use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.
the class McElieceCCA2Primitives method decryptionPrimitive.
/**
* The McEliece decryption primitive.
*
* @param privKey the private key
* @param c the ciphertext vector <tt>c = m*G + z</tt>
* @return the message vector <tt>m</tt> and the error vector <tt>z</tt>
*/
public static GF2Vector[] decryptionPrimitive(McElieceCCA2PrivateKeyParameters privKey, GF2Vector c) {
// obtain values from private key
int k = privKey.getK();
Permutation p = privKey.getP();
GF2mField field = privKey.getField();
PolynomialGF2mSmallM gp = privKey.getGoppaPoly();
GF2Matrix h = privKey.getH();
PolynomialGF2mSmallM[] q = privKey.getQInv();
// compute inverse permutation P^-1
Permutation pInv = p.computeInverse();
// multiply c with permutation P^-1
GF2Vector cPInv = (GF2Vector) c.multiply(pInv);
// compute syndrome of cP^-1
GF2Vector syndVec = (GF2Vector) h.rightMultiply(cPInv);
// decode syndrome
GF2Vector errors = GoppaCode.syndromeDecode(syndVec, field, gp, q);
GF2Vector mG = (GF2Vector) cPInv.add(errors);
// multiply codeword and error vector with P
mG = (GF2Vector) mG.multiply(p);
errors = (GF2Vector) errors.multiply(p);
// extract plaintext vector (last k columns of mG)
GF2Vector m = mG.extractRightVector(k);
// return vectors
return new GF2Vector[] { m, errors };
}
use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.
the class McElieceCipher method messageDecrypt.
/**
* Decrypt a cipher text.
*
* @param input the cipher text
* @return the plain text
* @throws InvalidCipherTextException if the cipher text is invalid.
*/
public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
if (forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
GF2Vector vec = GF2Vector.OS2VP(n, input);
McEliecePrivateKeyParameters privKey = (McEliecePrivateKeyParameters) key;
GF2mField field = privKey.getField();
PolynomialGF2mSmallM gp = privKey.getGoppaPoly();
GF2Matrix sInv = privKey.getSInv();
Permutation p1 = privKey.getP1();
Permutation p2 = privKey.getP2();
GF2Matrix h = privKey.getH();
PolynomialGF2mSmallM[] qInv = privKey.getQInv();
// compute permutation P = P1 * P2
Permutation p = p1.rightMultiply(p2);
// compute P^-1
Permutation pInv = p.computeInverse();
// compute c P^-1
GF2Vector cPInv = (GF2Vector) vec.multiply(pInv);
// compute syndrome of c P^-1
GF2Vector syndrome = (GF2Vector) h.rightMultiply(cPInv);
// decode syndrome
GF2Vector z = GoppaCode.syndromeDecode(syndrome, field, gp, qInv);
GF2Vector mSG = (GF2Vector) cPInv.add(z);
// multiply codeword with P1 and error vector with P
mSG = (GF2Vector) mSG.multiply(p1);
z = (GF2Vector) z.multiply(p);
// extract mS (last k columns of mSG)
GF2Vector mS = mSG.extractRightVector(k);
// compute plaintext vector
GF2Vector mVec = (GF2Vector) sInv.leftMultiply(mS);
// compute and return plaintext
return computeMessage(mVec);
}
use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.
the class McElieceFujisakiCipher method messageDecrypt.
public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
if (forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
int c1Len = (n + 7) >> 3;
int c2Len = input.length - c1Len;
// split ciphertext (c1||c2)
byte[][] c1c2 = ByteUtils.split(input, c1Len);
byte[] c1 = c1c2[0];
byte[] c2 = c1c2[1];
// decrypt c1 ...
GF2Vector hrmVec = GF2Vector.OS2VP(n, c1);
GF2Vector[] decC1 = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, hrmVec);
byte[] rBytes = decC1[0].getEncoded();
// ... and obtain error vector z
GF2Vector z = decC1[1];
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rBytes);
// generate random sequence
byte[] mBytes = new byte[c2Len];
sr0.nextBytes(mBytes);
// XOR with c2 to obtain m
for (int i = 0; i < c2Len; i++) {
mBytes[i] ^= c2[i];
}
// compute H(r||m)
byte[] rmBytes = ByteUtils.concatenate(rBytes, mBytes);
byte[] hrm = new byte[messDigest.getDigestSize()];
messDigest.update(rmBytes, 0, rmBytes.length);
messDigest.doFinal(hrm, 0);
// compute Conv(H(r||m))
hrmVec = Conversions.encode(n, t, hrm);
// check that Conv(H(m||r)) = z
if (!hrmVec.equals(z)) {
throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
}
// return plaintext m
return mBytes;
}
use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.
the class McElieceFujisakiCipher method messageEncrypt.
