In [9]:
import numpy as np
import os

class Pol:
    def __init__(self, n):
        self.QD = np.zeros((n, n), dtype=np.int64)
        self.L = np.zeros(n, dtype=np.int64)
        self.C = 0

def allocate_polynomials(m, n):
    return [Pol(n) for _ in range(m)]

def polgen(f, m, n, seed):
    # Ensure seed is an integer
    if isinstance(seed, (bytes, str)):
        seed = int.from_bytes(seed[:4], 'little')
    np.random.seed(seed)

    for poly in f:
        cofval = np.random.randint(0, 2**32, size=(n*(n+1)//2 + n + 1), dtype=np.int64)
        count = 0
        for j in range(n):
            for k in range(n):
                if k > j:
                    poly.QD[k, j] = 0
                else:
                    poly.QD[k, j] = cofval[count] % 2**32
                    count += 1
        for j in range(n):
            poly.L[j] = cofval[count] % 2**32
            count += 1
        poly.C = cofval[count] % 2**32

# Funkcja do oceny wielomianu:
def evaluate_poly(poly, value, n):
    result1 = 0
    result2 = 0
    tabResult1 = np.zeros(n, dtype=np.int64)

    for j in range(n):
        tabResult1[j] = sum(value[i] * poly.QD[i, j] for i in range(n))
        result1 += tabResult1[j] * value[j]

    result2 = sum(poly.L[i] * value[i] for i in range(n))

    return result1 + result2 + poly.C

# Funkcja do oceny systemu wielomianów:
def eval_sys(polynomials, value, m, n):
    return [evaluate_poly(poly, value, n) for poly in polynomials]

# Funkcje zaokrąglania i CrossRound:
def kem_crossround1(value, B_BAR):
    value = int(value)
    B_BAR = int(B_BAR)
    return (value >> (B_BAR - 1)) % 2

def rounding(value, B_BAR, Q):
    # Ensure the inputs are integers
    value = int(value)
    B_BAR = int(B_BAR)
    Q = int(Q)

    rem = (value + (2**(B_BAR - 1))) % Q
    return rem >> B_BAR

def kem_crossround2(vector, B_BAR):
    return [kem_crossround1(val, B_BAR) for val in vector]

def kem_rounding(vector, B_BAR, Q):
    return [rounding(val, B_BAR, Q) for val in vector]

# Funkcja kem_rec:
def kem_rec(key, w, c, B_BAR):
    for i in range(len(w)):
        hint = kem_crossround1(w[i], B_BAR)
        if hint == c[i]:
            key[i] = rounding(w[i], B_BAR, Q)
        else:
            w1 = w[i] + (2**(B_BAR - 2)) - 1
            hint = kem_crossround1(w1, B_BAR)
            if hint == c[i]:
                key[i] = rounding(w1, B_BAR, Q)
            else:
                w2 = w[i] - (2**(B_BAR - 2)) + 1
                hint = kem_crossround1(w2, B_BAR)
                if hint == c[i]:
                    key[i] = rounding(w2, B_BAR, Q)
                else:
                    key[i] = 0

# Funkcje pakowania i rozpakowywania kluczy:
def pack_sk(seed, sa):
    # Ensure seed is bytes
    if isinstance(seed, str):
        seed = seed.encode()
    elif not isinstance(seed, bytes):
        raise TypeError("Seed must be of type str or bytes")

    # Convert sa to bytes
    sa_bytes = sa.tobytes()

    # Concatenate seed and sa_bytes
    return seed + sa_bytes

def unpack_sk(sk, SEEDSIZE, N):
    seed = sk[:SEEDSIZE]
    sa_bytes = sk[SEEDSIZE:]
    sa = np.frombuffer(sa_bytes, dtype=np.int16).reshape(N)

    return seed, sa

def pack_pk(seed, b1):
    return seed + b1.tobytes()

def unpack_pk(pk, SEEDSIZE, M):
    seed = pk[:SEEDSIZE]
    b1 = np.frombuffer(pk[SEEDSIZE:], dtype=np.uint64)
    return seed, b1

def pack_ct(b2, c):
    return c + list(b2.tobytes())

def unpack_ct(ct, M):
    # Ensure ct is bytes
    ct_bytes = bytes(ct)
    c = list(ct_bytes[:M])
    b2 = np.frombuffer(ct_bytes[M:], dtype=np.uint64)
    return b2, c

