package org.bouncycastle.pqc.crypto.picnic;

import java.lang.reflect.Array;
import java.security.SecureRandom;
import java.util.logging.Logger;
import org.bouncycastle.crypto.h0;

/* loaded from: classes7.dex */
public final class h {
    private static final Logger LOG = Logger.getLogger(h.class.getName());
    protected static final int LOWMC_MAX_AND_GATES = 1144;
    protected static final int LOWMC_MAX_KEY_BITS = 256;
    private static final int LOWMC_MAX_STATE_SIZE = 64;
    protected static final int LOWMC_MAX_WORDS = 16;
    private static final int MAX_AUX_BYTES = 176;
    private static final int MAX_DIGEST_SIZE = 64;
    private static final int PICNIC_MAX_LOWMC_BLOCK_SIZE = 32;
    private static final int TRANSFORM_FS = 0;
    private static final int TRANSFORM_INVALID = 255;
    private static final int TRANSFORM_UR = 1;
    private static final int WORD_SIZE_BITS = 32;
    protected static final int saltSizeBytes = 32;
    private final int CRYPTO_BYTES;
    private final int CRYPTO_PUBLICKEYBYTES;
    private final int CRYPTO_SECRETKEYBYTES;
    protected final int UnruhGWithInputBytes;
    protected final int UnruhGWithoutInputBytes;
    protected final int andSizeBytes;
    protected final h0 digest;
    protected final int digestSizeBytes;
    protected final c lowmcConstants;
    protected final int numMPCParties;
    protected final int numMPCRounds;
    protected final int numOpenedRounds;
    protected final int numRounds;
    protected final int numSboxes;
    private final int parameters;
    protected final int pqSecurityLevel;
    protected final int seedSizeBytes;
    private int signatureLength;
    protected final int stateSizeBits;
    protected final int stateSizeBytes;
    protected final int stateSizeWords;
    private final int transform;

    /* JADX WARN: Failed to find 'out' block for switch in B:2:0x0026. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:11:0x00f0  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x018b  */
    /* JADX WARN: Removed duplicated region for block: B:18:0x0199  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x01a6 A[ADDED_TO_REGION] */
    /* JADX WARN: Removed duplicated region for block: B:25:0x01a0  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x018e  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x0192  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00f9  */
    /* JADX WARN: Removed duplicated region for block: B:29:0x0101  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x0109  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0114  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x011c  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x0124  */
    /* JADX WARN: Removed duplicated region for block: B:34:0x012f  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0137  */
    /* JADX WARN: Removed duplicated region for block: B:36:0x013f  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0147  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x014f  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x0159  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public h(int r17, org.bouncycastle.pqc.crypto.picnic.c r18) {
        /*
            Method dump skipped, instructions count: 526
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.pqc.crypto.picnic.h.<init>(int, org.bouncycastle.pqc.crypto.picnic.c):void");
    }

    private void Commit(byte[] bArr, int i, w wVar, byte[] bArr2) {
        ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 4);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr, i, this.seedSizeBytes);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr2, 0, this.digestSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 0);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, this.digestSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(wVar.inputShare), 0, this.stateSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(wVar.communicatedBits, 0, this.andSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(wVar.outputShare), 0, this.stateSizeBytes);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr2, 0, this.digestSizeBytes);
    }

    private void G(int i, byte[] bArr, int i9, w wVar, byte[] bArr2) {
        int i10 = this.seedSizeBytes + this.andSizeBytes;
        ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 5);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr, i9, this.seedSizeBytes);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr2, 0, this.digestSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, this.digestSizeBytes);
        if (i == 2) {
            ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(wVar.inputShare), 0, this.stateSizeBytes);
            i10 += this.stateSizeBytes;
        }
        ((org.bouncycastle.crypto.digests.c) this.digest).update(wVar.communicatedBits, 0, this.andSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i10), 0, 2);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr2, 0, i10);
    }

    private void H3(int[] iArr, int[] iArr2, w[][] wVarArr, byte[][][] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[][][] bArr5) {
        ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 1);
        byte[] bArr6 = new byte[this.stateSizeWords * 4];
        for (int i = 0; i < this.numMPCRounds; i++) {
            for (int i9 = 0; i9 < 3; i9++) {
                org.bouncycastle.util.o.intToLittleEndian(wVarArr[i][i9].outputShare, bArr6, 0);
                ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr6, 0, this.stateSizeBytes);
            }
        }
        implH3(iArr, iArr2, bArr, bArr2, bArr3, bArr4, bArr5);
    }

    private void H3(int[] iArr, int[] iArr2, int[][][] iArr3, byte[][][] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[][][] bArr5) {
        ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 1);
        byte[] bArr6 = new byte[this.stateSizeWords * 4];
        for (int i = 0; i < this.numMPCRounds; i++) {
            for (int i9 = 0; i9 < 3; i9++) {
                org.bouncycastle.util.o.intToLittleEndian(iArr3[i][i9], bArr6, 0);
                ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr6, 0, this.stateSizeBytes);
            }
        }
        implH3(iArr, iArr2, bArr, bArr2, bArr3, bArr4, bArr5);
    }

    private void HCP(byte[] bArr, int[] iArr, int[] iArr2, byte[][] bArr2, byte[] bArr3, byte[] bArr4, int[] iArr3, int[] iArr4, byte[] bArr5) {
        for (int i = 0; i < this.numMPCRounds; i++) {
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2[i], 0, this.digestSizeBytes);
        }
        byte[] bArr6 = new byte[32];
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr3, 0, this.digestSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr4, 0, 32);
        updateDigest(iArr3, bArr6);
        updateDigest(iArr4, bArr6);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr5, 0, bArr5.length);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr, 0, this.digestSizeBytes);
        if (iArr == null || iArr2 == null) {
            return;
        }
        expandChallengeHash(bArr, iArr, iArr2);
    }

    private void LowMCEnc(int[] iArr, int[] iArr2, int[] iArr3) {
        int[] iArr4 = new int[16];
        if (iArr != iArr2) {
            System.arraycopy(iArr, 0, iArr2, 0, this.stateSizeWords);
        }
        b KMatrix = this.lowmcConstants.KMatrix(this, 0);
        matrix_mul(iArr4, iArr3, KMatrix.getData(), KMatrix.getMatrixPointer());
        xor_array(iArr2, iArr2, iArr4, 0);
        for (int i = 1; i <= this.numRounds; i++) {
            b KMatrix2 = this.lowmcConstants.KMatrix(this, i);
            matrix_mul(iArr4, iArr3, KMatrix2.getData(), KMatrix2.getMatrixPointer());
            substitution(iArr2);
            int i9 = i - 1;
            b LMatrix = this.lowmcConstants.LMatrix(this, i9);
            matrix_mul(iArr2, iArr2, LMatrix.getData(), LMatrix.getMatrixPointer());
            b RConstant = this.lowmcConstants.RConstant(this, i9);
            xor_array(iArr2, iArr2, RConstant.getData(), RConstant.getMatrixPointer());
            xor_array(iArr2, iArr2, iArr4, 0);
        }
    }

    public static int appendUnique(int[] iArr, int i, int i9) {
        if (i9 == 0) {
            iArr[i9] = i;
        } else {
            for (int i10 = 0; i10 < i9; i10++) {
                if (iArr[i10] == i) {
                    return i9;
                }
            }
            iArr[i9] = i;
        }
        return i9 + 1;
    }

    private boolean arePaddingBitsZero(byte[] bArr, int i) {
        int numBytes = v.numBytes(i);
        while (i < numBytes * 8) {
            if (v.getBit(bArr, i) != 0) {
                return false;
            }
            i++;
        }
        return true;
    }

    private boolean arePaddingBitsZero(int[] iArr, int i) {
        if ((i & 31) == 0) {
            return true;
        }
        return (iArr[i >>> 5] & (~v.getTrailingBitsMask(i))) == 0;
    }

    private void aux_mpc_AND(int i, int i9, int i10, t tVar) {
        int i11 = this.numMPCParties - 1;
        v.setBit(tVar.tapes[i11], tVar.pos - 1, (byte) ((((i & i9) ^ (v.parity16(tVar.tapesToWord()) ^ v.getBit(tVar.tapes[i11], tVar.pos - 1))) ^ i10) & 255));
    }

