Skip to content

Commit 3fc3564

Browse files
sebastinassebastinas
committed
First consistent version of the BAVC implementation
1 parent 95d6ff5 commit 3fc3564

File tree

1 file changed

+25
-21
lines changed

1 file changed

+25
-21
lines changed

vc.c

Lines changed: 25 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
#include "instances.h"
1414
#include "universal_hashing.h"
1515

16-
#include <assert.h>
1716
#include <string.h>
1817

1918
typedef struct tree_t {
@@ -27,7 +26,7 @@ typedef struct tree_t {
2726
static void expand_seeds(uint8_t* nodes, const uint8_t* iv, const faest_paramset_t* params) {
2827
const unsigned int lambda_bytes = params->faest_param.lambda / 8;
2928

30-
for (unsigned int alpha = 0; alpha <= params->faest_param.L - 2; ++alpha) {
29+
for (unsigned int alpha = 0; alpha < params->faest_param.L - 1; ++alpha) {
3130
// the nodes are located other in memory consecutively
3231
prg(NODE(nodes, alpha, lambda_bytes), iv, alpha, NODE(nodes, 2 * alpha + 1, lambda_bytes),
3332
params->faest_param.lambda, lambda_bytes * 2);
@@ -104,6 +103,7 @@ static void vector_commitment_faest(const uint8_t* rootKey, const uint8_t* iv,
104103
const unsigned int lambda = params->faest_param.lambda;
105104
const unsigned int L = params->faest_param.L;
106105
const unsigned int lambda_bytes = lambda / 8;
106+
const unsigned int com_size = lambda_bytes * 3; // size of com_ij
107107

108108
H0_context_t uhash_ctx;
109109
H0_init(&uhash_ctx, lambda);
@@ -118,7 +118,7 @@ static void vector_commitment_faest(const uint8_t* rootKey, const uint8_t* iv,
118118

119119
// Initialzing stuff
120120
vecCom->h = malloc(lambda_bytes * 2);
121-
vecCom->com = malloc(L * lambda_bytes * 3);
121+
vecCom->com = malloc(L * com_size);
122122
vecCom->sd = malloc(L * lambda_bytes);
123123

124124
// Step: 1..3
@@ -137,9 +137,9 @@ static void vector_commitment_faest(const uint8_t* rootKey, const uint8_t* iv,
137137
bavc_max_node_index(i, params->faest_param.tau1, params->faest_param.k);
138138
for (unsigned int j = 0; j < N_i; ++j, ++offset) {
139139
const unsigned int alpha = pos_in_tree(i, j, params);
140-
faest_leaf_commit(vecCom->sd + offset * lambda_bytes, vecCom->com + offset * lambda_bytes * 3,
140+
faest_leaf_commit(vecCom->sd + offset * lambda_bytes, vecCom->com + offset * com_size,
141141
NODE(nodes, alpha, lambda_bytes), iv, i + L - 1, uhash, lambda);
142-
H1_update(&h1_ctx, vecCom->com + offset * lambda_bytes * 3, lambda_bytes * 3);
142+
H1_update(&h1_ctx, vecCom->com + offset * com_size, com_size);
143143
}
144144

145145
uint8_t hi[MAX_LAMBDA_BYTES * 2];
@@ -160,6 +160,7 @@ static void vector_commitment_faest_em(const uint8_t* rootKey, const uint8_t* iv
160160
const unsigned int lambda = params->faest_param.lambda;
161161
const unsigned int L = params->faest_param.L;
162162
const unsigned int lambda_bytes = lambda / 8;
163+
const unsigned int com_size = lambda_bytes * 2; // size of com_ij
163164

164165
H1_context_t h1_com_ctx;
165166
H1_init(&h1_com_ctx, lambda);
@@ -169,7 +170,7 @@ static void vector_commitment_faest_em(const uint8_t* rootKey, const uint8_t* iv
169170

170171
// Initialzing stuff
171172
vecCom->h = malloc(lambda_bytes * 2);
172-
vecCom->com = malloc(L * lambda_bytes * 2);
173+
vecCom->com = malloc(L * com_size);
173174
vecCom->sd = malloc(L * lambda_bytes);
174175

