int HDLOG_verify()

in src/hidden_dlog.c [235:283]

• 37 lines of code
• 6 McCabe index (conditional complexity)

int HDLOG_verify(BIG_1024_58 *N, BIG_1024_58 *B0, BIG_1024_58 *B1, HDLOG_iter_values RHO, const octet *E, HDLOG_iter_values T)
{
    int i;
    int mask;

    BIG_1024_58 ws[FFLEN_2048];
    BIG_1024_58 dws[2 * FFLEN_2048];
    BIG_1024_58 ND[FFLEN_2048];

    BIG_1024_58 PT_mem[N_SIZE][FFLEN_2048];
    BIG_1024_58 *PT[N_SIZE];

    for (i = 0; i < N_SIZE; i++)
    {
        PT[i] = PT_mem[i];
    }

    FF_2048_invmod2m(ND, N, FFLEN_2048);
    FF_2048_bi_precompute(&B0, PT, 1, N_WINDOW, N, ND, FFLEN_2048);

    for (i = 0; i < HDLOG_CHALLENGE_SIZE; i++)
    {
        mask = 0x80;
        while (mask)
        {
            FF_2048_bi_pow(ws, PT, (BIG_1024_58 **)(&T), 1, N_WINDOW, N, ND, FFLEN_2048, FFLEN_2048);

            // No need to be constant time over the value of E
            // since it is public
            if (E->val[i] & mask)
            {
                FF_2048_mul(dws, ws, B1, FFLEN_2048);
                FF_2048_dmod(ws, dws, N, FFLEN_2048);
            }

            if (FF_2048_comp(ws, *RHO, FFLEN_2048))
            {
                return HDLOG_FAIL;
            }

            // Advance mask and iter values
            mask>>=1;
            RHO++;
            T++;
        }
    }

    return HDLOG_OK;
}