# Funkcje generowania kluczy, enkapsulacji i dekapsulacji:
def crypto_kem_keypair(SEEDSIZE, N, M, SECRETVAL_LENGTH, ERROR_LENGTH, RANGE, Q):
    seed = os.urandom(SEEDSIZE)

    f1 = allocate_polynomials(M, N)
    polgen(f1, M, N, seed)

    sa = np.frombuffer(os.urandom(N * SECRETVAL_LENGTH), dtype=np.uint8) % RANGE
    e1 = np.frombuffer(os.urandom(M * ERROR_LENGTH), dtype=np.uint8) % RANGE

    b1 = np.array(eval_sys(f1, sa, M, N)) + e1

    sk = pack_sk(seed, sa)
    pk = pack_pk(seed, b1)

    return pk, sk

def crypto_kem_enc(pk, SEEDSIZE, N, M, SECRETVAL_LENGTH, ERROR_LENGTH, RANGE, Q, B_BAR):
    seed, b1 = unpack_pk(pk, SEEDSIZE, M)

    f2 = allocate_polynomials(M, N)
    polgen(f2, M, N, seed)

    seed1 = os.urandom(SEEDSIZE)
    sb = np.frombuffer(os.urandom(N * SECRETVAL_LENGTH), dtype=np.uint8) % RANGE
    e2 = np.frombuffer(os.urandom(M * ERROR_LENGTH), dtype=np.uint8) % RANGE
    e3 = np.frombuffer(os.urandom(M * ERROR_LENGTH), dtype=np.uint8) % RANGE

    b2 = np.array(eval_sys(f2, sb, M, N)) + e2
    b3 = np.array(eval_sys(f2, sb, M, N)) * b1 + e3

    ss = kem_rounding(b3, B_BAR, Q)
    c = kem_crossround2(b3, B_BAR)

    ct = pack_ct(b2, c)

    return ct, ss

def crypto_kem_dec(ct, sk, SEEDSIZE, N, M, Q, B_BAR):
    sa, seed = unpack_sk(sk, SEEDSIZE, N)
    b2, c = unpack_ct(ct, M)

    f = allocate_polynomials(M, N)
    polgen(f, M, N, seed)

    w = np.array(eval_sys(f, sa, M, N)) * b2

    ss = np.zeros(M, dtype=np.uint8)
    kem_rec(ss, w, c, B_BAR)

    return ss

# Główna funkcja testująca:
if __name__ == "__main__":
    SEEDSIZE = 32
    N = 10
    M = 5
    SECRETVAL_LENGTH = 1
    ERROR_LENGTH = 1
    RANGE = 256
    Q = 2**32
    B_BAR = 16

    pk, sk = crypto_kem_keypair(SEEDSIZE, N, M, SECRETVAL_LENGTH, ERROR_LENGTH, RANGE, Q)
    ct, ss_enc = crypto_kem_enc(pk, SEEDSIZE, N, M, SECRETVAL_LENGTH, ERROR_LENGTH, RANGE, Q, B_BAR)
    ss_dec = crypto_kem_dec(ct, sk, SEEDSIZE, N, M, Q, B_BAR)

    print("Shared secret (encapsulation):", ss_enc)
    print("Shared secret (decapsulation):", ss_dec)
    print("Secrets match:", np.array_equal(ss_enc, ss_dec))

Shared secret (encapsulation): [0, 0, 0, 0, 0]
Shared secret (decapsulation): [0 0 0 0 0]
Secrets match: True
