| dilithium.cpp |
NIST FIPS 204, Algorithm 2 (ML-DSA.Sign) and Algorithm 7 (ML-DSA.Sign_internal)
Note that the private key decoding is done ahead of time. Also, the
matrix expansion of A from 'rho' along with the NTT-transforms of s1,
s2 and t0 are done in the constructor of this class, as a 'signature
operation' may be used to sign multiple messages.
TODO: Implement support for the specified 'ctx' context string which is
application defined and "empty" by default and <= 255 bytes long.
|
17746 |
| dilithium.h |
This implementation is based on
https://github.com/pq-crystals/dilithium/commit/3e9b9f1412f6c7435dbeb4e10692ea58f181ee51
Note that this is _not_ compatible with the round 3 submission of the NIST competition.
|
5261 |
| dilithium_algos.cpp |
Returns an all-one mask if @p x is negative, otherwise an all-zero mask.
|
31977 |
| dilithium_algos.h |
|
3290 |
| dilithium_constants.cpp |
|
4287 |
| dilithium_constants.h |
Algorithm constants and parameter-set dependent values
|
6460 |
| dilithium_keys.cpp |
|
1030 |
| dilithium_keys.h |
|
4195 |
| dilithium_polynomial.h |
NIST FIPS 204, Algorithm 41 (NTT)
Note: ntt(), inverse_ntt() and operator* have side effects on the
montgomery factor of the involved coefficients!
It is assumed that EXACTLY ONE vector or matrix multiplication
is performed between transforming in and out of NTT domain.
Produces the result of the NTT transformation without any montgomery
factors in the coefficients.
|
4228 |
| dilithium_shake |
|
|
| dilithium_symmetric_primitives.cpp |
|
1406 |
| dilithium_symmetric_primitives.h |
Wrapper type for the H() function calculating the message representative for
the Dilithium signature scheme. This wrapper may be used multiple times.
Namely: mu = H(tr || M)
|
8040 |
| dilithium_types.h |
|
3139 |
| info.txt |
|
452 |