/********************************************************************************* * Description: Checks Bounds for Signature Vector Z During Signification. * Leaks the Position of the Coefficient that Fails the Test. * The Position of the Coefficient is Independent of the Secret Data. * Does not Leak the Signature of the Coefficients. * For Heuristic qTESLA Security Category-1 and Security Category-3 * (Option for Size or Speed) * * @param Z Signature Vector * @param n Polynomial Degree * @param b Interval the Randomness is Chosen in During Signification * @param u Bound in Checking Secret Polynomial * * @return false Valid / Accepted * true Invalid / Rejected ********************************************************************************/ private static boolean testRejection(int[] Z, int n, int b, int u) { for (int i = 0; i < n; i++) { if (absolute(Z[i]) > (b - u)) { return true; } } return false; }
/**************************************************************************************************************************************************************** * Description: Generates A Pair of Public Key and Private Key for qTESLA Signature Scheme for Provably-Secure qTESLA Security Category-3 * * @param publicKey Contains Public Key * @param privateKey Contains Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution ****************************************************************************************************************************************************************/ public static int generateKeyPairIIIP(byte[] publicKey, byte[] privateKey, SecureRandom secureRandom) { return generateKeyPair( publicKey, privateKey, secureRandom, Parameter.N_III_P, Parameter.K_III_P, Parameter.H_III_P, Parameter.Q_III_P, Parameter.Q_INVERSE_III_P, Parameter.Q_LOGARITHM_III_P, Parameter.GENERATOR_A_III_P, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_III_P, Parameter.XI_III_P, PolynomialProvablySecure.ZETA_III_P, Parameter.KEY_GENERATOR_BOUND_E_III_P, Parameter.KEY_GENERATOR_BOUND_S_III_P ); }
/***************************************************************************************************************************************************** * Description: Generates A Signature for A Given Message According to the Ring-TESLA Signature Scheme for Provably-Secure qTESLA Security Category-1 * * @param message Message to be Signed * @param messageOffset Starting Point of the Message to be Signed * @param messageLength Length of the Message to be Signed * @param signature Output Package Containing Signature * @param privateKey Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution *****************************************************************************************************************************************************/ public static int signingIP( byte[] signature, final byte[] message, int messageOffset, int messageLength, final byte[] privateKey, SecureRandom secureRandom ) { return signing( signature, message, messageOffset, messageLength, privateKey, secureRandom, Parameter.N_I_P, Parameter.K_I_P, Parameter.H_I_P, Parameter.Q_I_P, Parameter.Q_INVERSE_I_P, Parameter.Q_LOGARITHM_I_P, Parameter.B_I_P, Parameter.B_BIT_I_P, Parameter.D_I_P, Parameter.U_I_P, Parameter.REJECTION_I_P, Parameter.GENERATOR_A_I_P, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_I_P, Polynomial.PRIVATE_KEY_I_P, Parameter.BARRETT_MULTIPLICATION_I_P, Parameter.BARRETT_DIVISION_I_P ); }
QTESLA.generateKeyPairI(publicKey, privateKey, secureRandom); break; case QTESLASecurityCategory.HEURISTIC_III_SIZE: QTESLA.generateKeyPairIIISize(publicKey, privateKey, secureRandom); break; case QTESLASecurityCategory.HEURISTIC_III_SPEED: QTESLA.generateKeyPairIIISpeed(publicKey, privateKey, secureRandom); break; case QTESLASecurityCategory.PROVABLY_SECURE_I: QTESLA.generateKeyPairIP(publicKey, privateKey, secureRandom); break; case QTESLASecurityCategory.PROVABLY_SECURE_III: QTESLA.generateKeyPairIIIP(publicKey, privateKey, secureRandom); break; default:
test1 = (~(absolute(right) - (q / 2 - rejection))) >>> 31; left = right; right = (right + (1 << (d - 1)) - 1) >> d; right = left - (right << d); test2 = (~(absolute(right) - ((1 << (d - 1)) - rejection))) >>> 31; test1 = (~(absolute(right) - (q / 2 - rejection))) >>> 63; test2 = (~(absolute(right) - ((1 << (d - 1)) - rejection))) >>> 63; while (checkPolynomial(errorPolynomial, errorBound, n, h) == true); while (checkPolynomial(secretPolynomial, secretBound, n, h) == true); while (checkPolynomial(errorPolynomial, n * i, errorBound, n, h) == true); while (checkPolynomial(secretPolynomial, 0, secretBound, n, h) == true); hashFunction(C, 0, V, randomnessInput, Polynomial.RANDOM + Polynomial.SEED, n, d, q); if (testRejection(Z, n, b, u) == true) if (testV(V, n, d, q, rejection) == true) hashFunction(C, 0, V, randomnessInput, Polynomial.RANDOM + Polynomial.SEED, n, k, d, q); if (testRejection(Z, n, b, u) == true) response = testV(V, n * i, n, d, q, rejection);
