1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
package frodo640shake
import (
"github.com/cloudflare/circl/internal/sha3"
)
func expandSeedIntoA(A *nByNU16, seed *[seedASize]byte, xof *sha3.State) {
var ARow [paramN * 2]byte
var seedSeparated [2 + seedASize]byte
copy(seedSeparated[2:], seed[:])
for i := 0; i < paramN; i++ {
seedSeparated[0] = byte(i)
seedSeparated[1] = byte(i >> 8)
xof.Reset()
_, _ = xof.Write(seedSeparated[:])
_, _ = xof.Read(ARow[:])
for j := 0; j < paramN; j++ {
// No need to reduce modulo 2^15, extra bits are removed
// later on via packing or explicit reduction.
A[(i*paramN)+j] = uint16(ARow[j*2]) | (uint16(ARow[(j*2)+1]) << 8)
}
}
}
func mulAddASPlusE(out *nByNbarU16, A *nByNU16, s *nByNbarU16, e *nByNbarU16) {
for i := 0; i < paramN; i++ {
for k := 0; k < paramNbar; k++ {
sum := e[i*paramNbar+k]
for j := 0; j < paramN; j++ {
sum += A[i*paramN+j] * s[k*paramN+j]
}
// No need to reduce modulo 2^15, extra bits are removed
// later on via packing or explicit reduction.
out[i*paramNbar+k] += sum
}
}
}
func mulAddSAPlusE(out *nbarByNU16, s []uint16, A *nByNU16, e []uint16) {
for i := 0; i < paramN; i++ {
for k := 0; k < paramNbar; k++ {
sum := e[k*paramN+i]
for j := 0; j < paramN; j++ {
sum += A[j*paramN+i] * s[k*paramN+j]
}
// No need to reduce modulo 2^15, extra bits are removed
// later on via packing or explicit reduction.
out[k*paramN+i] += sum
}
}
}
|
