Renaming in pqc.crypto.hqc

peterdettman · peterdettman · commit bf7c06aa9042 · 2026-02-23T17:08:49.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/GF.java b/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/GF.java
@@ -1,6 +1,6 @@
 package org.bouncycastle.pqc.crypto.hqc;
 
-class GFCalculator
+class GF
 {
     // NB: _LOG[0] and _EXP[255] are both dummy values that map to each other for consistency
     private static final int[] _EXP = new int[]{ 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 0 };
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/GF2x.java b/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/GF2x.java
@@ -4,13 +4,13 @@
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Pack;
 
-class GF2PolynomialCalculator
+class GF2x
 {
     private final int bits;
     private final int size;
     private final int sizeExt;
 
-    GF2PolynomialCalculator(int n)
+    GF2x(int n)
     {
         if ((n & 0xFFFF0001) != 1)
             throw new IllegalArgumentException();
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCEngine.java b/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCEngine.java
@@ -27,7 +27,7 @@ class HQCEngine
     private final int[] generatorPoly;
     private final int nMu;
     private final int pkSize;
-    private final GF2PolynomialCalculator gf;
+    private final GF2x gf2x;
     private final int rejectionThreshold;
     private final int cipherTextBytes;
 
@@ -49,7 +49,7 @@ class HQCEngine
         this.N_BYTE = Utils.getByteSizeFromBitSize(n);
         this.N1N2_BYTE_64 = Utils.getByte64SizeFromBitSize(n1 * n2);
         this.N1N2_BYTE = Utils.getByteSizeFromBitSize(n1 * n2);
-        this.gf = new GF2PolynomialCalculator(n);
+        this.gf2x = new GF2x(n);
         this.rejectionThreshold = ((1 << 24) / n) * n;
         this.cipherTextBytes = N_BYTE + N1N2_BYTE + 16;
     }
@@ -69,9 +69,9 @@ void genKeyPair(byte[] pk, byte[] sk, SecureRandom secureRandom)
         // Randomly generate seeds for secret keys and public keys
         byte[] seedKem = new byte[SEED_BYTES]; // seedKem
         byte[] keypairSeed = new byte[SEED_BYTES << 1];
-        long[] xLongBytes = gf.create();
-        long[] yLongBytes = gf.create();
-        long[] h = gf.create(); // s
+        long[] xLongBytes = gf2x.create();
+        long[] yLongBytes = gf2x.create();
+        long[] h = gf2x.create(); // s
 
         secureRandom.nextBytes(seedKem);
         Shake256RandomGenerator ctxKem = new Shake256RandomGenerator(seedKem, (byte)1);
@@ -87,16 +87,16 @@ void genKeyPair(byte[] pk, byte[] sk, SecureRandom secureRandom)
         vectSampleFixedWeight1(xLongBytes, ctxKem, w);
         System.arraycopy(keypairSeed, SEED_BYTES, pk, 0, SEED_BYTES);
         ctxKem.init(keypairSeed, SEED_BYTES, SEED_BYTES, (byte)1);
-        gf.random(ctxKem, h);
-        gf.mul(h, yLongBytes, h); // h is s as the output
-        gf.addTo(xLongBytes, h); // h is s
+        gf2x.random(ctxKem, h);
+        gf2x.mul(h, yLongBytes, h); // h is s as the output
+        gf2x.addTo(xLongBytes, h); // h is s
         Utils.fromLongArrayToByteArray(pk, SEED_BYTES, pk.length - SEED_BYTES, h);
         System.arraycopy(keypairSeed, 0, sk, pkSize, SEED_BYTES);
         System.arraycopy(pk, 0, sk, 0, pkSize);
         Arrays.clear(keypairSeed);
-        gf.clear(xLongBytes);
-        gf.clear(yLongBytes);
-        gf.clear(h);
+        gf2x.clear(xLongBytes);
+        gf2x.clear(yLongBytes);
+        gf2x.clear(h);
     }
 
