Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package org.bouncycastle.pqc.crypto.ntru;
  
  
  import  org.bouncycastle.pqc.math.ntru.polynomial.IntegerPolynomial;
  import  org.bouncycastle.pqc.math.ntru.polynomial.Polynomial;

Signs, verifies data and generates key pairs.

Deprecated:
the NTRUSigner algorithm was broken in 2012 by Ducas and Nguyen. See http://www.di.ens.fr/~ducas/NTRUSign_Cryptanalysis/DucasNguyen_Learning.pdf for details.
 
 public class NTRUSigner
 {
     private NTRUSigningParameters params;
     private Digest hashAlg;
Constructs a new instance with a set of signature parameters.

Parameters:
params signature parameters
 
     public NTRUSigner(NTRUSigningParameters params)
     {
         this. = params;
     }

    
Resets the engine for signing a message.

Parameters:
forSigning
params
 
     public void init(boolean forSigningCipherParameters params)
     {
         if (forSigning)
         {
             this. = (NTRUSigningPrivateKeyParameters)params;
         }
         else
         {
             this. = (NTRUSigningPublicKeyParameters)params;
         }
          = this..;
         .reset();
     }

    
Adds data to sign or verify.

Parameters:
b data
 
      public void update(byte b)
      {
          if ( == null)
          {
              throw new IllegalStateException("Call initSign or initVerify first!");
          }
 
          .update(b);
      }

    
Adds data to sign or verify.

Parameters:
m data
off offset
length number of bytes
 
     public void update(byte[] mint offint length)
     {
         if ( == null)
         {
             throw new IllegalStateException("Call initSign or initVerify first!");
         }
 
         .update(mofflength);
     }

    
Adds data to sign and computes a signature over this data and any data previously added via update(byte[], int, int).

Returns:
a signature
Throws:
IllegalStateException if initSign was not called
 
     public byte[] generateSignature()
     {
         if ( == null ||  == null)
         {
             throw new IllegalStateException("Call initSign first!");
         }
 
         byte[] msgHash = new byte[.getDigestSize()];
        .doFinal(msgHash, 0);
        return signHash(msgHash);
    }
    private byte[] signHash(byte[] msgHashNTRUSigningPrivateKeyParameters kp)
    {
        int r = 0;
        IntegerPolynomial s;
        IntegerPolynomial i;
        NTRUSigningPublicKeyParameters kPub = kp.getPublicKey();
        do
        {
            r++;
            if (r > .)
            {
                throw new IllegalStateException("Signing failed: too many retries (max=" + . + ")");
            }
            i = createMsgRep(msgHashr);
            s = sign(ikp);
        }
        while (!verify(iskPub.h));
        byte[] rawSig = s.toBinary(.);
        ByteBuffer sbuf = ByteBuffer.allocate(rawSig.length + 4);
        sbuf.put(rawSig);
        sbuf.putInt(r);
        return sbuf.array();
    }
    private IntegerPolynomial sign(IntegerPolynomial iNTRUSigningPrivateKeyParameters kp)
    {
        int N = .;
        int q = .;
        int perturbationBases = .;
        NTRUSigningPrivateKeyParameters kPriv = kp;
        NTRUSigningPublicKeyParameters kPub = kp.getPublicKey();
        IntegerPolynomial s = new IntegerPolynomial(N);
        int iLoop = perturbationBases;
        while (iLoop >= 1)
        {
            Polynomial f = kPriv.getBasis(iLoop).;
            Polynomial fPrime = kPriv.getBasis(iLoop).;
            IntegerPolynomial y = f.mult(i);
            y.div(q);
            y = fPrime.mult(y);
            IntegerPolynomial x = fPrime.mult(i);
            x.div(q);
            x = f.mult(x);
            IntegerPolynomial si = y;
            si.sub(x);
            s.add(si);
            IntegerPolynomial hi = (IntegerPolynomial)kPriv.getBasis(iLoop)..clone();
            if (iLoop > 1)
            {
                hi.sub(kPriv.getBasis(iLoop - 1).);
            }
            else
            {
                hi.sub(kPub.h);
            }
            i = si.mult(hiq);
            iLoop--;
        }
        Polynomial f = kPriv.getBasis(0).;
        Polynomial fPrime = kPriv.getBasis(0).;
        IntegerPolynomial y = f.mult(i);
        y.div(q);
        y = fPrime.mult(y);
        IntegerPolynomial x = fPrime.mult(i);
        x.div(q);
        x = f.mult(x);
        y.sub(x);
        s.add(y);
        s.modPositive(q);
        return s;
    }

    
Verifies a signature for any data previously added via update(byte[], int, int).

Parameters:
sig a signature
Returns:
whether the signature is valid
Throws:
IllegalStateException if initVerify was not called
    public boolean verifySignature(byte[] sig)
    {
        if ( == null ||  == null)
        {
            throw new IllegalStateException("Call initVerify first!");
        }
        byte[] msgHash = new byte[.getDigestSize()];
        .doFinal(msgHash, 0);
        return verifyHash(msgHashsig);
    }
    private boolean verifyHash(byte[] msgHashbyte[] sigNTRUSigningPublicKeyParameters pub)
    {
        ByteBuffer sbuf = ByteBuffer.wrap(sig);
        byte[] rawSig = new byte[sig.length - 4];
        sbuf.get(rawSig);
        IntegerPolynomial s = IntegerPolynomial.fromBinary(rawSig..);
        int r = sbuf.getInt();
        return verify(createMsgRep(msgHashr), spub.h);
    }
    private boolean verify(IntegerPolynomial i, IntegerPolynomial s, IntegerPolynomial h)
    {
        int q = .;
        double normBoundSq = .;
        double betaSq = .;
        IntegerPolynomial t = h.mult(sq);
        t.sub(i);
        long centeredNormSq = (long)(s.centeredNormSq(q) + betaSq * t.centeredNormSq(q));
        return centeredNormSq <= normBoundSq;
    }
    protected IntegerPolynomial createMsgRep(byte[] msgHashint r)
    {
        int N = .;
        int q = .;
        int c = 31 - Integer.numberOfLeadingZeros(q);
        int B = (c + 7) / 8;
        IntegerPolynomial i = new IntegerPolynomial(N);
        ByteBuffer cbuf = ByteBuffer.allocate(msgHash.length + 4);
        cbuf.put(msgHash);
        cbuf.putInt(r);
        NTRUSignerPrng prng = new NTRUSignerPrng(cbuf.array(), .);
        for (int t = 0; t < Nt++)
        {
            byte[] o = prng.nextBytes(B);
            int hi = o[o.length - 1];
            hi >>= 8 * B - c;
            hi <<= 8 * B - c;
            o[o.length - 1] = (byte)hi;
            ByteBuffer obuf = ByteBuffer.allocate(4);
            obuf.put(o);
            obuf.rewind();
            // reverse byte order so it matches the endianness of java ints
            i.coeffs[t] = Integer.reverseBytes(obuf.getInt());
        }
        return i;
    }
New to GrepCode? Check out our FAQ X