Add NEWHOPE KEM scheme

Provides conjectured 200-bit security against a quantum attacker. Based on the public domain reference implementation at https://github.com/tpoeppelmann/newhope and bit-for-bit compatible with that version. Test vectors generated by the reference testvector.c
author: Jack Lloyd <[email protected]> 2016-08-29 15:35:29 -0400
committer: Jack Lloyd <[email protected]> 2016-08-30 07:39:25 -0400
commit: 5739c41504f8193b71e3b0ff6fbe9a508f3ece6a (patch)
tree: d588cf58066000779d2017fd61fa88d61cd2d129 /src/cli/speed.cpp
parent: a09d2df0885137ea6d7af181e3bcc823412850d8 (diff)
1 files changed, 49 insertions, 0 deletions
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp
index 222a98d3f..651226d70 100644
--- a/src/cli/speed.cpp
+++ b/src/cli/speed.cpp
@@ -83,6 +83,10 @@
   #include <botan/mceliece.h>
 #endif
 
+#if defined(BOTAN_HAS_NEWHOPE)
+  #include <botan/newhope.h>
+#endif
+
 namespace Botan_CLI {
 
 namespace {
@@ -306,6 +310,7 @@ std::vector<std::string> default_benchmark_list()
       "ECDSA",
       "Curve25519",
       "McEliece",
+      "NEWHOPE"
       };
    }
 
@@ -396,6 +401,12 @@ class Speed final : public Command
                bench_mceliece(provider, msec);
                }
 #endif
+#if defined(BOTAN_HAS_NEWHOPE)
+            else if(algo == "NEWHOPE")
+               {
+               bench_newhope(provider, msec);
+               }
+#endif
 
 #if defined(BOTAN_HAS_NUMBERTHEORY)
             else if(algo == "random_prime")
@@ -1078,6 +1089,44 @@ class Speed final : public Command
          }
 #endif
 
+#if defined(BOTAN_HAS_NEWHOPE)
+      void bench_newhope(const std::string& provider,
+                         std::chrono::milliseconds msec)
+         {
+         const std::string nm = "NEWHOPE";
+
+         Timer keygen_timer(nm, "", "keygen");
+         Timer shareda_timer(nm, "", "shareda");
+         Timer sharedb_timer(nm, "", "sharedb");
+
+         while(sharedb_timer.under(msec))
+            {
+            std::vector<uint8_t> send_a(NEWHOPE_SENDABYTES), send_b(NEWHOPE_SENDBBYTES);
+            std::vector<uint8_t> shared_a(32), shared_b(32);
+
+            Botan::newhope_poly sk_a;
+
+            keygen_timer.start();
+            Botan::newhope_keygen(send_a.data(), &sk_a, rng());
+            keygen_timer.stop();
+
+            sharedb_timer.start();
+            Botan::newhope_sharedb(shared_b.data(), send_b.data(), send_a.data(), rng());
+            sharedb_timer.stop();
+
+            shareda_timer.start();
+            Botan::newhope_shareda(shared_a.data(), &sk_a, send_b.data());
+            shareda_timer.stop();
+
+            BOTAN_ASSERT(shared_a == shared_b, "Same derived key");
+            }
+
+         output() << Timer::result_string_ops(keygen_timer);
+         output() << Timer::result_string_ops(shareda_timer);
+         output() << Timer::result_string_ops(sharedb_timer);
+         }
+#endif
+
    };
 
 BOTAN_REGISTER_COMMAND("speed", Speed);
author	Jack Lloyd <[email protected]>	2016-08-29 15:35:29 -0400
committer	Jack Lloyd <[email protected]>	2016-08-30 07:39:25 -0400
commit	5739c41504f8193b71e3b0ff6fbe9a508f3ece6a (patch)
tree	d588cf58066000779d2017fd61fa88d61cd2d129 /src/cli/speed.cpp
parent	a09d2df0885137ea6d7af181e3bcc823412850d8 (diff)