def crypto_kem_dec(kyber_k:variant_k, kyber_eta:variant_eta, ct:bytes_t, sk:bytes_t(kyber_secretkeybytes)) \
-> contract(symbytes_t,
lambda kyber_k, kyber_eta, ct, sk: array.length(ct) == kyber_ciphertextbytes(kyber_k) and array.length(sk) == kyber_secretkeybytes(kyber_k),
lambda kyber_k, kyber_eta, ct, sk, res: True):
buf = array.create(2 * kyber_symbytes, uint8(0))
pk = sk[kyber_indcpa_secretkeybytes(kyber_k):(
kyber_indcpa_secretkeybytes(kyber_k) +
kyber_indcpa_publickeybytes(kyber_k))]
sk1 = sk[0:kyber_indcpa_secretkeybytes(kyber_k)]
buf[0:kyber_symbytes] = kyber_cpapke_decrypt(kyber_k, kyber_eta, ct, sk1)
buf[kyber_symbytes:(2 * kyber_symbytes)] = sk[(
kyber_indcpa_secretkeybytes(kyber_k) +
kyber_indcpa_publickeybytes(kyber_k)):(kyber_secretkeybytes(kyber_k) -
kyber_symbytes)]
kr = sha3_512(2 * kyber_symbytes, buf)
cmp1 = kyber_cpapke_encrypt(kyber_k, kyber_eta, buf[0:kyber_symbytes], pk,
kr[kyber_symbytes:(2 * kyber_symbytes)])
kr[kyber_symbytes:(2 * kyber_symbytes)] = sha3_256(
kyber_ciphertextbytes(kyber_k), ct)
if (cmp1 == ct):
kr[0:kyber_symbytes] = kr[0:kyber_symbytes]
else:
kr[0:kyber_symbytes] = sk[(
kyber_secretkeybytes(kyber_k) -
kyber_symbytes):kyber_secretkeybytes(kyber_k)]
ss = sha3_256(2 * kyber_symbytes, kr)
return ss
def sha3_test():
for i in range(len(sha3_test_vectors)):
msg = bytes.from_hex(sha3_test_vectors[i]['msg'])
expected224 = sha3_test_vectors[i]['expected224']
expected256 = sha3_test_vectors[i]['expected256']
expected384 = sha3_test_vectors[i]['expected384']
expected512 = sha3_test_vectors[i]['expected512']
d224 = bytes.to_hex(sha3_224(array.length(msg), msg))
d256 = bytes.to_hex(sha3_256(array.length(msg), msg))
d384 = bytes.to_hex(sha3_384(array.length(msg), msg))
d512 = bytes.to_hex(sha3_512(array.length(msg), msg))
if (expected224 == d224 and expected256 == d256 and expected384 == d384
and expected512 == d512):
print("SHA-3 (224/256/384/512) Test " + str(i) + " successful!")
else:
print("SHA3 Test failed!")
print("Computed: " + d224)
print("Expected: " + expected224)
print("Computed: " + d256)
print("Expected: " + expected256)
print("Computed: " + d384)
print("Expected: " + expected384)
print("Computed: " + d512)
print("Expected: " + expected512)
exit(1)
def crypto_kem_enc(kyber_k:variant_k, kyber_eta:variant_eta, pk:bytes_t, msgcoins:symbytes_t) \
-> contract((bytes_t, symbytes_t),
lambda kyber_k, kyber_eta, pk, msgcoins: array.length(pk) == kyber_publickeybytes(kyber_k),
lambda kyber_k, kyber_eta, pk, msgcoins, res: True): #array.length(fst(res)) == kyber_ciphertextbytes(kyber_k)
buf = array.create(2 * kyber_symbytes, uint8(0))
buf[0:kyber_symbytes] = sha3_256(kyber_symbytes, msgcoins)
buf[kyber_symbytes:(2 * kyber_symbytes)] = sha3_256(
kyber_publickeybytes(kyber_k), pk)
kr = sha3_512(2 * kyber_symbytes, buf)
ct = kyber_cpapke_encrypt(kyber_k, kyber_eta, buf[0:kyber_symbytes], pk,
kr[kyber_symbytes:(2 * kyber_symbytes)])
kr[kyber_symbytes:(2 * kyber_symbytes)] = sha3_256(
kyber_ciphertextbytes(kyber_k), ct)
ss = sha3_256(2 * kyber_symbytes, kr)
return (ct, ss)
def test_update():
k = sha3_256()
assert k.seed == ''
k.update('')
assert k.seed == ''
k.update("foo")
assert k.seed == "foo"
k.update(" bar")
assert k.seed == "foo bar"
def test_update():
k = sha3_256()
assert k.seed == ''
k.update('')
assert k.seed == ''
k.update("foo")
assert k.seed == "foo"
k.update(" bar")
assert k.seed == "foo bar"
def crypto_kem_keypair(kyber_k:variant_k, kyber_eta:variant_eta, keypaircoins:symbytes_t, coins:symbytes_t) \
-> contract((bytes_t, bytes_t),
lambda kyber_k, kyber_eta, keypaircoins, coins: True,
lambda kyber_k, kyber_eta, keypaircoins, coins, res: True): #array.length(fst(res)) == kyber_publickeybytes(kyber_k) and array.length(snd(res)) == kyber_secretkeybytes(kyber_k)
sk = array.create(kyber_secretkeybytes(kyber_k), uint8(0))
pk, sk1 = kyber_cpapke_keypair(kyber_k, kyber_eta, keypaircoins)
sk[0:kyber_indcpa_secretkeybytes(kyber_k)] = sk1
sk[kyber_indcpa_secretkeybytes(kyber_k):(
kyber_indcpa_secretkeybytes(kyber_k) +
kyber_indcpa_publickeybytes(kyber_k))] = pk
sk[(kyber_indcpa_secretkeybytes(kyber_k) +
kyber_indcpa_publickeybytes(kyber_k)):(
kyber_secretkeybytes(kyber_k) - kyber_symbytes)] = sha3_256(
kyber_publickeybytes(kyber_k), pk)
sk[(kyber_secretkeybytes(kyber_k) -
kyber_symbytes):kyber_secretkeybytes(kyber_k)] = coins
return (pk, sk)
def get_address(public_key: PublicKey) -> str:
"""Derive an Ethereum-style address from the given public key."""
return '0x' + sha3_256(public_key.format(False)[1:]).hexdigest()[-40:]
def s256(seed):
return sha3_256(seed).hexdigest()
def s256(seed):
return sha3_256(seed).hexdigest()
