https://github.com/mupq/pqm4
Revision 7514870c4d84ec29840454cd29a8e6c2117ce40b authored by leonbotros on 30 September 2019, 11:58:39 UTC, committed by Matthias J. Kannwischer on 30 September 2019, 11:58:39 UTC
* fix inlined comparison * update documentation of indcpa_enc_cmp The `cmov` that is used in `crypto_kem_dec` to either derive the shared secret from the pre-key or the random `z` expects the `fail` input to be either 0 (if re-encryped ciphertext was the same as input ciphertext) or 1 (otherwise). We've inlined the comparison that used to be done by `verify` into `indcpa_enc` (renamed to `indcpa_enc_cmp`) to reduce the stack footprint. We made a small mistake in there so that it returned 0 in case of no failure and some other byte otherwise. This means that in case of a mismatch, cmov would write a mix of the pre-key and `z`. As this is hashed together with the ciphertext later this will still result in some shared secret different from the correct one, but this is not what you want.
1 parent b4fea3f
Tip revision: 7514870c4d84ec29840454cd29a8e6c2117ce40b authored by leonbotros on 30 September 2019, 11:58:39 UTC
Fix kyber (#115)
Fix kyber (#115)
Tip revision: 7514870
File | Mode | Size |
---|---|---|
common | ||
crypto_kem | ||
crypto_sign | ||
hostside | ||
ldscripts | ||
libopencm3 @ 8b1ac58 | ||
mupq @ 7f6ec39 | ||
.gitignore | -rw-r--r-- | 77 bytes |
.gitmodules | -rw-r--r-- | 168 bytes |
Makefile | -rw-r--r-- | 5.2 KB |
README.md | -rw-r--r-- | 19.6 KB |
benchmarks.csv | -rw-r--r-- | 37.4 KB |
benchmarks.md | -rw-r--r-- | 58.9 KB |
benchmarks.py | -rwxr-xr-x | 696 bytes |
build_everything.py | -rwxr-xr-x | 232 bytes |
convert_benchmarks.py | -rwxr-xr-x | 417 bytes |
interface.py | -rw-r--r-- | 2.8 KB |
requirements.txt | -rw-r--r-- | 14 bytes |
test.py | -rwxr-xr-x | 228 bytes |
testvectors.py | -rwxr-xr-x | 228 bytes |
Computing file changes ...