UNPKG

kyberkotlin

Version:

ML-KEM (NIST FIPS 203) optimized implementation on 100% Kotlin.

1,149 lines 73.2 kB
(function (factory) { if (typeof define === 'function' && define.amd) define(['exports', './kotlin-kotlin-stdlib.js', './KeccakKotlin.js', './random-library-crypto-rand.js'], factory); else if (typeof exports === 'object') factory(module.exports, require('./kotlin-kotlin-stdlib.js'), require('./KeccakKotlin.js'), require('./random-library-crypto-rand.js')); else { if (typeof globalThis['kotlin-kotlin-stdlib'] === 'undefined') { throw new Error("Error loading module 'asia.hombre:KyberKotlin'. Its dependency 'kotlin-kotlin-stdlib' was not found. Please, check whether 'kotlin-kotlin-stdlib' is loaded prior to 'asia.hombre:KyberKotlin'."); } if (typeof KeccakKotlin === 'undefined') { throw new Error("Error loading module 'asia.hombre:KyberKotlin'. Its dependency 'KeccakKotlin' was not found. Please, check whether 'KeccakKotlin' is loaded prior to 'asia.hombre:KyberKotlin'."); } if (typeof globalThis['random-library-crypto-rand'] === 'undefined') { throw new Error("Error loading module 'asia.hombre:KyberKotlin'. Its dependency 'random-library-crypto-rand' was not found. Please, check whether 'random-library-crypto-rand' is loaded prior to 'asia.hombre:KyberKotlin'."); } globalThis['asia.hombre:KyberKotlin'] = factory(typeof globalThis['asia.hombre:KyberKotlin'] === 'undefined' ? {} : globalThis['asia.hombre:KyberKotlin'], globalThis['kotlin-kotlin-stdlib'], KeccakKotlin, globalThis['random-library-crypto-rand']); } }(function (_, kotlin_kotlin, kotlin_asia_hombre_KeccakKotlin, kotlin_org_kotlincrypto_random_crypto_rand) { 'use strict'; //region block: imports var imul = Math.imul; var copyOfRange = kotlin_kotlin.$_$.t; var protoOf = kotlin_kotlin.$_$.q1; var initMetadataForCompanion = kotlin_kotlin.$_$.i1; var arrayCopy = kotlin_kotlin.$_$.p; var Unit_instance = kotlin_kotlin.$_$.o; var getKClassFromExpression = kotlin_kotlin.$_$.a; var THROW_CCE = kotlin_kotlin.$_$.c2; var contentEquals = kotlin_kotlin.$_$.q; var contentHashCode = kotlin_kotlin.$_$.r; var defineProp = kotlin_kotlin.$_$.e1; var initMetadataForClass = kotlin_kotlin.$_$.h1; var initMetadataForObject = kotlin_kotlin.$_$.j1; var KeccakHash_instance = kotlin_asia_hombre_KeccakKotlin.$_$.f; var KeccakParameter_SHA3_256_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.b; var Default_getInstance = kotlin_org_kotlincrypto_random_crypto_rand.$_$.a; var KeccakParameter_SHA3_512_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.c; var fill = kotlin_kotlin.$_$.w; var fillArrayVal = kotlin_kotlin.$_$.f1; var toByte = kotlin_kotlin.$_$.r1; var fill_0 = kotlin_kotlin.$_$.v; var THROW_IAE = kotlin_kotlin.$_$.d2; var Enum = kotlin_kotlin.$_$.y1; var VOID = kotlin_kotlin.$_$.b; var Exception = kotlin_kotlin.$_$.z1; var Exception_init_$Init$ = kotlin_kotlin.$_$.e; var captureStack = kotlin_kotlin.$_$.b1; var copyOfRange_0 = kotlin_kotlin.$_$.s; var KeccakParameter_SHAKE_256_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.e; var compareTo = kotlin_kotlin.$_$.d1; var booleanArray = kotlin_kotlin.$_$.z; var _UByte___init__impl__g9hnc4 = kotlin_kotlin.$_$.k; var _UByte___get_data__impl__jof9qr = kotlin_kotlin.$_$.l; var ArithmeticException_init_$Create$ = kotlin_kotlin.$_$.c; var until = kotlin_kotlin.$_$.v1; var step = kotlin_kotlin.$_$.u1; var KeccakParameter_SHAKE_128_getInstance = kotlin_asia_hombre_KeccakKotlin.$_$.d; var KeccakByteStream = kotlin_asia_hombre_KeccakKotlin.$_$.a; var get_lastIndex = kotlin_kotlin.$_$.y; //endregion //region block: pre-declaration initMetadataForCompanion(Companion); initMetadataForClass(KyberCipherText, 'KyberCipherText'); initMetadataForObject(KyberConstants, 'KyberConstants'); initMetadataForCompanion(Companion_0); initMetadataForClass(KyberDecapsulationKey, 'KyberDecapsulationKey'); initMetadataForCompanion(Companion_1); initMetadataForClass(KyberDecryptionKey, 'KyberDecryptionKey'); initMetadataForCompanion(Companion_2); initMetadataForClass(KyberEncapsulationKey, 'KyberEncapsulationKey'); initMetadataForClass(KyberEncapsulationResult, 'KyberEncapsulationResult'); initMetadataForCompanion(Companion_3); initMetadataForClass(KyberEncryptionKey, 'KyberEncryptionKey'); initMetadataForClass(KyberKEMKeyPair, 'KyberKEMKeyPair'); initMetadataForObject(PKEGenerator, 'PKEGenerator'); initMetadataForObject(KyberKeyGenerator, 'KyberKeyGenerator'); initMetadataForClass(KyberPKEKeyPair, 'KyberPKEKeyPair'); initMetadataForCompanion(Companion_4); initMetadataForClass(KyberParameter, 'KyberParameter', VOID, Enum); initMetadataForClass(InvalidKyberKeyException, 'InvalidKyberKeyException', VOID, Exception); initMetadataForClass(UnsupportedKyberVariantException, 'UnsupportedKyberVariantException', VOID, Exception); initMetadataForObject(KyberAgreement, 'KyberAgreement'); initMetadataForObject(KyberMath, 'KyberMath'); //endregion function Companion() { } protoOf(Companion).fromBytes = function (bytes) { var parameter = Companion_instance_4.findByCipherTextSize(bytes.length); var encodedCoefficientsSize = imul(32, imul(parameter.DU, parameter.K)); return new KyberCipherText(Companion_instance_4.findByCipherTextSize(bytes.length), copyOfRange(bytes, 0, encodedCoefficientsSize), copyOfRange(bytes, encodedCoefficientsSize, bytes.length)); }; var