public byte[] messageEncrypt(byte[] input) {
if (!forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
// generate random vector r of length k bits
GF2Vector r = new GF2Vector(k, sr);
// convert r to byte array
byte[] rBytes = r.getEncoded();
// compute (r||input)
byte[] rm = ByteUtils.concatenate(rBytes, input);
// compute H(r||input)
messDigest.update(rm, 0, rm.length);
byte[] hrm = new byte[messDigest.getDigestSize()];
messDigest.doFinal(hrm, 0);
// convert H(r||input) to error vector z
GF2Vector z = Conversions.encode(n, t, hrm);
// compute c1 = E(r, z)
byte[] c1 = McElieceCCA2Primitives.encryptionPrimitive((McElieceCCA2PublicKeyParameters) key, r, z).getEncoded();
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rBytes);
// generate random c2
byte[] c2 = new byte[input.length];
sr0.nextBytes(c2);
// XOR with input
for (int i = 0; i < input.length; i++) {
c2[i] ^= input[i];
}
// return (c1||c2)
return ByteUtils.concatenate(c1, c2);
}
use of com.github.zhenwei.core.pqc.math.linearalgebra.GF2Vector in project LinLong-Java by zhenwei1108.
the class McElieceKobaraImaiCipher method messageDecrypt.
public byte[] messageDecrypt(byte[] input) throws InvalidCipherTextException {
if (forEncryption) {
throw new IllegalStateException("cipher initialised for decryption");
}
int nDiv8 = n >> 3;
if (input.length < nDiv8) {
throw new InvalidCipherTextException("Bad Padding: Ciphertext too short.");
}
int c2Len = messDigest.getDigestSize();
int c4Len = k >> 3;
int c5Len = (IntegerFunctions.binomial(n, t).bitLength() - 1) >> 3;
int c6Len = input.length - nDiv8;
// split cipher text (c6||encC4), where c6 may be empty
byte[] c6, encC4;
if (c6Len > 0) {
byte[][] c6EncC4 = ByteUtils.split(input, c6Len);
c6 = c6EncC4[0];
encC4 = c6EncC4[1];
} else {
c6 = new byte[0];
encC4 = input;
}
// convert encC4 into vector over GF(2)
GF2Vector encC4Vec = GF2Vector.OS2VP(n, encC4);
// decrypt encC4Vec to obtain c4 and error vector z
GF2Vector[] c4z = McElieceCCA2Primitives.decryptionPrimitive((McElieceCCA2PrivateKeyParameters) key, encC4Vec);
byte[] c4 = c4z[0].getEncoded();
GF2Vector z = c4z[1];
// if length of c4 is greater than c4Len (because of padding) ...
if (c4.length > c4Len) {
// ... truncate the padding bytes
c4 = ByteUtils.subArray(c4, 0, c4Len);
}
// compute c5 = Conv^-1(z)
byte[] c5 = Conversions.decode(n, t, z);
// if c5 is shorter than expected, pad with leading zeroes
if (c5.length < c5Len) {
byte[] paddedC5 = new byte[c5Len];
System.arraycopy(c5, 0, paddedC5, c5Len - c5.length, c5.length);
c5 = paddedC5;
}
// compute (c6||c5||c4)
byte[] c6c5c4 = ByteUtils.concatenate(c6, c5);
c6c5c4 = ByteUtils.concatenate(c6c5c4, c4);
// split (c6||c5||c4) into (c2||c1), where c2Len = mdLen and c1Len =
// input.length-c2Len bytes.
int c1Len = c6c5c4.length - c2Len;
byte[][] c2c1 = ByteUtils.split(c6c5c4, c2Len);
byte[] c2 = c2c1[0];
byte[] c1 = c2c1[1];
// compute H(c1) ...
byte[] rPrime = new byte[messDigest.getDigestSize()];
messDigest.update(c1, 0, c1.length);
messDigest.doFinal(rPrime, 0);
// ... and XOR with c2 to obtain r'
for (int i = c2Len - 1; i >= 0; i--) {
rPrime[i] ^= c2[i];
}
// get PRNG object
DigestRandomGenerator sr0 = new DigestRandomGenerator(new SHA1Digest());
// seed PRNG with r'
sr0.addSeedMaterial(rPrime);
// generate random sequence R(r') ...
byte[] mConstPrime = new byte[c1Len];
sr0.nextBytes(mConstPrime);
// ... and XOR with c1 to obtain (m||const')
for (int i = c1Len - 1; i >= 0; i--) {
mConstPrime[i] ^= c1[i];
}
if (mConstPrime.length < c1Len) {
throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
}
byte[][] temp = ByteUtils.split(mConstPrime, c1Len - PUBLIC_CONSTANT.length);
byte[] mr = temp[0];
byte[] constPrime = temp[1];
if (!ByteUtils.equals(constPrime, PUBLIC_CONSTANT)) {
throw new InvalidCipherTextException("Bad Padding: invalid ciphertext");
}
return mr;
}
Aggregations