivateKeyParameters) key;
    GF2mField field = privKey.getField();
    PolynomialGF2mSmallM gp = privKey.getGoppaPoly();
    GF2Matrix sInv = privKey.getSInv();
    Permutation p1 = privKey.getP1();
    Permutation p2 = privKey.getP2();
    GF2Matrix h = privKey.getH();
    PolynomialGF2mSmallM[] qInv = privKey.getQInv();
    // compute permutation P = P1 * P2
    Permutation p = p1.rightMultiply(p2);
    // compute P^-1
    Permutation pInv = p.computeInverse();
    // compute c P^-1
    GF2Vector cPInv = (GF2Vector) vec.multiply(pInv);
    // compute syndrome of c P^-1
    GF2Vector syndrome = (GF2Vector) h.rightMultiply(cPInv);
    // decode syndrome
    GF2Vector z = GoppaCode.syndromeDecode(syndrome, field, gp, qInv);
    GF2Vector mSG = (GF2Vector) cPInv.add(z);
    // multiply codeword with P1 and error vector with P
    mSG = (GF2Vector) mSG.multiply(p1);
    z = (GF2Vector) z.multiply(p);
    // extract mS (last k columns of mSG)
    GF2Vector mS = mSG.extractRightVector(k);
    // compute plaintext vector
    GF2Vector mVec = (GF2Vector) sInv.leftMultiply(mS);
    // compute and return plaintext
    return computeMessage(mVec);
}
Also used : GF2mField(com.github.zhenwei.core.pqc.math.linearalgebra.GF2mField) PolynomialGF2mSmallM(com.github.zhenwei.core.pqc.math.linearalgebra.PolynomialGF2mSmallM) GF2Matrix(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Matrix) GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) Permutation(com.github.zhenwei.core.pqc.math.linearalgebra.Permutation)

Example 3 with GF2Vector

use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.

the class McElieceFujisakiCipher method messageDecrypt.

public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
    if (forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    int c1Len = (n + 7) >> 3;
    int c2Len = input.length - c1Len;
    // split ciphertext (c1||c2)
    byte[][] c1c2 = ByteUtils.split(input, c1Len);
    byte[] c1 = c1c2[0];
    byte[] c2 = c1c2[1];
    // decrypt c1 ...
    GF2Vector hrmVec = GF2Vector.OS2VP(n, c1);
    GF2Vector[] decC1 = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, hrmVec);
    byte[] rBytes = decC1[0].getEncoded();
    // ... and obtain error vector z
    GF2Vector z = decC1[1];
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rBytes);
    // generate random sequence
    byte[] mBytes = new byte[c2Len];
    sr0.nextBytes(mBytes);
    // XOR with c2 to obtain m
    for (int i = 0; i < c2Len; i++) {
        mBytes[i] ^= c2[i];
    }
    // compute H(r||m)
    byte[] rmBytes = ByteUtils.concatenate(rBytes, mBytes);
    byte[] hrm = new byte[messDigest.getDigestSize()];
    messDigest.update(rmBytes, 0, rmBytes.length);
    messDigest.doFinal(hrm, 0);
    // compute Conv(H(r||m))
    hrmVec = Conversions.encode(n, t, hrm);
    // check that Conv(H(m||r)) = z
    if (!hrmVec.equals(z)) {
        throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
    }
    // return plaintext m
    return mBytes;
}
Also used : InvalidCipherTextException(com.github.zhenwei.core.crypto.InvalidCipherTextException) GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Example 4 with GF2Vector

use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.

the class McElieceFujisakiCipher method messageEncrypt.

public byte[] messageEncrypt(byte[] input) {
    if (!forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    // generate random vector r of length k bits
    GF2Vector r = new GF2Vector(k, sr);
    // convert r to byte array
    byte[] rBytes = r.getEncoded();
    // compute (r||input)
    byte[] rm = ByteUtils.concatenate(rBytes, input);
    // compute H(r||input)
    messDigest.update(rm, 0, rm.length);
    byte[] hrm = new byte[messDigest.getDigestSize()];
    messDigest.doFinal(hrm, 0);
    // convert H(r||input) to error vector z
    GF2Vector z = Conversions.encode(n, t, hrm);
    // compute c1 = E(r, z)
    byte[] c1 = McElieceCCA2Primitives.encryptionPrimitive((McElieceCCA2PublicKeyParameters) key, r, z).getEncoded();
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rBytes);
    // generate random c2
    byte[] c2 = new byte[input.length];
    sr0.nextBytes(c2);
    // XOR with input
    for (int i = 0; i < input.length; i++) {
        c2[i] ^= input[i];
    }
    // return (c1||c2)
    return ByteUtils.concatenate(c1, c2);
}
Also used : GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Example 5 with GF2Vector

use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.

