def sha3_test():
for i in range(len(sha3_test_vectors)):
msg = bytes.from_hex(sha3_test_vectors[i]['msg'])
expected224 = sha3_test_vectors[i]['expected224']
expected256 = sha3_test_vectors[i]['expected256']
expected384 = sha3_test_vectors[i]['expected384']
expected512 = sha3_test_vectors[i]['expected512']
d224 = bytes.to_hex(sha3_224(array.length(msg), msg))
d256 = bytes.to_hex(sha3_256(array.length(msg), msg))
d384 = bytes.to_hex(sha3_384(array.length(msg), msg))
d512 = bytes.to_hex(sha3_512(array.length(msg), msg))
if (expected224 == d224 and expected256 == d256 and expected384 == d384
and expected512 == d512):
print("SHA-3 (224/256/384/512) Test " + str(i) + " successful!")
else:
print("SHA3 Test failed!")
print("Computed: " + d224)
print("Expected: " + expected224)
print("Computed: " + d256)
print("Expected: " + expected256)
print("Computed: " + d384)
print("Expected: " + expected384)
print("Computed: " + d512)
print("Expected: " + expected512)
exit(1)
def crypto_kem_dec(kyber_k:variant_k, kyber_eta:variant_eta, ct:bytes_t, sk:bytes_t(kyber_secretkeybytes)) \
-> contract(symbytes_t,
lambda kyber_k, kyber_eta, ct, sk: array.length(ct) == kyber_ciphertextbytes(kyber_k) and array.length(sk) == kyber_secretkeybytes(kyber_k),
lambda kyber_k, kyber_eta, ct, sk, res: True):
buf = array.create(2 * kyber_symbytes, uint8(0))
pk = sk[kyber_indcpa_secretkeybytes(kyber_k):(
kyber_indcpa_secretkeybytes(kyber_k) +
kyber_indcpa_publickeybytes(kyber_k))]
sk1 = sk[0:kyber_indcpa_secretkeybytes(kyber_k)]
buf[0:kyber_symbytes] = kyber_cpapke_decrypt(kyber_k, kyber_eta, ct, sk1)
buf[kyber_symbytes:(2 * kyber_symbytes)] = sk[(
kyber_indcpa_secretkeybytes(kyber_k) +
kyber_indcpa_publickeybytes(kyber_k)):(kyber_secretkeybytes(kyber_k) -
kyber_symbytes)]
kr = sha3_512(2 * kyber_symbytes, buf)
cmp1 = kyber_cpapke_encrypt(kyber_k, kyber_eta, buf[0:kyber_symbytes], pk,
kr[kyber_symbytes:(2 * kyber_symbytes)])
kr[kyber_symbytes:(2 * kyber_symbytes)] = sha3_256(
kyber_ciphertextbytes(kyber_k), ct)
if (cmp1 == ct):
kr[0:kyber_symbytes] = kr[0:kyber_symbytes]
else:
kr[0:kyber_symbytes] = sk[(
kyber_secretkeybytes(kyber_k) -
kyber_symbytes):kyber_secretkeybytes(kyber_k)]
ss = sha3_256(2 * kyber_symbytes, kr)
return ss
def kyber_cpapke_keypair(kyber_k:variant_k, kyber_eta:variant_eta, coins:symbytes_t) \
-> contract((bytes_t, bytes_t),
lambda kyber_k, kyber_eta, coins: True,
lambda kyber_k, kyber_eta, coins, res: True): # array.length(fst(res)) == kyber_indcpa_publickeybytes(kyber_k) and array.length(snd(res)) == kyber_indcpa_secretkeybytes(kyber_k)
rhosigma = sha3_512(kyber_symbytes, coins)
rho = rhosigma[0:kyber_symbytes]
sigma = rhosigma[kyber_symbytes:(2 * kyber_symbytes)]
n = uint8(0)
s = array.create(kyber_k, array.create(kyber_n, zqelem_t(0)))
e = array.create(kyber_k, array.create(kyber_n, zqelem_t(0)))
that = array.create(kyber_k, array.create(kyber_n, zqelem_t(0)))
A = array.create(kyber_k,
array.create(kyber_k, array.create(kyber_n, zqelem_t(0))))
for i in range(kyber_k):
A[i] = array.create(kyber_k, array.create(kyber_n, zqelem_t(0)))
for j in range(kyber_k):
A[i][j] = array.create(kyber_n, zqelem_t(0))
for i in range(kyber_k):
for j in range(kyber_k):
A[i][j] = genAij(rho, uint8(j), uint8(i))
for i in range(kyber_k):
s[i] = poly_getnoise(kyber_eta, sigma, n)
n += uint8(1)
for i in range(kyber_k):
e[i] = poly_getnoise(kyber_eta, sigma, n)
n += uint8(1)
shat = bit_reversed_polyvec(kyber_k, zqpolyvec_ntt(kyber_k, s))
# that = A * shat
for i in range(kyber_k):
for j in range(kyber_k):
that[i] = zqpoly_add(that[i],
zqpoly_pointwise_mul(A[i][j], shat[j]))
t = zqpolyvec_invntt(kyber_k, bit_reversed_polyvec(kyber_k, that))
t = zqpolyvec_add(kyber_k, t, e)
sk = pack_sk(kyber_k, shat)
pk = pack_pk(kyber_k, t, rho)
return (pk, sk)
def crypto_kem_enc(kyber_k:variant_k, kyber_eta:variant_eta, pk:bytes_t, msgcoins:symbytes_t) \
-> contract((bytes_t, symbytes_t),
lambda kyber_k, kyber_eta, pk, msgcoins: array.length(pk) == kyber_publickeybytes(kyber_k),
lambda kyber_k, kyber_eta, pk, msgcoins, res: True): #array.length(fst(res)) == kyber_ciphertextbytes(kyber_k)
buf = array.create(2 * kyber_symbytes, uint8(0))
buf[0:kyber_symbytes] = sha3_256(kyber_symbytes, msgcoins)
buf[kyber_symbytes:(2 * kyber_symbytes)] = sha3_256(
kyber_publickeybytes(kyber_k), pk)
kr = sha3_512(2 * kyber_symbytes, buf)
ct = kyber_cpapke_encrypt(kyber_k, kyber_eta, buf[0:kyber_symbytes], pk,
kr[kyber_symbytes:(2 * kyber_symbytes)])
kr[kyber_symbytes:(2 * kyber_symbytes)] = sha3_256(
kyber_ciphertextbytes(kyber_k), ct)
ss = sha3_256(2 * kyber_symbytes, kr)
return (ct, ss)
def s512(seed):
return sha3_512(seed).hexdigest()
def s512(seed):
return sha3_512(seed).hexdigest()