github.com/cloudflare/circl@v1.5.0/kem/frodo/frodo640shake/matrix_shake.go (about) 1 package frodo640shake 2 3 import ( 4 "github.com/cloudflare/circl/internal/sha3" 5 ) 6 7 func expandSeedIntoA(A *nByNU16, seed *[seedASize]byte, xof *sha3.State) { 8 var ARow [paramN * 2]byte 9 var seedSeparated [2 + seedASize]byte 10 11 copy(seedSeparated[2:], seed[:]) 12 13 for i := 0; i < paramN; i++ { 14 seedSeparated[0] = byte(i) 15 seedSeparated[1] = byte(i >> 8) 16 17 xof.Reset() 18 _, _ = xof.Write(seedSeparated[:]) 19 _, _ = xof.Read(ARow[:]) 20 21 for j := 0; j < paramN; j++ { 22 // No need to reduce modulo 2^15, extra bits are removed 23 // later on via packing or explicit reduction. 24 A[(i*paramN)+j] = uint16(ARow[j*2]) | (uint16(ARow[(j*2)+1]) << 8) 25 } 26 } 27 } 28 29 func mulAddASPlusE(out *nByNbarU16, A *nByNU16, s *nByNbarU16, e *nByNbarU16) { 30 for i := 0; i < paramN; i++ { 31 for k := 0; k < paramNbar; k++ { 32 sum := e[i*paramNbar+k] 33 for j := 0; j < paramN; j++ { 34 sum += A[i*paramN+j] * s[k*paramN+j] 35 } 36 // No need to reduce modulo 2^15, extra bits are removed 37 // later on via packing or explicit reduction. 38 out[i*paramNbar+k] += sum 39 } 40 } 41 } 42 43 func mulAddSAPlusE(out *nbarByNU16, s []uint16, A *nByNU16, e []uint16) { 44 for i := 0; i < paramN; i++ { 45 for k := 0; k < paramNbar; k++ { 46 sum := e[k*paramN+i] 47 for j := 0; j < paramN; j++ { 48 sum += A[j*paramN+i] * s[k*paramN+j] 49 } 50 // No need to reduce modulo 2^15, extra bits are removed 51 // later on via packing or explicit reduction. 52 out[k*paramN+i] += sum 53 } 54 } 55 }