mirror of https://github.com/oxen-io/lokinet
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
This is a reference implementation of NTRU LPRime 4591^761. This
|
|
implementation is designed primarily for clarity, subject to the
|
|
following constraints:
|
|
|
|
* The implementation is written in C. We have a separate Sage
|
|
implementation that is considerably more concise.
|
|
|
|
* The implementation avoids data-dependent branches and array
|
|
indices. For example, conditional swaps are computed by arithmetic
|
|
rather than by branches.
|
|
|
|
* The implementation avoids other C operations that often take
|
|
variable time. For example, divisions by 3 are computed via
|
|
multiplications and shifts.
|
|
|
|
This implementation does _not_ sacrifice clarity for speed.
|
|
|
|
This implementation has not yet been reviewed for correctness or for
|
|
constant-time behavior. It does pass various tests and has no known
|
|
bugs, but there are at least some platforms where multiplications take
|
|
variable time, and fixing this requires platform-specific effort; see
|
|
https://www.bearssl.org/ctmul.html and http://repository.tue.nl/800603.
|
|
|
|
This implementation allows "benign malleability" of ciphertexts, as
|
|
defined in http://www.shoup.net/papers/iso-1_1.pdf. A similar comment
|
|
applies to public keys.
|
|
|
|
There is a separate "avx" implementation where similar comments apply,
|
|
except that "avx" _does_ sacrifice clarity for speed on CPUs with AVX2
|
|
instructions.
|