Skip to main content

cryptography/public_key/
ntru_hps677.rs

1//! NTRU-HPS-2048-677 — round-3 NTRU parameter set $(N = 677, q = 2048,
2//! \text{weight} = q/8 - 2 = 254)$.
3//!
4//! Algorithmic core, OWCPA + FO-style KEM, and side-channel inventory
5//! are documented in [`crate::public_key::ntru_pqc_shared`]; this file
6//! is the parameter binding plus the LOGQ-11 Sq packer override.
7//!
8//! Validated against all 100 entries of the round-3 KAT file
9//! `PQCkemKAT_1234.rsp` (sampled subset by default; full sweep under
10//! `--ignored`).
11
12
13
14
15// ---- parameter constants ---------------------------------------------------
16
17const N: usize = 677;
18const LOGQ: usize = 11;
19const Q: u32 = 1 << LOGQ;
20const Q_MASK: u16 = (Q as u16).wrapping_sub(1);
21const WEIGHT: usize = (Q as usize) / 8 - 2;
22
23const PRFKEYBYTES: usize = 32;
24const SHAREDKEYBYTES: usize = 32;
25
26const SAMPLE_IID_BYTES: usize = N - 1;
27const SAMPLE_FT_BYTES: usize = (30 * (N - 1) + 7) / 8;
28const SAMPLE_FG_BYTES: usize = SAMPLE_IID_BYTES + SAMPLE_FT_BYTES;
29const SAMPLE_RM_BYTES: usize = SAMPLE_IID_BYTES + SAMPLE_FT_BYTES;
30
31const PACK_DEG: usize = N - 1;
32const PACK_TRINARY_BYTES: usize = (PACK_DEG + 4) / 5;
33
34const OWCPA_MSGBYTES: usize = 2 * PACK_TRINARY_BYTES;
35const OWCPA_PUBLICKEYBYTES: usize = (LOGQ * PACK_DEG + 7) / 8;
36const OWCPA_SECRETKEYBYTES: usize = 2 * PACK_TRINARY_BYTES + OWCPA_PUBLICKEYBYTES;
37const OWCPA_BYTES: usize = (LOGQ * PACK_DEG + 7) / 8;
38
39/// Public-key length in bytes.
40pub const PUBLIC_KEY_BYTES: usize = OWCPA_PUBLICKEYBYTES;
41/// Private-key length in bytes (includes implicit-rejection PRF key).
42pub const PRIVATE_KEY_BYTES: usize = OWCPA_SECRETKEYBYTES + PRFKEYBYTES;
43/// Ciphertext length in bytes.
44pub const CIPHERTEXT_BYTES: usize = OWCPA_BYTES;
45/// Shared-secret length in bytes.
46pub const SHARED_SECRET_BYTES: usize = SHAREDKEYBYTES;
47
48// ---- variant marker -------------------------------------------------------
49
50struct Hps677Variant;
51
52impl crate::public_key::ntru_pqc_shared::NtruVariant<N, LOGQ> for Hps677Variant {
53    const Q_MASK: u16 = Q_MASK;
54    const WEIGHT: usize = WEIGHT;
55    const SAMPLE_FG_BYTES: usize = SAMPLE_FG_BYTES;
56    const SAMPLE_RM_BYTES: usize = SAMPLE_RM_BYTES;
57    const PACK_TRINARY_BYTES: usize = PACK_TRINARY_BYTES;
58    const OWCPA_PUBLICKEYBYTES: usize = OWCPA_PUBLICKEYBYTES;
59    const OWCPA_SECRETKEYBYTES: usize = OWCPA_SECRETKEYBYTES;
60    const OWCPA_BYTES: usize = OWCPA_BYTES;
61    const OWCPA_MSGBYTES: usize = OWCPA_MSGBYTES;
62
63    fn poly_sq_tobytes(r: &mut [u8], a: &[u16; N]) {
64        crate::public_key::ntru_pqc_shared::poly_sq_tobytes_logq11::<N>(r, a);
65    }
66
67    fn poly_sq_frombytes(r: &mut [u16; N], a: &[u8]) {
68        crate::public_key::ntru_pqc_shared::poly_sq_frombytes_logq11::<N>(r, a);
69    }
70}
71
72// ---- public API + standard tests (macro-generated) -------------------------
73
74crate::public_key::ntru_pqc_shared::define_pqc_kem! {
75    namespace = NtruHps677,
76    public_key = NtruHps677PublicKey,
77    private_key = NtruHps677PrivateKey,
78    ciphertext = NtruHps677Ciphertext,
79    shared_secret = NtruHps677SharedSecret,
80    variant = Hps677Variant,
81    kat_path = "../../kat/ntruhps677.rsp",
82}