    public static int bitsToChunks(int i, byte[] bArr, int i9, int[] iArr) {
        int i10 = i9 * 8;
        if (i > i10) {
            return 0;
        }
        int i11 = i10 / i;
        for (int i12 = 0; i12 < i11; i12++) {
            iArr[i12] = 0;
            for (int i13 = 0; i13 < i; i13++) {
                iArr[i12] = iArr[i12] + (v.getBit(bArr, (i12 * i) + i13) << i13);
            }
        }
        return i11;
    }

    private void commit(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i, int i9) {
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, this.seedSizeBytes);
        if (bArr3 != null) {
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr3, 0, this.andSizeBytes);
        }
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr4, 0, 32);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i), 0, 2);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i9), 0, 2);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr, 0, this.digestSizeBytes);
    }

    private void commit_h(byte[] bArr, byte[][] bArr2) {
        for (int i = 0; i < this.numMPCParties; i++) {
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2[i], 0, this.digestSizeBytes);
        }
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr, 0, this.digestSizeBytes);
    }

    private void commit_v(byte[] bArr, byte[] bArr2, g gVar) {
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, this.stateSizeBytes);
        for (int i = 0; i < this.numMPCParties; i++) {
            ((org.bouncycastle.crypto.digests.c) this.digest).update(gVar.msgs[i], 0, v.numBytes(gVar.pos));
        }
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr, 0, this.digestSizeBytes);
    }

    private void computeSaltAndRootSeed(byte[] bArr, int[] iArr, int[] iArr2, int[] iArr3, byte[] bArr2) {
        byte[] bArr3 = new byte[32];
        updateDigest(iArr, bArr3);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, bArr2.length);
        updateDigest(iArr2, bArr3);
        updateDigest(iArr3, bArr3);
        org.bouncycastle.util.o.shortToLittleEndian((short) this.stateSizeBits, bArr3, 0);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr3, 0, 2);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr, 0, bArr.length);
    }

    private byte[] computeSeeds(int[] iArr, int[] iArr2, int[] iArr3, byte[] bArr) {
        byte[] bArr2 = new byte[(this.numMPCParties * this.numMPCRounds * this.seedSizeBytes) + 32];
        byte[] bArr3 = new byte[32];
        updateDigest(iArr, bArr3);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr, 0, bArr.length);
        updateDigest(iArr2, bArr3);
        updateDigest(iArr3, bArr3);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(this.stateSizeBits), 0, 2);
        h0 h0Var = this.digest;
        org.bouncycastle.crypto.digests.j jVar = (org.bouncycastle.crypto.digests.j) h0Var;
        jVar.doFinal(bArr2, 0, (this.numMPCParties * this.numMPCRounds * this.seedSizeBytes) + 32);
        return bArr2;
    }

    private boolean contains(int[] iArr, int i, int i9) {
        for (int i10 = 0; i10 < i; i10++) {
            if (iArr[i10] == i9) {
                return true;
            }
        }
        return false;
    }

    private int countNonZeroChallenges(byte[] bArr, int i) {
        int i9;
        int i10 = 0;
        int i11 = 0;
        int i12 = 0;
        while (true) {
            int i13 = i10 + 16;
            i9 = this.numMPCRounds;
            if (i13 > i9) {
                break;
            }
            int littleEndianToInt = org.bouncycastle.util.o.littleEndianToInt(bArr, (i10 >>> 2) + i);
            int i14 = littleEndianToInt >>> 1;
            i11 |= littleEndianToInt & i14;
            i12 += org.bouncycastle.util.i.bitCount((littleEndianToInt ^ i14) & 1431655765);
            i10 = i13;
        }
        int i15 = (i9 - i10) * 2;
        if (i15 > 0) {
            int littleEndianToInt_Low = org.bouncycastle.util.o.littleEndianToInt_Low(bArr, i + (i10 >>> 2), (i15 + 7) / 8) & v.getTrailingBitsMask(i15);
            int i16 = littleEndianToInt_Low >>> 1;
            i11 |= littleEndianToInt_Low & i16;
            i12 += org.bouncycastle.util.i.bitCount((littleEndianToInt_Low ^ i16) & 1431655765);
        }
        if ((i11 & 1431655765) == 0) {
            return i12;
        }
        return -1;
    }

    private boolean createRandomTape(byte[] bArr, int i, byte[] bArr2, int i9, int i10, byte[] bArr3, int i11) {
        if (i11 < this.digestSizeBytes) {
            return false;
        }
        ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 2);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr, i, this.seedSizeBytes);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr3, 0, this.digestSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr3, 0, this.digestSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, 32);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i9), 0, 2);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i10), 0, 2);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i11), 0, 2);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr3, 0, i11);
        return true;
    }

    private void createRandomTapes(t tVar, byte[][] bArr, int i, byte[] bArr2, int i9) {
        int i10 = this.andSizeBytes * 2;
        for (int i11 = 0; i11 < this.numMPCParties; i11++) {
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr[i11 + i], 0, this.seedSizeBytes);
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, 32);
            ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i9), 0, 2);
            ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(i11), 0, 2);
            ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(tVar.tapes[i11], 0, i10);
        }
    }

    private int deserializeSignature(s sVar, byte[] bArr, int i, int i9) {
        int countNonZeroChallenges;
        p[] pVarArr = sVar.proofs;
        byte[] bArr2 = sVar.challengeBits;
        int numBytes = v.numBytes(this.numMPCRounds * 2);
        if (i < numBytes || (countNonZeroChallenges = countNonZeroChallenges(bArr, i9)) < 0) {
            return -1;
        }
        int i10 = this.stateSizeBytes * countNonZeroChallenges;
        int i11 = this.numMPCRounds;
        int i12 = (((this.seedSizeBytes * 2) + this.andSizeBytes + this.digestSizeBytes) * i11) + numBytes + 32 + i10;
        if (this.transform == 1) {
            i12 = (this.UnruhGWithoutInputBytes * countNonZeroChallenges) + ((i11 - countNonZeroChallenges) * this.UnruhGWithInputBytes) + i12;
        }
        if (i != i12) {
            LOG.fine("sigBytesLen = " + i + ", expected bytesRequired = " + i12);
            return -1;
        }
        System.arraycopy(bArr, i9, bArr2, 0, numBytes);
        int i13 = i9 + numBytes;
        System.arraycopy(bArr, i13, sVar.salt, 0, 32);
        int i14 = i13 + 32;
        for (int i15 = 0; i15 < this.numMPCRounds; i15++) {
            int challenge = getChallenge(bArr2, i15);
            System.arraycopy(bArr, i14, pVarArr[i15].view3Commitment, 0, this.digestSizeBytes);
            int i16 = i14 + this.digestSizeBytes;
            if (this.transform == 1) {
                int i17 = challenge == 0 ? this.UnruhGWithInputBytes : this.UnruhGWithoutInputBytes;
                System.arraycopy(bArr, i16, pVarArr[i15].view3UnruhG, 0, i17);
                i16 += i17;
            }
            System.arraycopy(bArr, i16, pVarArr[i15].communicatedBits, 0, this.andSizeBytes);
            int i18 = i16 + this.andSizeBytes;
            System.arraycopy(bArr, i18, pVarArr[i15].seed1, 0, this.seedSizeBytes);
            int i19 = this.seedSizeBytes;
            int i20 = i18 + i19;
            System.arraycopy(bArr, i20, pVarArr[i15].seed2, 0, i19);
            i14 = i20 + this.seedSizeBytes;
            if (challenge == 1 || challenge == 2) {
                org.bouncycastle.util.o.littleEndianToInt(bArr, i14, pVarArr[i15].inputShare, 0, this.stateSizeBytes / 4);
                int i21 = this.stateSizeBits;
                if (i21 == 129) {
                    pVarArr[i15].inputShare[this.stateSizeWords - 1] = bArr[(this.stateSizeBytes + i14) - 1] & 255;
                }
                i14 += this.stateSizeBytes;
                if (!arePaddingBitsZero(pVarArr[i15].inputShare, i21)) {
                    return -1;
                }
            }
        }
        return 0;
    }

