Documentation
¶
Overview ¶
Package code provides GPU-accelerated code-based cryptography operations. The flagship surface is HQC (Hamming Quasi-Cyclic), the NIST PQC Round-4 selected code-based KEM (NIST IR 8528, March 2025).
HQC is family-disjoint from ML-KEM: a structural break against Module-LWE does not compromise the hardness assumption (Syndrome Decoding Problem) underpinning HQC. The crypto/hqc package wires this batch surface as its GPU dispatch path; CPU fallback always delegates to the PQClean reference under crypto/hqc/pqclean/.
Three parameter sets:
HQC128 — NIST PQ Category 1 (~AES-128). pk=2249, sk=2305, ct=4433. HQC192 — NIST PQ Category 3 (~AES-192). pk=4522, sk=4586, ct=8978. HQC256 — NIST PQ Category 5 (~AES-256). pk=7245, sk=7317, ct=14421.
All shared secrets are 64 bytes.
The batch entry points consume a contiguous seed buffer where slot i's seed occupies seeds[i*SeedSize : (i+1)*SeedSize]. Replaying the same seed slice produces byte-identical output (FIPS-style determinism property — load-bearing for the on-chain HQC precompile).
Index ¶
- Variables
- func GF2PolymulBatch(mode Mode, c, a, b []uint64, count int) error
- func HQCDecapsBatch(mode Mode, sss, cts, sks []byte, count int) error
- func HQCEncapsBatch(mode Mode, cts, sss, pks, seeds []byte, count int) error
- func HQCKeypairBatch(mode Mode, pks, sks, seeds []byte, count int) error
- func ReedSolomonDecodeBatch(mode Mode, msgs, cdws []byte, count int) error
- type Mode
- type Params
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidMode = errors.New("code: invalid HQC mode") ErrInvalidInput = errors.New("code: invalid input") ErrSeedExhausted = errors.New("code: seed buffer exhausted (RNG failed)") ErrCountZero = errors.New("code: count must be > 0") ErrBufferSizeInvalid = errors.New("code: buffer size does not match count * per-slot size") )
Sentinel errors.
Functions ¶
func GF2PolymulBatch ¶
GF2PolymulBatch multiplies pairs of GF(2)^N polynomials, one pair per slot, modulo X^N - 1. N is fixed by the parameter set:
HQC128: N = 17669 bits (vec_n_size_64 = 277 uint64) HQC192: N = 35851 bits (vec_n_size_64 = 561 uint64) HQC256: N = 57637 bits (vec_n_size_64 = 901 uint64)
Inputs and outputs are little-endian uint64 arrays. Slot i reads a[i*vecN:(i+1)*vecN] and b[i*vecN:(i+1)*vecN], writes c[i*vecN:(i+1)*vecN].
func HQCDecapsBatch ¶
HQCDecapsBatch performs `count` independent decapsulations.
len(sks) == count * p.SecretKey len(cts) == count * p.Ciphertext len(sss) == count * p.SharedSecret
Implicit rejection: a tampered ciphertext does NOT error — instead the corresponding sss slot receives a pseudorandom 64 bytes derived from (sk, ct). The caller compares against the counterparty's expected secret to detect rejection.
func HQCEncapsBatch ¶
HQCEncapsBatch performs `count` independent encapsulations.
len(pks) == count * p.PublicKey len(cts) == count * p.Ciphertext len(sss) == count * p.SharedSecret len(seeds) == count * p.SeedEncaps
func HQCKeypairBatch ¶
HQCKeypairBatch generates `count` independent HQC keypairs of the given parameter set. The seeds buffer is consumed deterministically: slot i reads from seeds[i*p.SeedKeypair : (i+1)*p.SeedKeypair].
pks and sks are output buffers, pre-allocated to:
len(pks) == count * p.PublicKey len(sks) == count * p.SecretKey len(seeds) == count * p.SeedKeypair
Returns ErrSeedExhausted if any slot's PRNG ran out mid-op (which implies the caller under-provisioned the seed buffer).
func ReedSolomonDecodeBatch ¶
ReedSolomonDecodeBatch decodes `count` independent Reed-Solomon codewords (PARAM_N1 bytes each) into PARAM_K-byte messages.
HQC128: PARAM_N1 = 46, PARAM_K = 16 HQC192: PARAM_N1 = 56, PARAM_K = 24 HQC256: PARAM_N1 = 90, PARAM_K = 32
Types ¶
type Mode ¶
type Mode int
Mode selects the HQC parameter set. Identical bit pattern to the C++ enum LuxHQCMode in luxfi/mlx/include/lux/gpu/hqc.h.
Source Files