Refactoring in pqc.crypto.hqc

peterdettman · peterdettman · commit d6b6a0df9125 · 2026-02-23T21:42:08.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/GF.java b/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/GF.java
@@ -18,18 +18,31 @@ static int inv(int a)
         return _INV[a];
     }
 
-    static int mod(int a)
+    private static int mod1(int a)
     {
-        int t = a - HQCParameters.GF_MUL_ORDER;
-//        return t + ((t >> 31) & HQCParameters.GF_MUL_ORDER);
-        return t + (t >>> 24);
+        return a + (a >>> 24);
+    }
+
+    private static int mod2(int a)
+    {
+        return mod1(a - HQCParameters.GF_MUL_ORDER);
+    }
+
+    private static int mod(int a)
+    {
+        return mod2((a & 0xFF) + (a >>> 8));
     }
 
     static int mul(int a, int b)
     {
-        int ma = -a >> 31; // a != 0
-        int mb = -b >> 31; // b != 0
-        return ma & mb & _EXP[mod(_LOG[a] + _LOG[b])];
+        int m = (-a & -b) >> 31; // { a, b } != 0
+        return m & _EXP[mod2(_LOG[a] + _LOG[b])];
+    }
+
+    static int mul3(int a, int b, int c)
+    {
+        int m = (-a & -b & -c) >> 31; // { a, b, c } != 0
+        return m & _EXP[mod(_LOG[a] + _LOG[b] + _LOG[c])];
     }
 
     static int sqr(int a)
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/ReedSolomon.java b/core/src/main/java/org/bouncycastle/pqc/crypto/hqc/ReedSolomon.java
@@ -96,11 +96,12 @@ private static void computeSyndromes(int[] syndromes, byte[] codeWord, int delta
     {
         for (int i = 0; i < 2 * delta; i++)
         {
+            int syndromes_i = syndromes[i] ^ Utils.toUnsigned8bits(codeWord[0]);
             for (int j = 1; j < n1; j++)
             {
-                syndromes[i] ^= GF.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);
+                syndromes_i ^= GF.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);
             }
-            syndromes[i] ^= Utils.toUnsigned8bits(codeWord[0]);
+            syndromes[i] = syndromes_i;
         }
     }
 
@@ -131,10 +132,7 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)
             int degX = Utils.toUnsigned16Bits(i - pp);
             int degXSigmaP = Utils.toUnsigned16Bits(degX + degSigmaP);
 
-            int firstMask = d != 0 ? 0xffff : 0;
-            int secondMask = degXSigmaP > degSigma ? 0xffff : 0;
-
-            int mask = firstMask & secondMask;
+            int mask = ((d | -d) & (degSigma - degXSigmaP)) >> 31;
             degSigma ^= mask & (degXSigmaP ^ degSigma);
 
             if (i == (2 * delta - 1))
@@ -164,78 +162,81 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)
     private static void computeZx(int[] output, int[] sigma, int deg, int[] syndromes, int delta)
     {
         output[0] = 1;
-
-        for (int i = 1; i < delta + 1; i++)
+        output[1] = syndromes[0];
         {
-            int mask = i - deg < 1 ? 0xffff : 0;
-            output[i] = mask & sigma[i];
+            int mask = ~(deg - 1) >> 31;
+            output[1] ^= mask & sigma[1];
         }
-
-        output[1] ^= syndromes[0];
-
         for (int i = 2; i <= delta; i++)
         {
-            int mask = i - deg < 1 ? 0xffff : 0;
-            output[i] ^= (mask) & syndromes[i - 1];
+            int out_i = sigma[i] ^ syndromes[i - 1];
             for (int j = 1; j < i; j++)
             {
-                output[i] ^= (mask) & GF.mul(sigma[j], syndromes[i - j - 1]);
+                out_i ^= GF.mul(sigma[j], syndromes[i - j - 1]);
             }
+
+            int mask = ~(deg - i) >> 31;
+            output[i] = mask & out_i;
         }
     }
 
     private static void computeErrors(int[] res, int[] zx, byte[] errorCompactSet, int delta, int n1)
     {
         int[] betaSet = new int[delta];
-        int[] eSet = new int[delta];
 
         int deltaCount1 = 0;
         for (int i = 0; i < n1; i++)
         {
+            int ecs_i = errorCompactSet[i] & 0xFF;
+            int mask = (ecs_i | -ecs_i) >> 31;
+
             int mark = 0;
-            int mask = errorCompactSet[i] != 0 ? 0xffff : 0;
             for (int j = 0; j < delta; j++)
             {
-                int iMask = j == deltaCount1 ? 0xffff : 0;
-                betaSet[j] += iMask & mask & expArrays[i];
-                mark += iMask & mask & 1;
+                int iMask = (((j ^ deltaCount1) - 1) >> 31) & mask;
+                betaSet[j] += iMask & expArrays[i];
+                mark -= iMask; // conditional +1
             }
             deltaCount1 += mark;
         }
 
