Mutiple small updates

- Fix VS solution file to actually build Release configuration - Change private key serialization slightly - Fix bug in picnic_validate_keypair, add test for same - remove #define to use the RNG for generating NIST KATs Signed-off-by: Greg Zaverucha <[email protected]>
microsoft · Dec 1, 2017 · adac9f5 · adac9f5
1 parent 9ee3b2b
commit adac9f5
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 44 deletions.
diff --git a/README.md b/README.md
@@ -2,15 +2,16 @@
 
 The Picnic signature scheme is a family of digital signature schemes secure
 against attacks by quantum computers.  This is a reference implementation of these schemes. 
-The scheme and parameter sets are specified in the [Picnic Specification Document](https://github.com/Microsoft/Picnic/blob/master/spec.pdf). 
-An [optimized implementation](https://github.com/IAIK/Picnic) is also available.  
+The scheme and parameter sets are specified in the [Picnic Specification Document](https://github.com/Microsoft/Picnic/blob/master/spec.pdf).  
 
-A research paper describing the signature scheme is also available.   
+A research paper describing the signature scheme is also available. 
   **Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives**  
   Melissa Chase and David Derler and Steven Goldfeder and Claudio Orlandi and
   Sebastian Ramacher and Christian Rechberger and Daniel Slamanig and Greg
-  Zaverucha.   
-  *Proceedings of [ACM CCS 2017](https://www.sigsac.org/ccs/CCS2017/)* and *[Cryptology ePrint Archive: Report 2017/279](http://eprint.iacr.org/2017/279)*
+  Zaverucha. 
+  *In Proceedings of ACM CCS 2017*. 
+  *Cryptology ePrint Archive: Report 2017/279*   
+  <http://eprint.iacr.org/2017/279>   
 
 The library is provided under the MIT License.  The authors are Steven Goldfeder and Greg Zaverucha.
 

diff --git a/VisualStudio/picnic.sln b/VisualStudio/picnic.sln
@@ -19,20 +19,20 @@ Global
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{CE0F4C42-FD63-4B44-A722-A4772D1988E9}.Debug|x64.ActiveCfg = Debug|x64
 		{CE0F4C42-FD63-4B44-A722-A4772D1988E9}.Debug|x64.Build.0 = Debug|x64
-		{CE0F4C42-FD63-4B44-A722-A4772D1988E9}.Release|x64.ActiveCfg = Debug|x64
-		{CE0F4C42-FD63-4B44-A722-A4772D1988E9}.Release|x64.Build.0 = Debug|x64
+		{CE0F4C42-FD63-4B44-A722-A4772D1988E9}.Release|x64.ActiveCfg = Release|x64
+		{CE0F4C42-FD63-4B44-A722-A4772D1988E9}.Release|x64.Build.0 = Release|x64
 		{CEFCB122-C4EA-43AC-8D97-E090910C4115}.Debug|x64.ActiveCfg = Debug|x64
 		{CEFCB122-C4EA-43AC-8D97-E090910C4115}.Debug|x64.Build.0 = Debug|x64
-		{CEFCB122-C4EA-43AC-8D97-E090910C4115}.Release|x64.ActiveCfg = Debug|x64
-		{CEFCB122-C4EA-43AC-8D97-E090910C4115}.Release|x64.Build.0 = Debug|x64
+		{CEFCB122-C4EA-43AC-8D97-E090910C4115}.Release|x64.ActiveCfg = Release|x64
+		{CEFCB122-C4EA-43AC-8D97-E090910C4115}.Release|x64.Build.0 = Release|x64
 		{61785532-3A3C-4CB9-AB33-DABB158765B0}.Debug|x64.ActiveCfg = Debug|x64
 		{61785532-3A3C-4CB9-AB33-DABB158765B0}.Debug|x64.Build.0 = Debug|x64
-		{61785532-3A3C-4CB9-AB33-DABB158765B0}.Release|x64.ActiveCfg = Debug|x64
-		{61785532-3A3C-4CB9-AB33-DABB158765B0}.Release|x64.Build.0 = Debug|x64
+		{61785532-3A3C-4CB9-AB33-DABB158765B0}.Release|x64.ActiveCfg = Release|x64
+		{61785532-3A3C-4CB9-AB33-DABB158765B0}.Release|x64.Build.0 = Release|x64
 		{647784DD-10A4-43D2-AA0D-6B58682CB6E1}.Debug|x64.ActiveCfg = Debug|x64
 		{647784DD-10A4-43D2-AA0D-6B58682CB6E1}.Debug|x64.Build.0 = Debug|x64
-		{647784DD-10A4-43D2-AA0D-6B58682CB6E1}.Release|x64.ActiveCfg = Debug|x64
-		{647784DD-10A4-43D2-AA0D-6B58682CB6E1}.Release|x64.Build.0 = Debug|x64
+		{647784DD-10A4-43D2-AA0D-6B58682CB6E1}.Release|x64.ActiveCfg = Release|x64
+		{647784DD-10A4-43D2-AA0D-6B58682CB6E1}.Release|x64.Build.0 = Release|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