    private int deserializeSignature2(r rVar, byte[] bArr, int i, int i9) {
        Logger logger;
        String str;
        int i10 = this.digestSizeBytes;
        int i11 = i10 + 32;
        if (bArr.length < i11) {
            return -1;
        }
        System.arraycopy(bArr, i9, rVar.challengeHash, 0, i10);
        int i12 = i9 + this.digestSizeBytes;
        System.arraycopy(bArr, i12, rVar.salt, 0, 32);
        int i13 = i12 + 32;
        expandChallengeHash(rVar.challengeHash, rVar.challengeC, rVar.challengeP);
        int revealSeedsSize = new u(this, this.numMPCRounds, this.seedSizeBytes).revealSeedsSize(rVar.challengeC, this.numOpenedRounds);
        rVar.iSeedInfoLen = revealSeedsSize;
        int i14 = i11 + revealSeedsSize;
        int openMerkleTreeSize = new u(this, this.numMPCRounds, this.digestSizeBytes).openMerkleTreeSize(getMissingLeavesList(rVar.challengeC), this.numMPCRounds - this.numOpenedRounds);
        rVar.cvInfoLen = openMerkleTreeSize;
        int i15 = i14 + openMerkleTreeSize;
        int revealSeedsSize2 = new u(this, this.numMPCParties, this.seedSizeBytes).revealSeedsSize(new int[1], 1);
        for (int i16 = 0; i16 < this.numMPCRounds; i16++) {
            if (contains(rVar.challengeC, this.numOpenedRounds, i16)) {
                if (rVar.challengeP[indexOf(rVar.challengeC, this.numOpenedRounds, i16)] != this.numMPCParties - 1) {
                    i15 += this.andSizeBytes;
                }
                i15 = i15 + revealSeedsSize2 + this.stateSizeBytes + this.andSizeBytes + this.digestSizeBytes;
            }
        }
        if (i == i15) {
            int i17 = rVar.iSeedInfoLen;
            byte[] bArr2 = new byte[i17];
            rVar.iSeedInfo = bArr2;
            System.arraycopy(bArr, i13, bArr2, 0, i17);
            int i18 = i13 + rVar.iSeedInfoLen;
            int i19 = rVar.cvInfoLen;
            byte[] bArr3 = new byte[i19];
            rVar.cvInfo = bArr3;
            System.arraycopy(bArr, i18, bArr3, 0, i19);
            int i20 = i18 + rVar.cvInfoLen;
            for (int i21 = 0; i21 < this.numMPCRounds; i21++) {
                if (contains(rVar.challengeC, this.numOpenedRounds, i21)) {
                    rVar.proofs[i21] = new q(this);
                    q qVar = rVar.proofs[i21];
                    qVar.seedInfoLen = revealSeedsSize2;
                    byte[] bArr4 = new byte[revealSeedsSize2];
                    qVar.seedInfo = bArr4;
                    System.arraycopy(bArr, i20, bArr4, 0, revealSeedsSize2);
                    int i22 = i20 + rVar.proofs[i21].seedInfoLen;
                    if (rVar.challengeP[indexOf(rVar.challengeC, this.numOpenedRounds, i21)] != this.numMPCParties - 1) {
                        System.arraycopy(bArr, i22, rVar.proofs[i21].aux, 0, this.andSizeBytes);
                        i22 += this.andSizeBytes;
                        if (!arePaddingBitsZero(rVar.proofs[i21].aux, this.numRounds * 3 * this.numSboxes)) {
                            logger = LOG;
                            str = "failed while deserializing aux bits";
                        }
                    }
                    System.arraycopy(bArr, i22, rVar.proofs[i21].input, 0, this.stateSizeBytes);
                    int i23 = i22 + this.stateSizeBytes;
                    int i24 = this.andSizeBytes;
                    System.arraycopy(bArr, i23, rVar.proofs[i21].msgs, 0, i24);
                    int i25 = i23 + i24;
                    if (arePaddingBitsZero(rVar.proofs[i21].msgs, this.numRounds * 3 * this.numSboxes)) {
                        System.arraycopy(bArr, i25, rVar.proofs[i21].C, 0, this.digestSizeBytes);
                        i20 = i25 + this.digestSizeBytes;
                    } else {
                        logger = LOG;
                        str = "failed while deserializing msgs bits";
                    }
                }
            }
            return 0;
        }
        logger = LOG;
        str = "sigLen = " + i + ", expected bytesRequired = " + i15;
        logger.fine(str);
        return -1;
    }

    private void expandChallengeHash(byte[] bArr, int[] iArr, int[] iArr2) {
        int ceil_log2 = v.ceil_log2(this.numMPCRounds);
        int ceil_log22 = v.ceil_log2(this.numMPCParties);
        int[] iArr3 = new int[(this.digestSizeBytes * 8) / Math.min(ceil_log2, ceil_log22)];
        byte[] bArr2 = new byte[64];
        System.arraycopy(bArr, 0, bArr2, 0, this.digestSizeBytes);
        int i = 0;
        while (i < this.numOpenedRounds) {
            int bitsToChunks = bitsToChunks(ceil_log2, bArr2, this.digestSizeBytes, iArr3);
            for (int i9 = 0; i9 < bitsToChunks; i9++) {
                int i10 = iArr3[i9];
                if (i10 < this.numMPCRounds) {
                    i = appendUnique(iArr, i10, i);
                }
                if (i == this.numOpenedRounds) {
                    break;
                }
            }
            ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 1);
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, this.digestSizeBytes);
            ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr2, 0, this.digestSizeBytes);
        }
        int i11 = 0;
        while (i11 < this.numOpenedRounds) {
            int bitsToChunks2 = bitsToChunks(ceil_log22, bArr2, this.digestSizeBytes, iArr3);
            for (int i12 = 0; i12 < bitsToChunks2; i12++) {
                int i13 = iArr3[i12];
                if (i13 < this.numMPCParties) {
                    iArr2[i11] = i13;
                    i11++;
                }
                if (i11 == this.numOpenedRounds) {
                    break;
                }
            }
            ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 1);
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr2, 0, this.digestSizeBytes);
            ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr2, 0, this.digestSizeBytes);
        }
    }

    public static int extend(int i) {
        return ~(i - 1);
    }

    private void getAuxBits(byte[] bArr, t tVar) {
        byte[] bArr2 = tVar.tapes[this.numMPCParties - 1];
        int i = this.stateSizeBits;
        int i9 = 0;
        int i10 = 0;
        for (int i11 = 0; i11 < this.numRounds; i11++) {
            i9 += i;
            int i12 = 0;
            while (i12 < i) {
                v.setBit(bArr, i10, v.getBit(bArr2, i9));
                i12++;
                i10++;
                i9++;
            }
        }
    }

    private int[] getMissingLeavesList(int[] iArr) {
        int[] iArr2 = new int[this.numMPCRounds - this.numOpenedRounds];
        int i = 0;
        for (int i9 = 0; i9 < this.numMPCRounds; i9++) {
            if (!contains(iArr, this.numOpenedRounds, i9)) {
                iArr2[i] = i9;
                i++;
            }
        }
        return iArr2;
    }

    private void implH3(int[] iArr, int[] iArr2, byte[][][] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[][][] bArr5) {
        byte[] bArr6 = new byte[this.digestSizeBytes];
        bArr2[v.numBytes(this.numMPCRounds * 2) - 1] = 0;
        for (int i = 0; i < this.numMPCRounds; i++) {
            for (int i9 = 0; i9 < 3; i9++) {
                ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr[i][i9], 0, this.digestSizeBytes);
            }
        }
        if (this.transform == 1) {
            for (int i10 = 0; i10 < this.numMPCRounds; i10++) {
                int i11 = 0;
                while (i11 < 3) {
                    ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr5[i10][i11], 0, i11 == 2 ? this.UnruhGWithInputBytes : this.UnruhGWithoutInputBytes);
                    i11++;
                }
            }
        }
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(iArr), 0, this.stateSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(org.bouncycastle.util.o.intToLittleEndian(iArr2), 0, this.stateSizeBytes);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr3, 0, 32);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr4, 0, bArr4.length);
        ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr6, 0, this.digestSizeBytes);
        boolean z = true;
        int i12 = 0;
        while (z) {
            for (int i13 = 0; i13 < this.digestSizeBytes; i13++) {
                byte b9 = bArr6[i13];
                int i14 = 0;
                while (true) {
                    if (i14 >= 8) {
                        break;
                    }
                    int i15 = (b9 >>> (6 - i14)) & 3;
                    if (i15 < 3) {
                        setChallenge(bArr2, i12, i15);
                        i12++;
                        if (i12 == this.numMPCRounds) {
                            z = false;
                            break;
                        }
                    }
                    i14 += 2;
                }
                if (!z) {
                    break;
                }
            }
            if (!z) {
                return;
            }
            ((org.bouncycastle.crypto.digests.c) this.digest).update((byte) 1);
            ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr6, 0, this.digestSizeBytes);
            ((org.bouncycastle.crypto.digests.j) this.digest).doFinal(bArr6, 0, this.digestSizeBytes);
        }
    }

