| dilithium.cpp |
NIST FIPS 204, Algorithm 2 (ML-DSA.Sign) and Algorithm 7 (ML-DSA.Sign_internal)
Note that the private key decoding is done ahead of time. Also, the
matrix expansion of A from 'rho' along with the NTT-transforms of s1,
s2 and t0 are done in the constructor of this class, as a 'signature
operation' may be used to sign multiple messages.
TODO: Implement support for the specified 'ctx' context string which is
application defined and "empty" by default and <= 255 bytes long.
|
17780 |
- |
| dilithium.h |
NOLINT(*-use-enum-class) |
5454 |
- |
| dilithium_algos.cpp |
Returns an all-one mask if @p x is negative, otherwise an all-zero mask.
|
32125 |
- |
| dilithium_algos.h |
|
3326 |
- |
| dilithium_constants.cpp |
|
4287 |
- |
| dilithium_constants.h |
Algorithm constants and parameter-set dependent values
|
6543 |
- |
| dilithium_keys.cpp |
|
1030 |
- |
| dilithium_keys.h |
NOLINT(*-special-member-functions) |
4236 |
- |
| dilithium_polynomial.h |
NIST FIPS 204, Algorithm 41 (NTT)
Note: ntt(), inverse_ntt() and operator* have side effects on the
montgomery factor of the involved coefficients!
It is assumed that EXACTLY ONE vector or matrix multiplication
is performed between transforming in and out of NTT domain.
Produces the result of the NTT transformation without any montgomery
factors in the coefficients.
|
4264 |
- |
| dilithium_shake |
|
|
- |
| dilithium_symmetric_primitives.cpp |
|
2222 |
- |
| dilithium_symmetric_primitives.h |
Wrapper type for the H() function calculating the message representative for
the Dilithium signature scheme. This wrapper may be used multiple times.
Namely: mu = H(tr || M)
|
7438 |
- |
| dilithium_types.h |
|
3139 |
- |
| info.txt |
|
452 |
- |