Skip to main content

cryptography/public_key/
ntru_hps821.rs

1//! NTRU-HPS-4096-821 — round-3 NTRU parameter set $(N = 821, q = 4096,
2//! \text{weight} = q/8 - 2 = 510)$.
3//!
4//! Algorithmic core, OWCPA + FO-style KEM, and side-channel inventory
5//! are documented in [`crate::public_key::ntru_pqc_shared`]; this file
6//! is the parameter binding plus the LOGQ-12 Sq packer override (a
7//! 12-bit-per-coefficient packing rather than the 11-bit form used by
8//! HPS-509 / HPS-677).
9//!
10//! Validated against all 100 entries of the round-3 KAT file
11//! `PQCkemKAT_1590.rsp` (sampled subset by default; full sweep under
12//! `--ignored`).
13
14
15
16
17// ---- parameter constants ---------------------------------------------------
18
19const N: usize = 821;
20const LOGQ: usize = 12;
21const Q: u32 = 1 << LOGQ;
22const Q_MASK: u16 = (Q as u16).wrapping_sub(1);
23const WEIGHT: usize = (Q as usize) / 8 - 2;
24
25const PRFKEYBYTES: usize = 32;
26const SHAREDKEYBYTES: usize = 32;
27
28const SAMPLE_IID_BYTES: usize = N - 1;
29const SAMPLE_FT_BYTES: usize = (30 * (N - 1) + 7) / 8;
30const SAMPLE_FG_BYTES: usize = SAMPLE_IID_BYTES + SAMPLE_FT_BYTES;
31const SAMPLE_RM_BYTES: usize = SAMPLE_IID_BYTES + SAMPLE_FT_BYTES;
32
33const PACK_DEG: usize = N - 1;
34const PACK_TRINARY_BYTES: usize = (PACK_DEG + 4) / 5;
35
36const OWCPA_MSGBYTES: usize = 2 * PACK_TRINARY_BYTES;
37const OWCPA_PUBLICKEYBYTES: usize = (LOGQ * PACK_DEG + 7) / 8;
38const OWCPA_SECRETKEYBYTES: usize = 2 * PACK_TRINARY_BYTES + OWCPA_PUBLICKEYBYTES;
39const OWCPA_BYTES: usize = (LOGQ * PACK_DEG + 7) / 8;
40
41/// Public-key length in bytes.
42pub const PUBLIC_KEY_BYTES: usize = OWCPA_PUBLICKEYBYTES;
43/// Private-key length in bytes (includes implicit-rejection PRF key).
44pub const PRIVATE_KEY_BYTES: usize = OWCPA_SECRETKEYBYTES + PRFKEYBYTES;
45/// Ciphertext length in bytes.
46pub const CIPHERTEXT_BYTES: usize = OWCPA_BYTES;
47/// Shared-secret length in bytes.
48pub const SHARED_SECRET_BYTES: usize = SHAREDKEYBYTES;
49
50// ---- variant marker -------------------------------------------------------
51
52struct Hps821Variant;
53
54impl crate::public_key::ntru_pqc_shared::NtruVariant<N, LOGQ> for Hps821Variant {
55    const Q_MASK: u16 = Q_MASK;
56    const WEIGHT: usize = WEIGHT;
57    const SAMPLE_FG_BYTES: usize = SAMPLE_FG_BYTES;
58    const SAMPLE_RM_BYTES: usize = SAMPLE_RM_BYTES;
59    const PACK_TRINARY_BYTES: usize = PACK_TRINARY_BYTES;
60    const OWCPA_PUBLICKEYBYTES: usize = OWCPA_PUBLICKEYBYTES;
61    const OWCPA_SECRETKEYBYTES: usize = OWCPA_SECRETKEYBYTES;
62    const OWCPA_BYTES: usize = OWCPA_BYTES;
63    const OWCPA_MSGBYTES: usize = OWCPA_MSGBYTES;
64
65    fn poly_sq_tobytes(r: &mut [u8], a: &[u16; N]) {
66        crate::public_key::ntru_pqc_shared::poly_sq_tobytes_logq12::<N>(r, a);
67    }
68
69    fn poly_sq_frombytes(r: &mut [u16; N], a: &[u8]) {
70        crate::public_key::ntru_pqc_shared::poly_sq_frombytes_logq12::<N>(r, a);
71    }
72}
73
74// ---- public API + standard tests (macro-generated) -------------------------
75
76crate::public_key::ntru_pqc_shared::define_pqc_kem! {
77    namespace = NtruHps821,
78    public_key = NtruHps821PublicKey,
79    private_key = NtruHps821PrivateKey,
80    ciphertext = NtruHps821Ciphertext,
81    shared_secret = NtruHps821SharedSecret,
82    variant = Hps821Variant,
83    kat_path = "../../kat/ntruhps821.rsp",
84}