    public static int indexOf(int[] iArr, int i, int i9) {
        for (int i10 = 0; i10 < i; i10++) {
            if (iArr[i10] == i9) {
                return i10;
            }
        }
        return -1;
    }

    public static boolean is_picnic3(int i) {
        return i == 7 || i == 8 || i == 9;
    }

    private int mpc_AND(int i, int i9, int i10, int i11, t tVar, g gVar) {
        int extend = ((i10 & extend(i9)) ^ (i11 & extend(i))) ^ tVar.tapesToWord();
        int i12 = gVar.unopened;
        if (i12 >= 0) {
            extend = v.setBit(extend, gVar.unopened, v.getBit(gVar.msgs[i12], gVar.pos));
        }
        wordToMsgs(extend, gVar);
        return (i & i9) ^ v.parity16(extend);
    }

    private void mpc_AND(int[] iArr, int[] iArr2, int[] iArr3, t tVar, w[] wVarArr) {
        byte bit = v.getBit(tVar.tapes[0], tVar.pos);
        byte bit2 = v.getBit(tVar.tapes[1], tVar.pos);
        byte bit3 = v.getBit(tVar.tapes[2], tVar.pos);
        int i = iArr[0];
        int i9 = iArr2[1];
        int i10 = iArr[1];
        int i11 = iArr2[0];
        int i12 = (((i & i11) ^ ((i & i9) ^ (i10 & i11))) ^ bit) ^ bit2;
        iArr3[0] = i12;
        int i13 = iArr2[2];
        int i14 = iArr[2];
        iArr3[1] = (bit2 ^ ((i9 & i10) ^ ((i10 & i13) ^ (i14 & i9)))) ^ bit3;
        iArr3[2] = bit ^ ((((iArr2[0] & i14) ^ (iArr[0] & i13)) ^ (i14 & i13)) ^ bit3);
        v.setBit(wVarArr[0].communicatedBits, tVar.pos, (byte) i12);
        v.setBit(wVarArr[1].communicatedBits, tVar.pos, (byte) iArr3[1]);
        v.setBit(wVarArr[2].communicatedBits, tVar.pos, (byte) iArr3[2]);
        tVar.pos++;
    }

    private void mpc_LowMC(t tVar, w[] wVarArr, int[] iArr, int[] iArr2) {
        org.bouncycastle.util.b.fill(iArr2, 0, iArr2.length, 0);
        int i = this.stateSizeWords;
        mpc_xor_constant(iArr2, i * 3, iArr, 0, i);
        b KMatrix = this.lowmcConstants.KMatrix(this, 0);
        for (int i9 = 0; i9 < 3; i9++) {
            matrix_mul_offset(iArr2, i9 * this.stateSizeWords, wVarArr[i9].inputShare, 0, KMatrix.getData(), KMatrix.getMatrixPointer());
        }
        mpc_xor(iArr2, iArr2, 3);
        for (int i10 = 1; i10 <= this.numRounds; i10++) {
            b KMatrix2 = this.lowmcConstants.KMatrix(this, i10);
            for (int i11 = 0; i11 < 3; i11++) {
                matrix_mul_offset(iArr2, i11 * this.stateSizeWords, wVarArr[i11].inputShare, 0, KMatrix2.getData(), KMatrix2.getMatrixPointer());
            }
            mpc_substitution(iArr2, tVar, wVarArr);
            int i12 = i10 - 1;
            b LMatrix = this.lowmcConstants.LMatrix(this, i12);
            int i13 = this.stateSizeWords;
            mpc_matrix_mul(iArr2, i13 * 3, iArr2, i13 * 3, LMatrix.getData(), LMatrix.getMatrixPointer(), 3);
            b RConstant = this.lowmcConstants.RConstant(this, i12);
            mpc_xor_constant(iArr2, this.stateSizeWords * 3, RConstant.getData(), RConstant.getMatrixPointer(), this.stateSizeWords);
            mpc_xor(iArr2, iArr2, 3);
        }
        for (int i14 = 0; i14 < 3; i14++) {
            int i15 = this.stateSizeWords;
            System.arraycopy(iArr2, (i14 + 3) * i15, wVarArr[i14].outputShare, 0, i15);
        }
    }

    private void mpc_matrix_mul(int[] iArr, int i, int[] iArr2, int i9, int[] iArr3, int i10, int i11) {
        for (int i12 = 0; i12 < i11; i12++) {
            int i13 = this.stateSizeWords;
            matrix_mul_offset(iArr, (i12 * i13) + i, iArr2, (i13 * i12) + i9, iArr3, i10);
        }
    }

    private void mpc_sbox(int[] iArr, int[] iArr2, t tVar, g gVar) {
        for (int i = 0; i < this.numSboxes * 3; i += 3) {
            int i9 = i + 2;
            int bitFromWordArray = v.getBitFromWordArray(iArr, i9);
            int i10 = iArr2[i9];
            int i11 = i + 1;
            int bitFromWordArray2 = v.getBitFromWordArray(iArr, i11);
            int i12 = iArr2[i11];
            int bitFromWordArray3 = v.getBitFromWordArray(iArr, i);
            int i13 = iArr2[i];
            int mpc_AND = mpc_AND(bitFromWordArray, bitFromWordArray2, i10, i12, tVar, gVar);
            int mpc_AND2 = mpc_AND(bitFromWordArray2, bitFromWordArray3, i12, i13, tVar, gVar);
            int i14 = bitFromWordArray ^ bitFromWordArray2;
            int mpc_AND3 = mpc_AND(bitFromWordArray3, bitFromWordArray, i13, i10, tVar, gVar) ^ i14;
            v.setBitInWordArray(iArr, i9, bitFromWordArray ^ mpc_AND2);
            v.setBitInWordArray(iArr, i11, mpc_AND3);
            v.setBitInWordArray(iArr, i, (i14 ^ bitFromWordArray3) ^ mpc_AND);
        }
    }

    private void mpc_substitution(int[] iArr, t tVar, w[] wVarArr) {
        int[] iArr2 = new int[3];
        int[] iArr3 = new int[3];
        int[] iArr4 = new int[3];
        int[] iArr5 = new int[3];
        int[] iArr6 = new int[3];
        int[] iArr7 = new int[3];
        int i = 0;
        while (i < this.numSboxes * 3) {
            for (int i9 = 0; i9 < 3; i9++) {
                int i10 = ((i9 + 3) * this.stateSizeWords * 32) + i;
                iArr2[i9] = v.getBitFromWordArray(iArr, i10 + 2);
                iArr3[i9] = v.getBitFromWordArray(iArr, i10 + 1);
                iArr4[i9] = v.getBitFromWordArray(iArr, i10);
            }
            int i11 = i;
            mpc_AND(iArr2, iArr3, iArr5, tVar, wVarArr);
            mpc_AND(iArr3, iArr4, iArr6, tVar, wVarArr);
            mpc_AND(iArr4, iArr2, iArr7, tVar, wVarArr);
            for (int i12 = 0; i12 < 3; i12++) {
                int i13 = ((i12 + 3) * this.stateSizeWords * 32) + i11;
                v.setBitInWordArray(iArr, i13 + 2, iArr2[i12] ^ iArr6[i12]);
                v.setBitInWordArray(iArr, i13 + 1, (iArr2[i12] ^ iArr3[i12]) ^ iArr7[i12]);
                v.setBitInWordArray(iArr, i13, ((iArr2[i12] ^ iArr3[i12]) ^ iArr4[i12]) ^ iArr5[i12]);
            }
            i = i11 + 3;
        }
    }