     /**
@@ -112,7 +112,7 @@ void encaps(byte[] u, byte[] v, byte[] kTheta, byte[] pk, byte[] salt, SecureRan
         // 1. Randomly generate m
         byte[] m = new byte[k];
         byte[] hashEkKem = new byte[SEED_BYTES];
-        long[] u64 = gf.create();
+        long[] u64 = gf2x.create();
         long[] v64 = new long[N1N2_BYTE_64];
 
         secureRandom.nextBytes(m);
@@ -123,7 +123,7 @@ void encaps(byte[] u, byte[] v, byte[] kTheta, byte[] pk, byte[] salt, SecureRan
         pkeEncrypt(u64, v64, pk, m, kTheta, SEED_BYTES);
         Utils.fromLongArrayToByteArray(u, 0, u.length, u64);
         Utils.fromLongArrayToByteArray(v, 0, v.length, v64);
-        gf.clear(u64);
+        gf2x.clear(u64);
         Arrays.clear(v64);
         Arrays.clear(m);
         Arrays.clear(hashEkKem);
@@ -140,10 +140,10 @@ void encaps(byte[] u, byte[] v, byte[] kTheta, byte[] pk, byte[] salt, SecureRan
     int decaps(byte[] ss, byte[] ct, byte[] sk)
     {
         // Extract Y and Public Keys from sk
-        long[] u64 = gf.create();
-        long[] v64 = gf.create();
-        long[] cKemPrimeU64 = gf.create(); // tmpLong
-        long[] cKemPrimeV64 = gf.create(); // y
+        long[] u64 = gf2x.create();
+        long[] v64 = gf2x.create();
+        long[] cKemPrimeU64 = gf2x.create(); // tmpLong
+        long[] cKemPrimeV64 = gf2x.create(); // y
         byte[] hashEkKem = new byte[SEED_BYTES];
         byte[] kThetaPrime = new byte[32 + SEED_BYTES];
         byte[] mPrime = new byte[k];
@@ -158,9 +158,9 @@ int decaps(byte[] ss, byte[] ct, byte[] sk)
         Utils.fromByteArrayToLongArray(v64, ct, N_BYTE, N1N2_BYTE);
 
         // cKemPrimeU64 is tmpLong
-        gf.mul(cKemPrimeV64, u64, cKemPrimeU64);
+        gf2x.mul(cKemPrimeV64, u64, cKemPrimeU64);
         vectTruncate(cKemPrimeU64);
-        gf.addTo(v64, cKemPrimeU64);
+        gf2x.addTo(v64, cKemPrimeU64);
 
         ReedMuller.decode(tmp, cKemPrimeU64, n1, mulParam);
         ReedSolomon.decode(mPrime, tmp, n1, fft, delta, k, g);
@@ -173,17 +173,17 @@ int decaps(byte[] ss, byte[] ct, byte[] sk)
         pkeEncrypt(cKemPrimeU64, cKemPrimeV64, sk, mPrime, kThetaPrime, 32);
         hashGJ(kBar, 256, hashEkKem, sk, pkSize + SEED_BYTES, k, ct, 0, ct.length, (byte)3);
 
-        int result = (int)(gf.equalTo(u64, cKemPrimeU64) & gf.equalTo(v64, cKemPrimeV64));
+        int result = (int)(gf2x.equalTo(u64, cKemPrimeU64) & gf2x.equalTo(v64, cKemPrimeV64));
 
         for (int i = 0; i < k; i++)
         {
             ss[i] = (byte)(((ss[i] & result) ^ (kBar[i] & ~result)) & 0xff);
         }
 
-        gf.clear(u64);
-        gf.clear(v64);
-        gf.clear(cKemPrimeU64);
-        gf.clear(cKemPrimeV64);
+        gf2x.clear(u64);
+        gf2x.clear(v64);
+        gf2x.clear(cKemPrimeU64);
+        gf2x.clear(cKemPrimeV64);
         Arrays.clear(hashEkKem);
         Arrays.clear(kThetaPrime);
         Arrays.clear(mPrime);
@@ -194,30 +194,30 @@ int decaps(byte[] ss, byte[] ct, byte[] sk)
 
     private void pkeEncrypt(long[] u, long[] v, byte[] ekPke, byte[] m, byte[] theta, int thetaOff)
     {
-        long[] e = gf.create(); // r2
-        long[] tmp = gf.create(); // s, h1, h
+        long[] e = gf2x.create(); // r2
+        long[] tmp = gf2x.create(); // s, h1, h
         byte[] res = new byte[n1];
 
