test whether sampling of secret polynomial vector is timing leakage free or not

Signed-off-by: Anjan Roy <hello@itzmeanjan.in>
2026-01-10 08:07:56 -05:00 · 2023-12-20 16:23:46 +04:00
parent b5c9a95543
commit 06fae52a49
3 changed files with 22 additions and 20 deletions
--- a/tests/dudect/test_kem.hpp
+++ b/tests/dudect/test_kem.hpp
@@ -2,4 +2,4 @@
 #include "dudect.h"

 extern dudect_state_t
-test_kyber512_keygen();
+test_kyber512_generate_vector();
--- a/tests/dudect/test_kyber512_sampling.cpp
+++ b/tests/dudect/test_kyber512_sampling.cpp
@@ -1,4 +1,7 @@
+#include "field.hpp"
 #include "kyber512_kem.hpp"
+#include "sampling.hpp"
+#include <array>
 #include <chrono>
 #include <cstring>

@@ -13,16 +16,14 @@ do_one_computation(uint8_t* const data)

  constexpr size_t doff0 = 0;
  constexpr size_t doff1 = doff0 + slen;
-  constexpr size_t doff2 = doff1 + slen;
-  constexpr size_t doff3 = doff2 + kyber512_kem::PKEY_LEN;

-  auto _d = std::span<uint8_t, slen>(data + doff0, slen);
-  auto _z = std::span<uint8_t, slen>(data + doff1, slen);
-  auto _pkey = std::span<uint8_t, kyber512_kem::PKEY_LEN>(data + doff2, kyber512_kem::PKEY_LEN);
-  auto _skey = std::span<uint8_t, kyber512_kem::SKEY_LEN>(data + doff3, kyber512_kem::SKEY_LEN);
+  std::array<field::zq_t, kyber512_kem::k * ntt::N> poly_vec{};
+  auto sigma = std::span<const uint8_t, slen>(data + doff0, doff1 - doff0);
+  const auto nonce = data[doff1];

-  kem::keygen<kyber512_kem::k, kyber512_kem::η1>(_d, _z, _pkey, _skey);
-  return 0;
+  kyber_utils::generate_vector<kyber512_kem::k, kyber512_kem::η1>(poly_vec, sigma, nonce);
+  // Just so that optimizer doesn't remove above function call !
+  return static_cast<uint8_t>(poly_vec[0].raw() ^ poly_vec[poly_vec.size() - 1].raw());
 }

 void
@@ -33,25 +34,26 @@ prepare_inputs(dudect_config_t* const c, uint8_t* const input_data, uint8_t* con
  for (size_t i = 0; i < c->number_measurements; i++) {
    classes[i] = randombit();
    if (classes[i] == 0) {
-      uint8_t byte = 0;
-      randombytes(&byte, sizeof(byte));
-      std::memset(input_data + i * c->chunk_size, byte, c->chunk_size);
+      std::memset(input_data + i * c->chunk_size, 0x00, c->chunk_size);
    }
  }
 }

 dudect_state_t
-test_kyber512_keygen()
+test_kyber512_generate_vector()
 {
-  constexpr size_t chunk_size = 32 + // byte length of seed `d`
-                                32 + // byte length of seed `z`
-                                kyber512_kem::PKEY_LEN + kyber512_kem::SKEY_LEN;
  using namespace std::chrono_literals;
-  const auto max_test_duration = 5min;
+
+  constexpr size_t chunk_size = 32 + // byte length of seed `sigma`
+                                1    // single byte nonce
+    ;
+
+  constexpr size_t number_measurements = 1ul << 20;
+  const auto max_test_duration = 2min;

  dudect_config_t config = {
-    .chunk_size = chunk_size,
-    .number_measurements = 1ul << 14,
+    chunk_size,
+    number_measurements,
  };
  dudect_ctx_t ctx;
  dudect_init(&ctx, &config);
--- a/tests/dudect/test_runner.cpp
+++ b/tests/dudect/test_runner.cpp
@@ -4,7 +4,7 @@
 int
 main()
 {
-  if (test_kyber512_keygen() != DUDECT_NO_LEAKAGE_EVIDENCE_YET) {
+  if (test_kyber512_generate_vector() != DUDECT_NO_LEAKAGE_EVIDENCE_YET) {
    return EXIT_FAILURE;
  }