    private void mpc_xor(int[] iArr, int[] iArr2, int i) {
        int i9 = this.stateSizeWords * i;
        for (int i10 = 0; i10 < i9; i10++) {
            int i11 = (this.stateSizeWords * i) + i10;
            iArr[i11] = iArr[i11] ^ iArr2[i10];
        }
    }

    private void mpc_xor_constant(int[] iArr, int i, int[] iArr2, int i9, int i10) {
        for (int i11 = 0; i11 < i10; i11++) {
            int i12 = i11 + i;
            iArr[i12] = iArr[i12] ^ iArr2[i11 + i9];
        }
    }

    private void mpc_xor_constant_verify(int[] iArr, int[] iArr2, int i, int i9, int i10) {
        int i11;
        if (i10 == 0) {
            i11 = this.stateSizeWords * 2;
        } else if (i10 != 2) {
            return;
        } else {
            i11 = this.stateSizeWords * 3;
        }
        for (int i12 = 0; i12 < i9; i12++) {
            int i13 = i12 + i11;
            iArr[i13] = iArr[i13] ^ iArr2[i12 + i];
        }
    }

    private void picnic_keygen(byte[] bArr, byte[] bArr2, byte[] bArr3, SecureRandom secureRandom) {
        int[] iArr = new int[bArr3.length / 4];
        int[] iArr2 = new int[bArr.length / 4];
        int[] iArr3 = new int[bArr2.length / 4];
        secureRandom.nextBytes(bArr3);
        org.bouncycastle.util.o.littleEndianToInt(bArr3, 0, iArr);
        v.zeroTrailingBits(iArr, this.stateSizeBits);
        secureRandom.nextBytes(bArr);
        org.bouncycastle.util.o.littleEndianToInt(bArr, 0, iArr2);
        v.zeroTrailingBits(iArr2, this.stateSizeBits);
        LowMCEnc(iArr2, iArr3, iArr);
        org.bouncycastle.util.o.intToLittleEndian(iArr, bArr3, 0);
        org.bouncycastle.util.o.intToLittleEndian(iArr2, bArr, 0);
        org.bouncycastle.util.o.intToLittleEndian(iArr3, bArr2, 0);
    }

    private void picnic_read_public_key(int[] iArr, int[] iArr2, byte[] bArr) {
        int i = this.stateSizeBytes;
        int i9 = i + 1;
        int i10 = i / 4;
        org.bouncycastle.util.o.littleEndianToInt(bArr, 1, iArr, 0, i10);
        org.bouncycastle.util.o.littleEndianToInt(bArr, i9, iArr2, 0, i10);
        if (i10 < this.stateSizeWords) {
            int i11 = i10 * 4;
            int i12 = this.stateSizeBytes - i11;
            iArr[i10] = org.bouncycastle.util.o.littleEndianToInt_Low(bArr, i11 + 1, i12);
            iArr2[i10] = org.bouncycastle.util.o.littleEndianToInt_Low(bArr, i9 + i11, i12);
        }
    }

    private boolean picnic_sign(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int serializeSignature2;
        int i = this.stateSizeWords;
        int[] iArr = new int[i];
        int[] iArr2 = new int[i];
        int[] iArr3 = new int[i];
        int i9 = this.stateSizeBytes;
        int i10 = i9 + 1;
        int i11 = (i9 * 2) + 1;
        int i12 = i9 / 4;
        org.bouncycastle.util.o.littleEndianToInt(bArr, 1, iArr, 0, i12);
        org.bouncycastle.util.o.littleEndianToInt(bArr, i10, iArr2, 0, i12);
        org.bouncycastle.util.o.littleEndianToInt(bArr, i11, iArr3, 0, i12);
        if (i12 < this.stateSizeWords) {
            int i13 = i12 * 4;
            int i14 = this.stateSizeBytes - i13;
            iArr[i12] = org.bouncycastle.util.o.littleEndianToInt_Low(bArr, i13 + 1, i14);
            iArr2[i12] = org.bouncycastle.util.o.littleEndianToInt_Low(bArr, i10 + i13, i14);
            iArr3[i12] = org.bouncycastle.util.o.littleEndianToInt_Low(bArr, i11 + i13, i14);
        }
        if (is_picnic3(this.parameters)) {
            r rVar = new r(this);
            if (!sign_picnic3(iArr, iArr2, iArr3, bArr2, rVar)) {
                LOG.fine("Failed to create signature");
                return false;
            }
            serializeSignature2 = serializeSignature2(rVar, bArr3, bArr2.length + 4);
            if (serializeSignature2 < 0) {
                LOG.fine("Failed to serialize signature");
                return false;
            }
        } else {
            s sVar = new s(this);
            if (sign_picnic1(iArr, iArr2, iArr3, bArr2, sVar) != 0) {
                LOG.fine("Failed to create signature");
                return false;
            }
            serializeSignature2 = serializeSignature(sVar, bArr3, bArr2.length + 4);
            if (serializeSignature2 < 0) {
                LOG.fine("Failed to serialize signature");
                return false;
            }
        }
        this.signatureLength = serializeSignature2;
        org.bouncycastle.util.o.intToLittleEndian(serializeSignature2, bArr3, 0);
        return true;
    }

    private int picnic_verify(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        Logger logger;
        String str;
        int i9 = this.stateSizeWords;
        int[] iArr = new int[i9];
        int[] iArr2 = new int[i9];
        picnic_read_public_key(iArr, iArr2, bArr);
        if (is_picnic3(this.parameters)) {
            r rVar = new r(this);
            if (deserializeSignature2(rVar, bArr3, i, bArr2.length + 4) == 0) {
                return verify_picnic3(rVar, iArr, iArr2, bArr2);
            }
            logger = LOG;
            str = "Error couldn't deserialize signature (2)!";
        } else {
            s sVar = new s(this);
            if (deserializeSignature(sVar, bArr3, i, bArr2.length + 4) == 0) {
                return verify(sVar, iArr, iArr2, bArr2);
            }
            logger = LOG;
            str = "Error couldn't deserialize signature!";
        }
        logger.fine(str);
        return -1;
    }

    private int picnic_write_private_key(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        int i = this.stateSizeBytes;
        int i9 = (i * 3) + 1;
        if (bArr4.length < i9) {
            LOG.fine("Failed writing private key!");
            return -1;
        }
        bArr4[0] = (byte) this.parameters;
        System.arraycopy(bArr, 0, bArr4, 1, i);
        int i10 = this.stateSizeBytes;
        System.arraycopy(bArr2, 0, bArr4, i10 + 1, i10);
        int i11 = this.stateSizeBytes;
        System.arraycopy(bArr3, 0, bArr4, (i11 * 2) + 1, i11);
        return i9;
    }

    private int picnic_write_public_key(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        int i = this.stateSizeBytes;
        int i9 = (i * 2) + 1;
        if (bArr3.length < i9) {
            LOG.fine("Failed writing public key!");
            return -1;
        }
        bArr3[0] = (byte) this.parameters;
        System.arraycopy(bArr, 0, bArr3, 1, i);
        int i10 = this.stateSizeBytes;
        System.arraycopy(bArr2, 0, bArr3, i10 + 1, i10);
        return i9;
    }