Companion_instance; function Companion_getInstance() { return Companion_instance; } function KyberCipherText(parameter, encodedCoefficients, encodedTerms) { this.parameter = parameter; var tmp = this; // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call tmp.i4_1 = encodedCoefficients.slice(); var tmp_0 = this; // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call tmp_0.j4_1 = encodedTerms.slice(); } protoOf(KyberCipherText).k4 = function () { return this.parameter; }; protoOf(KyberCipherText).l4 = function () { return this.i4_1; }; protoOf(KyberCipherText).m4 = function () { return this.j4_1; }; protoOf(KyberCipherText).n4 = function () { var output = new Int8Array(this.parameter.CIPHERTEXT_LENGTH); var tmp0 = this.i4_1; // Inline function 'kotlin.collections.copyInto' call var endIndex = tmp0.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp = tmp0; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp, output, 0, 0, endIndex); var tmp5 = this.j4_1; // Inline function 'kotlin.collections.copyInto' call var destinationOffset = this.i4_1.length; var endIndex_0 = tmp5.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_0 = tmp5; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_0, output, destinationOffset, 0, endIndex_0); return output; }; protoOf(KyberCipherText).copy = function () { return new KyberCipherText(this.parameter, this.i4_1, this.j4_1); }; protoOf(KyberCipherText).decapsulate = function (decapsulationKey) { return KyberAgreement_instance.o4(decapsulationKey, this); }; protoOf(KyberCipherText).equals = function (other) { if (this === other) return true; if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other))) return false; if (!(other instanceof KyberCipherText)) THROW_CCE(); if (!this.parameter.equals(other.parameter)) return false; if (!contentEquals(this.i4_1, other.i4_1)) return false; if (!contentEquals(this.j4_1, other.j4_1)) return false; return true; }; protoOf(KyberCipherText).hashCode = function () { var result = this.parameter.hashCode(); result = imul(31, result) + contentHashCode(this.i4_1) | 0; result = imul(31, result) + contentHashCode(this.j4_1) | 0; return result; }; function KyberConstants() { KyberConstants_instance = this; this.N = 256; this.N_BYTES = 32; this.Q = 3329; this.Q_INV = -62209; this.Q_HALF = 1665; this.BARRETT_APPROX = 20159; this.MONT_R2 = 1353; this.SECRET_KEY_LENGTH = 32; this.ENCODE_SIZE = 384; var tmp = this; // Inline function 'kotlin.intArrayOf' call tmp.PRECOMPUTED_ZETAS_TABLE = new Int32Array([1, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628]); var tmp_0 = this; // Inline function 'kotlin.intArrayOf' call tmp_0.PRECOMPUTED_GAMMAS_TABLE = new Int32Array([2226, 1103, 430, 2899, 555, 2774, 843, 2486, 2078, 1251, 871, 2458, 1550, 1779, 105, 3224, 422, 2907, 587, 2742, 177, 3152, 3094, 235, 3038, 291, 2869, 460, 1574, 1755, 1653, 1676, 3083, 246, 778, 2551, 1159, 2170, 3182, 147, 2552, 777, 1483, 1846, 2727, 602, 1119, 2210, 1739, 1590, 644, 2685, 2457, 872, 349, 2980, 418, 2911, 329, 3000, 3173, 156, 3254, 75, 817, 2512, 1097, 2232, 603, 2726, 610, 2719, 1322, 2007, 2044, 1285, 1864, 1465, 384, 2945, 2114, 1215, 3193, 136, 1218, 2111, 1994, 1335, 2455, 874, 220, 3109, 2142, 1187, 1670, 1659, 2144, 1185, 1799, 1530, 2051, 1278, 794, 2535, 1819, 1510, 2475, 854, 2459, 870, 478, 2851, 3221, 108, 3021, 308, 996, 2333, 991, 2338, 958, 2371, 1869, 1460, 1522, 1807, 1628, 1701]); } protoOf(KyberConstants).p4 = function () { return this.N; }; protoOf(KyberConstants).q4 = function () { return this.N_BYTES; }; protoOf(KyberConstants).r4 = function () { return this.Q; }; protoOf(KyberConstants).s4 = function () { return this.Q_INV; }; protoOf(KyberConstants).t4 = function () { return this.Q_HALF; }; protoOf(KyberConstants).u4 = function () { return this.BARRETT_APPROX; }; protoOf(KyberConstants).v4 = function () { return this.MONT_R2; }; protoOf(KyberConstants).w4 = function () { return this.SECRET_KEY_LENGTH; }; protoOf(KyberConstants).x4 = function () { return this.ENCODE_SIZE; }; protoOf(KyberConstants).y4 = function () { return this.PRECOMPUTED_ZETAS_TABLE; }; protoOf(KyberConstants).z4 = function () { return this.PRECOMPUTED_GAMMAS_TABLE; }; var KyberConstants_instance; function KyberConstants_getInstance() { if (KyberConstants_instance == null) new KyberConstants(); return KyberConstants_instance; } function Companion_0() { } protoOf(Companion_0).fromBytes = function (bytes) { var parameter = Companion_instance_4.findByDecapsulationKeySize(bytes.length); var decryptionKey = Companion_instance_1.fromBytes(copyOfRange(bytes, 0, parameter.DECRYPTION_KEY_LENGTH)); var encryptionKey = Companion_instance_3.fromBytes(copyOfRange(bytes, parameter.DECRYPTION_KEY_LENGTH, parameter.DECRYPTION_KEY_LENGTH + parameter.ENCRYPTION_KEY_LENGTH | 0)); var hash = copyOfRange(bytes, bytes.length - 64 | 0, bytes.length - 32 | 0); var randomSeed = copyOfRange(bytes, bytes.length - 32 | 0, bytes.length); return new KyberDecapsulationKey(decryptionKey, encryptionKey, hash, randomSeed); }; var Companion_instance_0; function Companion_getInstance_0() { return Companion_instance_0; } function KyberDecapsulationKey(key, encryptionKey, hash, randomSeed) { this.a5_1 = key; this.encryptionKey = encryptionKey; var