added support for NTRU HRSS 1373

Author: dghgit

Diff for: core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUParameters.java

@@ -42,8 +42,7 @@ public class NTRUParameters
     /**
      * NTRU-HRSS parameter set with n = 1373.
      */
-    // TODO
-    // public static final NTRUParameters ntruhrss1373 = new NTRUParameters("ntruhrss1373", new NTRUHRSS1373());
+    public static final NTRUParameters ntruhrss1373 = new NTRUParameters("ntruhrss1373", new NTRUHRSS1373());
 
     private final String name;
     /**

Diff for: core/src/main/java/org/bouncycastle/pqc/crypto/util/Utils.java

@@ -205,14 +205,14 @@ class Utils
         ntruOids.put(NTRUParameters.ntruhps4096821, BCObjectIdentifiers.ntruhps4096821);
         ntruOids.put(NTRUParameters.ntruhps40961229, BCObjectIdentifiers.ntruhps40961229);
         ntruOids.put(NTRUParameters.ntruhrss701, BCObjectIdentifiers.ntruhrss701);
-//        ntruOids.put(NTRUParameters.ntruhrss1373, BCObjectIdentifiers.ntruhrss1373);
+        ntruOids.put(NTRUParameters.ntruhrss1373, BCObjectIdentifiers.ntruhrss1373);
 
         ntruParams.put(BCObjectIdentifiers.ntruhps2048509, NTRUParameters.ntruhps2048509);
         ntruParams.put(BCObjectIdentifiers.ntruhps2048677, NTRUParameters.ntruhps2048677);
         ntruParams.put(BCObjectIdentifiers.ntruhps4096821, NTRUParameters.ntruhps4096821);
         ntruParams.put(BCObjectIdentifiers.ntruhps40961229, NTRUParameters.ntruhps40961229);
         ntruParams.put(BCObjectIdentifiers.ntruhrss701, NTRUParameters.ntruhrss701);
-//        ntruParams.put(BCObjectIdentifiers.ntruhrss1373, NTRUParameters.ntruhrss1373);
+        ntruParams.put(BCObjectIdentifiers.ntruhrss1373, NTRUParameters.ntruhrss1373);
 
         falconOids.put(FalconParameters.falcon_512, BCObjectIdentifiers.falcon_512);
         falconOids.put(FalconParameters.falcon_1024, BCObjectIdentifiers.falcon_1024);

Diff for: core/src/main/java/org/bouncycastle/pqc/math/ntru/HRSS1373Polynomial.java