175176
// Step: 1..3
@@ -185,10 +186,9 @@ static void vector_commitment_faest_em(const uint8_t* rootKey, const uint8_t* iv
185186
bavc_max_node_index(i, params->faest_param.tau1, params->faest_param.k);
186187
for (unsigned int j = 0; j < N_i; ++j, ++offset) {
187188
const unsigned int alpha = pos_in_tree(i, j, params);
188-
faest_em_leaf_commit(vecCom->sd + offset * lambda_bytes,
189-
vecCom->com + offset * lambda_bytes * 2,
189+
faest_em_leaf_commit(vecCom->sd + offset * lambda_bytes, vecCom->com + offset * com_size,
190190
NODE(nodes, alpha, lambda_bytes), iv, i + L - 1, lambda);
191-
H1_update(&h1_ctx, vecCom->com + offset * lambda_bytes * 2, lambda_bytes * 2);
191+
H1_update(&h1_ctx, vecCom->com + offset * com_size, com_size);
192192
}
193193

194194
uint8_t hi[MAX_LAMBDA_BYTES * 2];
@@ -221,6 +221,8 @@ bool vector_open(const vec_com_t* vc, const uint16_t* i_delta, uint8_t* decom_i,
221221
const unsigned int tau_1 = params->faest_param.tau1;
222222
const unsigned int com_size = faest_is_em(params) ? (2 * lambda_bytes) : (3 * lambda_bytes);
223223

224+
uint8_t* decom_i_end = decom_i + com_size * tau + params->faest_param.T_open * lambda_bytes;
225+
224226
// Step 5
225227
uint8_t* s = calloc((2 * L - 1 + 7) / 8, 1);
226228
// Step 6
@@ -254,8 +256,7 @@ bool vector_open(const vec_com_t* vc, const uint16_t* i_delta, uint8_t* decom_i,
254256
}
255257

256258
// Step 19..25
257-
for (unsigned int j = L - 2 + 1; j > 0; --j) {
258-
unsigned int i = j - 1;
259+
for (int i = L - 2; i >= 0; --i) {
259260
ptr_set_bit(s, ptr_get_bit(s, 2 * i + 1) | ptr_get_bit(s, 2 * i + 2), i);
260261
if ((ptr_get_bit(s, 2 * i + 1) ^ ptr_get_bit(s, 2 * i + 2)) == 1) {
261262
const unsigned int alpha = 2 * i + 1 + ptr_get_bit(s, 2 * i + 1);
@@ -264,6 +265,8 @@ bool vector_open(const vec_com_t* vc, const uint16_t* i_delta, uint8_t* decom_i,
264265
}
265266
}
266267

268+
memset(decom_i, 0, decom_i_end - decom_i);
269+
267270
free(s);
268271
return true;
269272
}
@@ -286,8 +289,7 @@ static bool reconstruct_keys(uint8_t* s, uint8_t* keys, const uint8_t* decom_i,
286289
}
287290

288291
// Step 12.12
289-
for (unsigned int j = L - 2 + 1; j > 0; --j) {
290-
unsigned int i = j - 1;
292+
for (int i = L - 2; i >= 0; --i) {
291293
ptr_set_bit(s, ptr_get_bit(s, 2 * i + 1) | ptr_get_bit(s, 2 * i + 2), i);
292294
if ((ptr_get_bit(s, 2 * i + 1) ^ ptr_get_bit(s, 2 * i + 2)) == 1) {
293295
if (nodes == end) {
@@ -308,7 +310,8 @@ static bool reconstruct_keys(uint8_t* s, uint8_t* keys, const uint8_t* decom_i,
308310

309311
for (unsigned int i = 0; i != L - 1; ++i) {
310312
if (!ptr_get_bit(s, i)) {
311-
prg(keys + i * lambda_bytes, iv, i, keys + 2 * i * lambda_bytes, lambda, 2 * lambda_bytes);
313+
prg(keys + i * lambda_bytes, iv, i, keys + (2 * i + 1) * lambda_bytes, lambda,
314+
2 * lambda_bytes);
312315
}
313316
}
314317