tmp = this; // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call tmp.b5_1 = hash.slice(); var tmp_0 = this; // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call tmp_0.c5_1 = randomSeed.slice(); var ekHash = KeccakHash_instance.generate(KeccakParameter_SHA3_256_getInstance(), this.encryptionKey.fullBytes, 32); if (!contentEquals(ekHash, hash)) throw new InvalidKyberKeyException('Hash Check failed! This is not a valid Decapsulation Key.'); this.parameter = this.a5_1.d5_1; } protoOf(KyberDecapsulationKey).f5 = function () { return this.a5_1; }; protoOf(KyberDecapsulationKey).g5 = function () { return this.encryptionKey; }; protoOf(KyberDecapsulationKey).h5 = function () { return this.b5_1; }; protoOf(KyberDecapsulationKey).i5 = function () { return this.c5_1; }; protoOf(KyberDecapsulationKey).k4 = function () { return this.parameter; }; protoOf(KyberDecapsulationKey).n4 = function () { var output = new Int8Array(this.a5_1.d5_1.DECAPSULATION_KEY_LENGTH); var tmp0 = this.a5_1.e5_1; // Inline function 'kotlin.collections.copyInto' call var endIndex = tmp0.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp = tmp0; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp, output, 0, 0, endIndex); var tmp5 = this.encryptionKey.fullBytes; // Inline function 'kotlin.collections.copyInto' call var destinationOffset = this.a5_1.e5_1.length; var endIndex_0 = tmp5.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_0 = tmp5; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_0, output, destinationOffset, 0, endIndex_0); var tmp10 = this.b5_1; // Inline function 'kotlin.collections.copyInto' call var destinationOffset_0 = this.a5_1.e5_1.length + this.encryptionKey.fullBytes.length | 0; var endIndex_1 = tmp10.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_1 = tmp10; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_1, output, destinationOffset_0, 0, endIndex_1); var tmp15 = this.c5_1; // Inline function 'kotlin.collections.copyInto' call var destinationOffset_1 = output.length - this.c5_1.length | 0; var endIndex_2 = tmp15.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_2 = tmp15; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_2, output, destinationOffset_1, 0, endIndex_2); return output; }; protoOf(KyberDecapsulationKey).copy = function () { return new KyberDecapsulationKey(this.a5_1.copy(), this.encryptionKey, this.b5_1, this.c5_1); }; protoOf(KyberDecapsulationKey).decapsulate = function (cipherText) { return KyberAgreement_instance.o4(this, cipherText); }; protoOf(KyberDecapsulationKey).equals = function (other) { if (this === other) return true; if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other))) return false; if (!(other instanceof KyberDecapsulationKey)) THROW_CCE(); if (!this.a5_1.equals(other.a5_1)) return false; if (!this.encryptionKey.equals(other.encryptionKey)) return false; if (!contentEquals(this.b5_1, other.b5_1)) return false; if (!contentEquals(this.c5_1, other.c5_1)) return false; if (!this.parameter.equals(other.parameter)) return false; return true; }; protoOf(KyberDecapsulationKey).hashCode = function () { var result = this.a5_1.hashCode(); result = imul(31, result) + this.encryptionKey.hashCode() | 0; result = imul(31, result) + contentHashCode(this.b5_1) | 0; result = imul(31, result) + contentHashCode(this.c5_1) | 0; result = imul(31, result) + this.parameter.hashCode() | 0; return result; }; function Companion_1() { } protoOf(Companion_1).fromBytes = function (bytes) { return new KyberDecryptionKey(Companion_instance_4.findByDecryptionKeySize(bytes.length), bytes); }; var Companion_instance_1; function Companion_getInstance_1() { return Companion_instance_1; } function KyberDecryptionKey(parameter, keyBytes) { this.d5_1 = parameter; var tmp = this; // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call tmp.e5_1 = keyBytes.slice(); var coefficients = KyberMath_instance.j5(keyBytes, 12); var inductionVariable = 0; var last = coefficients.length; while (inductionVariable < last) { var c = coefficients[inductionVariable]; inductionVariable = inductionVariable + 1 | 0; if (!KyberMath_instance.k5(c)) throw new InvalidKyberKeyException('Not modulus of 3329'); } } protoOf(KyberDecryptionKey).k4 = function () { return this.d5_1; }; protoOf(KyberDecryptionKey).l5 = function () { return this.e5_1; }; protoOf(KyberDecryptionKey).n4 = function () { // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call return this.e5_1.slice(); }; protoOf(KyberDecryptionKey).copy = function () { return new KyberDecryptionKey(this.d5_1, this.e5_1); }; protoOf(KyberDecryptionKey).equals = function (other) { if (this === other) return true; if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other))) return false; if (!(other instanceof KyberDecryptionKey)) THROW_CCE(); if (!this.d5_1.equals(other.d5_1)) return false; if (!contentEquals(this.e5_1, other.e5_1)) return false; return true; }; protoOf(KyberDecryptionKey).hashCode = function () { var result = this.d5_1.hashCode(); result = imul(31, result) + contentHashCode(this.e5_1) | 0; return result; }; function Companion_2() { } protoOf(Companion_2).fromBytes = function (bytes) { return new KyberEncapsulationKey(Companion_instance_3.fromBytes(bytes)); }; var Companion_instance_2; function Companion_getInstance_2() { return Companion_instance_2; } function KyberEncapsulationKey(key) { this.m5_1 = key; } protoOf(KyberEncapsulationKey).f5 = function () { return this.m5_1; }; protoOf(KyberEncapsulationKey).n4 = function () { // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call return this.m5_1.fullBytes.slice(); }; protoOf(KyberEncapsulationKey).copy = function () { return new KyberEncapsulationKey(this.m5_1.copy()); }; protoOf(KyberEncapsulationKey).encapsulate = function () { var tmp = KyberAgreement_instance; // Inline function 'kotlin.apply' call var this_0 = new Int8Array(32); // Inline function 'asia.hombre.kyber.KyberEncapsulationKey.encapsulate.<anonymous>' call Default_getInstance().a3(this_0); return tmp.n5(this, this_0); }; protoOf(KyberEncapsulationKey).equals = function (other) { if (this === other) return true; if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other))) return false; if (!(other instanceof KyberEncapsulationKey)) THROW_CCE(); return this.m5_1.equals(other.m5_1); }; protoOf(KyberEncapsulationKey).hashCode = function () { return this.m5_1.hashCode(); }; function KyberEncapsulationResult(sharedSecretKey_, cipherText_) { this.o5_1 = sharedSecretKey_; this.p5_1 = cipherText_; } protoOf(KyberEncapsulationResult).q5 = function () { // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call return this.o5_1.slice(); }; protoOf(KyberEncapsulationResult).r5 = function () { return this.sharedSecretKey; }; protoOf(KyberEncapsulationResult).s5 = function () { return this.p5_1.copy(); }; function Companion_3() { } protoOf(Companion_3).fromBytes = function (bytes) { var keyLength = bytes.length - 32 | 0; return new KyberEncryptionKey(Companion_instance_4.findByEncryptionKeySize(bytes.length), copyOfRange(bytes, 0, keyLength), copyOfRange(bytes, keyLength, bytes.length)); }; var Companion_instance_3; function Companion_getInstance_3() { return Companion_instance_3; } function KyberEncryptionKey(parameter, keyBytes, nttSeed) { this.t5_1 = parameter; var tmp = this; // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call tmp.u5_1 = keyBytes.slice(); var tmp_0 = this; // Inline function 'kotlin.collections.copyOf' call // Inline function 'kotlin.js.asDynamic' call tmp_0.v5_1 = nttSeed.slice(); var coefficients = KyberMath_instance.j5(keyBytes, 12); var inductionVariable = 0; var last = coefficients.length; while (inductionVariable < last) { var c = coefficients[inductionVariable]; inductionVariable = inductionVariable + 1 | 0; if (!KyberMath_instance.k5(c)) throw new InvalidKyberKeyException('Not modulus of 3329'); } } protoOf(KyberEncryptionKey).k4 = function () { return this.t5_1; }; protoOf(KyberEncryptionKey).l5 = function () { return this.u5_1; }; protoOf(KyberEncryptionKey).w5 = function () { return this.v5_1; }; protoOf(KyberEncryptionKey).n4 = function () { var output = new Int8Array(this.t5_1.ENCAPSULATION_KEY_LENGTH); var tmp0 = this.u5_1; // Inline function 'kotlin.collections.copyInto' call var endIndex = tmp0.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp = tmp0; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp, output, 0, 0, endIndex); var tmp5 = this.v5_1; // Inline function 'kotlin.collections.copyInto' call var destinationOffset = this.u5_1.length; var endIndex_0 = tmp5.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_0 = tmp5; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_0, output, destinationOffset, 0, endIndex_0); return output; }; protoOf(KyberEncryptionKey).copy = function () { return new KyberEncryptionKey(this.t5_1, this.u5_1, this.v5_1); }; protoOf(KyberEncryptionKey).equals = function (other) { if (this === other) return true; if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other))) return false; if (!(other instanceof KyberEncryptionKey)) THROW_CCE(); if (!this.t5_1.equals(other.t5_1)) return false; if (!contentEquals(this.u5_1, other.u5_1)) return false; if (!contentEquals(this.v5_1, other.v5_1)) return false; return true; }; protoOf(KyberEncryptionKey).hashCode = function () { var result = this.t5_1.hashCode(); result = imul(31, result) + contentHashCode(this.u5_1) | 0; result = imul(31, result) + contentHashCode(this.v5_1) | 0; return result; }; function KyberKEMKeyPair(encapsulationKey, decapsulationKey) { this.encapsulationKey = encapsulationKey; this.decapsulationKey = decapsulationKey; } protoOf(KyberKEMKeyPair).x5 = function () { return this.encapsulationKey; }; protoOf(KyberKEMKeyPair).y5 = function () { return this.decapsulationKey; }; protoOf(KyberKEMKeyPair).copy = function () { return new KyberKEMKeyPair(this.encapsulationKey.copy(), this.decapsulationKey.copy()); }; protoOf(KyberKEMKeyPair).equals = function (other) { if (this === other) return true; if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other))) return false; if (!