Git Patch to Generate Known Answer Tests ( KATs ) from Kyber Reference Implementation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/ref/hex_print.h b/ref/hex_print.h | |
new file mode 100644 | |
index 0000000..7afd872 | |
--- /dev/null | |
+++ b/ref/hex_print.h | |
@@ -0,0 +1,9 @@ | |
+#include <stdio.h> | |
+#include <stdint.h> | |
+ | |
+inline void to_hex(const uint8_t *const bytes, const size_t blen) { | |
+ for(size_t i = 0; i < blen; i++) { | |
+ printf("%.2x", bytes[i]); | |
+ } | |
+ printf("\n"); | |
+} | |
diff --git a/ref/indcpa.c b/ref/indcpa.c | |
index 60f4059..86ec741 100644 | |
--- a/ref/indcpa.c | |
+++ b/ref/indcpa.c | |
@@ -7,6 +7,7 @@ | |
#include "ntt.h" | |
#include "symmetric.h" | |
#include "randombytes.h" | |
+#include "hex_print.h" | |
/************************************************* | |
* Name: pack_pk | |
@@ -213,6 +214,8 @@ void indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], | |
polyvec a[KYBER_K], e, pkpv, skpv; | |
randombytes(buf, KYBER_SYMBYTES); | |
+ printf("d = "); | |
+ to_hex(buf, KYBER_SYMBYTES); | |
hash_g(buf, buf, KYBER_SYMBYTES); | |
gen_a(a, publicseed); | |
diff --git a/ref/kem.c b/ref/kem.c | |
index f376bd2..d169f9b 100644 | |
--- a/ref/kem.c | |
+++ b/ref/kem.c | |
@@ -6,6 +6,7 @@ | |
#include "verify.h" | |
#include "symmetric.h" | |
#include "randombytes.h" | |
+#include "hex_print.h" | |
/************************************************* | |
* Name: crypto_kem_keypair | |
@@ -30,6 +31,12 @@ int crypto_kem_keypair(uint8_t *pk, | |
hash_h(sk+KYBER_SECRETKEYBYTES-2*KYBER_SYMBYTES, pk, KYBER_PUBLICKEYBYTES); | |
/* Value z for pseudo-random output on reject */ | |
randombytes(sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES, KYBER_SYMBYTES); | |
+ printf("z = "); | |
+ to_hex(sk+KYBER_SECRETKEYBYTES-KYBER_SYMBYTES, KYBER_SYMBYTES); | |
+ printf("pk = "); | |
+ to_hex(pk, KYBER_PUBLICKEYBYTES); | |
+ printf("sk = "); | |
+ to_hex(sk, KYBER_SECRETKEYBYTES); | |
return 0; | |
} | |
@@ -57,6 +64,8 @@ int crypto_kem_enc(uint8_t *ct, | |
uint8_t kr[2*KYBER_SYMBYTES]; | |
randombytes(buf, KYBER_SYMBYTES); | |
+ printf("m = "); | |
+ to_hex(buf, KYBER_SYMBYTES); | |
/* Don't release system RNG output */ | |
hash_h(buf, buf, KYBER_SYMBYTES); | |
@@ -66,11 +75,16 @@ int crypto_kem_enc(uint8_t *ct, | |
/* coins are in kr+KYBER_SYMBYTES */ | |
indcpa_enc(ct, buf, pk, kr+KYBER_SYMBYTES); | |
+ printf("ct = "); | |
+ to_hex(ct, KYBER_CIPHERTEXTBYTES); | |
/* overwrite coins in kr with H(c) */ | |
hash_h(kr+KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | |
/* hash concatenation of pre-k and H(c) to k */ | |
kdf(ss, kr, 2*KYBER_SYMBYTES); | |
+ printf("ss = "); | |
+ to_hex(ss, KYBER_SSBYTES); | |
+ printf("\n"); | |
return 0; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to follow for generating Kyber{512, 768, 1024} Known Answer Tests
Note
Don't forget to setup environment following Kyber documents ( see the README.md in Kyber repository ).
cd kyber git apply kyber_kat_generation.patch
kyber{512, 768, 1024}.kat
)