/src/botan/src/lib/pubkey/dilithium/dilithium_common/dilithium_constants.cpp

Source (jump to first uncovered line)
/*
 * Crystals Dilithium Constants
 *
 * (C) 2022-2023 Jack Lloyd
 * (C) 2022      Manuel Glaser - Rohde & Schwarz Cybersecurity
 * (C) 2022-2023 Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity
 * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */

#include <botan/internal/dilithium_constants.h>

#include <botan/internal/dilithium_keys.h>
#include <botan/internal/dilithium_symmetric_primitives.h>

namespace Botan {

namespace {
uint32_t public_key_hash_size(DilithiumMode mode) {
   switch(mode.mode()) {
      case DilithiumMode::ML_DSA_4x4:
      case DilithiumMode::ML_DSA_6x5:
      case DilithiumMode::ML_DSA_8x7:
         return 64;
      case DilithiumMode::Dilithium4x4:
      case DilithiumMode::Dilithium4x4_AES:
      case DilithiumMode::Dilithium6x5:
      case DilithiumMode::Dilithium6x5_AES:
      case DilithiumMode::Dilithium8x7:
      case DilithiumMode::Dilithium8x7_AES:
         return 32;
   }
   BOTAN_ASSERT_UNREACHABLE();
}

uint32_t commitment_hash_full_size(DilithiumMode mode) {
   switch(mode.mode()) {
      case DilithiumMode::Dilithium4x4:
      case DilithiumMode::Dilithium4x4_AES:
      case DilithiumMode::Dilithium6x5:
      case DilithiumMode::Dilithium6x5_AES:
      case DilithiumMode::Dilithium8x7:
      case DilithiumMode::Dilithium8x7_AES:
      case DilithiumMode::ML_DSA_4x4:
         return 32;
      case DilithiumMode::ML_DSA_6x5:
         return 48;
      case DilithiumMode::ML_DSA_8x7:
         return 64;
   }
   BOTAN_ASSERT_UNREACHABLE();
}

}  // namespace

DilithiumConstants::~DilithiumConstants() = default;

DilithiumConstants::DilithiumConstants(DilithiumMode mode) :
      m_mode(mode),
      m_public_key_hash_bytes(public_key_hash_size(m_mode)),
      m_commitment_hash_full_bytes(commitment_hash_full_size(m_mode)) {
   switch(m_mode.mode()) {
      case Botan::DilithiumMode::Dilithium4x4:
      case Botan::DilithiumMode::Dilithium4x4_AES:
      case Botan::DilithiumMode::ML_DSA_4x4:
         m_tau = DilithiumTau::_39;
         m_lambda = DilithiumLambda::_128;
         m_gamma1 = DilithiumGamma1::ToThe17th;
         m_gamma2 = DilithiumGamma2::Qminus1DevidedBy88;
         m_k = 4;
         m_l = 4;
         m_eta = DilithiumEta::_2;
         m_beta = DilithiumBeta::_78;
         m_omega = DilithiumOmega::_80;
         break;
      case Botan::DilithiumMode::Dilithium6x5:
      case Botan::DilithiumMode::Dilithium6x5_AES:
      case Botan::DilithiumMode::ML_DSA_6x5:
         m_tau = DilithiumTau::_49;
         m_lambda = DilithiumLambda::_192;
         m_gamma1 = DilithiumGamma1::ToThe19th;
         m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
         m_k = 6;
         m_l = 5;
         m_eta = DilithiumEta::_4;
         m_beta = DilithiumBeta::_196;
         m_omega = DilithiumOmega::_55;
         break;
      case Botan::DilithiumMode::Dilithium8x7:
      case Botan::DilithiumMode::Dilithium8x7_AES:
      case Botan::DilithiumMode::ML_DSA_8x7:
         m_tau = DilithiumTau::_60;
         m_lambda = DilithiumLambda::_256;
         m_gamma1 = DilithiumGamma1::ToThe19th;
         m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
         m_k = 8;
         m_l = 7;
         m_eta = DilithiumEta::_2;
         m_beta = DilithiumBeta::_120;
         m_omega = DilithiumOmega::_75;
         break;
      default:
         BOTAN_ASSERT_UNREACHABLE();
   }

