Updated also AVX2 implementation, updated test-vector hashes

pq-crystals · Aug 25, 2023 · 918af1a · 918af1a
1 parent 7c3f547
commit 918af1a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/SHA256SUMS b/SHA256SUMS
@@ -1,3 +1,3 @@
 e1313e5a1958dc70faa9f4a03a4f6549083b7ec6edfad6054311ab2fe2079587  tvecs2
-b0034777158ab0284cc624ba5aada38d5b5f593d4529950636523ac79a5c9540  tvecs3
-1715b7cf71a85b4735f9dde7804a050fbec25ccdfd3647b08932c9084c1f14ab  tvecs5
+4d391effb3b02706a3940225d2d50d3c6261516c42e75990b3fb6254be978684  tvecs3
+e9f73f84918220502ff572fad1dfabc272895e0b2b510b46fdf1b8b908461669  tvecs5
diff --git a/avx2/sign.c b/avx2/sign.c
@@ -152,7 +152,7 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t
   uint8_t seedbuf[2*SEEDBYTES + TRBYTES + RNDBYTES + 2*CRHBYTES];
   uint8_t *rho, *tr, *key, *rnd, *mu, *rhoprime;
   uint8_t hintbuf[N];
-  uint8_t *hint = sig + SEEDBYTES + L*POLYZ_PACKEDBYTES;
+  uint8_t *hint = sig + CTILDEBYTES + L*POLYZ_PACKEDBYTES;
   uint64_t nonce = 0;
   polyvecl mat[K], s1, z;
   polyveck t0, s2, w1;
@@ -227,7 +227,7 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t
   shake256_absorb(&state, mu, CRHBYTES);
   shake256_absorb(&state, sig, K*POLYW1_PACKEDBYTES);
   shake256_finalize(&state);
-  shake256_squeeze(sig, SEEDBYTES, &state);
+  shake256_squeeze(sig, CTILDEBYTES, &state);
   poly_challenge(&c, sig);
   poly_ntt(&c);
 
@@ -274,7 +274,7 @@ int crypto_sign_signature(uint8_t *sig, size_t *siglen, const uint8_t *m, size_t
 
   /* Pack z into signature */
   for(i = 0; i < L; i++)
-    polyz_pack(sig + SEEDBYTES + i*POLYZ_PACKEDBYTES, &z.vec[i]);
+    polyz_pack(sig + CTILDEBYTES + i*POLYZ_PACKEDBYTES, &z.vec[i]);
 
   *siglen = CRYPTO_BYTES;
   return 0;
@@ -324,7 +324,7 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size
   /* polyw1_pack writes additional 14 bytes */
   ALIGNED_UINT8(K*POLYW1_PACKEDBYTES+14) buf;
   uint8_t mu[CRHBYTES];
-  const uint8_t *hint = sig + SEEDBYTES + L*POLYZ_PACKEDBYTES;
+  const uint8_t *hint = sig + CTILDEBYTES + L*POLYZ_PACKEDBYTES;
   polyvecl rowbuf[2];
   polyvecl *row = rowbuf;
   polyvecl z;
@@ -348,7 +348,7 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size
 
   /* Unpack z; shortness follows from unpacking */
   for(i = 0; i < L; i++) {
-    polyz_unpack(&z.vec[i], sig + SEEDBYTES + i*POLYZ_PACKEDBYTES);
+    polyz_unpack(&z.vec[i], sig + CTILDEBYTES + i*POLYZ_PACKEDBYTES);
     poly_ntt(&z.vec[i]);
   }
 
@@ -394,8 +394,8 @@ int crypto_sign_verify(const uint8_t *sig, size_t siglen, const uint8_t *m, size
   shake256_absorb(&state, mu, CRHBYTES);
   shake256_absorb(&state, buf.coeffs, K*POLYW1_PACKEDBYTES);
   shake256_finalize(&state);
-  shake256_squeeze(buf.coeffs, SEEDBYTES, &state);
-  for(i = 0; i < SEEDBYTES; ++i)
+  shake256_squeeze(buf.coeffs, CTILDEBYTES, &state);
+  for(i = 0; i < CTILDEBYTES; ++i)
     if(buf.coeffs[i] != sig[i])
       return -1;