use newly introduced SHA3 reset API so that we create lesser number o…

…f hashers

Signed-off-by: Anjan Roy <[email protected]>

include/kem.hpp

@@ -91,41 +91,38 @@ encapsulate(
   uint8_t g_out[64]{};
   uint8_t kdf_in[64]{};
 
-  {
-    sha3_256::sha3_256 hasher;
-    hasher.absorb(m, mlen);
-    hasher.finalize();
-    hasher.digest(g_in);
-  }
+  sha3_256::sha3_256 h256;
 
-  {
-    sha3_256::sha3_256 hasher;
-    hasher.absorb(pubkey, pklen);
-    hasher.finalize();
-    hasher.digest(g_in + 32);
-  }
+  h256.absorb(m, mlen);
+  h256.finalize();
+  h256.digest(g_in);
+  h256.reset();
 
-  {
-    sha3_512::sha3_512 hasher;
-    hasher.absorb(g_in, sizeof(g_in));
-    hasher.finalize();
-    hasher.digest(g_out);
-  }
+  h256.absorb(pubkey, pklen);
+  h256.finalize();
+  h256.digest(g_in + 32);
+  h256.reset();
+
+  sha3_512::sha3_512 h512;
+
+  h512.absorb(g_in, sizeof(g_in));
+  h512.finalize();
+  h512.digest(g_out);
+  h512.reset();
 
   pke::encrypt<k, eta1, eta2, du, dv>(pubkey, g_in, g_out + 32, cipher);
 
   std::memcpy(kdf_in, g_out, 32);
-  {
-    sha3_256::sha3_256 hasher;
-    hasher.absorb(cipher, ctlen);
-    hasher.finalize();
-    hasher.digest(kdf_in + 32);
-  }
 
-  shake256::shake256 hasher{};
-  hasher.absorb(kdf_in, sizeof(kdf_in));
-  hasher.finalize();
-  return hasher;
+  h256.absorb(cipher, ctlen);
+  h256.finalize();
+  h256.digest(kdf_in + 32);
+  h256.reset();
+
+  shake256::shake256 xof256;
+  xof256.absorb(kdf_in, sizeof(kdf_in));
+  xof256.finalize();
+  return xof256;
 }
 
 // Given (k * 24 * 32 + 96) -bytes secret key and (k * du * 32 + dv * 32) -bytes
@@ -173,12 +170,12 @@ decapsulate(
 
   pke::decrypt<k, du, dv>(seckey, cipher, g_in);
   std::memcpy(g_in + 32, h, 32);
-  {
-    sha3_512::sha3_512 hasher;
-    hasher.absorb(g_in, sizeof(g_in));
-    hasher.finalize();
-    hasher.digest(g_out);
-  }
+
+  sha3_512::sha3_512 h512;
+  h512.absorb(g_in, sizeof(g_in));
+  h512.finalize();
+  h512.digest(g_out);
+  h512.reset();
 
   pke::encrypt<k, eta1, eta2, du, dv>(pubkey, g_in, g_out + 32, c_prime);
 
@@ -192,17 +189,15 @@ decapsulate(
     kdf_in[i] = subtle::ct_select(flg, g_out[i], z[i]);
   }
 
-  {
-    sha3_256::sha3_256 hasher;
-    hasher.absorb(cipher, ctlen);
-    hasher.finalize();
-    hasher.digest(kdf_in + 32);
-  }
+  sha3_256::sha3_256 h256;
+  h256.absorb(cipher, ctlen);
+  h256.finalize();
+  h256.digest(kdf_in + 32);
 
-  shake256::shake256 hasher;
-  hasher.absorb(kdf_in, sizeof(kdf_in));
-  hasher.finalize();
-  return hasher;
+  shake256::shake256 xof256;
+  xof256.absorb(kdf_in, sizeof(kdf_in));
+  xof256.finalize();
+  return xof256;
 }
 
 }

include/ntt.hpp

@@ -102,7 +102,7 @@ constexpr std::array<field::zq_t, N / 2> POLY_MUL_ζ_EXP = compute_mul_ζ();
 //
 // Implementation inspired from
 // https://github.com/itzmeanjan/falcon/blob/45b0593/include/ntt.hpp#L69-L144
-static inline void
+inline void
 ntt(field::zq_t* const poly)
 {
   for (size_t l = LOG2N - 1; l >= 1; l--) {
@@ -139,7 +139,7 @@ ntt(field::zq_t* const poly)
 //
 // Implementation inspired from
 // https://github.com/itzmeanjan/falcon/blob/45b0593/include/ntt.hpp#L146-L224
-static inline void
+inline void
 intt(field::zq_t* const poly)
 {
   for (size_t l = 1; l < LOG2N; l++) {
@@ -218,7 +218,7 @@ basemul(const field::zq_t* const __restrict f, // degree-1 polynomial
 // g = (g0ˆ + g1ˆX, g2ˆ + g3ˆX, ..., g254ˆ + g255ˆX)
 //
 // h = f ◦ g
-static inline void
+inline void
 polymul(const field::zq_t* const __restrict f, // degree-255 polynomial
         const field::zq_t* const __restrict g, // degree-255 polynomial
         field::zq_t* const __restrict h        // degree-255 polynomial

include/pke.hpp

@@ -35,10 +35,11 @@ keygen(const uint8_t* const __restrict d, // 32 -bytes seed
   // step 2
   uint8_t g_out[64]{};
 
-  sha3_512::sha3_512 hasher;
-  hasher.absorb(d, dlen);
-  hasher.finalize();
-  hasher.digest(g_out);
+  sha3_512::sha3_512 h512;
+  h512.absorb(d, dlen);
+  h512.finalize();
+  h512.digest(g_out);
+  h512.reset();
 
   const uint8_t* rho = g_out + 0;
   const uint8_t* sigma = g_out + 32;