(other instanceof KyberKEMKeyPair)) THROW_CCE(); if (!this.encapsulationKey.equals(other.encapsulationKey)) return false; if (!this.decapsulationKey.equals(other.decapsulationKey)) return false; return true; }; protoOf(KyberKEMKeyPair).hashCode = function () { var result = this.encapsulationKey.hashCode(); result = imul(31, result) + this.decapsulationKey.hashCode() | 0; return result; }; function PKEGenerator() { } protoOf(PKEGenerator).z5 = function (parameter, byteArray) { var seeds = KeccakHash_instance.generate(KeccakParameter_SHA3_512_getInstance(), byteArray); fill(byteArray, 0); var nttSeed = copyOfRange(seeds, 0, 32); var cbdSeed = copyOfRange(seeds, 32, 64); fill(seeds, 0); var tmp = 0; var tmp_0 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_1 = fillArrayVal(Array(tmp_0), null); while (tmp < tmp_0) { var tmp_2 = tmp; var tmp_3 = 0; var tmp_4 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_5 = fillArrayVal(Array(tmp_4), null); while (tmp_3 < tmp_4) { tmp_5[tmp_3] = new Int32Array(256); tmp_3 = tmp_3 + 1 | 0; } tmp_1[tmp_2] = tmp_5; tmp = tmp + 1 | 0; } var matrix = tmp_1; var tmp_6 = 0; var tmp_7 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_8 = fillArrayVal(Array(tmp_7), null); while (tmp_6 < tmp_7) { tmp_8[tmp_6] = new Int32Array(256); tmp_6 = tmp_6 + 1 | 0; } var secretVector = tmp_8; var tmp_9 = 0; var tmp_10 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_11 = fillArrayVal(Array(tmp_10), null); while (tmp_9 < tmp_10) { tmp_11[tmp_9] = new Int32Array(256); tmp_9 = tmp_9 + 1 | 0; } var noiseVector = tmp_11; var inductionVariable = 0; var last = parameter.K; if (inductionVariable < last) do { var nonce = inductionVariable; var i = inductionVariable; inductionVariable = inductionVariable + 1 | 0; var inductionVariable_0 = 0; var last_0 = parameter.K; if (inductionVariable_0 < last_0) do { var j = inductionVariable_0; inductionVariable_0 = inductionVariable_0 + 1 | 0; matrix[i][j] = KyberMath_instance.b6(KyberMath_instance.a6(nttSeed, toByte(i), toByte(j))); } while (inductionVariable_0 < last_0); secretVector[i] = KyberMath_instance.d6(parameter.ETA1, KyberMath_instance.c6(parameter.ETA1, cbdSeed, toByte(nonce))); secretVector[i] = KyberMath_instance.e6(secretVector[i]); noiseVector[i] = KyberMath_instance.d6(parameter.ETA1, KyberMath_instance.c6(parameter.ETA1, cbdSeed, toByte(nonce + parameter.K | 0))); noiseVector[i] = KyberMath_instance.e6(noiseVector[i]); } while (inductionVariable < last); fill(cbdSeed, 0); var systemVector = KyberMath_instance.g6(KyberMath_instance.f6(matrix, secretVector, true), noiseVector); var encryptionKeyBytes = new Int8Array(parameter.ENCRYPTION_KEY_LENGTH - 32 | 0); var decryptionKeyBytes = new Int8Array(parameter.DECRYPTION_KEY_LENGTH); var inductionVariable_1 = 0; var last_1 = parameter.K; if (inductionVariable_1 < last_1) do { var i_0 = inductionVariable_1; inductionVariable_1 = inductionVariable_1 + 1 | 0; var inductionVariable_2 = 0; var last_2 = parameter.K; if (inductionVariable_2 < last_2) do { var j_0 = inductionVariable_2; inductionVariable_2 = inductionVariable_2 + 1 | 0; fill_0(matrix[i_0][j_0], 0); } while (inductionVariable_2 < last_2); fill_0(noiseVector[i_0], 0); var tmp4 = KyberMath_instance.i6(KyberMath_instance.h6(systemVector[i_0]), 12); // Inline function 'kotlin.collections.copyInto' call var destinationOffset = imul(i_0, 384); var endIndex = tmp4.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_12 = tmp4; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_12, encryptionKeyBytes, destinationOffset, 0, endIndex); var tmp9 = KyberMath_instance.i6(KyberMath_instance.h6(secretVector[i_0]), 12); // Inline function 'kotlin.collections.copyInto' call var destinationOffset_0 = imul(i_0, 384); var endIndex_0 = tmp9.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_13 = tmp9; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_13, decryptionKeyBytes, destinationOffset_0, 0, endIndex_0); } while (inductionVariable_1 < last_1); return new KyberPKEKeyPair(new KyberEncryptionKey(parameter, encryptionKeyBytes, nttSeed), new KyberDecryptionKey(parameter, decryptionKeyBytes)); }; var PKEGenerator_instance; function PKEGenerator_getInstance() { return PKEGenerator_instance; } function KyberKeyGenerator() { } protoOf(KyberKeyGenerator).generate = function (parameter) { // Inline function 'kotlin.apply' call var this_0 = new Int8Array(32); // Inline function 'asia.hombre.kyber.KyberKeyGenerator.generate.<anonymous>' call Default_getInstance().a3(this_0); var tmp = this_0; // Inline function 'kotlin.apply' call var this_1 = new Int8Array(32); // Inline function 'asia.hombre.kyber.KyberKeyGenerator.generate.<anonymous>' call Default_getInstance().a3(this_1); return this.j6(parameter, tmp, this_1); }; protoOf(KyberKeyGenerator).j6 = function (parameter, randomSeed, pkeSeed) { var pkeKeyPair = PKEGenerator_instance.z5(parameter, pkeSeed); var hash = KeccakHash_instance.generate(KeccakParameter_SHA3_256_getInstance(), pkeKeyPair.encryptionKey.fullBytes, 32); return new KyberKEMKeyPair(new KyberEncapsulationKey(pkeKeyPair.encryptionKey), new KyberDecapsulationKey(pkeKeyPair.decryptionKey, pkeKeyPair.encryptionKey, hash, randomSeed)); }; var KyberKeyGenerator_instance; function KyberKeyGenerator_getInstance() { return KyberKeyGenerator_instance; } function KyberPKEKeyPair(encryptionKey, decryptionKey) { this.encryptionKey = encryptionKey; this.decryptionKey = decryptionKey; } protoOf(KyberPKEKeyPair).g5 = function () { return this.encryptionKey; }; protoOf(KyberPKEKeyPair).k6 = function () { return this.decryptionKey; }; protoOf(KyberPKEKeyPair).copy = function () { return new KyberPKEKeyPair(this.encryptionKey.copy(), this.decryptionKey.copy()); }; protoOf(KyberPKEKeyPair).equals = function (other) { if (this === other) return true; if (other == null || !getKClassFromExpression(this).equals(getKClassFromExpression(other))) return false; if (!(other instanceof KyberPKEKeyPair)) THROW_CCE(); if (!this.encryptionKey.equals(other.encryptionKey)) return false; if (!this.decryptionKey.equals(other.decryptionKey)) return false; return true; }; protoOf(KyberPKEKeyPair).hashCode = function () { var result = this.encryptionKey.hashCode(); result = imul(31, result) + this.decryptionKey.hashCode() | 0; return result; }; var KyberParameter_ML_KEM_512_instance; var KyberParameter_ML_KEM_768_instance; var KyberParameter_ML_KEM_1024_instance; function Companion_4() { } protoOf(Companion_4).findByCipherTextSize = function (length) { var tmp; if (length === KyberParameter_ML_KEM_512_getInstance().CIPHERTEXT_LENGTH) { tmp = KyberParameter_ML_KEM_512_getInstance(); } else if (length === KyberParameter_ML_KEM_768_getInstance().CIPHERTEXT_LENGTH) { tmp = KyberParameter_ML_KEM_768_getInstance(); } else if (length === KyberParameter_ML_KEM_1024_getInstance().CIPHERTEXT_LENGTH) { tmp = KyberParameter_ML_KEM_1024_getInstance(); } else { throw new UnsupportedKyberVariantException('Cipher Text byte length is either bigger or smaller than expected.'); } return tmp; }; protoOf(Companion_4).findByEncryptionKeySize = function (length) { var tmp; if (length === KyberParameter_ML_KEM_512_getInstance().ENCAPSULATION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_512_getInstance(); } else if (length === KyberParameter_ML_KEM_768_getInstance().ENCAPSULATION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_768_getInstance(); } else if (length === KyberParameter_ML_KEM_1024_getInstance().ENCAPSULATION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_1024_getInstance(); } else { throw new UnsupportedKyberVariantException('Encryption Key byte length is either bigger or smaller than expected.'); } return tmp; }; protoOf(Companion_4).findByEncapsulationKeySize = function (length) { var tmp; try { tmp = this.findByEncryptionKeySize(length); } catch ($p) { var tmp_0; if ($p instanceof UnsupportedKyberVariantException) { var exception = $p; throw new UnsupportedKyberVariantException('Encapsulation Key byte length is either bigger or smaller than expected.'); } else { throw $p; } } return tmp; }; protoOf(Companion_4).findByDecryptionKeySize = function (length) { var tmp; if (length === KyberParameter_ML_KEM_512_getInstance().DECRYPTION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_512_getInstance(); } else if (length === KyberParameter_ML_KEM_768_getInstance().DECRYPTION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_768_getInstance(); } else if (length === KyberParameter_ML_KEM_1024_getInstance().DECRYPTION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_1024_getInstance(); } else { throw new UnsupportedKyberVariantException('Decryption Key byte length is either bigger or smaller than expected.'); } return tmp; }; protoOf(Companion_4).findByDecapsulationKeySize = function (length) { var tmp; if (length === KyberParameter_ML_KEM_512_getInstance().DECAPSULATION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_512_getInstance(); } else if (length === KyberParameter_ML_KEM_768_getInstance().DECAPSULATION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_768_getInstance(); } else if (length === KyberParameter_ML_KEM_1024_getInstance().DECAPSULATION_KEY_LENGTH) { tmp = KyberParameter_ML_KEM_1024_getInstance(); } else { throw new UnsupportedKyberVariantException('Decapsulation Key byte length is either bigger or smaller than expected.'); } return tmp; }; var Companion_instance_4; function Companion_getInstance_4() { return Companion_instance_4; } function values() { return [KyberParameter_ML_KEM_512_getInstance(), KyberParameter_ML_KEM_768_getInstance(), KyberParameter_ML_KEM_1024_getInstance()]; } function valueOf(value) { switch (value) { case 'ML_KEM_512': return KyberParameter_ML_KEM_512_getInstance(); case 'ML_KEM_768': return KyberParameter_ML_KEM_768_getInstance(); case 'ML_KEM_1024': return KyberParameter_ML_KEM_1024_getInstance(); default: KyberParameter_initEntries(); THROW_IAE('No enum constant value.'); break; } } var KyberParameter_entriesInitialized; function KyberParameter_initEntries() { if (KyberParameter_entriesInitialized) return Unit_instance; KyberParameter_entriesInitialized = true; KyberParameter_ML_KEM_512_instance = new KyberParameter('ML_KEM_512', 0, 2, 3, 2, 10, 4); KyberParameter_ML_KEM_768_instance = new KyberParameter('ML_KEM_768', 1, 3, 2, 2, 10, 4); KyberParameter_ML_KEM_1024_instance = new KyberParameter('ML_KEM_1024', 2, 4, 2, 2, 11, 5); } function KyberParameter(name, ordinal, K, ETA1, ETA2, DU, DV) { Enum.call(this, name, ordinal); this.K = K; this.ETA1 = ETA1; this.ETA2 = ETA2; this.DU = DU; this.DV = DV; this.CIPHERTEXT_LENGTH = imul(32, imul(this.DU, this.K) + this.DV | 0); this.DECRYPTION_KEY_LENGTH = imul(384, this.K); this.ENCRYPTION_KEY_LENGTH = this.DECRYPTION_KEY_LENGTH + 32 | 0; this.ENCAPSULATION_KEY_LENGTH = this.ENCRYPTION_KEY_LENGTH; this.DECAPSULATION_KEY_LENGTH = (this.ENCAPSULATION_KEY_LENGTH + this.DECRYPTION_KEY_LENGTH | 0) + 64 | 0; } protoOf(KyberParameter).l6 = function () { return this.K; }; protoOf(KyberParameter).m6 = function () { return