the class McElieceKobaraImaiCipher method messageDecrypt.

public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
    if (forEncryption) {
        throw new IllegalStateException("cipher initialised for decryption");
    }
    int nDiv8 = n >> 3;
    if (input.length < nDiv8) {
        throw new InvalidCipherTextException("Bad Padding: Ciphertext too short.");
    }
    int c2Len = messDigest.getDigestSize();
    int c4Len = k >> 3;
    int c5Len = (IntegerFunctions.binomial(n, t).bitLength() - 1) >> 3;
    int c6Len = input.length - nDiv8;
    // split cipher text (c6||encC4), where c6 may be empty
    byte[] c6, encC4;
    if (c6Len > 0) {
        byte[][] c6EncC4 = ByteUtils.split(input, c6Len);
        c6 = c6EncC4[0];
        encC4 = c6EncC4[1];
    } else {
        c6 = new byte[0];
        encC4 = input;
    }
    // convert encC4 into vector over GF(2)
    GF2Vector encC4Vec = GF2Vector.OS2VP(n, encC4);
    // decrypt encC4Vec to obtain c4 and error vector z
    GF2Vector[] c4z = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, encC4Vec);
    byte[] c4 = c4z[0].getEncoded();
    GF2Vector z = c4z[1];
    // if length of c4 is greater than c4Len (because of padding) ...
    if (c4.length > c4Len) {
        // ... truncate the padding bytes
        c4 = ByteUtils.subArray(c4, 0, c4Len);
    }
    // compute c5 = Conv^-1(z)
    byte[] c5 = Conversions.decode(n, t, z);
    // if c5 is shorter than expected, pad with leading zeroes
    if (c5.length < c5Len) {
        byte[] paddedC5 = new byte[c5Len];
        System.arraycopy(c5, 0, paddedC5, c5Len - c5.length, c5.length);
        c5 = paddedC5;
    }
    // compute (c6||c5||c4)
    byte[] c6c5c4 = ByteUtils.concatenate(c6, c5);
    c6c5c4 = ByteUtils.concatenate(c6c5c4, c4);
    // split (c6||c5||c4) into (c2||c1), where c2Len = mdLen and c1Len =
    // input.length-c2Len bytes.
    int c1Len = c6c5c4.length - c2Len;
    byte[][] c2c1 = ByteUtils.split(c6c5c4, c2Len);
    byte[] c2 = c2c1[0];
    byte[] c1 = c2c1[1];
    // compute H(c1) ...
    byte[] rPrime = new byte[messDigest.getDigestSize()];
    messDigest.update(c1, 0, c1.length);
    messDigest.doFinal(rPrime, 0);
    // ... and XOR with c2 to obtain r'
    for (int i = c2Len - 1; i >= 0; i--) {
        rPrime[i] ^= c2[i];
    }
    // get PRNG object
    DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
    // seed PRNG with r'
    sr0.addSeedMaterial(rPrime);
    // generate random sequence R(r') ...
    byte[] mConstPrime = new byte[c1Len];
    sr0.nextBytes(mConstPrime);
    // ... and XOR with c1 to obtain (m||const')
    for (int i = c1Len - 1; i >= 0; i--) {
        mConstPrime[i] ^= c1[i];
    }
    if (mConstPrime.length < c1Len) {
        throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
    }
    byte[][] temp = ByteUtils.split(mConstPrime, c1Len - PUBLIC_CONSTANT.length);
    byte[] mr = temp[0];
    byte[] constPrime = temp[1];
    if (!ByteUtils.equals(constPrime, PUBLIC_CONSTANT)) {
        throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
    }
    return mr;
}
Also used : InvalidCipherTextException(com.github.zhenwei.core.crypto.InvalidCipherTextException) GF2Vector(com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector) SHA1Digest(com.github.zhenwei.core.crypto.digests.SHA1Digest) DigestRandomGenerator(com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)

Aggregations

GF2Vector (com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector)15 GF2Matrix (com.github.zhenwei.core.pqc.math.linearalgebra.GF2Matrix)8 SHA1Digest (com.github.zhenwei.core.crypto.digests.SHA1Digest)6 DigestRandomGenerator (com.github.zhenwei.core.crypto.prng.DigestRandomGenerator)6 GF2mField (com.github.zhenwei.core.pqc.math.linearalgebra.GF2mField)4 Permutation (com.github.zhenwei.core.pqc.math.linearalgebra.Permutation)4 PolynomialGF2mSmallM (com.github.zhenwei.core.pqc.math.linearalgebra.PolynomialGF2mSmallM)4 Vector (com.github.zhenwei.core.pqc.math.linearalgebra.Vector)4 InvalidCipherTextException (com.github.zhenwei.core.crypto.InvalidCipherTextException)3 BigInteger (java.math.BigInteger)1