   const auto s1_bytes = 32 * m_l * bitlen(2 * m_eta);
   const auto s2_bytes = 32 * m_k * bitlen(2 * m_eta);
   const auto t0_bytes = 32 * m_k * D;
   const auto t1_bytes = 32 * m_k * (bitlen(static_cast<uint32_t>(Q) - 1) - D);
   const auto z_bytes = 32 * m_l * (1 + bitlen(m_gamma1 - 1));
   const auto hint_bytes = m_omega + m_k;

   m_private_key_bytes =
      SEED_RHO_BYTES + SEED_SIGNING_KEY_BYTES + m_public_key_hash_bytes + s1_bytes + s2_bytes + t0_bytes;
   m_public_key_bytes = SEED_RHO_BYTES + t1_bytes;
   m_signature_bytes = m_commitment_hash_full_bytes + z_bytes + hint_bytes;
   m_serialized_commitment_bytes = 32 * m_k * bitlen(((Q - 1) / (2 * m_gamma2)) - 1);

   m_symmetric_primitives = Dilithium_Symmetric_Primitives_Base::create(*this);
   m_keypair_codec = Dilithium_Keypair_Codec::create(mode);
}

}  // namespace Botan

Coverage Report

Created: 2025-04-11 06:34

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Crystals Dilithium Constants
3		*
4		* (C) 2022-2023 Jack Lloyd
5		* (C) 2022 Manuel Glaser - Rohde & Schwarz Cybersecurity
6		* (C) 2022-2023 Michael Boric, René Meusel - Rohde & Schwarz Cybersecurity
7		* (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity
8		*
9		* Botan is released under the Simplified BSD License (see license.txt)
10		*/
11
12		#include <botan/internal/dilithium_constants.h>
13
14		#include <botan/internal/dilithium_keys.h>
15		#include <botan/internal/dilithium_symmetric_primitives.h>
16
17		namespace Botan {
18
19		namespace {
20	17	uint32_t public_key_hash_size(DilithiumMode mode) {
21	17	switch(mode.mode()) {
22	7	case DilithiumMode::ML_DSA_4x4:
23	12	case DilithiumMode::ML_DSA_6x5:
24	17	case DilithiumMode::ML_DSA_8x7:
25	17	return 64;
26	0	case DilithiumMode::Dilithium4x4:
27	0	case DilithiumMode::Dilithium4x4_AES:
28	0	case DilithiumMode::Dilithium6x5:
29	0	case DilithiumMode::Dilithium6x5_AES:
30	0	case DilithiumMode::Dilithium8x7:
31	0	case DilithiumMode::Dilithium8x7_AES:
32	0	return 32;
33	17	}
34	0	BOTAN_ASSERT_UNREACHABLE();
35	0	}
36
37	17	uint32_t commitment_hash_full_size(DilithiumMode mode) {
38	17	switch(mode.mode()) {
39	0	case DilithiumMode::Dilithium4x4:
40	0	case DilithiumMode::Dilithium4x4_AES:
41	0	case DilithiumMode::Dilithium6x5:
42	0	case DilithiumMode::Dilithium6x5_AES:
43	0	case DilithiumMode::Dilithium8x7:
44	0	case DilithiumMode::Dilithium8x7_AES:
45	7	case DilithiumMode::ML_DSA_4x4:
46	7	return 32;
47	5	case DilithiumMode::ML_DSA_6x5:
48	5	return 48;
49	5	case DilithiumMode::ML_DSA_8x7:
50	5	return 64;
51	17	}
52	0	BOTAN_ASSERT_UNREACHABLE();
53	0	}
54
55		} // namespace
56
