lib-q-hqc 0.0.4

Post-Quantum HQC (Hamming Quasi-Cyclic) KEM for lib-Q
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384

//! Polynomial Operations
//!
//! This module provides polynomial operations used in the HQC implementation.

#[cfg(feature = "alloc")]
extern crate alloc;
#[cfg(feature = "alloc")]
use alloc::vec;
#[cfg(feature = "alloc")]
use alloc::vec::Vec;

#[cfg(feature = "random")]
use lib_q_random::LibQRng;
use rand_core::Rng;

use crate::error::HqcError;

/// Polynomial in GF(2)\[x\]/(x^n - 1)
pub struct Polynomial {
    #[cfg(feature = "alloc")]
    coefficients: Vec<u8>,
    #[cfg(not(feature = "alloc"))]
    coefficients: [u8; 100000], // Large enough for HQC-256
    degree: usize,
}

impl Polynomial {
    /// Create a new polynomial with the given degree
    pub fn new(degree: usize) -> Self {
        Self {
            #[cfg(feature = "alloc")]
            coefficients: vec![0u8; degree],
            #[cfg(not(feature = "alloc"))]
            coefficients: [0u8; 100000], // Large enough for HQC-256
            degree,
        }
    }

    /// Create a polynomial from coefficients
    #[cfg(feature = "alloc")]
    pub fn from_coefficients(coefficients: Vec<u8>) -> Self {
        let degree = coefficients.len();
        Self {
            coefficients,
            degree,
        }
    }

    /// Create a polynomial from coefficients (no_std version)
    #[cfg(not(feature = "alloc"))]
    pub fn from_coefficients(coefficients: &[u8]) -> Self {
        let degree = coefficients.len().min(100000);
        let mut coeffs = [0u8; 100000];
        coeffs[..degree].copy_from_slice(&coefficients[..degree]);
        Self {
            coefficients: coeffs,
            degree,
        }
    }

    /// Get the degree of the polynomial
    pub fn degree(&self) -> usize {
        self.degree
    }

    /// Get the coefficients
    pub fn coefficients(&self) -> &[u8] {
        #[cfg(feature = "alloc")]
        {
            &self.coefficients
        }
        #[cfg(not(feature = "alloc"))]
        {
            &self.coefficients[..self.degree]
        }
    }

    /// Validate that the polynomial has the expected weight (for security)
    pub fn validate_weight(&self, expected_weight: usize) -> Result<(), HqcError> {
        let actual_weight = self.coefficients().iter().filter(|&&x| x == 1).count();
        if actual_weight != expected_weight {
            return Err(HqcError::InvalidWeight);
        }
        Ok(())
    }

    /// Check if the polynomial is valid (within bounds)
    pub fn is_valid(&self) -> bool {
        self.degree > 0 && self.degree <= 100000 && self.is_non_zero()
    }

    /// Check if the polynomial is non-zero (has at least one non-zero coefficient)
    pub fn is_non_zero(&self) -> bool {
        self.coefficients().iter().any(|&x| x != 0)
    }

    /// Add two polynomials (XOR in GF(2))
    pub fn add(&self, other: &Polynomial) -> Result<Polynomial, HqcError> {
        if self.degree != other.degree {
            return Err(HqcError::InvalidSize);
        }

        #[cfg(feature = "alloc")]
        {
            let mut result = vec![0u8; self.degree];
            for (i, item) in result.iter_mut().enumerate().take(self.degree) {
                *item = self.coefficients()[i] ^ other.coefficients()[i];
            }
            Ok(Polynomial::from_coefficients(result))
        }
        #[cfg(not(feature = "alloc"))]
        {
            // For HQC, we need to support very large polynomials (up to 65,542 for HQC-256)
            let mut result = [0u8; 100000]; // Large enough for HQC-256
            if self.degree > result.len() {
                return Err(HqcError::InvalidSize);
            }
            for (i, item) in result.iter_mut().enumerate().take(self.degree) {
                *item = self.coefficients()[i] ^ other.coefficients()[i];
            }
            Ok(Polynomial::from_coefficients(&result[..self.degree]))
        }
    }

    /// Multiply two polynomials
    pub fn multiply(&self, other: &Polynomial) -> Result<Polynomial, HqcError> {
        if self.degree != other.degree {
            return Err(HqcError::InvalidSize);
        }