    private int serializeSignature2(r rVar, byte[] bArr, int i) {
        int i9 = this.digestSizeBytes + 32 + rVar.iSeedInfoLen + rVar.cvInfoLen;
        for (int i10 = 0; i10 < this.numMPCRounds; i10++) {
            if (contains(rVar.challengeC, this.numOpenedRounds, i10)) {
                int i11 = rVar.challengeP[indexOf(rVar.challengeC, this.numOpenedRounds, i10)];
                int i12 = i9 + rVar.proofs[i10].seedInfoLen;
                if (i11 != this.numMPCParties - 1) {
                    i12 += this.andSizeBytes;
                }
                i9 = i12 + this.stateSizeBytes + this.andSizeBytes + this.digestSizeBytes;
            }
        }
        if (bArr.length < i9) {
            return -1;
        }
        System.arraycopy(rVar.challengeHash, 0, bArr, i, this.digestSizeBytes);
        int i13 = this.digestSizeBytes + i;
        System.arraycopy(rVar.salt, 0, bArr, i13, 32);
        int i14 = i13 + 32;
        System.arraycopy(rVar.iSeedInfo, 0, bArr, i14, rVar.iSeedInfoLen);
        int i15 = i14 + rVar.iSeedInfoLen;
        System.arraycopy(rVar.cvInfo, 0, bArr, i15, rVar.cvInfoLen);
        int i16 = i15 + rVar.cvInfoLen;
        for (int i17 = 0; i17 < this.numMPCRounds; i17++) {
            if (contains(rVar.challengeC, this.numOpenedRounds, i17)) {
                q qVar = rVar.proofs[i17];
                System.arraycopy(qVar.seedInfo, 0, bArr, i16, qVar.seedInfoLen);
                int i18 = i16 + rVar.proofs[i17].seedInfoLen;
                if (rVar.challengeP[indexOf(rVar.challengeC, this.numOpenedRounds, i17)] != this.numMPCParties - 1) {
                    System.arraycopy(rVar.proofs[i17].aux, 0, bArr, i18, this.andSizeBytes);
                    i18 += this.andSizeBytes;
                }
                System.arraycopy(rVar.proofs[i17].input, 0, bArr, i18, this.stateSizeBytes);
                int i19 = i18 + this.stateSizeBytes;
                System.arraycopy(rVar.proofs[i17].msgs, 0, bArr, i19, this.andSizeBytes);
                int i20 = i19 + this.andSizeBytes;
                System.arraycopy(rVar.proofs[i17].C, 0, bArr, i20, this.digestSizeBytes);
                i16 = i20 + this.digestSizeBytes;
            }
        }
        return i16 - i;
    }

    private void setChallenge(byte[] bArr, int i, int i9) {
        int i10 = i * 2;
        v.setBit(bArr, i10, (byte) (i9 & 1));
        v.setBit(bArr, i10 + 1, (byte) ((i9 >>> 1) & 1));
    }

    private int sign_picnic1(int[] iArr, int[] iArr2, int[] iArr3, byte[] bArr, s sVar) {
        int i;
        w[][] wVarArr = (w[][]) Array.newInstance((Class<?>) w.class, this.numMPCRounds, 3);
        int[] iArr4 = {this.numMPCRounds, this.numMPCParties, this.digestSizeBytes};
        Class cls = Byte.TYPE;
        byte[][][] bArr2 = (byte[][][]) Array.newInstance((Class<?>) cls, iArr4);
        byte[][][] bArr3 = (byte[][][]) Array.newInstance((Class<?>) cls, this.numMPCRounds, 3, this.UnruhGWithInputBytes);
        byte[] computeSeeds = computeSeeds(iArr, iArr2, iArr3, bArr);
        int i9 = this.numMPCParties * this.seedSizeBytes;
        int i10 = 0;
        System.arraycopy(computeSeeds, this.numMPCRounds * i9, sVar.salt, 0, 32);
        t tVar = new t(this);
        int i11 = this.stateSizeBytes;
        int max = Math.max(i11 * 9, i11 + this.andSizeBytes);
        byte[] bArr4 = new byte[max];
        int i12 = 0;
        while (i12 < this.numMPCRounds) {
            wVarArr[i12][i10] = new w(this);
            wVarArr[i12][1] = new w(this);
            int i13 = 2;
            wVarArr[i12][2] = new w(this);
            int i14 = i10;
            while (i14 < i13) {
                byte[][][] bArr5 = bArr3;
                int i15 = i14;
                byte[][][] bArr6 = bArr2;
                int i16 = i12;
                byte[] bArr7 = bArr4;
                int i17 = max;
                t tVar2 = tVar;
                if (!createRandomTape(computeSeeds, (this.seedSizeBytes * i14) + (i9 * i12), sVar.salt, i12, i15, bArr7, this.stateSizeBytes + this.andSizeBytes)) {
                    LOG.fine("createRandomTape failed");
                    return -1;
                }
                int[] iArr5 = wVarArr[i16][i15].inputShare;
                org.bouncycastle.util.o.littleEndianToInt(bArr7, 0, iArr5);
                v.zeroTrailingBits(iArr5, this.stateSizeBits);
                System.arraycopy(bArr7, this.stateSizeBytes, tVar2.tapes[i15], 0, this.andSizeBytes);
                i14 = i15 + 1;
                bArr4 = bArr7;
                i12 = i16;
                tVar = tVar2;
                i13 = 2;
                bArr3 = bArr5;
                bArr2 = bArr6;
                max = i17;
            }
            int i18 = i13;
            int i19 = i12;
            int i20 = max;
            byte[][][] bArr8 = bArr2;
            byte[][][] bArr9 = bArr3;
            t tVar3 = tVar;
            byte[] bArr10 = bArr4;
            int i21 = i9 * i19;
            int i22 = i9;
            if (!createRandomTape(computeSeeds, (this.seedSizeBytes * 2) + i21, sVar.salt, i12, 2, tVar3.tapes[i18], this.andSizeBytes)) {
                LOG.fine("createRandomTape failed");
                return -1;
            }
            w[] wVarArr2 = wVarArr[i19];
            xor_three(wVarArr2[i18].inputShare, iArr, wVarArr2[0].inputShare, wVarArr2[1].inputShare);
            tVar3.pos = 0;
            int[] littleEndianToInt = org.bouncycastle.util.o.littleEndianToInt(bArr10, 0, i20 / 4);
            mpc_LowMC(tVar3, wVarArr[i19], iArr3, littleEndianToInt);
            org.bouncycastle.util.o.intToLittleEndian(littleEndianToInt, bArr10, 0);
            int[] iArr6 = new int[16];
            w[] wVarArr3 = wVarArr[i19];
            xor_three(iArr6, wVarArr3[0].outputShare, wVarArr3[1].outputShare, wVarArr3[i18].outputShare);
            if (!subarrayEquals(iArr6, iArr2, this.stateSizeWords)) {
                LOG.fine("Simulation failed; output does not match public key (round = " + i19 + ")");
                return -1;
            }
            Commit(computeSeeds, i21, wVarArr[i19][0], bArr8[i19][0]);
            Commit(computeSeeds, this.seedSizeBytes + i21, wVarArr[i19][1], bArr8[i19][1]);
            Commit(computeSeeds, (this.seedSizeBytes * 2) + i21, wVarArr[i19][i18], bArr8[i19][i18]);
            if (this.transform == 1) {
                i = 0;
                G(0, computeSeeds, i21, wVarArr[i19][0], bArr9[i19][0]);
                G(1, computeSeeds, i21 + this.seedSizeBytes, wVarArr[i19][1], bArr9[i19][1]);
                G(2, computeSeeds, (this.seedSizeBytes * 2) + i21, wVarArr[i19][i18], bArr9[i19][i18]);
            } else {
                i = 0;
            }
            i12 = i19 + 1;
            tVar = tVar3;
            bArr4 = bArr10;
            i10 = i;
            i9 = i22;
            bArr3 = bArr9;
            bArr2 = bArr8;
            max = i20;
        }
        int i23 = i10;
        byte[][][] bArr11 = bArr2;
        byte[][][] bArr12 = bArr3;
        int i24 = i9;
        H3(iArr2, iArr3, wVarArr, bArr11, sVar.challengeBits, sVar.salt, bArr, bArr12);
        for (int i25 = i23; i25 < this.numMPCRounds; i25++) {
            prove(sVar.proofs[i25], getChallenge(sVar.challengeBits, i25), computeSeeds, i24 * i25, wVarArr[i25], bArr11[i25], this.transform != 1 ? null : bArr12[i25]);
        }
        return i23;
    }

