fixed byte encoding

nakov · Apr 2, 2017 · e14fa9b · e14fa9b
1 parent cd10f58
commit e14fa9b
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 11 deletions.
diff --git a/newhope.py b/newhope.py
@@ -3,30 +3,40 @@
 import os
 import hashlib
 
-def keygen():
+def keygen(verbose = False):
     seed = os.urandom(params.NEWHOPE_SEEDBYTES)
     hashing_algorithm = hashlib.shake_128()
     hashing_algorithm.update(seed)
     # 2200 bytes from SHAKE-128 function is enough data to get 1024 coefficients
     # smaller than 5q, from Alkim, Ducas, Pöppelmann, Schwabe section 7:
     shake_output = hashing_algorithm.digest(2200)
     a_coeffs = []
+    j = 0
     for i in range(0,params.N):
-        j = 0
         coefficient = 5 * params.Q
         # Reject coefficients that are greater than or equal to 5q:
         while coefficient >= 5 * params.Q:
             coefficient = int.from_bytes(
                 shake_output[j * 2:j * 2 + 2], byteorder = 'little')
-            j++
+            j += 1
             if j * 2 >= len(shake_output):
                 print('Error: Not enough data from SHAKE-128')
                 exit(1)
         a_coeffs.append(coefficient)
+    print_coeffs(a_coeffs, 'a', verbose)
     s_coeffs = poly.get_noise()
+    print_coeffs(s_coeffs, 's', verbose)
     s_coeffs = poly.poly_ntt(s_coeffs)
+    print_coeffs(s_coeffs, 's_ntt', verbose)
     e_coeffs = poly.get_noise()
-    e_coeffs = poly.poly_ntt(e.coeffs)
+    e_coeffs = poly.poly_ntt(e_coeffs)
     r_coeffs = poly.pointwise(s_coeffs, a_coeffs)
     p_coeffs = poly.add(e_coeffs, r_coeffs)
-    return bytes(p_coeffs) + seed
+    print_coeffs(p_coeffs, 'p', verbose)
+    return bytes(poly.to_bytes(p_coeffs)) + seed
+
+def print_coeffs(coefficients, name, verbose):
+    if verbose:
+        print(name + '_coeffs:')
+        for i in range(0,len(coefficients)):
+            print(str(i) + ': ' + str(coefficients[i]))
diff --git a/poly.py b/poly.py
@@ -6,16 +6,40 @@
 QINV = 12287 # -inverse_mod(p,2^18)
 RLOG = 18
 
+def to_bytes(coefficients):
+    output = []
+    for i in range(0,params.N // 4): # Floor division returns int in python3.6.
+        t = reducer(coefficients, i)
+        output.append(t[0] & 0xff)
+        output.append((t[0] >> 8 | t[1] << 6) & 0xff)
+        output.append(t[1] >> 2 & 0xff)
+        output.append((t[1] >> 10 | t[2] << 4) & 0xff)
+        output.append(t[2] >> 4 & 0xff)
+        output.append((t[2] >> 12 | t[3] << 2) & 0xff)
+        output.append(t[3] >> 6 & 0xff)
+    return output
+
+def reducer(coefficients, i):
+    output = []
+    for j in range(0,4):
+        output.append(barrett_reduce(coefficients[4 * i + j]))
+    for j in range(0,4):
+        output[j] = less_than_q(output[j])
+    return output
+
+def less_than_q(value):
+    m = value - params.Q
+    if m < 0:
+        return value
+    else:
+        return m
+
 def get_noise():
-    buf = []
     coeffs = []
-    for i in range(0,params.N * 4):
-        buf.append(os.urandom(1))
     for i in range(0,params.N):
-        t = buf[i]
+        t = int.from_bytes(os.urandom(4), byteorder='little')
         d = 0
         for j in range(0,8):
-            # j is a signed integer???
             d += (t >> j) & 0x01010101
         a = ((d >> 8) & 0xff) + (d & 0xff)
         b = (d >> 24) + ((d >> 16) & 0xff)
@@ -34,7 +58,8 @@ def ntt_helper(distance, coefficients, omega):
     for start in range(0,distance):
         jTwiddle = 0
         for j in range(start,params.N - 1,2 * distance):
-            W = omega[jTwiddle++]
+            W = omega[jTwiddle]
+            jTwiddle += 1
             temp = coefficients[j]
             coefficients[j] = temp + coefficients[j + distance]
             coefficients[j + distance] = montgomery_reduce(