+        int[] eSet = new int[delta];
         for (int i = 0; i < delta; i++)
         {
-            int temp1 = 1;
-            int temp2 = 1;
             int inv = GF.inv(betaSet[i]);
-            int invPow = 1;
 
-            for (int j = 1; j <= delta; j++)
+            int temp1 = 0;
+            for (int j = delta; j > 0; --j)
             {
-                invPow = GF.mul(invPow, inv);
-                temp1 ^= GF.mul(invPow, zx[j]);
+                temp1 = GF.mul(temp1 ^ zx[j], inv);
             }
+            temp1 ^= 1;
 
-            for (int j = 1; j < delta; j++)
+            int temp2 = 1;
+            for (int j = 0; j < delta; ++j)
             {
-                temp2 = GF.mul(temp2, 1 ^ GF.mul(inv, betaSet[(i + j) % delta]));
+                if (i != j)
+                {
+                    temp2 ^= GF.mul3(temp2, inv, betaSet[j]);
+                }
             }
 
-            int mask1 = i < deltaCount1 ? 0xffff : 0;
+            int mask1 = (i - deltaCount1) >> 31;
             eSet[i] = mask1 & GF.div(temp1, temp2);
         }
 
         int deltaCount2 = 0;
         for (int i = 0; i < n1; i++)
         {
-            int mark = 0;
-            int mask = errorCompactSet[i] != 0 ? 0xffff : 0;
+            int ecs_i = errorCompactSet[i] & 0xFF;
+            int mask = (ecs_i | -ecs_i) >> 31;
 
+            int mark = 0;
             for (int j = 0; j < delta; j++)
             {
-                int iMask = j == deltaCount2 ? 0xffff : 0;
-                res[i] += iMask & mask & eSet[j];
-                mark += iMask & mask & 1;
+                int iMask = (((j ^ deltaCount2) - 1) >> 31) & mask;
+                res[i] += iMask & eSet[j];
+                mark -= iMask; // conditional +1
             }
             deltaCount2 += mark;
         }