    private boolean sign_picnic3(int[] iArr, int[] iArr2, int[] iArr3, byte[] bArr, r rVar) {
        int i;
        int i9;
        int i10;
        int i11;
        int i12 = this.seedSizeBytes + 32;
        byte[] bArr2 = new byte[i12];
        computeSaltAndRootSeed(bArr2, iArr, iArr2, iArr3, bArr);
        byte[] copyOfRange = org.bouncycastle.util.b.copyOfRange(bArr2, 32, i12);
        rVar.salt = org.bouncycastle.util.b.copyOfRange(bArr2, 0, 32);
        u uVar = new u(this, this.numMPCRounds, this.seedSizeBytes);
        uVar.generateSeeds(copyOfRange, rVar.salt, 0);
        byte[][] leaves = uVar.getLeaves();
        int leavesOffset = uVar.getLeavesOffset();
        int i13 = this.numMPCRounds;
        t[] tVarArr = new t[i13];
        u[] uVarArr = new u[i13];
        int i14 = 0;
        while (true) {
            i = this.numMPCRounds;
            if (i14 >= i) {
                break;
            }
            tVarArr[i14] = new t(this);
            u uVar2 = new u(this, this.numMPCParties, this.seedSizeBytes);
            uVarArr[i14] = uVar2;
            uVar2.generateSeeds(leaves[i14 + leavesOffset], rVar.salt, i14);
            createRandomTapes(tVarArr[i14], uVarArr[i14].getLeaves(), uVarArr[i14].getLeavesOffset(), rVar.salt, i14);
            i14++;
        }
        byte[][] bArr3 = (byte[][]) Array.newInstance((Class<?>) Byte.TYPE, i, this.stateSizeWords * 4);
        byte[] bArr4 = new byte[MAX_AUX_BYTES];
        int i15 = 0;
        while (true) {
            i9 = this.numMPCRounds;
            if (i15 >= i9) {
                break;
            }
            tVarArr[i15].computeAuxTape(bArr3[i15]);
            i15++;
        }
        byte[][][] bArr5 = (byte[][][]) Array.newInstance((Class<?>) Byte.TYPE, i9, this.numMPCParties, this.digestSizeBytes);
        int i16 = 0;
        while (true) {
            i10 = this.numMPCRounds;
            if (i16 >= i10) {
                break;
            }
            int i17 = 0;
            while (true) {
                i11 = this.numMPCParties;
                if (i17 < i11 - 1) {
                    commit(bArr5[i16][i17], uVarArr[i16].getLeaf(i17), null, rVar.salt, i16, i17);
                    i17++;
                }
            }
            int i18 = i11 - 1;
            getAuxBits(bArr4, tVarArr[i16]);
            commit(bArr5[i16][i18], uVarArr[i16].getLeaf(i18), bArr4, rVar.salt, i16, i18);
            i16++;
        }
        g[] gVarArr = new g[i10];
        int[] iArr4 = new int[this.stateSizeBits];
        int i19 = 0;
        while (true) {
            int i20 = this.numMPCRounds;
            if (i19 >= i20) {
                int[] iArr5 = {i20, this.digestSizeBytes};
                Class cls = Byte.TYPE;
                byte[][] bArr6 = (byte[][]) Array.newInstance((Class<?>) cls, iArr5);
                byte[][] bArr7 = (byte[][]) Array.newInstance((Class<?>) cls, this.numMPCRounds, this.digestSizeBytes);
                for (int i21 = 0; i21 < this.numMPCRounds; i21++) {
                    commit_h(bArr6[i21], bArr5[i21]);
                    commit_v(bArr7[i21], bArr3[i21], gVarArr[i21]);
                }
                u uVar3 = new u(this, this.numMPCRounds, this.digestSizeBytes);
                uVar3.buildMerkleTree(bArr7, rVar.salt);
                int i22 = this.numOpenedRounds;
                int[] iArr6 = new int[i22];
                rVar.challengeC = iArr6;
                int[] iArr7 = new int[i22];
                rVar.challengeP = iArr7;
                byte[] bArr8 = new byte[this.digestSizeBytes];
                rVar.challengeHash = bArr8;
                HCP(bArr8, iArr6, iArr7, bArr6, uVar3.nodes[0], rVar.salt, iArr2, iArr3, bArr);
                int[] iArr8 = new int[1];
                rVar.cvInfo = uVar3.openMerkleTree(getMissingLeavesList(rVar.challengeC), this.numMPCRounds - this.numOpenedRounds, iArr8);
                rVar.cvInfoLen = iArr8[0];
                int i23 = this.numMPCRounds;
                int i24 = this.seedSizeBytes;
                byte[] bArr9 = new byte[i23 * i24];
                rVar.iSeedInfo = bArr9;
                rVar.iSeedInfoLen = uVar.revealSeeds(rVar.challengeC, this.numOpenedRounds, bArr9, i23 * i24);
                rVar.proofs = new q[this.numMPCRounds];
                for (int i25 = 0; i25 < this.numMPCRounds; i25++) {
                    if (contains(rVar.challengeC, this.numOpenedRounds, i25)) {
                        rVar.proofs[i25] = new q(this);
                        int indexOf = indexOf(rVar.challengeC, this.numOpenedRounds, i25);
                        int[] iArr9 = {rVar.challengeP[indexOf]};
                        q qVar = rVar.proofs[i25];
                        int i26 = this.numMPCParties;
                        int i27 = this.seedSizeBytes;
                        byte[] bArr10 = new byte[i26 * i27];
                        qVar.seedInfo = bArr10;
                        qVar.seedInfoLen = uVarArr[i25].revealSeeds(iArr9, 1, bArr10, i26 * i27);
                        if (rVar.challengeP[indexOf] != this.numMPCParties - 1) {
                            getAuxBits(rVar.proofs[i25].aux, tVarArr[i25]);
                        }
                        System.arraycopy(bArr3[i25], 0, rVar.proofs[i25].input, 0, this.stateSizeBytes);
                        System.arraycopy(gVarArr[i25].msgs[rVar.challengeP[indexOf]], 0, rVar.proofs[i25].msgs, 0, this.andSizeBytes);
                        System.arraycopy(bArr5[i25][rVar.challengeP[indexOf]], 0, rVar.proofs[i25].C, 0, this.digestSizeBytes);
                    }
                }
                return true;
            }
            gVarArr[i19] = new g(this);
            int[] littleEndianToInt = org.bouncycastle.util.o.littleEndianToInt(bArr3[i19], 0, this.stateSizeWords);
            xor_array(littleEndianToInt, littleEndianToInt, iArr, 0);
            if (simulateOnline(littleEndianToInt, tVarArr[i19], iArr4, gVarArr[i19], iArr3, iArr2) != 0) {
                LOG.fine("MPC simulation failed, aborting signature");
                return false;
            }
            org.bouncycastle.util.o.intToLittleEndian(littleEndianToInt, bArr3[i19], 0);
            i19++;
        }
    }

    private int simulateOnline(int[] iArr, t tVar, int[] iArr2, g gVar, int[] iArr3, int[] iArr4) {
        int[] iArr5 = new int[16];
        int[] iArr6 = new int[16];
        b KMatrix = this.lowmcConstants.KMatrix(this, 0);
        matrix_mul(iArr5, iArr, KMatrix.getData(), KMatrix.getMatrixPointer());
        xor_array(iArr6, iArr5, iArr3, 0);
        for (int i = 1; i <= this.numRounds; i++) {
            tapesToWords(iArr2, tVar);
            mpc_sbox(iArr6, iArr2, tVar, gVar);
            int i9 = i - 1;
            b LMatrix = this.lowmcConstants.LMatrix(this, i9);
            matrix_mul(iArr6, iArr6, LMatrix.getData(), LMatrix.getMatrixPointer());
            b RConstant = this.lowmcConstants.RConstant(this, i9);
            xor_array(iArr6, iArr6, RConstant.getData(), RConstant.getMatrixPointer());
            b KMatrix2 = this.lowmcConstants.KMatrix(this, i);
            matrix_mul(iArr5, iArr, KMatrix2.getData(), KMatrix2.getMatrixPointer());
            xor_array(iArr6, iArr5, iArr6, 0);
        }
        return !subarrayEquals(iArr6, iArr4, this.stateSizeWords) ? -1 : 0;
    }