        #[cfg(feature = "alloc")]
        {
            let mut result = vec![0u8; self.degree];
            for i in 0..self.degree {
                for j in 0..self.degree {
                    let k = (i + j) % self.degree;
                    result[k] ^= self.coefficients()[i] & other.coefficients()[j];
                }
            }
            Ok(Polynomial::from_coefficients(result))
        }
        #[cfg(not(feature = "alloc"))]
        {
            // For HQC, we need to support very large polynomials (up to 65,542 for HQC-256)
            let mut result = [0u8; 100000]; // Large enough for HQC-256
            if self.degree > result.len() {
                return Err(HqcError::InvalidSize);
            }
            for i in 0..self.degree {
                for j in 0..self.degree {
                    let k = (i + j) % self.degree;
                    result[k] ^= self.coefficients()[i] & other.coefficients()[j];
                }
            }
            Ok(Polynomial::from_coefficients(&result[..self.degree]))
        }
    }

    /// Generate a random polynomial with fixed weight using secure rejection sampling
    #[cfg(feature = "random")]
    pub fn random_fixed_weight(
        degree: usize,
        weight: usize,
        rng: &mut LibQRng,
    ) -> Result<Polynomial, HqcError> {
        if weight > degree {
            return Err(HqcError::InvalidSize);
        }

        // Handle edge case where both degree and weight are 0
        if degree == 0 && weight == 0 {
            return Err(HqcError::InvalidSize);
        }

        #[cfg(feature = "alloc")]
        {
            let mut coefficients = vec![0u8; degree];
            let mut positions = Vec::with_capacity(weight);
            let mut attempts = 0;
            const MAX_ATTEMPTS: usize = 10000; // Prevent infinite loops

            // Use rejection sampling to ensure exactly the required weight
            while positions.len() < weight && attempts < MAX_ATTEMPTS {
                let mut pos_bytes = [0u8; 4];
                rng.fill_bytes(&mut pos_bytes);
                let pos = u32::from_le_bytes(pos_bytes) as usize % degree;

                if !positions.contains(&pos) {
                    positions.push(pos);
                    coefficients[pos] = 1;
                }
                attempts += 1;
            }

            // Validate that we achieved the required weight
            if positions.len() != weight {
                return Err(HqcError::RandomGenerationFailed);
            }

            Ok(Polynomial::from_coefficients(coefficients))
        }
        #[cfg(not(feature = "alloc"))]
        {
            // For HQC, we need to support very large polynomials (up to 65,542 for HQC-256)
            // Use a much larger fixed-size array to accommodate HQC parameters
            let mut coefficients = [0u8; 100000]; // Large enough for HQC-256
            if degree > coefficients.len() {
                return Err(HqcError::InvalidSize);
            }

            let mut positions = [0usize; 256]; // Fixed size array for positions
            let mut positions_len = 0;
            let mut attempts = 0;
            const MAX_ATTEMPTS: usize = 10000; // Prevent infinite loops

            // Use rejection sampling to ensure exactly the required weight
            while positions_len < weight &&
                attempts < MAX_ATTEMPTS &&
                positions_len < positions.len()
            {
                let mut pos_bytes = [0u8; 4];
                rng.fill_bytes(&mut pos_bytes);
                let pos = u32::from_le_bytes(pos_bytes) as usize % degree;

                let mut found = false;
                for &existing_pos in positions.iter().take(positions_len) {
                    if existing_pos == pos {
                        found = true;
                        break;
                    }
                }

                if !found {
                    positions[positions_len] = pos;
                    positions_len += 1;
                    coefficients[pos] = 1;
                }
                attempts += 1;
            }

            // Validate that we achieved the required weight
            if positions_len != weight {
                return Err(HqcError::RandomGenerationFailed);
            }

            Ok(Polynomial::from_coefficients(&coefficients[..degree]))
        }
    }
}

#[cfg(test)]
mod tests {
    #[cfg(feature = "random")]
    use lib_q_random::LibQRng;

    use super::*;

    #[test]
    fn test_polynomial_creation() {
        let poly = Polynomial::new(10);
        assert_eq!(poly.degree(), 10);
        assert_eq!(poly.coefficients().len(), 10);
    }

