From 0baf073c93e841a958cdfb0db3ce98d8e729c71b Mon Sep 17 00:00:00 2001 From: Al-Kindi-0 <82364884+Al-Kindi-0@users.noreply.github.com> Date: Sat, 20 Apr 2024 18:12:31 +0200 Subject: [PATCH 1/2] fix: bug in Falcon secret key basis order --- src/dsa/rpo_falcon512/keys/mod.rs | 8 ++++---- src/dsa/rpo_falcon512/keys/secret_key.rs | 8 ++++---- src/dsa/rpo_falcon512/math/mod.rs | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/dsa/rpo_falcon512/keys/mod.rs b/src/dsa/rpo_falcon512/keys/mod.rs index 240ff6a3..bc0c7863 100644 --- a/src/dsa/rpo_falcon512/keys/mod.rs +++ b/src/dsa/rpo_falcon512/keys/mod.rs @@ -23,17 +23,17 @@ mod tests { #[test] fn test_falcon_verification() { - let seed = [0_u8; 32]; - let mut rng = ChaCha20Rng::from_seed(seed); + let mut rng = ChaCha20Rng::from_entropy(); // generate random keys - let sk = SecretKey::with_rng(&mut rng); + let sk = SecretKey::new(); let pk = sk.public_key(); // test secret key serialization/deserialization let mut buffer = vec![]; sk.write_into(&mut buffer); - let sk = SecretKey::read_from_bytes(&buffer).unwrap(); + let sk_deserialized = SecretKey::read_from_bytes(&buffer).unwrap(); + assert_eq!(sk.short_lattice_basis(), sk_deserialized.short_lattice_basis()); // sign a random message let message: Word = [ONE; 4]; diff --git a/src/dsa/rpo_falcon512/keys/secret_key.rs b/src/dsa/rpo_falcon512/keys/secret_key.rs index 4a099ff2..d3ca339c 100644 --- a/src/dsa/rpo_falcon512/keys/secret_key.rs +++ b/src/dsa/rpo_falcon512/keys/secret_key.rs @@ -210,14 +210,14 @@ impl Serializable for SecretKey { let l = n.checked_ilog2().unwrap() as u8; let header: u8 = (5 << 4) | l; - let f = &basis[1]; + let neg_f = &basis[1]; let g = &basis[0]; - let capital_f = &basis[3]; + let neg_big_f = &basis[3]; let mut buffer = Vec::with_capacity(1281); buffer.push(header); - let f_i8: Vec = f.coefficients.iter().map(|&a| -a as i8).collect(); + let f_i8: Vec = neg_f.coefficients.iter().map(|&a| -a as i8).collect(); let f_i8_encoded = encode_i8(&f_i8, WIDTH_SMALL_POLY_COEFFICIENT).unwrap(); buffer.extend_from_slice(&f_i8_encoded); @@ -225,7 +225,7 @@ impl Serializable for SecretKey { let g_i8_encoded = encode_i8(&g_i8, WIDTH_SMALL_POLY_COEFFICIENT).unwrap(); buffer.extend_from_slice(&g_i8_encoded); - let big_f_i8: Vec = capital_f.coefficients.iter().map(|&a| -a as i8).collect(); + let big_f_i8: Vec = neg_big_f.coefficients.iter().map(|&a| -a as i8).collect(); let big_f_i8_encoded = encode_i8(&big_f_i8, WIDTH_BIG_POLY_COEFFICIENT).unwrap(); buffer.extend_from_slice(&big_f_i8_encoded); target.write_bytes(&buffer); diff --git a/src/dsa/rpo_falcon512/math/mod.rs b/src/dsa/rpo_falcon512/math/mod.rs index 8d0ed17f..6e2e6f06 100644 --- a/src/dsa/rpo_falcon512/math/mod.rs +++ b/src/dsa/rpo_falcon512/math/mod.rs @@ -96,10 +96,10 @@ pub(crate) fn ntru_gen(n: usize, rng: &mut R) -> [Polynomial; 4] { ntru_solve(&f.map(|&i| i.into()), &g.map(|&i| i.into())) { return [ - f, g, - capital_f.map(|i| i.try_into().unwrap()), + -f, capital_g.map(|i| i.try_into().unwrap()), + -capital_f.map(|i| i.try_into().unwrap()), ]; } } From 587c91bce2dd9bdb4870027f3bdb2186d6e058f1 Mon Sep 17 00:00:00 2001 From: Al-Kindi-0 <82364884+Al-Kindi-0@users.noreply.github.com> Date: Sat, 20 Apr 2024 18:27:12 +0200 Subject: [PATCH 2/2] fix: nostd issue --- src/dsa/rpo_falcon512/keys/mod.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/dsa/rpo_falcon512/keys/mod.rs b/src/dsa/rpo_falcon512/keys/mod.rs index bc0c7863..d29af1c8 100644 --- a/src/dsa/rpo_falcon512/keys/mod.rs +++ b/src/dsa/rpo_falcon512/keys/mod.rs @@ -23,10 +23,11 @@ mod tests { #[test] fn test_falcon_verification() { - let mut rng = ChaCha20Rng::from_entropy(); + let seed = [0_u8; 32]; + let mut rng = ChaCha20Rng::from_seed(seed); // generate random keys - let sk = SecretKey::new(); + let sk = SecretKey::with_rng(&mut rng); let pk = sk.public_key(); // test secret key serialization/deserialization