this.ETA1; }; protoOf(KyberParameter).n6 = function () { return this.ETA2; }; protoOf(KyberParameter).o6 = function () { return this.DU; }; protoOf(KyberParameter).p6 = function () { return this.DV; }; protoOf(KyberParameter).q6 = function () { return this.CIPHERTEXT_LENGTH; }; protoOf(KyberParameter).r6 = function () { return this.DECRYPTION_KEY_LENGTH; }; protoOf(KyberParameter).s6 = function () { return this.ENCRYPTION_KEY_LENGTH; }; protoOf(KyberParameter).t6 = function () { return this.ENCAPSULATION_KEY_LENGTH; }; protoOf(KyberParameter).u6 = function () { return this.DECAPSULATION_KEY_LENGTH; }; function KyberParameter_ML_KEM_512_getInstance() { KyberParameter_initEntries(); return KyberParameter_ML_KEM_512_instance; } function KyberParameter_ML_KEM_768_getInstance() { KyberParameter_initEntries(); return KyberParameter_ML_KEM_768_instance; } function KyberParameter_ML_KEM_1024_getInstance() { KyberParameter_initEntries(); return KyberParameter_ML_KEM_1024_instance; } function InvalidKyberKeyException(message) { Exception_init_$Init$('This may not be an ML-KEM Key! Reason: ' + message, this); captureStack(this, InvalidKyberKeyException); this.v6_1 = message; } protoOf(InvalidKyberKeyException).m1 = function () { return this.v6_1; }; function UnsupportedKyberVariantException(message) { Exception_init_$Init$('This ML-KEM variant is not yet supported! Reason: ' + message, this); captureStack(this, UnsupportedKyberVariantException); this.w6_1 = message; } protoOf(UnsupportedKyberVariantException).m1 = function () { return this.w6_1; }; function toCipherText($this, encryptionKey, plainText, randomness) { var parameter = encryptionKey.t5_1; var decodedKey = KyberMath_instance.j5(encryptionKey.u5_1, 12); var tmp = 0; var tmp_0 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_1 = fillArrayVal(Array(tmp_0), null); while (tmp < tmp_0) { tmp_1[tmp] = new Int32Array(256); tmp = tmp + 1 | 0; } var nttKeyVector = tmp_1; var nttSeed = encryptionKey.v5_1; var tmp_2 = 0; var tmp_3 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_4 = fillArrayVal(Array(tmp_3), null); while (tmp_2 < tmp_3) { var tmp_5 = tmp_2; var tmp_6 = 0; var tmp_7 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_8 = fillArrayVal(Array(tmp_7), null); while (tmp_6 < tmp_7) { tmp_8[tmp_6] = new Int32Array(256); tmp_6 = tmp_6 + 1 | 0; } tmp_4[tmp_5] = tmp_8; tmp_2 = tmp_2 + 1 | 0; } var matrix = tmp_4; var tmp_9 = 0; var tmp_10 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_11 = fillArrayVal(Array(tmp_10), null); while (tmp_9 < tmp_10) { tmp_11[tmp_9] = new Int32Array(256); tmp_9 = tmp_9 + 1 | 0; } var randomnessVector = tmp_11; var tmp_12 = 0; var tmp_13 = parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_14 = fillArrayVal(Array(tmp_13), null); while (tmp_12 < tmp_13) { tmp_14[tmp_12] = new Int32Array(256); tmp_12 = tmp_12 + 1 | 0; } var noiseVector = tmp_14; var inductionVariable = 0; var last = parameter.K; if (inductionVariable < last) do { var n = inductionVariable; var i = inductionVariable; inductionVariable = inductionVariable + 1 | 0; var tmp6 = nttKeyVector[i]; var tmp8 = imul(256, i); // Inline function 'kotlin.collections.copyInto' call var endIndex = imul(256, i + 1 | 0); // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_15 = decodedKey; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_15, tmp6, 0, tmp8, endIndex); nttKeyVector[i] = KyberMath_instance.x6(nttKeyVector[i]); randomnessVector[i] = KyberMath_instance.d6(parameter.ETA1, KyberMath_instance.c6(parameter.ETA1, randomness, toByte(n))); randomnessVector[i] = KyberMath_instance.e6(randomnessVector[i]); noiseVector[i] = KyberMath_instance.d6(parameter.ETA2, KyberMath_instance.c6(parameter.ETA2, randomness, toByte(n + parameter.K | 0))); var inductionVariable_0 = 0; var last_0 = parameter.K; if (inductionVariable_0 < last_0) do { var j = inductionVariable_0; inductionVariable_0 = inductionVariable_0 + 1 | 0; matrix[i][j] = KyberMath_instance.b6(KyberMath_instance.a6(nttSeed, toByte(i), toByte(j))); } while (inductionVariable_0 < last_0); } while (inductionVariable < last); var noiseTerm = KyberMath_instance.d6(parameter.ETA2, KyberMath_instance.c6(parameter.ETA2, randomness, toByte(imul(parameter.K, 2) + 1 | 0))); var muse = KyberMath_instance.z6(KyberMath_instance.y6(plainText)); var coefficients = KyberMath_instance.a7(matrix, randomnessVector); var constantTerm = new Int32Array(256); var inductionVariable_1 = 0; var last_1 = parameter.K; if (inductionVariable_1 < last_1) do { var i_0 = inductionVariable_1; inductionVariable_1 = inductionVariable_1 + 1 | 0; coefficients[i_0] = KyberMath_instance.b7(coefficients[i_0]); coefficients[i_0] = KyberMath_instance.c7(coefficients[i_0], noiseVector[i_0]); constantTerm = KyberMath_instance.c7(constantTerm, KyberMath_instance.d7(nttKeyVector[i_0], randomnessVector[i_0])); var inductionVariable_2 = 0; var last_2 = parameter.K; if (inductionVariable_2 < last_2) do { var j_0 = inductionVariable_2; inductionVariable_2 = inductionVariable_2 + 1 | 0; fill_0(matrix[i_0][j_0], 0); } while (inductionVariable_2 < last_2); fill_0(noiseVector[i_0], 0); fill_0(nttKeyVector[i_0], 0); fill_0(randomnessVector[i_0], 0); } while (inductionVariable_1 < last_1); constantTerm = KyberMath_instance.b7(constantTerm); constantTerm = KyberMath_instance.c7(constantTerm, noiseTerm); constantTerm = KyberMath_instance.c7(constantTerm, muse); fill_0(muse, 0); var encodedCoefficients = new Int8Array(imul(32, imul(parameter.DU, parameter.K))); var encodedTerms = new Int8Array(imul(32, parameter.DV)); var inductionVariable_3 = 0; var last_3 = parameter.K; if (inductionVariable_3 < last_3) do { var i_1 = inductionVariable_3; inductionVariable_3 = inductionVariable_3 + 1 | 0; var tmp10 = KyberMath_instance.i6(KyberMath_instance.e7(KyberMath_instance.h6(coefficients[i_1]), parameter.DU), parameter.DU); // Inline function 'kotlin.collections.copyInto' call var destinationOffset = imul(imul(i_1, 32), parameter.DU); var endIndex_0 = tmp10.