    #[test]
    fn test_polynomial_from_coefficients() {
        #[cfg(feature = "alloc")]
        {
            let coeffs = vec![1, 0, 1, 1, 0];
            let poly = Polynomial::from_coefficients(coeffs.clone());
            assert_eq!(poly.degree(), 5);
            assert_eq!(poly.coefficients(), coeffs.as_slice());
        }
        #[cfg(not(feature = "alloc"))]
        {
            let coeffs = [1, 0, 1, 1, 0];
            let poly = Polynomial::from_coefficients(&coeffs);
            assert_eq!(poly.degree(), 5);
            assert_eq!(poly.coefficients(), &coeffs);
        }
    }

    #[test]
    fn test_polynomial_addition() {
        #[cfg(feature = "alloc")]
        {
            let coeffs1 = vec![1, 0, 1, 0];
            let poly1 = Polynomial::from_coefficients(coeffs1);

            let coeffs2 = vec![0, 1, 1, 0];
            let poly2 = Polynomial::from_coefficients(coeffs2);
            let result = poly1.add(&poly2).unwrap();
            assert_eq!(result.coefficients(), &[1, 1, 0, 0]);
        }
        #[cfg(not(feature = "alloc"))]
        {
            let poly1 = Polynomial::from_coefficients(&[1, 0, 1, 0]);
            let poly2 = Polynomial::from_coefficients(&[0, 1, 1, 0]);
            let result = poly1.add(&poly2).unwrap();
            assert_eq!(result.coefficients(), &[1, 1, 0, 0]);
        }
    }

    #[test]
    #[cfg(feature = "random")]
    fn test_polynomial_random_fixed_weight() {
        let mut rng = LibQRng::new_deterministic([42u8; 32]);
        let poly = Polynomial::random_fixed_weight(100, 10, &mut rng).unwrap();
        assert_eq!(poly.degree(), 100);
        let weight = poly.coefficients().iter().filter(|&&x| x == 1).count();
        assert_eq!(weight, 10);
    }

    #[test]
    fn test_polynomial_weight_validation() {
        #[cfg(feature = "alloc")]
        {
            let coeffs = vec![1, 0, 1, 1, 0];
            let poly = Polynomial::from_coefficients(coeffs);
            assert!(poly.validate_weight(3).is_ok());
            assert!(poly.validate_weight(2).is_err());
        }
        #[cfg(not(feature = "alloc"))]
        {
            let poly = Polynomial::from_coefficients(&[1, 0, 1, 1, 0]);
            assert!(poly.validate_weight(3).is_ok());
            assert!(poly.validate_weight(2).is_err());
        }
    }

    #[test]
    fn test_polynomial_validity() {
        // Create a polynomial with non-zero coefficients to test validity
        #[cfg(feature = "alloc")]
        {
            let coeffs = vec![1, 0, 1, 0, 0, 0, 0, 0, 0, 0];
            let poly = Polynomial::from_coefficients(coeffs);
            assert!(poly.is_valid());
        }
        #[cfg(not(feature = "alloc"))]
        {
            let poly = Polynomial::from_coefficients(&[1, 0, 1, 0, 0, 0, 0, 0, 0, 0]);
            assert!(poly.is_valid());
        }

        #[cfg(feature = "alloc")]
        {
            let zero_coeffs = vec![0; 5];
            let zero_poly = Polynomial::from_coefficients(zero_coeffs);
            assert!(!zero_poly.is_valid());
        }
        #[cfg(not(feature = "alloc"))]
        {
            let zero_poly = Polynomial::from_coefficients(&[0; 5]);
            assert!(!zero_poly.is_valid());
        }
    }

    #[test]
    #[cfg(feature = "random")]
    fn test_polynomial_security_validation() {
        let mut rng = LibQRng::new_deterministic([42u8; 32]);

        // Test that fixed weight generation always produces the correct weight
        for _ in 0..10 {
            let poly = Polynomial::random_fixed_weight(50, 5, &mut rng).unwrap();
            assert_eq!(poly.degree(), 50);
            assert!(poly.validate_weight(5).is_ok());
            assert!(poly.is_valid());
        }
    }

    #[test]
    #[cfg(feature = "random")]
    fn test_polynomial_error_handling() {
        let mut rng = LibQRng::new_deterministic([42u8; 32]);

        // Test invalid weight (weight > degree)
        assert!(Polynomial::random_fixed_weight(10, 15, &mut rng).is_err());

        // Test zero degree
        assert!(Polynomial::random_fixed_weight(0, 0, &mut rng).is_err());
    }
}