/**************************************************************************************************************************************************************** * Description: Generates A Pair of Public Key and Private Key for qTESLA Signature Scheme for Heuristic qTESLA Security Category-3 (Option for Size) * * @param publicKey Contains Public Key * @param privateKey Contains Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution ****************************************************************************************************************************************************************/ public static int generateKeyPairIIISize(byte[] publicKey, byte[] privateKey, SecureRandom secureRandom) { return generateKeyPair( publicKey, privateKey, secureRandom, Parameter.N_III_SIZE, Parameter.H_III_SIZE, Parameter.Q_III_SIZE, Parameter.Q_INVERSE_III_SIZE, Parameter.Q_LOGARITHM_III_SIZE, Parameter.GENERATOR_A_III_SIZE, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_III_SIZE, Parameter.XI_III_SIZE, PolynomialHeuristic.ZETA_III_SIZE, Parameter.KEY_GENERATOR_BOUND_E_III_SIZE, Parameter.KEY_GENERATOR_BOUND_S_III_SIZE ); }
/********************************************************************************************************************************************** * Description: Generates A Signature for A Given Message According to the Ring-TESLA Signature Scheme for Provably-Secure * qTESLA Security Category-3 * * @param message Message to be Signed * @param messageOffset Starting Point of the Message to be Signed * @param messageLength Length of the Message to be Signed * @param signature Output Package Containing Signature * @param privateKey Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution **********************************************************************************************************************************************/ public static int signingIIIP( byte[] signature, final byte[] message, int messageOffset, int messageLength, final byte[] privateKey, SecureRandom secureRandom ) { return signing( signature, message, messageOffset, messageLength, privateKey, secureRandom, Parameter.N_III_P, Parameter.K_III_P, Parameter.H_III_P, Parameter.Q_III_P, Parameter.Q_INVERSE_III_P, Parameter.Q_LOGARITHM_III_P, Parameter.B_III_P, Parameter.B_BIT_III_P, Parameter.D_III_P, Parameter.U_III_P, Parameter.REJECTION_III_P, Parameter.GENERATOR_A_III_P, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_III_P, Polynomial.PRIVATE_KEY_III_P, Parameter.BARRETT_MULTIPLICATION_III_P, Parameter.BARRETT_DIVISION_III_P ); }
/************************************************************************************* * Description: Checks Bounds for Signature Vector Z During Signification. * Leaks the Position of the Coefficient that Fails the Test. * The Position of the Coefficient is Independent of the Secret Data. * Does not Leak the Signature of the Coefficients. * For Provably-Secure qTESLA Security Category-1 and Security Category-3 * * @param Z Signature Vector * @param n Polynomial Degree * @param b Interval the Randomness is Chosen in During Signification * @param u Bound in Checking Secret Polynomial * * @return false Valid / Accepted * true Invalid / Rejected *************************************************************************************/ private static boolean testRejection(long[] Z, int n, int b, int u) { for (int i = 0; i < n; i++) { if (absolute(Z[i]) > (b - u)) { return true; } } return false; }
/**************************************************************************************************************************************************************** * Description: Generates A Pair of Public Key and Private Key for qTESLA Signature Scheme for * Heuristic qTESLA Security Category-1 * * @param publicKey Contains Public Key * @param privateKey Contains Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution * ****************************************************************************************************************************************************************/ public static int generateKeyPairI(byte[] publicKey, byte[] privateKey, SecureRandom secureRandom) { return generateKeyPair( publicKey, privateKey, secureRandom, Parameter.N_I, Parameter.H_I, Parameter.Q_I, Parameter.Q_INVERSE_I, Parameter.Q_LOGARITHM_I, Parameter.GENERATOR_A_I, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_I, Parameter.XI_I, PolynomialHeuristic.ZETA_I, Parameter.KEY_GENERATOR_BOUND_E_I, Parameter.KEY_GENERATOR_BOUND_S_I ); }
/***************************************************************************************************************************************************** * Description: Generates A Signature for A Given Message According to the Ring-TESLA Signature Scheme for Heuristic qTESLA Security Category-1 * * @param message Message to be Signed * @param messageOffset Starting Point of the Message to be Signed * @param messageLength Length of the Message to be Signed * @param signature Output Package Containing Signature * @param privateKey Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution *****************************************************************************************************************************************************/ static int signingI( byte[] signature, final byte[] message, int messageOffset, int messageLength, final byte[] privateKey, SecureRandom secureRandom ) { return signing( signature, message, messageOffset, messageLength, privateKey, secureRandom, Parameter.N_I, Parameter.H_I, Parameter.Q_I, Parameter.Q_INVERSE_I, Parameter.Q_LOGARITHM_I, Parameter.B_I, Parameter.B_BIT_I, Parameter.D_I, Parameter.U_I, Parameter.REJECTION_I, Parameter.GENERATOR_A_I, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_I, Parameter.BARRETT_MULTIPLICATION_I, Parameter.BARRETT_DIVISION_I, PolynomialHeuristic.ZETA_I ); }