57	17	DilithiumConstants::~DilithiumConstants() = default;
58
59		DilithiumConstants::DilithiumConstants(DilithiumMode mode) :
60	17	m_mode(mode),
61	17	m_public_key_hash_bytes(public_key_hash_size(m_mode)),
62	17	m_commitment_hash_full_bytes(commitment_hash_full_size(m_mode)) {
63	17	switch(m_mode.mode()) {
64	0	case Botan::DilithiumMode::Dilithium4x4:
65	0	case Botan::DilithiumMode::Dilithium4x4_AES:
66	7	case Botan::DilithiumMode::ML_DSA_4x4:
67	7	m_tau = DilithiumTau::_39;
68	7	m_lambda = DilithiumLambda::_128;
69	7	m_gamma1 = DilithiumGamma1::ToThe17th;
70	7	m_gamma2 = DilithiumGamma2::Qminus1DevidedBy88;
71	7	m_k = 4;
72	7	m_l = 4;
73	7	m_eta = DilithiumEta::_2;
74	7	m_beta = DilithiumBeta::_78;
75	7	m_omega = DilithiumOmega::_80;
76	7	break;
77	0	case Botan::DilithiumMode::Dilithium6x5:
78	0	case Botan::DilithiumMode::Dilithium6x5_AES:
79	5	case Botan::DilithiumMode::ML_DSA_6x5:
80	5	m_tau = DilithiumTau::_49;
81	5	m_lambda = DilithiumLambda::_192;
82	5	m_gamma1 = DilithiumGamma1::ToThe19th;
83	5	m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
84	5	m_k = 6;
85	5	m_l = 5;
86	5	m_eta = DilithiumEta::_4;
87	5	m_beta = DilithiumBeta::_196;
88	5	m_omega = DilithiumOmega::_55;
89	5	break;
90	0	case Botan::DilithiumMode::Dilithium8x7:
91	0	case Botan::DilithiumMode::Dilithium8x7_AES:
92	5	case Botan::DilithiumMode::ML_DSA_8x7:
93	5	m_tau = DilithiumTau::_60;
94	5	m_lambda = DilithiumLambda::_256;
95	5	m_gamma1 = DilithiumGamma1::ToThe19th;
96	5	m_gamma2 = DilithiumGamma2::Qminus1DevidedBy32;
97	5	m_k = 8;
98	5	m_l = 7;
99	5	m_eta = DilithiumEta::_2;
100	5	m_beta = DilithiumBeta::_120;
101	5	m_omega = DilithiumOmega::_75;
102	5	break;
103	0	default:
104	0	BOTAN_ASSERT_UNREACHABLE();
105	17	}
106
107	17	const auto s1_bytes = 32 * m_l * bitlen(2 * m_eta);
108	17	const auto s2_bytes = 32 * m_k * bitlen(2 * m_eta);
109	17	const auto t0_bytes = 32 * m_k * D;
110	17	const auto t1_bytes = 32 * m_k * (bitlen(static_cast<uint32_t>(Q) - 1) - D);
111	17	const auto z_bytes = 32 * m_l * (1 + bitlen(m_gamma1 - 1));
112	17	const auto hint_bytes = m_omega + m_k;
113
114	17	m_private_key_bytes =
115	17	SEED_RHO_BYTES + SEED_SIGNING_KEY_BYTES + m_public_key_hash_bytes + s1_bytes + s2_bytes + t0_bytes;
116	17	m_public_key_bytes = SEED_RHO_BYTES + t1_bytes;
117	17	m_signature_bytes = m_commitment_hash_full_bytes + z_bytes + hint_bytes;
118	17	m_serialized_commitment_bytes = 32 * m_k * bitlen(((Q - 1) / (2 * m_gamma2)) - 1);
119
120	17	m_symmetric_primitives = Dilithium_Symmetric_Primitives_Base::create(*this);
121	17	m_keypair_codec = Dilithium_Keypair_Codec::create(mode);
122	17	}
123
124		} // namespace Botan