use of com.github.zhenwei.core.pqc.math.ntru.polynomial.BigIntPolynomial in project LinLong-Java by zhenwei1108.
the class NTRUSigningKeyPairGenerator method generateBasis.
/**
* Creates a NTRUSigner basis consisting of polynomials <code>f, g, F, G, h</code>.<br/> If
* <code>KeyGenAlg=FLOAT</code>, the basis may not be valid and this method must be rerun if that
* is the case.<br/>
*
* @see #generateBoundedBasis()
*/
private FGBasis generateBasis() {
int N = params.N;
int q = params.q;
int d = params.d;
int d1 = params.d1;
int d2 = params.d2;
int d3 = params.d3;
int basisType = params.basisType;
Polynomial f;
IntegerPolynomial fInt;
Polynomial g;
IntegerPolynomial gInt;
IntegerPolynomial fq;
Resultant rf;
Resultant rg;
BigIntEuclidean r;
int _2n1 = 2 * N + 1;
boolean primeCheck = params.primeCheck;
do {
do {
f = params.polyType == NTRUParameters.TERNARY_POLYNOMIAL_TYPE_SIMPLE ? DenseTernaryPolynomial.generateRandom(N, d + 1, d, CryptoServicesRegistrar.getSecureRandom()) : ProductFormPolynomial.generateRandom(N, d1, d2, d3 + 1, d3, CryptoServicesRegistrar.getSecureRandom());
fInt = f.toIntegerPolynomial();
} while (primeCheck && fInt.resultant(_2n1).res.equals(ZERO));
fq = fInt.invertFq(q);
} while (fq == null);
rf = fInt.resultant();
do {
do {
do {
g = params.polyType == NTRUParameters.TERNARY_POLYNOMIAL_TYPE_SIMPLE ? DenseTernaryPolynomial.generateRandom(N, d + 1, d, CryptoServicesRegistrar.getSecureRandom()) : ProductFormPolynomial.generateRandom(N, d1, d2, d3 + 1, d3, CryptoServicesRegistrar.getSecureRandom());
gInt = g.toIntegerPolynomial();
} while (primeCheck && gInt.resultant(_2n1).res.equals(ZERO));
} while (gInt.invertFq(q) == null);
rg = gInt.resultant();
r = BigIntEuclidean.calculate(rf.res, rg.res);
} while (!r.gcd.equals(ONE));
BigIntPolynomial A = (BigIntPolynomial) rf.rho.clone();
A.mult(r.x.multiply(BigInteger.valueOf(q)));
BigIntPolynomial B = (BigIntPolynomial) rg.rho.clone();
B.mult(r.y.multiply(BigInteger.valueOf(-q)));
BigIntPolynomial C;
if (params.keyGenAlg == NTRUSigningKeyGenerationParameters.KEY_GEN_ALG_RESULTANT) {
int[] fRevCoeffs = new int[N];
int[] gRevCoeffs = new int[N];
fRevCoeffs[0] = fInt.coeffs[0];
gRevCoeffs[0] = gInt.coeffs[0];
for (int i = 1; i < N; i++) {
fRevCoeffs[i] = fInt.coeffs[N - i];
gRevCoeffs[i] = gInt.coeffs[N - i];
}
IntegerPolynomial fRev = new IntegerPolynomial(fRevCoeffs);
IntegerPolynomial gRev = new IntegerPolynomial(gRevCoeffs);
IntegerPolynomial t = f.mult(fRev);
t.add(g.mult(gRev));
Resultant rt = t.resultant();
C = fRev.mult(// fRev.mult(B) is actually faster than new SparseTernaryPolynomial(fRev).mult(B), possibly due to cache locality?
B);
C.add(gRev.mult(A));
C = C.mult(rt.rho);
C.div(rt.res);
} else {
// KeyGenAlg.FLOAT
// calculate ceil(log10(N))
int log10N = 0;
for (int i = 1; i < N; i *= 10) {
log10N++;
}
// * Cdec needs to be accurate to 1 decimal place so it can be correctly rounded;
// * fInv loses up to (#digits of longest coeff of B) places in fInv.mult(B);
// * multiplying fInv by B also multiplies the rounding error by a factor of N;
// so make #decimal places of fInv the sum of the above.
BigDecimalPolynomial fInv = rf.rho.div(new BigDecimal(rf.res), B.getMaxCoeffLength() + 1 + log10N);
BigDecimalPolynomial gInv = rg.rho.div(new BigDecimal(rg.res), A.getMaxCoeffLength() + 1 + log10N);
BigDecimalPolynomial Cdec = fInv.mult(B);
Cdec.add(gInv.mult(A));
Cdec.halve();
C = Cdec.round();
}
BigIntPolynomial F = (BigIntPolynomial) B.clone();
F.sub(f.mult(C));
BigIntPolynomial G = (BigIntPolynomial) A.clone();
G.sub(g.mult(C));
IntegerPolynomial FInt = new IntegerPolynomial(F);
IntegerPolynomial GInt = new IntegerPolynomial(G);
minimizeFG(fInt, gInt, FInt, GInt, N);
Polynomial fPrime;
IntegerPolynomial h;
if (basisType == NTRUSigningKeyGenerationParameters.BASIS_TYPE_STANDARD) {
fPrime = FInt;
h = g.mult(fq, q);
} else {
fPrime = g;
h = FInt.mult(fq, q);
}
h.modPositive(q);
return new FGBasis(f, fPrime, h, FInt, GInt, params);
}
Aggregations