Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Git Patch to Generate Known Answer Tests ( KATs ) from Kyber Reference Implementation
diff --git a/ref/hex_print.h b/ref/hex_print.h
new file mode 100644
index 0000000..7afd872
--- /dev/null
+++ b/ref/hex_print.h
@@ -0,0 +1,9 @@
+#include <stdio.h>
+#include <stdint.h>
+
+inline void to_hex(const uint8_t *const bytes, const size_t blen) {
+ for(size_t i = 0; i < blen; i++) {
+ printf("%.2x", bytes[i]);
+ }
+ printf("\n");
+}
diff --git a/ref/indcpa.c b/ref/indcpa.c
index 60f4059..86ec741 100644
--- a/ref/indcpa.c
+++ b/ref/indcpa.c
@@ -7,6 +7,7 @@
#include "ntt.h"
#include "symmetric.h"
#include "randombytes.h"
+#include "hex_print.h"
/*************************************************
* Name: pack_pk
@@ -213,6 +214,8 @@ void indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
polyvec a[KYBER_K], e, pkpv, skpv;
randombytes(buf, KYBER_SYMBYTES);
+ printf("d = ");
+ to_hex(buf, KYBER_SYMBYTES);
hash_g(buf, buf, KYBER_SYMBYTES);
gen_a(a, publicseed);
diff --git a/ref/kem.c b/ref/kem.c
index f376bd2..d169f9b 100644
--- a/ref/kem.c
+++ b/ref/kem.c
@@ -6,6 +6,7 @@
#include "verify.h"
#include "symmetric.h"
#include "randombytes.h"
+#include "hex_print.h"
/*************************************************
* Name: crypto_kem_keypair
@@ -30,6 +31,12 @@ int crypto_kem_keypair(uint8_t *pk,
hash_h(sk+KYBER_SECRETKEYBYTES-2*KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES);
/* Value z for pseudo-random output on reject */
randombytes(sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES, KYBER_SYMBYTES);
+ printf("z = ");
+ to_hex(sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES, KYBER_SYMBYTES);
+ printf("pk = ");
+ to_hex(pk, KYBER_PUBLICKEYBYTES);
+ printf("sk = ");
+ to_hex(sk, KYBER_SECRETKEYBYTES);
return 0;
}
@@ -57,6 +64,8 @@ int crypto_kem_enc(uint8_t *ct,
uint8_t kr[2*KYBER_SYMBYTES];
randombytes(buf, KYBER_SYMBYTES);
+ printf("m = ");
+ to_hex(buf, KYBER_SYMBYTES);
/* Don't release system RNG output */
hash_h(buf, buf, KYBER_SYMBYTES);
@@ -66,11 +75,16 @@ int crypto_kem_enc(uint8_t *ct,
/* coins are in kr+KYBER_SYMBYTES */
indcpa_enc(ct, buf, pk, kr+KYBER_SYMBYTES);
+ printf("ct = ");
+ to_hex(ct, KYBER_CIPHERTEXTBYTES);
/* overwrite coins in kr with H(c) */
hash_h(kr+KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
/* hash concatenation of pre-k and H(c) to k */
kdf(ss, kr, 2*KYBER_SYMBYTES);
+ printf("ss = ");
+ to_hex(ss, KYBER_SSBYTES);
+ printf("\n");
return 0;
}
@itzmeanjan
Copy link
Author

itzmeanjan commented Nov 1, 2022

Steps to follow for generating Kyber{512, 768, 1024} Known Answer Tests

These KATs are used to test correctness & compatibility of Kyber implementation https://github.com/itzmeanjan/kyber

  • Create working directory
cd
mkdir tmp
cd tmp
  • Clone Kyber reference implementation
git clone https://github.com/pq-crystals/kyber.git

Note
Don't forget to setup environment following Kyber documents ( see the README.md in Kyber repository ).

  • Clone this gist ( the git patch file )
git clone https://gist.github.com/c8f5bc9640d0f0bdd2437dfe364d7710.git
  • Copy patch file to Kyber repository
cp c8f5bc9640d0f0bdd2437dfe364d7710/kyber_kat_generation.patch kyber/
  • Apply git patch
cd kyber
git apply kyber_kat_generation.patch
  • Check status to find out which files were touched
git status
  • Generate KATs for Kyber{512, 768, 1024} ( see content of file kyber{512, 768, 1024}.kat )
pushd ref

make PQCgenKAT_kem512
./PQCgenKAT_kem512 > ../kyber512.kat

make PQCgenKAT_kem768
./PQCgenKAT_kem768 > ../kyber768.kat

make PQCgenKAT_kem1024
./PQCgenKAT_kem1024 > ../kyber1024.kat

popd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment