Removed some more 90s code

pq-crystals · Jul 26, 2023 · 4ecce06 · 4ecce06
1 parent 4b24c9c
commit 4ecce06
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 86 deletions.
diff --git a/Common_META.yml b/Common_META.yml
@@ -1,7 +1,7 @@
 commons:
   - name: common_ref
     folder_name: ref
-    sources: aes256ctr.c aes256ctr.h fips202.c fips202.h
+    sources: fips202.c fips202.h
   - name: common_aes
     folder_name: avx2
     sources: aes256ctr.c aes256ctr.h
@@ -11,7 +11,6 @@ commons:
           - Darwin
           - Linux
         required_flags:
-          - aes
           - sse2
           - ssse3
   - name: common_avx2
@@ -33,4 +32,4 @@ commons:
           - Darwin
           - Linux
         required_flags:
-          - avx2
+          - avx2
diff --git a/avx2/Makefile b/avx2/Makefile
@@ -1,8 +1,8 @@
 CC ?= /usr/bin/cc
 CFLAGS += -Wall -Wextra -Wpedantic -Wmissing-prototypes -Wredundant-decls \
-  -Wshadow -Wpointer-arith -mavx2 -mbmi2 -mpopcnt -maes \
+  -Wshadow -Wpointer-arith -mavx2 -mbmi2 -mpopcnt \
   -march=native -mtune=native -O3 -fomit-frame-pointer -z noexecstack
-NISTFLAGS += -Wno-unused-result -mavx2 -mbmi2 -mpopcnt -maes \
+NISTFLAGS += -Wno-unused-result -mavx2 -mbmi2 -mpopcnt \
   -march=native -mtune=native -O3 -fomit-frame-pointer
 RM = /bin/rm
 

diff --git a/avx2/indcpa.c b/avx2/indcpa.c
@@ -169,43 +169,6 @@ static unsigned int rej_uniform(int16_t *r,
 *              - const uint8_t *seed: pointer to input seed
 *              - int transposed: boolean deciding whether A or A^T is generated
 **************************************************/
-#ifdef KYBER_90S
-void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-{
-  unsigned int ctr, i, j, k;
-  unsigned int buflen, off;
-  uint64_t nonce = 0;
-  ALIGNED_UINT8(REJ_UNIFORM_AVX_NBLOCKS*AES256CTR_BLOCKBYTES) buf;
-  aes256ctr_ctx state;
-
-  aes256ctr_init(&state, seed, 0);
-
-  for(i=0;i<KYBER_K;i++) {
-    for(j=0;j<KYBER_K;j++) {
-      if(transposed)
-        nonce = (j << 8) | i;
-      else
-        nonce = (i << 8) | j;
-
-      state.n = _mm_loadl_epi64((__m128i *)&nonce);
-      aes256ctr_squeezeblocks(buf.coeffs, REJ_UNIFORM_AVX_NBLOCKS, &state);
-      buflen = REJ_UNIFORM_AVX_NBLOCKS*AES256CTR_BLOCKBYTES;
-      ctr = rej_uniform_avx(a[i].vec[j].coeffs, buf.coeffs);
-
-      while(ctr < KYBER_N) {
-        off = buflen % 3;
-        for(k = 0; k < off; k++)
-          buf.coeffs[k] = buf.coeffs[buflen - off + k];
-        aes256ctr_squeezeblocks(buf.coeffs + off, 1, &state);
-        buflen = off + AES256CTR_BLOCKBYTES;
-        ctr += rej_uniform(a[i].vec[j].coeffs + ctr, KYBER_N - ctr, buf.coeffs, buflen);
-      }
-
-      poly_nttunpack(&a[i].vec[j]);
-    }
-  }
-}
-#else
 #if KYBER_K == 2
 void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
 {
@@ -444,7 +407,6 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
   }
 }
 #endif
-#endif
 
 /*************************************************
 * Name:        indcpa_keypair_derand
@@ -473,25 +435,6 @@ void indcpa_keypair_derand(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
 
   gen_a(a, publicseed);
 
-#ifdef KYBER_90S
-#define NOISE_NBLOCKS ((KYBER_ETA1*KYBER_N/4)/AES256CTR_BLOCKBYTES) /* Assumes divisibility */
-  uint64_t nonce = 0;
-  ALIGNED_UINT8(NOISE_NBLOCKS*AES256CTR_BLOCKBYTES+32) rand; // +32 bytes as required by poly_cbd_eta1
-  aes256ctr_ctx state;
-  aes256ctr_init(&state, noiseseed, nonce++);
-  for(i=0;i<KYBER_K;i++) {
-    aes256ctr_squeezeblocks(rand.coeffs, NOISE_NBLOCKS, &state);
-    state.n = _mm_loadl_epi64((__m128i *)&nonce);
-    nonce += 1;
-    poly_cbd_eta1(&skpv.vec[i], rand.vec);
-  }
-  for(i=0;i<KYBER_K;i++) {
-    aes256ctr_squeezeblocks(rand.coeffs, NOISE_NBLOCKS, &state);
-    state.n = _mm_loadl_epi64((__m128i *)&nonce);
-    nonce += 1;
-    poly_cbd_eta1(&e.vec[i], rand.vec);
-  }
-#else
 #if KYBER_K == 2
   poly_getnoise_eta1_4x(skpv.vec+0, skpv.vec+1, e.vec+0, e.vec+1, noiseseed, 0, 1, 2, 3);
 #elif KYBER_K == 3
@@ -500,7 +443,6 @@ void indcpa_keypair_derand(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
 #elif KYBER_K == 4
   poly_getnoise_eta1_4x(skpv.vec+0, skpv.vec+1, skpv.vec+2, skpv.vec+3, noiseseed,  0, 1, 2, 3);
   poly_getnoise_eta1_4x(e.vec+0, e.vec+1, e.vec+2, e.vec+3, noiseseed, 4, 5, 6, 7);
-#endif
 #endif
 
   polyvec_ntt(&skpv);
@@ -550,28 +492,6 @@ void indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
   poly_frommsg(&k, m);
   gen_at(at, seed);
 
-#ifdef KYBER_90S
-#define NOISE_NBLOCKS ((KYBER_ETA1*KYBER_N/4)/AES256CTR_BLOCKBYTES) /* Assumes divisibility */
-#define CIPHERTEXTNOISE_NBLOCKS ((KYBER_ETA2*KYBER_N/4)/AES256CTR_BLOCKBYTES) /* Assumes divisibility */
-  uint64_t nonce = 0;
-  ALIGNED_UINT8(NOISE_NBLOCKS*AES256CTR_BLOCKBYTES+32) buf; /* +32 bytes as required by poly_cbd_eta1 */
-  aes256ctr_ctx state;
-  aes256ctr_init(&state, coins, nonce++);
-  for(i=0;i<KYBER_K;i++) {
-    aes256ctr_squeezeblocks(buf.coeffs, NOISE_NBLOCKS, &state);
-    state.n = _mm_loadl_epi64((__m128i *)&nonce);
-    nonce += 1;
-    poly_cbd_eta1(&sp.vec[i], buf.vec);
-  }
-  for(i=0;i<KYBER_K;i++) {
-    aes256ctr_squeezeblocks(buf.coeffs, CIPHERTEXTNOISE_NBLOCKS, &state);
-    state.n = _mm_loadl_epi64((__m128i *)&nonce);
-    nonce += 1;
-    poly_cbd_eta2(&ep.vec[i], buf.vec);
-  }
-  aes256ctr_squeezeblocks(buf.coeffs, CIPHERTEXTNOISE_NBLOCKS, &state);
-  poly_cbd_eta2(&epp, buf.vec);
-#else
 #if KYBER_K == 2
   poly_getnoise_eta1122_4x(sp.vec+0, sp.vec+1, ep.vec+0, ep.vec+1, coins, 0, 1, 2, 3);
   poly_getnoise_eta2(&epp, coins, 4);
@@ -582,7 +502,6 @@ void indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
   poly_getnoise_eta1_4x(sp.vec+0, sp.vec+1, sp.vec+2, sp.vec+3, coins, 0, 1, 2, 3);
   poly_getnoise_eta1_4x(ep.vec+0, ep.vec+1, ep.vec+2, ep.vec+3, coins, 4, 5, 6, 7);
   poly_getnoise_eta2(&epp, coins, 8);
-#endif
 #endif
 
   polyvec_ntt(&sp);