         ReedSolomon.encode(res, m, n1, k, g, generatorPoly);
         ReedMuller.encode(v, res, n1, mulParam);
 
         Shake256RandomGenerator randomGenerator = new Shake256RandomGenerator(ekPke, 0, SEED_BYTES, (byte)1);
-        gf.random(randomGenerator, tmp);
+        gf2x.random(randomGenerator, tmp);
 
         randomGenerator.init(theta, thetaOff, SEED_BYTES, (byte)1);
         vectSampleFixedWeights2(randomGenerator, e, wr); // e is r2
-        gf.mul(tmp, e, u); // e is r2
+        gf2x.mul(tmp, e, u); // e is r2
         Utils.fromByteArrayToLongArray(tmp, ekPke, SEED_BYTES, pkSize - SEED_BYTES);
-        gf.mul(tmp, e, tmp);
+        gf2x.mul(tmp, e, tmp);
         vectSampleFixedWeights2(randomGenerator, e, wr);
-        gf.addTo(e, tmp);
+        gf2x.addTo(e, tmp);
         vectTruncate(tmp);
         Nat.xorTo64(N1N2_BYTE_64, tmp, v);
 
         vectSampleFixedWeights2(randomGenerator, tmp, wr);// tmp is r1
-        gf.addTo(tmp, u);
-        gf.clear(e);
-        gf.clear(tmp);
+        gf2x.addTo(tmp, u);
+        gf2x.clear(e);
+        gf2x.clear(tmp);
         Arrays.clear(res);
     }
 
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/ReedSolomon.java b/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/ReedSolomon.java
@@ -22,7 +22,7 @@ static void encode(byte[] codeWord, byte[] message, int n1, int paramK, int para
 
             for (int j = 0; j < paramG; j++)
             {
-                tmp[j] = GFCalculator.mul(gateValue, rsPoly[j]);
+                tmp[j] = GF.mul(gateValue, rsPoly[j]);
             }
 
             for (int j = n1 - paramK - 1; j > 0; j--)
@@ -98,7 +98,7 @@ private static void computeSyndromes(int[] syndromes, byte[] codeWord, int delta
         {
             for (int j = 1; j < n1; j++)
             {
-                syndromes[i] ^= GFCalculator.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);
+                syndromes[i] ^= GF.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);
             }
             syndromes[i] ^= Utils.toUnsigned8bits(codeWord[0]);
         }
@@ -121,11 +121,11 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)
         {
             System.arraycopy(sigma, 0, sigmaDup, 0, delta + 1);
             int degSigmaDup = degSigma;
-            int dd = GFCalculator.div(d, dp);
+            int dd = GF.div(d, dp);
 
             for (int j = 1; j <= i + 1 && j <= delta; j++)
             {
-                sigma[j] ^= GFCalculator.mul(dd, sigmaP[j]);
+                sigma[j] ^= GF.mul(dd, sigmaP[j]);
             }
 
             int degX = Utils.toUnsigned16Bits(i - pp);
@@ -155,7 +155,7 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)
 
             for (int k = 1; k <= i + 1 && k <= delta; k++)
             {
-                d ^= GFCalculator.mul(sigma[k], syndromes[i + 1 - k]);
+                d ^= GF.mul(sigma[k], syndromes[i + 1 - k]);
             }
         }
         return degSigma;
@@ -179,7 +179,7 @@ private static void computeZx(int[] output, int[] sigma, int deg, int[] syndrome
             output[i] ^= (mask) & syndromes[i - 1];
             for (int j = 1; j < i; j++)
             {
-                output[i] ^= (mask) & GFCalculator.mul(sigma[j], syndromes[i - j - 1]);
+                output[i] ^= (mask) & GF.mul(sigma[j], syndromes[i - j - 1]);
             }
         }
     }
@@ -207,22 +207,22 @@ private static void computeErrors(int[] res, int[] zx, byte[] errorCompactSet, i
         {
             int temp1 = 1;
             int temp2 = 1;
-            int inv = GFCalculator.inv(betaSet[i]);
+            int inv = GF.inv(betaSet[i]);
             int invPow = 1;
 
