From f0eefe788532d17a9de5f71231d2eeeb3053dcf8 Mon Sep 17 00:00:00 2001
From: hasufell <hasufell@hasufell.de>
Date: Wed, 28 May 2014 19:44:40 +0200
Subject: [PATCH] ENC: fix encryption

In some very rare cases such as the polynom
  1, -1, -1, 1, 1, -1, -1, 1, -1, -1, 1
the encryption->decryption cycle caused an incorrect result.
This wasn't reproducible for all polynomials, just for some.

Implementing the algorithm manually instead of using
the shortcut through
  fmpz_poly_add(out, out, tmp_poly_msg);
  fmpz_poly_mod_unsigned(out, ctx->q);
seems to have solved the issue.

Still unknown what happened there.
---
 src/encrypt.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/encrypt.c b/src/encrypt.c
index f432ffa..5f488db 100644
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -54,8 +54,28 @@ ntru_encrypt_poly(
 
 	fmpz_poly_zero(out);
 	poly_starmultiply(pub_key, rnd, out, ctx, ctx->q);
+
 	fmpz_poly_add(out, out, tmp_poly_msg);
-	fmpz_poly_mod_unsigned(out, ctx->q);
+	fmpz_poly_mod(out, ctx->q);
+
+	/*
+	 * using the flint functions
+	 *   fmpz_poly_add(out, out, tmp_poly_msg);
+	 *   fmpz_poly_mod_unsigned(out, ctx->q);
+	 * here instead caused very rare glitches in some cases,
+	 * TODO: investigate
+	 */
+	for (uint32_t i = 0; i < ctx->N; i++) {
+		printf("go ");
+		fmpz_t e_coeff_i;
+		fmpz *m_coeff_i = fmpz_poly_get_coeff_ptr(tmp_poly_msg, i);
+		fmpz_init(e_coeff_i);
+
+		fmpz_add_n(e_coeff_i, e_coeff_i, m_coeff_i);
+		fmpz_mod_ui(e_coeff_i, e_coeff_i, ctx->q);
+
+		fmpz_poly_set_coeff_fmpz_n(out, i, e_coeff_i);
+	}
 
 	fmpz_poly_clear(tmp_poly_msg);
 }