diff --git a/picnic.c b/picnic.c
@@ -198,15 +198,6 @@ int picnic_sign(picnic_privatekey_t* sk, const uint8_t* message, size_t message_
         return -1;
     }
 
-#if 0
-    // self-check for debugging, try to verify the sig we just created
-    ret = verify(sig, (uint32_t*)sk->pk->ciphertext, (uint32_t*)sk->pk->plaintext, message, message_len, paramset);
-    if (ret != EXIT_SUCCESS) {
-        fprintf(stderr, "Failed self-test, signature didn't verify.\n");
-        fflush(stderr);
-    }
-#endif
-
     ret = serializeSignature(sig, signature, *signature_len, &paramset);
     if (ret == -1) {
         fprintf(stderr, "Failed to serialize signature\n");
@@ -360,7 +351,7 @@ int picnic_write_private_key(const picnic_privatekey_t* key, uint8_t* buf, size_
     }
 
     size_t n = paramset.stateSizeBytes;
-    size_t bytesRequired = 2 + 3*n;
+    size_t bytesRequired = 1 + 3*n;
     if (buflen < bytesRequired) {
         fprintf(stderr, "%s: buffer provided has %u bytes, but %u are required.\n", __func__, (uint32_t)buflen, (uint32_t)bytesRequired);
         return -1;
@@ -369,12 +360,8 @@ int picnic_write_private_key(const picnic_privatekey_t* key, uint8_t* buf, size_
     buf[0] = (uint8_t)key->params;
 
     memcpy(buf + 1, key->data, n);
-
-    ret = picnic_write_public_key(&(key->pk), buf + 1 + n, buflen - (1 + n));
-    if(ret < 1) {
-        fprintf(stderr, "%s: failed to serialize public key\n", __func__);
-        return -1;
-    }
+    memcpy(buf + 1 + n, key->pk.plaintext, n);
+    memcpy(buf + 1 + 2*n, key->pk.ciphertext, n);
 
     return (int)bytesRequired;
 }
@@ -409,12 +396,8 @@ int picnic_read_private_key(picnic_privatekey_t* key, const uint8_t* buf, size_t
     }
 
     memcpy(key->data, buf + 1, n);
-    if(buf[1 + n] != key->params) {
-        fprintf(stderr, "%s: Mismatching parameter sets\n", __func__);
-        return -1;
-    }
-    memcpy(key->pk.plaintext, buf + 2 + n, n);
-    memcpy(key->pk.ciphertext, buf + 2 + 2*n, n);
+    memcpy(key->pk.plaintext, buf + 1 + n, n);
+    memcpy(key->pk.ciphertext, buf + 1 + 2*n, n);
 