             for (int j = 1; j <= delta; j++)
             {
-                invPow = GFCalculator.mul(invPow, inv);
-                temp1 ^= GFCalculator.mul(invPow, zx[j]);
+                invPow = GF.mul(invPow, inv);
+                temp1 ^= GF.mul(invPow, zx[j]);
             }
 
             for (int j = 1; j < delta; j++)
             {
-                temp2 = GFCalculator.mul(temp2, 1 ^ GFCalculator.mul(inv, betaSet[(i + j) % delta]));
+                temp2 = GF.mul(temp2, 1 ^ GF.mul(inv, betaSet[(i + j) % delta]));
             }
 
             int mask1 = i < deltaCount1 ? 0xffff : 0;
-            eSet[i] = mask1 & GFCalculator.div(temp1, temp2);
+            eSet[i] = mask1 & GF.div(temp1, temp2);
         }
 
         int deltaCount2 = 0;

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`package org.bouncycastle.pqc.crypto.hqc;`
`2`	`2`
`3`		`-class GFCalculator`
	`3`	`+class GF`
`4`	`4`	`{`
`5`	`5`	`// NB: _LOG[0] and _EXP[255] are both dummy values that map to each other for consistency`
`6`	`6`	private static final int[] _EXP = new int[]{ 1, 2, 4, 8, 16, 32, 64, 128, 29, 58, 116, 232, 205, 135, 19, 38, 76, 152, 45, 90, 180, 117, 234, 201, 143, 3, 6, 12, 24, 48, 96, 192, 157, 39, 78, 156, 37, 74, 148, 53, 106, 212, 181, 119, 238, 193, 159, 35, 70, 140, 5, 10, 20, 40, 80, 160, 93, 186, 105, 210, 185, 111, 222, 161, 95, 190, 97, 194, 153, 47, 94, 188, 101, 202, 137, 15, 30, 60, 120, 240, 253, 231, 211, 187, 107, 214, 177, 127, 254, 225, 223, 163, 91, 182, 113, 226, 217, 175, 67, 134, 17, 34, 68, 136, 13, 26, 52, 104, 208, 189, 103, 206, 129, 31, 62, 124, 248, 237, 199, 147, 59, 118, 236, 197, 151, 51, 102, 204, 133, 23, 46, 92, 184, 109, 218, 169, 79, 158, 33, 66, 132, 21, 42, 84, 168, 77, 154, 41, 82, 164, 85, 170, 73, 146, 57, 114, 228, 213, 183, 115, 230, 209, 191, 99, 198, 145, 63, 126, 252, 229, 215, 179, 123, 246, 241, 255, 227, 219, 171, 75, 150, 49, 98, 196, 149, 55, 110, 220, 165, 87, 174, 65, 130, 25, 50, 100, 200, 141, 7, 14, 28, 56, 112, 224, 221, 167, 83, 166, 81, 162, 89, 178, 121, 242, 249, 239, 195, 155, 43, 86, 172, 69, 138, 9, 18, 36, 72, 144, 61, 122, 244, 245, 247, 243, 251, 235, 203, 139, 11, 22, 44, 88, 176, 125, 250, 233, 207, 131, 27, 54, 108, 216, 173, 71, 142, 0 };
Original file line number	Diff line number	Diff line change
`@@ -4,13 +4,13 @@`
`4`	`4`	`import org.bouncycastle.util.Arrays;`
`5`	`5`	`import org.bouncycastle.util.Pack;`
`6`	`6`
`7`		`-class GF2PolynomialCalculator`
	`7`	`+class GF2x`
`8`	`8`	`{`
`9`	`9`	`private final int bits;`
`10`	`10`	`private final int size;`
`11`	`11`	`private final int sizeExt;`
`12`	`12`
`13`		`- GF2PolynomialCalculator(int n)`
	`13`	`+ GF2x(int n)`
`14`	`14`	`{`
`15`	`15`	`if ((n & 0xFFFF0001) != 1)`
`16`	`16`	`throw new IllegalArgumentException();`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ static void encode(byte[] codeWord, byte[] message, int n1, int paramK, int para`
`22`	`22`
`23`	`23`	`for (int j = 0; j < paramG; j++)`
`24`	`24`	`{`
`25`		`- tmp[j] = GFCalculator.mul(gateValue, rsPoly[j]);`