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_16 = tmp10; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_16, encodedCoefficients, destinationOffset, 0, endIndex_0); } while (inductionVariable_3 < last_3); var tmp15 = KyberMath_instance.i6(KyberMath_instance.e7(KyberMath_instance.h6(constantTerm), parameter.DV), parameter.DV); // Inline function 'kotlin.collections.copyInto' call var endIndex_1 = tmp15.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_17 = tmp15; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_17, encodedTerms, 0, 0, endIndex_1); return new KyberCipherText(parameter, encodedCoefficients, encodedTerms); } function KyberAgreement() { } protoOf(KyberAgreement).f7 = function (decryptionKey, kyberCipherText) { var parameter = kyberCipherText.parameter; var tmp = 0; var tmp_0 = kyberCipherText.parameter.K; // Inline function 'kotlin.arrayOfNulls' call var tmp_1 = fillArrayVal(Array(tmp_0), null); while (tmp < tmp_0) { tmp_1[tmp] = new Int32Array(256); tmp = tmp + 1 | 0; } var coefficients = tmp_1; var inductionVariable = 0; var last = parameter.K; if (inductionVariable < last) do { var i = inductionVariable; inductionVariable = inductionVariable + 1 | 0; coefficients[i] = KyberMath_instance.g7(KyberMath_instance.j5(copyOfRange(kyberCipherText.i4_1, imul(imul(i, 32), parameter.DU), imul(imul(i + 1 | 0, 32), parameter.DU)), parameter.DU), parameter.DU); coefficients[i] = KyberMath_instance.x6(coefficients[i]); } while (inductionVariable < last); var constantTerms = KyberMath_instance.g7(KyberMath_instance.j5(kyberCipherText.j4_1, parameter.DV), parameter.DV); constantTerms = KyberMath_instance.x6(constantTerms); var secretVector = KyberMath_instance.j5(decryptionKey.e5_1, 12); var inductionVariable_0 = 0; var last_0 = parameter.K; if (inductionVariable_0 < last_0) do { var i_0 = inductionVariable_0; inductionVariable_0 = inductionVariable_0 + 1 | 0; var subtraction = KyberMath_instance.b7(KyberMath_instance.d7(KyberMath_instance.x6(copyOfRange_0(secretVector, imul(i_0, 256), imul(i_0 + 1 | 0, 256))), KyberMath_instance.e6(coefficients[i_0]))); var inductionVariable_1 = 0; if (inductionVariable_1 < 256) do { var j = inductionVariable_1; inductionVariable_1 = inductionVariable_1 + 1 | 0; constantTerms[j] = KyberMath_instance.h7(constantTerms[j] - subtraction[j] | 0); } while (inductionVariable_1 < 256); } while (inductionVariable_0 < last_0); constantTerms = KyberMath_instance.h6(constantTerms); return KyberMath_instance.i6(KyberMath_instance.e7(constantTerms, 1), 1); }; protoOf(KyberAgreement).n5 = function (kyberEncapsulationKey, plainText) { var sha3512Bytes = new Int8Array(plainText.length + (KeccakParameter_SHA3_256_getInstance().maxLength / 8 | 0) | 0); // Inline function 'kotlin.collections.copyInto' call var endIndex = plainText.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp = plainText; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp, sha3512Bytes, 0, 0, endIndex); var tmp5 = KeccakHash_instance.generate(KeccakParameter_SHA3_256_getInstance(), kyberEncapsulationKey.m5_1.fullBytes); // Inline function 'kotlin.collections.copyInto' call var destinationOffset = plainText.length; var endIndex_0 = tmp5.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_0 = tmp5; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp_0, sha3512Bytes, destinationOffset, 0, endIndex_0); var sharedKeyAndRandomness = KeccakHash_instance.generate(KeccakParameter_SHA3_512_getInstance(), sha3512Bytes); var cipherText = toCipherText(this, kyberEncapsulationKey.m5_1, plainText, copyOfRange(sharedKeyAndRandomness, 32, sharedKeyAndRandomness.length)); return new KyberEncapsulationResult(copyOfRange(sharedKeyAndRandomness, 0, 32), cipherText); }; protoOf(KyberAgreement).o4 = function (decapsulationKey, kyberCipherText) { var recoveredPlainText = this.f7(decapsulationKey.a5_1, kyberCipherText); var sha3512Bytes = new Int8Array(recoveredPlainText.length + decapsulationKey.b5_1.length | 0); // Inline function 'kotlin.collections.copyInto' call var endIndex = recoveredPlainText.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp = recoveredPlainText; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call arrayCopy(tmp, sha3512Bytes, 0, 0, endIndex); var tmp5 = decapsulationKey.b5_1; // Inline function 'kotlin.collections.copyInto' call var destinationOffset = recoveredPlainText.length; var endIndex_0 = tmp5.length; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDynamic' call var tmp_0 = tmp5; // Inline function 'kotlin.js.unsafeCast' call // Inline function 'kotlin.js.asDy