Git Patch to Generate Known Answer Tests ( KATs ) from Kyber Reference Implementation

kyber_kat_generation.patch

diff --git a/ref/hex_print.h b/ref/hex_print.h
new file mode 100644
index 0000000..7afd872
--- /dev/null
+++ b/ref/hex_print.h
@@ -0,0 +1,9 @@
+#include <stdio.h>
+#include <stdint.h>
+
+inline void to_hex(const uint8_t *const bytes, const size_t blen) {
+    for(size_t i = 0; i < blen; i++) {
+        printf("%.2x", bytes[i]);
+    }
+    printf("\n");
+}
diff --git a/ref/indcpa.c b/ref/indcpa.c
index 60f4059..86ec741 100644
--- a/ref/indcpa.c
+++ b/ref/indcpa.c
@@ -7,6 +7,7 @@
 #include "ntt.h"
 #include "symmetric.h"
 #include "randombytes.h"
+#include "hex_print.h"
 
 /*************************************************
 * Name:        pack_pk
@@ -213,6 +214,8 @@ void indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
   polyvec a[KYBER_K], e, pkpv, skpv;
 
   randombytes(buf, KYBER_SYMBYTES);
+  printf("d = ");
+  to_hex(buf, KYBER_SYMBYTES);
   hash_g(buf, buf, KYBER_SYMBYTES);
 
   gen_a(a, publicseed);
diff --git a/ref/kem.c b/ref/kem.c
index f376bd2..d169f9b 100644
--- a/ref/kem.c
+++ b/ref/kem.c
@@ -6,6 +6,7 @@
 #include "verify.h"
 #include "symmetric.h"
 #include "randombytes.h"
+#include "hex_print.h"
 
 /*************************************************
 * Name:        crypto_kem_keypair
@@ -30,6 +31,12 @@ int crypto_kem_keypair(uint8_t *pk,
   hash_h(sk+KYBER_SECRETKEYBYTES-2*KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
   /* Value z for pseudo-random output on reject */
   randombytes(sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES, KYBER_SYMBYTES);
+  printf("z = ");
+  to_hex(sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES, KYBER_SYMBYTES);
+  printf("pk = ");
+  to_hex(pk, KYBER_PUBLICKEYBYTES);
+  printf("sk = ");
+  to_hex(sk, KYBER_SECRETKEYBYTES);
   return 0;
 }
 
@@ -57,6 +64,8 @@ int crypto_kem_enc(uint8_t *ct,
   uint8_t kr[2*KYBER_SYMBYTES];
 
   randombytes(buf, KYBER_SYMBYTES);
+  printf("m = ");
+  to_hex(buf, KYBER_SYMBYTES);
   /* Don't release system RNG output */
   hash_h(buf, buf, KYBER_SYMBYTES);
 
@@ -66,11 +75,16 @@ int crypto_kem_enc(uint8_t *ct,
 
   /* coins are in kr+KYBER_SYMBYTES */
   indcpa_enc(ct, buf, pk, kr+KYBER_SYMBYTES);
+  printf("ct = ");
+  to_hex(ct, KYBER_CIPHERTEXTBYTES);
 
   /* overwrite coins in kr with H(c) */
   hash_h(kr+KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
   /* hash concatenation of pre-k and H(c) to k */
   kdf(ss, kr, 2*KYBER_SYMBYTES);
+  printf("ss = ");
+  to_hex(ss, KYBER_SSBYTES);
+  printf("\n");
   return 0;
 }
 

Steps to follow for generating Kyber{512, 768, 1024} Known Answer Tests

These KATs are used to test correctness & compatibility of Kyber implementation https://github.com/itzmeanjan/kyber

• Create working directory

cd
mkdir tmp
cd tmp

• Clone Kyber reference implementation

git clone https://github.com/pq-crystals/kyber.git
git checkout 1ee0baa2100a545ac852edea2e4441b8f742814d

Note
Don't forget to setup environment following Kyber documents ( see the README.md in Kyber repository ).

• Clone this gist ( the git patch file )

git clone https://gist.github.com/c8f5bc9640d0f0bdd2437dfe364d7710.git

• Copy patch file to Kyber repository

cp c8f5bc9640d0f0bdd2437dfe364d7710/kyber_kat_generation.patch kyber/

• Apply git patch

cd kyber
git apply kyber_kat_generation.patch

• Check status to find out which files were touched

git status

• Generate KATs for Kyber{512, 768, 1024} ( see content of file kyber{512, 768, 1024}.kat )

pushd ref

make PQCgenKAT_kem512
./PQCgenKAT_kem512 > ../kyber512.kat

make PQCgenKAT_kem768
./PQCgenKAT_kem768 > ../kyber768.kat

make PQCgenKAT_kem1024
./PQCgenKAT_kem1024 > ../kyber1024.kat

popd