list[i] = absolute(polynomial[i]);
/**************************************************************************************************************************************************************** * Description: Generates A Pair of Public Key and Private Key for qTESLA Signature Scheme for Heuristic qTESLA Security Category-3 * (Option for Speed) * * @param publicKey Contains Public Key * @param privateKey Contains Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution * ****************************************************************************************************************************************************************/ public static int generateKeyPairIIISpeed(byte[] publicKey, byte[] privateKey, SecureRandom secureRandom) { return generateKeyPair( publicKey, privateKey, secureRandom, Parameter.N_III_SPEED, Parameter.H_III_SPEED, Parameter.Q_III_SPEED, Parameter.Q_INVERSE_III_SPEED, Parameter.Q_LOGARITHM_III_SPEED, Parameter.GENERATOR_A_III_SPEED, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_III_SPEED, Parameter.XI_III_SPEED, PolynomialHeuristic.ZETA_III_SPEED, Parameter.KEY_GENERATOR_BOUND_E_III_SPEED, Parameter.KEY_GENERATOR_BOUND_S_III_SPEED ); }
/**************************************************************************************************************************************************** * Description: Generates A Signature for A Given Message According to the Ring-TESLA Signature Scheme for Heuristic qTESLA Security Category-3 * (Option for Speed) * * @param message Message to be Signed * @param messageOffset Starting Point of the Message to be Signed * @param messageLength Length of the Message to be Signed * @param signature Output Package Containing Signature * @param privateKey Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution ****************************************************************************************************************************************************/ static int signingIIISpeed( byte[] signature, final byte[] message, int messageOffset, int messageLength, final byte[] privateKey, SecureRandom secureRandom ) { return signing( signature, message, messageOffset, messageLength, privateKey, secureRandom, Parameter.N_III_SPEED, Parameter.H_III_SPEED, Parameter.Q_III_SPEED, Parameter.Q_INVERSE_III_SPEED, Parameter.Q_LOGARITHM_III_SPEED, Parameter.B_III_SPEED, Parameter.B_BIT_III_SPEED, Parameter.D_III_SPEED, Parameter.U_III_SPEED, Parameter.REJECTION_III_SPEED, Parameter.GENERATOR_A_III_SPEED, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_III_SPEED, Parameter.BARRETT_MULTIPLICATION_III_SPEED, Parameter.BARRETT_DIVISION_III_SPEED, PolynomialHeuristic.ZETA_III_SPEED ); }
list[i] = (short)(absolute(polynomial[offset + i]));
/**************************************************************************************************************************************************************** * Description: Generates A Pair of Public Key and Private Key for qTESLA Signature Scheme for Provably-Secure qTESLA Security Category-1 * * @param publicKey Contains Public Key * @param privateKey Contains Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution ****************************************************************************************************************************************************************/ public static int generateKeyPairIP(byte[] publicKey, byte[] privateKey, SecureRandom secureRandom) { return generateKeyPair( publicKey, privateKey, secureRandom, Parameter.N_I_P, Parameter.K_I_P, Parameter.H_I_P, Parameter.Q_I_P, Parameter.Q_INVERSE_I_P, Parameter.Q_LOGARITHM_I_P, Parameter.GENERATOR_A_I_P, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_I_P, Parameter.XI_I_P, PolynomialProvablySecure.ZETA_I_P, Parameter.KEY_GENERATOR_BOUND_E_I_P, Parameter.KEY_GENERATOR_BOUND_S_I_P ); }
/***************************************************************************************************************************************************** * Description: Generates A Signature for A Given Message According to the Ring-TESLA Signature Scheme for Heuristic qTESLA Security Category-3 * (Option for Size) * * @param message Message to be Signed * @param messageOffset Starting Point of the Message to be Signed * @param messageLength Length of the Message to be Signed * @param signature Output Package Containing Signature * @param privateKey Private Key * @param secureRandom Source of Randomness * * @return 0 Successful Execution *****************************************************************************************************************************************************/ static int signingIIISize( byte[] signature, final byte[] message, int messageOffset, int messageLength, final byte[] privateKey, SecureRandom secureRandom ) { return signing( signature, message, messageOffset, messageLength, privateKey, secureRandom, Parameter.N_III_SIZE, Parameter.H_III_SIZE, Parameter.Q_III_SIZE, Parameter.Q_INVERSE_III_SIZE, Parameter.Q_LOGARITHM_III_SIZE, Parameter.B_III_SIZE, Parameter.B_BIT_III_SIZE, Parameter.D_III_SIZE, Parameter.U_III_SIZE, Parameter.REJECTION_III_SIZE, Parameter.GENERATOR_A_III_SIZE, Parameter.INVERSE_NUMBER_THEORETIC_TRANSFORM_III_SIZE, Parameter.BARRETT_MULTIPLICATION_III_SIZE, Parameter.BARRETT_DIVISION_III_SIZE, PolynomialHeuristic.ZETA_III_SIZE ); }