@@ -0,0 +1,84 @@
+package org.bouncycastle.pqc.math.ntru;
+
+import org.bouncycastle.pqc.math.ntru.parameters.NTRUHRSSParameterSet;
+
+public class HRSS1373Polynomial
+    extends HRSSPolynomial
+{
+    private static final int L = ((1373 + 31) / 32) * 32;
+    private static final int M = L / 4;
+    private static final int K = L / 16;
+
+    public HRSS1373Polynomial(NTRUHRSSParameterSet params)
+    {
+        super(params);
+    }
+
+    @Override
+    public byte[] sqToBytes(int len)
+    {
+        byte[] r = new byte[len];
+        int i, j;
+        short[] t = new short[4];
+
+        for (i = 0; i < params.packDegree() / 4; i++)
+        {
+            for (j = 0; j < 4; j++)
+            {
+                t[j] = (short)modQ(this.coeffs[4 * i + j] & 0xffff, params.q());
+            }
+
+            //     t0   t1  t2  t3
+            //  r0  8
+            //  r1  6 | 2
+            //  r2      8
+            //  r3      4 | 4
+            //  r4          8
+            //  r5          2 | 6
+            //  r6              8
+
+            r[7 * i + 0] = (byte)(t[0] & 0xff);
+            r[7 * i + 1] = (byte)((t[0] >>> 8) | ((t[1] & 0x03) << 6));
+            r[7 * i + 2] = (byte)((t[1] >>> 2) & 0xff);
+            r[7 * i + 3] = (byte)((t[1] >>> 10) | ((t[2] & 0x0f) << 4));
+            r[7 * i + 4] = (byte)((t[2] >>> 4) & 0xff);
+            r[7 * i + 5] = (byte)((t[2] >>> 12) | ((t[3] & 0x3f) << 2));
+            r[7 * i + 6] = (byte)(t[3] >>> 6);
+        }
+
+        // i=NTRU_PACK_DEG/4;
+        if (params.packDegree() % 4 == 2)
+        {
+            t[0] = (short)modQ(this.coeffs[params.packDegree() - 2] & 0xffff, params.q());
+            t[1] = (short)modQ(this.coeffs[params.packDegree() - 1] & 0xffff, params.q());
+            r[7 * i + 0] = (byte)(t[0] & 0xff);
+            r[7 * i + 1] = (byte)((t[0] >>> 8) | ((t[1] & 0x03) << 6));
+            r[7 * i + 2] = (byte)((t[1] >>> 2) & 0xff);
+            r[7 * i + 3] = (byte)(t[1] >>> 10);
+        }
+
+        return r;
+    }
+
+    @Override
+    public void sqFromBytes(byte[] a)
+    {
+        int i;
+        for (i = 0; i < params.packDegree() / 4; i++)
+        {
+            this.coeffs[4 * i + 0] = (short)((a[7 * i + 0] & 0xff) | (((short)(a[7 * i + 1] & 0xff) & 0x3f) << 8));
+            this.coeffs[4 * i + 1] = (short)(((a[7 * i + 1] & 0xff) >>> 6) | (((short)(a[7 * i + 2] & 0xff)) << 2) | ((short)(a[7 * i + 3] & 0x0f) << 10));
+            this.coeffs[4 * i + 2] = (short)(((a[7 * i + 3] & 0xff) >>> 4) | (((short)(a[7 * i + 4] & 0xff) & 0xff) << 4) | ((short)(a[7 * i + 5] & 0x03) << 12));
+            this.coeffs[4 * i + 3] = (short)(((a[7 * i + 5] & 0xff) >>> 2) | (((short)(a[7 * i + 6] & 0xff)) << 6));
+        }
+
+        // i=NTRU_PACK_DEG/4;
+        if (params.packDegree() % 4 == 2)
+        {
+            this.coeffs[4 * i + 0] = (short)(a[7 * i + 0] | ((a[7 * i + 1] & 0x3f) << 8));
+            this.coeffs[4 * i + 1] = (short)((a[7 * i + 1] >>> 6) | (((short)a[7 * i + 2]) << 2) | (((short)a[7 * i + 3] & 0x0f) << 10));
+        }
+
+        this.coeffs[params.n() - 1] = 0;
+    }
+}

Diff for: core/src/main/java/org/bouncycastle/pqc/math/ntru/HRSSPolynomial.java

@@ -117,7 +117,7 @@ public void lift(Polynomial a)
         /* NOTE: Assumes input is in {0,1,2}^N */
         /*       Produces output in [0,Q-1]^N */
         int i;
-        HRSSPolynomial b = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
+        Polynomial b = this.params.createPolynomial();
         short t, zj;
 
         /* Define z by <z*x^i, x-1> = delta_{i,0} mod 3:      */
@@ -166,30 +166,30 @@ public void lift(Polynomial a)
     @Override
     public void r2Inv(Polynomial a)
     {
-        HRSSPolynomial f = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial g = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial v = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial w = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
+        Polynomial f = this.params.createPolynomial();
+        Polynomial g = this.params.createPolynomial();
+        Polynomial v = this.params.createPolynomial();
+        Polynomial w = this.params.createPolynomial();
         this.r2Inv(a, f, g, v, w);
     }
 
     @Override
     public void rqInv(Polynomial a)
     {
-        HRSSPolynomial ai2 = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial b = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial c = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial s = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
+        Polynomial ai2 = this.params.createPolynomial();
+        Polynomial b = this.params.createPolynomial();
+        Polynomial c = this.params.createPolynomial();
+        Polynomial s = this.params.createPolynomial();
         this.rqInv(a, ai2, b, c, s);
     }
 
     @Override
     public void s3Inv(Polynomial a)
     {
-        HRSSPolynomial f = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial g = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial v = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
-        HRSSPolynomial w = new HRSSPolynomial((NTRUHRSSParameterSet)this.params);
+        Polynomial f = this.params.createPolynomial();
+        Polynomial g = this.params.createPolynomial();
+        Polynomial v = this.params.createPolynomial();
+        Polynomial w = this.params.createPolynomial();
         this.s3Inv(a, f, g, v, w);
     }
 }

Diff for: core/src/main/java/org/bouncycastle/pqc/math/ntru/parameters/NTRUHRSSParameterSet.java

@@ -1,5 +1,6 @@
 package org.bouncycastle.pqc.math.ntru.parameters;
 
+import org.bouncycastle.pqc.math.ntru.HRSS1373Polynomial;
 import org.bouncycastle.pqc.math.ntru.HRSSPolynomial;
 import org.bouncycastle.pqc.math.ntru.Polynomial;
 
