From 8cf372d4a215584a031cfabbee34cbbf15391b1c Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sun, 28 May 2023 09:59:41 +0100 Subject: [PATCH] NTRU: remove a pointless failure check. In the key generation step where we invert 3f in the field Z_q/, I was carefully checking for failure, on the grounds that even a field does have _one_ non-invertible element, namely zero. But I forgot that we'd generated f in such a way that it can't possibly be zero. So that failure check is pointless. (However, I've retained it in the form of an assertion.) --- crypto/ntru.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/crypto/ntru.c b/crypto/ntru.c index edc57a91..6a02d80d 100644 --- a/crypto/ntru.c +++ b/crypto/ntru.c @@ -1046,20 +1046,14 @@ NTRUKeyPair *ntru_keygen_attempt(unsigned p, unsigned q, unsigned w) ntru_scale(f3, f, 3, p, q); /* - * Try to invert 3*f over Z_q. This should be _almost_ guaranteed - * to succeed, since Z_q/ is a field, so the only - * non-invertible value is 0. Even so, there _is_ one, so check - * the return value! + * Invert 3*f over Z_q. This is guaranteed to succeed, since + * Z_q/ is a field, so the only non-invertible value is + * 0. And f is nonzero because it came from ntru_gen_short (hence, + * w of its components are nonzero), hence so is 3*f. */ uint16_t *f3inv = snewn(p, uint16_t); - if (!ntru_ring_invert(f3inv, f3, p, q)) { - ring_free(f, p); - ring_free(f3, p); - ring_free(f3inv, p); - ring_free(g, p); - ring_free(ginv, p); - return NULL; - } + bool expect_always_success = ntru_ring_invert(f3inv, f3, p, q); + assert(expect_always_success); /* * Make the public key, by converting g to a polynomial over q and