@@ -325,6 +328,7 @@ static bool vector_reconstruction_faest(const uint8_t* decom_i, const uint16_t*
325328
const unsigned int k = params->faest_param.k;
326329
const unsigned int tau = params->faest_param.tau;
327330
const unsigned int tau_1 = params->faest_param.tau1;
331+
const unsigned int com_size = lambda_bytes * 3; // size of com_ij
328332

329333
// Step 6
330334
uint8_t* s = calloc((2 * L - 1 + 7) >> 3, 1);
@@ -346,22 +350,21 @@ static bool vector_reconstruction_faest(const uint8_t* decom_i, const uint16_t*
346350

347351
for (unsigned int i = 0, offset = 0; i != tau; ++i) {
348352
uint8_t uhash[MAX_LAMBDA_BYTES * 3];
349-
H0_squeeze(&uhash_ctx, uhash, 3 * lambda_bytes);
353+
H0_squeeze(&uhash_ctx, uhash, com_size);
350354

351355
H1_context_t h1_ctx;
352356
H1_init(&h1_ctx, lambda);
353357

354358
const unsigned int N_i = bavc_max_node_index(i, tau_1, k);
355359
for (unsigned int j = 0; j != N_i; ++j, ++offset) {
356360
const unsigned int alpha = pos_in_tree(i, j, params);
357-
// Fix index: alpha + L - 1 is too big
358361
if (ptr_get_bit(s, alpha)) {
359-
H1_update(&h1_ctx, decom_i + i * lambda_bytes * 3, lambda_bytes * 3);
362+
H1_update(&h1_ctx, decom_i + i * com_size, com_size);
360363
} else {
361364
uint8_t com[3 * MAX_LAMBDA_BYTES];
362365
faest_leaf_commit(vecComRec->s + offset * lambda_bytes, com, keys + alpha * lambda_bytes,
363366
iv, i + L - 1, uhash, lambda);
364-
H1_update(&h1_ctx, com, 3 * lambda_bytes);
367+
H1_update(&h1_ctx, com, com_size);
365368
}
366369
}
367370

@@ -388,9 +391,10 @@ static bool vector_reconstruction_faest_em(const uint8_t* decom_i, const uint16_
388391
const unsigned int k = params->faest_param.k;
389392
const unsigned int tau = params->faest_param.tau;
390393
const unsigned int tau_1 = params->faest_param.tau1;
394+
const unsigned int com_size = lambda_bytes * 2; // size of com_ij
391395

392396
// Step 6
393-
uint8_t* s = calloc((2 * L - 1 + 7) >> 3, 1);
397+
uint8_t* s = calloc((2 * L - 1 + 7) / 8, 1);
394398
uint8_t* keys = calloc(2 * params->faest_param.L - 1, lambda_bytes);
395399

396400
// Step 7..10
@@ -411,12 +415,12 @@ static bool vector_reconstruction_faest_em(const uint8_t* decom_i, const uint16_
411415
for (unsigned int j = 0; j != N_i; ++j, ++offset) {
412416
const unsigned int alpha = pos_in_tree(i, j, params);
413417
if (ptr_get_bit(s, alpha)) {
414-
H1_update(&h1_ctx, decom_i + i * lambda_bytes * 2, lambda_bytes * 2);
418+
H1_update(&h1_ctx, decom_i + i * com_size, com_size);
415419
} else {
416420
uint8_t com[2 * MAX_LAMBDA_BYTES];
417421
faest_em_leaf_commit(vecComRec->s + offset * lambda_bytes, com, keys + alpha * lambda_bytes,
418422
iv, i + L - 1, lambda);
419-
H1_update(&h1_ctx, com, 2 * lambda_bytes);
423+
H1_update(&h1_ctx, com, com_size);
420424
}
421425
}
422426

0 commit comments

Comments
 (0)