@@ -22,7 +23,7 @@ public abstract class NTRUHRSSParameterSet
     @Override
     public Polynomial createPolynomial()
     {
-        return new HRSSPolynomial(this);
+        return this.n() == 1373 ? new HRSS1373Polynomial(this) : new HRSSPolynomial(this);
     }
 
     @Override

Diff for: core/src/test/java/org/bouncycastle/pqc/crypto/test/NTRUTest.java

@@ -38,7 +38,7 @@ public class NTRUTest
         NTRUParameters.ntruhps4096821,
         NTRUParameters.ntruhps40961229,
         NTRUParameters.ntruhrss701,
-//        NTRUParameters.ntruhrss1373
+        NTRUParameters.ntruhrss1373
     };
 
     private final String[] katBase = {
@@ -47,7 +47,7 @@ public class NTRUTest
         "ntruhps4096821",
         "ntruhps40961229",
         "ntruhrss701",
-//        "ntruhrss1373"
+        "ntruhrss1373"
     };
 
     private final String[] katFiles = {

Diff for: docs/releasenotes.html

@@ -28,6 +28,7 @@ <h3>2.1.2 Defects Fixed</h3>
 <h3>2.1.3 Additional Features and Functionality</h3>
 <ul>
 <li>An implementation of MLS (RFC 9420 - The Messaging Layer Security Protocol) has been added as a new module.</li>
+<li>NTRU now supports NTRU-HPS4096-1229 and NTRU-HRSS-1373.</li>
 </ul>
 <h3>2.1.4 Notes.</h3>
 <ul>

Diff for: prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/ntru/NTRUKeyPairGeneratorSpi.java

@@ -30,7 +30,7 @@ public class NTRUKeyPairGeneratorSpi
         parameters.put(NTRUParameterSpec.ntruhps4096821.getName(), NTRUParameters.ntruhps4096821);
         parameters.put(NTRUParameterSpec.ntruhps40961229.getName(), NTRUParameters.ntruhps40961229);
         parameters.put(NTRUParameterSpec.ntruhrss701.getName(), NTRUParameters.ntruhrss701);
-//        parameters.put(NTRUParameterSpec.ntruhrss1373.getName(), NTRUParameters.ntruhrss1373);
+        parameters.put(NTRUParameterSpec.ntruhrss1373.getName(), NTRUParameters.ntruhrss1373);
     }
 
     NTRUKeyGenerationParameters param;

Diff for: prov/src/main/java/org/bouncycastle/pqc/jcajce/spec/NTRUParameterSpec.java

@@ -15,7 +15,7 @@ public class NTRUParameterSpec
     public static final NTRUParameterSpec ntruhps4096821 = new NTRUParameterSpec(NTRUParameters.ntruhps4096821);
     public static final NTRUParameterSpec ntruhps40961229 = new NTRUParameterSpec(NTRUParameters.ntruhps40961229);
     public static final NTRUParameterSpec ntruhrss701 = new NTRUParameterSpec(NTRUParameters.ntruhrss701);
-//    public static final NTRUParameterSpec ntruhrss1373 = new NTRUParameterSpec(NTRUParameters.ntruhrss1373);
+    public static final NTRUParameterSpec ntruhrss1373 = new NTRUParameterSpec(NTRUParameters.ntruhrss1373);
 
     private static Map parameters = new HashMap();
 
@@ -24,7 +24,9 @@ public class NTRUParameterSpec
         parameters.put("ntruhps2048509", ntruhps2048509);
         parameters.put("ntruhps2048677", ntruhps2048677);
         parameters.put("ntruhps4096821", ntruhps4096821);
+        parameters.put("ntruhps40961229", ntruhps40961229);
         parameters.put("ntruhrss701", ntruhrss701);
+        parameters.put("ntruhrss1373", ntruhrss1373);
     }
 
     private final String name;

Diff for: prov/src/test/java/org/bouncycastle/pqc/jcajce/provider/test/NTRUKeyPairGeneratorTest.java

@@ -42,7 +42,7 @@ public void testKeyPairEncoding()
                     NTRUParameterSpec.ntruhps4096821,
                     NTRUParameterSpec.ntruhps40961229,
                     NTRUParameterSpec.ntruhrss701,
-//                    NTRUParameterSpec.ntruhrss1373
+                    NTRUParameterSpec.ntruhrss1373
                 };
         kf = KeyFactory.getInstance("NTRU", "BC");