	`25`	`+ tmp[j] = GF.mul(gateValue, rsPoly[j]);`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`for (int j = n1 - paramK - 1; j > 0; j--)`
`@@ -98,7 +98,7 @@ private static void computeSyndromes(int[] syndromes, byte[] codeWord, int delta`
`98`	`98`	`{`
`99`	`99`	`for (int j = 1; j < n1; j++)`
`100`	`100`	`{`
`101`		`- syndromes[i] ^= GFCalculator.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);`
	`101`	`+ syndromes[i] ^= GF.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);`
`102`	`102`	`}`
`103`	`103`	`syndromes[i] ^= Utils.toUnsigned8bits(codeWord[0]);`
`104`	`104`	`}`
`@@ -121,11 +121,11 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)`
`121`	`121`	`{`
`122`	`122`	`System.arraycopy(sigma, 0, sigmaDup, 0, delta + 1);`
`123`	`123`	`int degSigmaDup = degSigma;`
`124`		`- int dd = GFCalculator.div(d, dp);`
	`124`	`+ int dd = GF.div(d, dp);`
`125`	`125`
`126`	`126`	`for (int j = 1; j <= i + 1 && j <= delta; j++)`
`127`	`127`	`{`
`128`		`- sigma[j] ^= GFCalculator.mul(dd, sigmaP[j]);`
	`128`	`+ sigma[j] ^= GF.mul(dd, sigmaP[j]);`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`int degX = Utils.toUnsigned16Bits(i - pp);`
`@@ -155,7 +155,7 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)`
`155`	`155`
`156`	`156`	`for (int k = 1; k <= i + 1 && k <= delta; k++)`
`157`	`157`	`{`
`158`		`- d ^= GFCalculator.mul(sigma[k], syndromes[i + 1 - k]);`
	`158`	`+ d ^= GF.mul(sigma[k], syndromes[i + 1 - k]);`
`159`	`159`	`}`
`160`	`160`	`}`
`161`	`161`	`return degSigma;`
`@@ -179,7 +179,7 @@ private static void computeZx(int[] output, int[] sigma, int deg, int[] syndrome`
`179`	`179`	`output[i] ^= (mask) & syndromes[i - 1];`
`180`	`180`	`for (int j = 1; j < i; j++)`
`181`	`181`	`{`
`182`		`- output[i] ^= (mask) & GFCalculator.mul(sigma[j], syndromes[i - j - 1]);`
	`182`	`+ output[i] ^= (mask) & GF.mul(sigma[j], syndromes[i - j - 1]);`
`183`	`183`	`}`
`184`	`184`	`}`
`185`	`185`	`}`
`@@ -207,22 +207,22 @@ private static void computeErrors(int[] res, int[] zx, byte[] errorCompactSet, i`
`207`	`207`	`{`
`208`	`208`	`int temp1 = 1;`
`209`	`209`	`int temp2 = 1;`
`210`		`- int inv = GFCalculator.inv(betaSet[i]);`
	`210`	`+ int inv = GF.inv(betaSet[i]);`
`211`	`211`	`int invPow = 1;`
`212`	`212`
`213`	`213`	`for (int j = 1; j <= delta; j++)`
`214`	`214`	`{`
`215`		`- invPow = GFCalculator.mul(invPow, inv);`
`216`		`- temp1 ^= GFCalculator.mul(invPow, zx[j]);`
	`215`	`+ invPow = GF.mul(invPow, inv);`
	`216`	`+ temp1 ^= GF.mul(invPow, zx[j]);`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`for (int j = 1; j < delta; j++)`
`220`	`220`	`{`
`221`		`- temp2 = GFCalculator.mul(temp2, 1 ^ GFCalculator.mul(inv, betaSet[(i + j) % delta]));`
	`221`	`+ temp2 = GF.mul(temp2, 1 ^ GF.mul(inv, betaSet[(i + j) % delta]));`
`222`	`222`	`}`
`223`	`223`
`224`	`224`	`int mask1 = i < deltaCount1 ? 0xffff : 0;`
`225`		`- eSet[i] = mask1 & GFCalculator.div(temp1, temp2);`
	`225`	`+ eSet[i] = mask1 & GF.div(temp1, temp2);`
`226`	`226`	`}`
`227`	`227`
`228`	`228`	`int deltaCount2 = 0;`