rms.c 1.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. #include "config.h"
  2. #include <assert.h>
  3. #include <stdint.h>
  4. #include <stdbool.h>
  5. #include <stdio.h>
  6. #include <gmp.h>
  7. #include "ddlog.h"
  8. #include "elgamal.h"
  9. #include "entropy.h"
  10. #include "group.h"
  11. #include "hss.h"
  12. static inline
  13. uint32_t mul_single(const elgamal_cipher_t c,
  14. const uint32_t x,
  15. const mpz_t cx)
  16. {
  17. mpz_t op1, op2;
  18. mpz_inits(op1, op2, NULL);
  19. /* c1: first block */
  20. fb_powmp_ui(op1, c->fb_c1, cx->_mp_d[0]);
  21. /* c1: second block */
  22. fb_powmp_ui(op2, c->fb_c1e64, cx->_mp_d[1]);
  23. mpz_mul_modp(op1, op2, op1);
  24. /* c1: third block */
  25. fb_powmp_ui(op2, c->fb_c1e128, cx->_mp_d[2]);
  26. mpz_mul_modp(op1, op2, op1);
  27. /* c2 */
  28. fb_powmp_ui(op2, c->fb_c2, x);
  29. mpz_mul_modp(op2, op2, op1);
  30. const uint32_t converted = convert(PTR(op2));
  31. mpz_clears(op1, op2, NULL);
  32. return converted;
  33. }
  34. void hss_mul(ssl2_t rop, const ssl1_t sl1, const ssl2_t sl2)
  35. {
  36. uint32_t converted;
  37. rop->x = mul_single(sl1->w, sl2->x, sl2->cx);
  38. mpz_set_ui(rop->cx, 0);
  39. for (size_t t = 0; t < SK_BLOCKS; t++) {
  40. mpz_mul_2exp(rop->cx, rop->cx, SS_BASE);
  41. converted = mul_single(sl1->cw[t], sl2->x, sl2->cx);
  42. mpz_add_ui(rop->cx, rop->cx, converted);
  43. }
  44. }