in python3/frodokem.py [0:0]
def genAES128(self, seedA):
"""Generate matrix A using AES-128 (FrodoKEM specification, Algorithm 7)"""
A = [[None for j in range(self.n)] for i in range(self.n)]
# 1. for i = 0; i < n; i += 1
for i in range(self.n):
# 2. for j = 0; j < n; j += 8
for j in range(0, self.n, 8):
# 3. b = i || j || 0 || ... || 0 in {0,1}^128, where i and j are encoded as 16-bit integers in little-endian byte order
b = bytearray(16)
struct.pack_into('<H', b, 0, i)
struct.pack_into('<H', b, 2, j)
# 4. c = AES128(seedA, b)
c = FrodoKEM.__aes128_16bytesonly(seedA, b)
# 5. for k = 0; k < 8; k += 1
for k in range(8):
# 6. A[i][j+k] = c[k] where c is treated as a sequence of 8 16-bit integers each in little-endian byte order
A[i][j + k] = struct.unpack_from('<H', c, 2 * k)[0] % self.q
return A