Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ubuntu/noble
ubuntu/mantic
quic-wip
dev
dev-next
opensuse/tumbleweed
ubuntu/lunar
ubuntu/kinetic
ubuntu/jammy
ubuntu/focal
ubuntu/bionic
debian/buster
debian/bullseye
debian/bookworm
debian/sid
fedora/36
fedora/37
stable
makepkg
fedora/35
ubuntu/impish
fedora/34
centos/8
ubuntu/hirsute
ubuntu/groovy
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.1-rc3
v0.8.1-rc2
v0.8.1-rc1
v0.7.1
v0.7.0
v0.7.0-rc3
v0.7.0-rc2
v0.7.0-rc1
v0.6.4
v0.6.2
v0.6.1
v0.6.0
v0.6.0-rc2
v0.6.0-rc1
v0.5.2
v0.5.0
v0.4.2½
v0.4.2
v0.4.1
v0.4.0-release
0.4.0-release
v0.4.0
v0.4.0-rc3
v0.4.0-rc2
v0.3.1
0.3.0-neuro1
v0.2.3-rc1
v0.2.2
v0.2.1
v0.1.0
v0.0.3
0.2.3-neuro0
0.6.1
rm
v0.0.1
v0.0.2
v0.3.0
v0.4.3
v0.5.1
v0.6.3
v0.7
v0.8.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3da6551e82'
${ noResults }
lokinet/crypto/libntrup/src/ref
History
Jeff Becker 3da6551e82
make android compile 		5 years ago
..
README restructure original code into libntrup 6 years ago
api.h restructure original code into libntrup 6 years ago
dec.c make android compile 5 years ago
enc.c bundle relevent libsodium parts 6 years ago
implementors restructure original code into libntrup 6 years ago
int32_sort.c bundle relevent libsodium parts 6 years ago
int32_sort.h bundle relevent libsodium parts 6 years ago
keypair.c bundle relevent libsodium parts 6 years ago
mod3.h bundle relevent libsodium parts 6 years ago
modq.h bundle relevent libsodium parts 6 years ago
params.h win32 fluff 6 years ago
r3.h restructure original code into libntrup 6 years ago
r3_mult.c restructure original code into libntrup 6 years ago
r3_recip.c purge VLAs from the codebase 6 years ago
random32.c fix typo 5 years ago
randomsmall.c bundle relevent libsodium parts 6 years ago
randomweightw.c bundle relevent libsodium parts 6 years ago
rq.c bundle relevent libsodium parts 6 years ago
rq.h restructure original code into libntrup 6 years ago
rq_mult.c restructure original code into libntrup 6 years ago
rq_recip3.c purge VLAs from the codebase 6 years ago
rq_round3.c restructure original code into libntrup 6 years ago
rq_rounded.c bundle relevent libsodium parts 6 years ago
small.c restructure original code into libntrup 6 years ago
small.h bundle relevent libsodium parts 6 years ago
swap.c restructure original code into libntrup 6 years ago
swap.h restructure original code into libntrup 6 years ago

README 

This is a reference implementation of Streamlined NTRU Prime 4591^761.
This implementation is designed primarily for clarity, subject to the
following constraints:

   * The implementation is written in C. The Sage implementation in the
     NTRU Prime paper is considerably more concise (and compatible).

   * The implementation avoids data-dependent branches and array
     indices. For example, conditional swaps are computed by arithmetic
     rather than by branches.

   * The implementation avoids other C operations that often take
     variable time. For example, divisions by 3 are computed via
     multiplications and shifts.
     
This implementation does _not_ sacrifice clarity for speed.

This implementation has not yet been reviewed for correctness or for
constant-time behavior. It does pass various tests and has no known
bugs, but there are at least some platforms where multiplications take
variable time, and fixing this requires platform-specific effort; see
https://www.bearssl.org/ctmul.html and http://repository.tue.nl/800603.

This implementation allows "benign malleability" of ciphertexts, as
defined in http://www.shoup.net/papers/iso-2_1.pdf. Specifically, each
32-bit ciphertext word encodes three integers between 0 and 1530; if
larger integers appear then they are silently reduced modulo 1531.
Similar comments apply to public keys.

There is a separate "avx" implementation where similar comments apply,
except that "avx" _does_ sacrifice clarity for speed on CPUs with AVX2
instructions.