Original file line number	Diff line number	Diff line change
`@@ -96,11 +96,12 @@ private static void computeSyndromes(int[] syndromes, byte[] codeWord, int delta`
`96`	`96`	`{`
`97`	`97`	`for (int i = 0; i < 2 * delta; i++)`
`98`	`98`	`{`
	`99`	`+ int syndromes_i = syndromes[i] ^ Utils.toUnsigned8bits(codeWord[0]);`
`99`	`100`	`for (int j = 1; j < n1; j++)`
`100`	`101`	`{`
`101`		`- syndromes[i] ^= GF.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);`
	`102`	`+ syndromes_i ^= GF.mul(Utils.toUnsigned8bits(codeWord[j]), alpha[i][j - 1]);`
`102`	`103`	`}`
`103`		`- syndromes[i] ^= Utils.toUnsigned8bits(codeWord[0]);`
	`104`	`+ syndromes[i] = syndromes_i;`
`104`	`105`	`}`
`105`	`106`	`}`
`106`	`107`
`@@ -131,10 +132,7 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)`
`131`	`132`	`int degX = Utils.toUnsigned16Bits(i - pp);`
`132`	`133`	`int degXSigmaP = Utils.toUnsigned16Bits(degX + degSigmaP);`
`133`	`134`
`134`		`- int firstMask = d != 0 ? 0xffff : 0;`
`135`		`- int secondMask = degXSigmaP > degSigma ? 0xffff : 0;`
`136`		`-`
`137`		`- int mask = firstMask & secondMask;`
	`135`	`+ int mask = ((d \| -d) & (degSigma - degXSigmaP)) >> 31;`
`138`	`136`	`degSigma ^= mask & (degXSigmaP ^ degSigma);`
`139`	`137`
`140`	`138`	`if (i == (2 * delta - 1))`
`@@ -164,78 +162,81 @@ private static int computeELP(int[] sigma, int[] syndromes, int delta)`
`164`	`162`	`private static void computeZx(int[] output, int[] sigma, int deg, int[] syndromes, int delta)`
`165`	`163`	`{`
`166`	`164`	`output[0] = 1;`
`167`		`-`
`168`		`- for (int i = 1; i < delta + 1; i++)`
	`165`	`+ output[1] = syndromes[0];`
`169`	`166`	`{`
`170`		`- int mask = i - deg < 1 ? 0xffff : 0;`
`171`		`- output[i] = mask & sigma[i];`
	`167`	`+ int mask = ~(deg - 1) >> 31;`
	`168`	`+ output[1] ^= mask & sigma[1];`
`172`	`169`	`}`
`173`		`-`
`174`		`- output[1] ^= syndromes[0];`
`175`		`-`
`176`	`170`	`for (int i = 2; i <= delta; i++)`
`177`	`171`	`{`
`178`		`- int mask = i - deg < 1 ? 0xffff : 0;`
`179`		`- output[i] ^= (mask) & syndromes[i - 1];`
	`172`	`+ int out_i = sigma[i] ^ syndromes[i - 1];`
`180`	`173`	`for (int j = 1; j < i; j++)`
`181`	`174`	`{`
`182`		`- output[i] ^= (mask) & GF.mul(sigma[j], syndromes[i - j - 1]);`
	`175`	`+ out_i ^= GF.mul(sigma[j], syndromes[i - j - 1]);`
`183`	`176`	`}`
	`177`	`+`
	`178`	`+ int mask = ~(deg - i) >> 31;`
	`179`	`+ output[i] = mask & out_i;`
`184`	`180`	`}`
`185`	`181`	`}`
`186`	`182`
`187`	`183`	`private static void computeErrors(int[] res, int[] zx, byte[] errorCompactSet, int delta, int n1)`
`188`	`184`	`{`
`189`	`185`	`int[] betaSet = new int[delta];`
`190`		`- int[] eSet = new int[delta];`
`191`	`186`
`192`	`187`	`int deltaCount1 = 0;`
`193`	`188`	`for (int i = 0; i < n1; i++)`
`194`	`189`	`{`
	`190`	`+ int ecs_i = errorCompactSet[i] & 0xFF;`
	`191`	`+ int mask = (ecs_i \| -ecs_i) >> 31;`
	`192`	`+`
`195`	`193`	`int mark = 0;`
`196`		`- int mask = errorCompactSet[i] != 0 ? 0xffff : 0;`
`197`	`194`	`for (int j = 0; j < delta; j++)`
`198`	`195`	`{`
`199`		`- int iMask = j == deltaCount1 ? 0xffff : 0;`
`200`		`- betaSet[j] += iMask & mask & expArrays[i];`
`201`		`- mark += iMask & mask & 1;`
	`196`	`+ int iMask = (((j ^ deltaCount1) - 1) >> 31) & mask;`
	`197`	`+ betaSet[j] += iMask & expArrays[i];`
	`198`	`+ mark -= iMask; // conditional +1`
`202`	`199`	`}`
`203`	`200`	`deltaCount1 += mark;`
`204`	`201`	`}`
`205`	`202`
	`203`	`+ int[] eSet = new int[delta];`
`206`	`204`	`for (int i = 0; i < delta; i++)`
`207`	`205`	`{`
`208`		`- int temp1 = 1;`
`209`		`- int temp2 = 1;`
`210`	`206`	`int inv = GF.inv(betaSet[i]);`
`211`		`- int invPow = 1;`
`212`	`207`
`213`		`- for (int j = 1; j <= delta; j++)`
	`208`	`+ int temp1 = 0;`
	`209`	`+ for (int j = delta; j > 0; --j)`
`214`	`210`	`{`
`215`		`- invPow = GF.mul(invPow, inv);`
`216`		`- temp1 ^= GF.mul(invPow, zx[j]);`
	`211`	`+ temp1 = GF.mul(temp1 ^ zx[j], inv);`
`217`	`212`	`}`
	`213`	`+ temp1 ^= 1;`
`218`	`214`
`219`		`- for (int j = 1; j < delta; j++)`
	`215`	`+ int temp2 = 1;`
	`216`	`+ for (int j = 0; j < delta; ++j)`
`220`	`217`	`{`
`221`		`- temp2 = GF.mul(temp2, 1 ^ GF.mul(inv, betaSet[(i + j) % delta]));`
	`218`	`+ if (i != j)`
	`219`	`+ {`
	`220`	`+ temp2 ^= GF.mul3(temp2, inv, betaSet[j]);`
	`221`	`+ }`
`222`	`222`	`}`
`223`	`223`
`224`		`- int mask1 = i < deltaCount1 ? 0xffff : 0;`
	`224`	`+ int mask1 = (i - deltaCount1) >> 31;`
`225`	`225`	`eSet[i] = mask1 & GF.div(temp1, temp2);`
`226`	`226`	`}`
`227`	`227`
`228`	`228`	`int deltaCount2 = 0;`
`229`	`229`	`for (int i = 0; i < n1; i++)`
`230`	`230`	`{`
`231`		`- int mark = 0;`
`232`		`- int mask = errorCompactSet[i] != 0 ? 0xffff : 0;`
	`231`	`+ int ecs_i = errorCompactSet[i] & 0xFF;`
	`232`	`+ int mask = (ecs_i \| -ecs_i) >> 31;`
`233`	`233`
	`234`	`+ int mark = 0;`
`234`	`235`	`for (int j = 0; j < delta; j++)`
`235`	`236`	`{`
`236`		`- int iMask = j == deltaCount2 ? 0xffff : 0;`
`237`		`- res[i] += iMask & mask & eSet[j];`
`238`		`- mark += iMask & mask & 1;`
	`237`	`+ int iMask = (((j ^ deltaCount2) - 1) >> 31) & mask;`
	`238`	`+ res[i] += iMask & eSet[j];`
	`239`	`+ mark -= iMask; // conditional +1`
`239`	`240`	`}`
`240`	`241`	`deltaCount2 += mark;`
`241`	`242`	`}`