second-round version of SQIsign

Co-authored-by: Marius A. Aardal <marius.andre.aardal@gmail.com> Co-authored-by: Gora Adj <gora.adj@tii.ae> Co-authored-by: Diego F. Aranha <dfaranha@cs.au.dk> Co-authored-by: Andrea Basso <sqisign@andreabasso.com> Co-authored-by: Isaac Andrés Canales Martínez <icanalesm0500@gmail.com> Co-authored-by: Jorge Chávez-Saab <jorgechavezsaab@gmail.com> Co-authored-by: Maria Corte-Real Santos <mariascrsantos98@gmail.com> Co-authored-by: Luca De Feo <github@defeo.lu> Co-authored-by: Max Duparc <max.duparc@epfl.ch> Co-authored-by: Jonathan Komada Eriksen <jonathan.eriksen97@gmail.com> Co-authored-by: Décio Luiz Gazzoni Filho <decio@decpp.net> Co-authored-by: Basil Hess <bhe@zurich.ibm.com> Co-authored-by: Antonin Leroux <antonin.leroux@polytechnique.org> Co-authored-by: Patrick Longa <plonga@microsoft.com> Co-authored-by: Luciano Maino <mainoluciano.96@gmail.com> Co-authored-by: Michael Meyer <michael@random-oracles.org> Co-authored-by: Hiroshi Onuki <onuki@mist.i.u-tokyo.ac.jp> Co-authored-by: Lorenz Panny <lorenz@yx7.cc> Co-authored-by: Giacomo Pope <giacomopope@gmail.com> Co-authored-by: Krijn Reijnders <reijnderskrijn@gmail.com> Co-authored-by: Damien Robert <damien.robert@inria.fr> Co-authored-by: Francisco Rodríguez-Henriquez <francisco.rodriguez@tii.ae> Co-authored-by: Sina Schaeffler <sschaeffle@student.ethz.ch> Co-authored-by: Benjamin Wesolowski <benjamin.wesolowski@ens-lyon.fr>
2025-02-06 00:00:00 +00:00
parent ff34a8cd18
commit 91e9e464fe
481 changed files with 80785 additions and 55963 deletions
--- a/scripts/precomp/precompute_quaternion_data.sage
+++ b/scripts/precomp/precompute_quaternion_data.sage
@@ -0,0 +1,91 @@
+#!/usr/bin/env sage
+proof.all(False)  # faster
+
+
+
+from maxorders import p, orders
+
+from cformat import Ibz, Object, ObjectFormatter
+
+# Prime of same size than p for random ideal of fixed norm
+bitlength_p = int(p).bit_length()
+prime_cofactor = next_prime((2^(bitlength_p)))
+
+algobj = [Ibz(p)]
+
+objs = \
+    [
+        [
+            # basis (columns)
+            [
+                Ibz(mat.denominator()),
+                [[Ibz(v) for v in vs]
+                    for vs in mat.transpose()*mat.denominator()],
+            ],
+            # sqrt(-q)
+            [
+                Ibz(mat.denominator()),
+                [Ibz(c) for c in ii*mat.denominator()],
+            ],
+            # sqrt(-p)
+            [
+                Ibz(1),
+                [Ibz(c) for c in (0,0,1,0)]
+            ],
+            q
+        ]
+        for q,_,mat,ii,_,_ in orders
+    ]
+
+idlobjs = \
+    [
+        [
+            # basis (columns)
+            [
+                Ibz(idl.denominator()),
+                [[Ibz(v) for v in vs]
+                    for vs in idl.transpose()*idl.denominator()],
+            ],
+            # norm
+            Ibz(abs(idl.row_space(ZZ).intersection((ZZ^4).submodule([[1,0,0,0]])).basis()[0][0])),
+            # left order
+            '&MAXORD_O0',
+        ]
+        for _,_,mat,_,idl,_ in orders
+    ]
+
+gammaobjs = \
+    [
+        [
+            Ibz(gamma.denominator()),
+            list(map(Ibz, gamma * gamma.denominator())),
+        ]
+        for _,_,_,_,_,gamma in orders
+    ]
+
+objs = ObjectFormatter([
+        Object('ibz_t', 'QUAT_prime_cofactor', Ibz(prime_cofactor)),
+        Object('quat_alg_t', 'QUATALG_PINFTY', algobj),
+        Object('quat_p_extremal_maximal_order_t[]', 'EXTREMAL_ORDERS', objs),
+        Object('quat_left_ideal_t[]', 'CONNECTING_IDEALS', idlobjs),  # ideal corresponding to an isogeny from E0 which acts as identity w.r.t. the basis_even
+        Object('quat_alg_elem_t[]', 'CONJUGATING_ELEMENTS', gammaobjs), # elements γ such that each I has right order γ O₁ γ^-1
+    ])
+
+with open('include/quaternion_data.h','w') as hfile:
+    with open('quaternion_data.c','w') as cfile:
+        print(f'#include <quaternion.h>', file=hfile)
+        print(f'#include <stddef.h>', file=cfile)
+        print(f'#include <stdint.h>', file=cfile)
+        print(f'#include <quaternion_data.h>', file=cfile)
+
+        #FIXME this should eventually go away?
+        print(f'#define MAXORD_O0 (EXTREMAL_ORDERS->order)', file=hfile)
+        print(f'#define STANDARD_EXTREMAL_ORDER (EXTREMAL_ORDERS[0])', file=hfile)
+        print(f'#define NUM_ALTERNATE_EXTREMAL_ORDERS {len(orders)-1}', file=hfile)
+        print(f'#define ALTERNATE_EXTREMAL_ORDERS (EXTREMAL_ORDERS+1)', file=hfile)
+        print(f'#define ALTERNATE_CONNECTING_IDEALS (CONNECTING_IDEALS+1)', file=hfile)
+        print(f'#define ALTERNATE_CONJUGATING_ELEMENTS (CONJUGATING_ELEMENTS+1)', file=hfile)
+
+        objs.header(file=hfile)
+        objs.implementation(file=cfile)
+