     return 0;
 }
@@ -447,7 +430,7 @@ int picnic_validate_keypair(const picnic_privatekey_t* privatekey, const picnic_
     uint8_t ciphertext[sizeof(publickey->ciphertext)];
     memset(ciphertext, 0x00, sizeof(ciphertext));
     LowMCEnc((uint32_t*)publickey->plaintext, (uint32_t*)ciphertext, (uint32_t*)privatekey->data, &paramset);
-    if (memcmp(ciphertext, publickey->ciphertext, sizeof(ciphertext)) != 0) {
+    if (memcmp(ciphertext, publickey->ciphertext, paramset.stateSizeBytes) != 0) {
         return -1;
     }
 

diff --git a/picnic.h b/picnic.h
@@ -218,14 +218,7 @@ int picnic_validate_keypair(const picnic_privatekey_t* privatekey, const picnic_
  * random_bytes_default, and change the definition of
  * picnic_random_bytes.
  */
-#ifdef USE_NIST_KAT_INSECURE_RNG
-/* For the NIST submission, when generating known-answer-tests (KATs), we
- * must use an RNG with a fixed seed so that re-running the program to
- * generate KATs prduces the same results. The function randombytes is
- * provided by NIST, in the file rng.c. */
-    #include "NIST-KATs/rng.h"
-    #define picnic_random_bytes NIST_randombytes
-#elif SUPERCOP
+#if SUPERCOP
     #define picnic_random_bytes random_bytes_supercop
 #else
     #define PICNIC_BUILD_DEFAULT_RNG 1

diff --git a/unit_test.c b/unit_test.c
@@ -122,6 +122,66 @@ int LowMC_test_vectorL5_3()
     return run_lowmc_enc_test(Picnic_L5_FS, __func__, key, plaintext, ciphertext_expected);
 }
 
+int test_serialization_L1()
+{
+    picnic_publickey_t pk;
+    picnic_privatekey_t sk;
+    picnic_publickey_t pk2;
+    picnic_privatekey_t sk2;
+    uint8_t pk_buf[PICNIC_MAX_PUBLICKEY_SIZE];
+    uint8_t sk_buf[PICNIC_MAX_PRIVATEKEY_SIZE];
+
+    int ret = picnic_keygen(Picnic_L1_FS, &pk, &sk);
+
+    if(ret != 0) {
+        printf("Keygen failed, %d\n", ret);
+        return 0;
+    }
+
+    ret = picnic_write_public_key(&pk, pk_buf, sizeof(pk_buf));
+    if(ret <= 1) {
+        printf("Failed to serialize public key\n");
+        return 0;
+    }
+
+    ret = picnic_write_private_key(&sk, sk_buf, sizeof(sk_buf));
+    if(ret <= 1) {
+        printf("Failed to serialize private key\n");
+        return 0;
+    }
+
+    ret = picnic_read_public_key(&pk2, pk_buf, sizeof(pk_buf));
+    if(ret != 0) {
+        printf("Failed to read public key\n");
+        return 0;
+    }
+
+    ret = picnic_read_private_key(&sk2, sk_buf, sizeof(sk_buf));
+    if(ret != 0) {
+        printf("Failed to read private key\n");
+        return 0;
+    }
+
+
+    ret = picnic_validate_keypair(&sk2, &pk2);
+    if(ret != 0) {
+        printf("Failed to validate key pair 2\n");
+    }
+
+    ret = picnic_validate_keypair(&sk2, &pk);
+    if(ret != 0) {
+        printf("Failed to validate key pair 3\n");
+    }
+
+    ret = picnic_validate_keypair(&sk, &pk2);
+    if(ret != 0) {
+        printf("Failed to validate key pair 4\n");
+    }
+
+
+    return 1;
+}
+
 
 int main()
 {
@@ -155,6 +215,8 @@ int main()
     passed += LowMC_test_vectorL5_3();
     tests_run++;
 
+    passed += test_serialization_L1();
+    tests_run++;
 
     printf("Ran %d tests, %d passed\n", tests_run, passed);