Merge remote-tracking branch 'origin/master' into fix-vhdltbc

1 files changed, 15 insertions, 16 deletions

diff --git a/traces/add_threshold/traces-tbc.patch b/traces/add_threshold/traces-tbc.patch
index f1d897d..ac239fa 100644
--- a/traces/add_threshold/traces-tbc.patch
+++ b/traces/add_threshold/traces-tbc.patch
@@ -240,7 +240,7 @@ index a966a8e..8d5f2cc 100644
 +        out[i] = i;
  }
 diff --git a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c
-index e228a69..b1aadc6 100644
+index 7822564..e1abbb6 100644
 --- a/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c
 +++ b/SOUMISSION_NIST/REFERENCE_IMPLEMENTATION/src/add_threshold/tweakey.c
 @@ -20,6 +20,8 @@ This file provides a first-order threshold implementation of Lilliput-TBC's
@@ -252,7 +252,7 @@ index e228a69..b1aadc6 100644
  #include <stdint.h>
  #include <string.h>
  
-@@ -42,6 +44,7 @@ void tweakey_state_init(
+@@ -43,6 +45,7 @@ void tweakey_state_init(
  {
      uint8_t SHARES_0[KEY_BYTES];
      randombytes(sizeof(SHARES_0), SHARES_0);
@@ -260,7 +260,7 @@ index e228a69..b1aadc6 100644
  
      memcpy(TK_Y, SHARES_0, KEY_BYTES);
      memcpy(TK_X, tweak, TWEAK_BYTES);
-@@ -67,10 +70,16 @@ void tweakey_state_extract(
+@@ -68,20 +71,32 @@ void tweakey_state_extract(
      {
          const uint8_t *TKj_X = TK_X + j*LANE_BYTES;
  
@@ -276,8 +276,7 @@ index e228a69..b1aadc6 100644
 +        debug_dump_buffer("=> RTK_X", ROUND_TWEAKEY_BYTES, round_tweakey_X, 12);
      }
  
- 
-@@ -78,10 +87,16 @@ void tweakey_state_extract(
+     for (size_t j=0; j<KEY_LANES_NB; j++)
      {
          const uint8_t *TKj_Y = TK_Y + j*LANE_BYTES;
  
@@ -294,34 +293,34 @@ index e228a69..b1aadc6 100644
      }
  
      round_tweakey_X[0] ^= round_constant;
-@@ -184,6 +199,10 @@ static const matrix_multiplication ALPHAS[6] = {
+@@ -100,6 +115,10 @@ static const matrix_multiplication ALPHAS[7] = {
      _multiply_MR3
  };
  
-+static char const * const ALPHAS_STR[6] = {
-+    "M", "M²", "M³", "MR", "MR²", "MR³"
++static char const * const ALPHAS_STR[7] = {
++    "M", "M²", "M³", "M⁴", "MR", "MR²", "MR³"
 +};
 +
  
  void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
  {
-@@ -197,6 +216,10 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
+@@ -111,6 +130,10 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
          memcpy(TKj_old_X, TKj_X, LANE_BYTES);
  
-         ALPHAS[j-1](TKj_old_X, TKj_X);
+         ALPHAS[j](TKj_old_X, TKj_X);
 +
-+        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j, (size_t)LANES_NB, ALPHAS_STR[j-1]);
++        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j, (size_t)LANES_NB, ALPHAS_STR[j]);
 +        debug_dump_buffer("TK_j_X^i-1", LANE_BYTES, TKj_old_X, 12);
 +        debug_dump_buffer("TK_j_X^i", LANE_BYTES, TKj_X, 12);
      }
  
-     for (size_t j=0; j<(KEY_BYTES/LANE_BYTES); j++)
-@@ -211,5 +234,11 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
+     for (size_t j=0; j<KEY_LANES_NB; j++)
+@@ -125,5 +148,11 @@ void tweakey_state_update(uint8_t TK_X[TWEAKEY_BYTES], uint8_t TK_Y[KEY_BYTES])
  
-         ALPHAS[j-1 + (TWEAK_BYTES/LANE_BYTES)](TKj_X_old, TKj_X);
-         ALPHAS[j-1 + (TWEAK_BYTES/LANE_BYTES)](TKj_Y_old, TKj_Y);
+         ALPHAS[j + TWEAK_LANES_NB](TKj_X_old, TKj_X);
+         ALPHAS[j + TWEAK_LANES_NB](TKj_Y_old, TKj_Y);
 +
-+        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j + (TWEAK_BYTES/LANE_BYTES), (size_t)LANES_NB, ALPHAS_STR[j-1 + (TWEAK_BYTES/LANE_BYTES)]);
++        fprintf(DUMP, "        multiplying lane %zu/%zu by %s\n", 1+j + TWEAK_LANES_NB, (size_t)LANES_NB, ALPHAS_STR[j + TWEAK_LANES_NB]);
 +        debug_dump_buffer("TK_j_X^i-1", LANE_BYTES, TKj_X_old, 12);
 +        debug_dump_buffer("TK_j_X^i", LANE_BYTES, TKj_X, 12);
 +        debug_dump_buffer("TK_j_Y^i-1", LANE_BYTES, TKj_Y_old, 12);