    private static boolean subarrayEquals(byte[] bArr, byte[] bArr2, int i) {
        if (bArr.length < i || bArr2.length < i) {
            return false;
        }
        for (int i9 = 0; i9 < i; i9++) {
            if (bArr[i9] != bArr2[i9]) {
                return false;
            }
        }
        return true;
    }

    private static boolean subarrayEquals(int[] iArr, int[] iArr2, int i) {
        if (iArr.length < i || iArr2.length < i) {
            return false;
        }
        for (int i9 = 0; i9 < i; i9++) {
            if (iArr[i9] != iArr2[i9]) {
                return false;
            }
        }
        return true;
    }

    private void substitution(int[] iArr) {
        for (int i = 0; i < this.numSboxes * 3; i += 3) {
            int i9 = i + 2;
            int bitFromWordArray = v.getBitFromWordArray(iArr, i9);
            int i10 = i + 1;
            int bitFromWordArray2 = v.getBitFromWordArray(iArr, i10);
            int bitFromWordArray3 = v.getBitFromWordArray(iArr, i);
            v.setBitInWordArray(iArr, i9, (bitFromWordArray2 & bitFromWordArray3) ^ bitFromWordArray);
            int i11 = bitFromWordArray ^ bitFromWordArray2;
            v.setBitInWordArray(iArr, i10, (bitFromWordArray & bitFromWordArray3) ^ i11);
            v.setBitInWordArray(iArr, i, (i11 ^ bitFromWordArray3) ^ (bitFromWordArray & bitFromWordArray2));
        }
    }

    private void tapesToWords(int[] iArr, t tVar) {
        for (int i = 0; i < this.stateSizeBits; i++) {
            iArr[i] = tVar.tapesToWord();
        }
    }

    private void updateDigest(int[] iArr, byte[] bArr) {
        org.bouncycastle.util.o.intToLittleEndian(iArr, bArr, 0);
        ((org.bouncycastle.crypto.digests.c) this.digest).update(bArr, 0, this.stateSizeBytes);
    }

    private int verify(s sVar, int[] iArr, int[] iArr2, byte[] bArr) {
        int i;
        s sVar2 = sVar;
        int[] iArr3 = {this.numMPCRounds, this.numMPCParties, this.digestSizeBytes};
        Class cls = Byte.TYPE;
        byte[][][] bArr2 = (byte[][][]) Array.newInstance((Class<?>) cls, iArr3);
        byte[][][] bArr3 = (byte[][][]) Array.newInstance((Class<?>) cls, this.numMPCRounds, 3, this.UnruhGWithInputBytes);
        int[][][] iArr4 = (int[][][]) Array.newInstance((Class<?>) Integer.TYPE, this.numMPCRounds, 3, this.stateSizeBytes);
        p[] pVarArr = sVar2.proofs;
        byte[] bArr4 = sVar2.challengeBits;
        int i9 = this.stateSizeBytes;
        byte[] bArr5 = new byte[Math.max(i9 * 6, i9 + this.andSizeBytes)];
        t tVar = new t(this);
        int i10 = this.numMPCRounds;
        w[] wVarArr = new w[i10];
        w[] wVarArr2 = new w[i10];
        int i11 = 0;
        int i12 = 0;
        while (true) {
            int i13 = this.numMPCRounds;
            if (i12 >= i13) {
                int i14 = i11;
                byte[] bArr6 = new byte[v.numBytes(i13 * 2)];
                H3(iArr, iArr2, iArr4, bArr2, bArr6, sVar.salt, bArr, bArr3);
                if (subarrayEquals(bArr4, bArr6, v.numBytes(this.numMPCRounds * 2))) {
                    return i14;
                }
                LOG.fine("Invalid signature. Did not verify");
                return -1;
            }
            wVarArr[i12] = new w(this);
            w wVar = new w(this);
            wVarArr2[i12] = wVar;
            int i15 = i12;
            int[][][] iArr5 = iArr4;
            w[] wVarArr3 = wVarArr2;
            w[] wVarArr4 = wVarArr;
            t tVar2 = tVar;
            byte[] bArr7 = bArr5;
            byte[] bArr8 = bArr4;
            p[] pVarArr2 = pVarArr;
            if (!verifyProof(pVarArr[i12], wVarArr[i12], wVar, getChallenge(bArr4, i12), sVar2.salt, i15, bArr5, iArr2, tVar2)) {
                LOG.fine("Invalid signature. Did not verify");
                return -1;
            }
            int challenge = getChallenge(bArr8, i15);
            Commit(pVarArr2[i15].seed1, 0, wVarArr4[i15], bArr2[i15][challenge]);
            int i16 = (challenge + 1) % 3;
            Commit(pVarArr2[i15].seed2, 0, wVarArr3[i15], bArr2[i15][i16]);
            int i17 = (challenge + 2) % 3;
            System.arraycopy(pVarArr2[i15].view3Commitment, 0, bArr2[i15][i17], 0, this.digestSizeBytes);
            if (this.transform == 1) {
                G(challenge, pVarArr2[i15].seed1, 0, wVarArr4[i15], bArr3[i15][challenge]);
                G(i16, pVarArr2[i15].seed2, 0, wVarArr3[i15], bArr3[i15][i16]);
                i = 0;
                System.arraycopy(pVarArr2[i15].view3UnruhG, 0, bArr3[i15][i17], 0, challenge == 0 ? this.UnruhGWithInputBytes : this.UnruhGWithoutInputBytes);
            } else {
                i = 0;
            }
            iArr5[i15][challenge] = wVarArr4[i15].outputShare;
            iArr5[i15][i16] = wVarArr3[i15].outputShare;
            int[] iArr6 = new int[this.stateSizeWords];
            xor_three(iArr6, wVarArr4[i15].outputShare, wVarArr3[i15].outputShare, iArr);
            iArr5[i15][i17] = iArr6;
            i12 = i15 + 1;
            sVar2 = sVar;
            i11 = i;
            tVar = tVar2;
            wVarArr = wVarArr4;
            wVarArr2 = wVarArr3;
            bArr5 = bArr7;
            pVarArr = pVarArr2;
            bArr4 = bArr8;
            iArr4 = iArr5;
        }
    }

    private int verify_picnic3(r rVar, int[] iArr, int[] iArr2, byte[] bArr) {
        int verifyMerkleTree;
        Logger logger;
        String str;
        int i;
        int i9;
        t[] tVarArr;
        byte[] bArr2;
        u uVar;
        int i10;
        int i11;
        int i12;
        u uVar2;
        int i13;
        int[] iArr3 = {this.numMPCRounds, this.numMPCParties, this.digestSizeBytes};
        Class cls = Byte.TYPE;
        byte[][][] bArr3 = (byte[][][]) Array.newInstance((Class<?>) cls, iArr3);
        byte[][] bArr4 = (byte[][]) Array.newInstance((Class<?>) cls, this.numMPCRounds, this.digestSizeBytes);
        byte[][] bArr5 = (byte[][]) Array.newInstance((Class<?>) cls, this.numMPCRounds, this.digestSizeBytes);
        g[] gVarArr = new g[this.numMPCRounds];
        u uVar3 = new u(this, this.numMPCRounds, this.digestSizeBytes);
        byte[] bArr6 = new byte[64];
        int i14 = this.numMPCRounds;
        u[] uVarArr = new u[i14];
        t[] tVarArr2 = new t[i14];
        u uVar4 = new u(this, this.numMPCRounds, this.seedSizeBytes);
        if (uVar4.reconstructSeeds(rVar.challengeC, this.numOpenedRounds, rVar.iSeedInfo, rVar.iSeedInfoLen, rVar.salt, 0) != 0) {
            return -1;
        }
        int i15 = 0;
        while (true) {
            if (i15 < this.numMPCRounds) {
                if (contains(rVar.challengeC, this.numOpenedRounds, i15)) {
                    uVarArr[i15] = new u(this, this.numMPCParties, this.seedSizeBytes);
                    int[] iArr4 = {rVar.challengeP[indexOf(rVar.challengeC, this.numOpenedRounds, i15)]};
                    u uVar5 = uVarArr[i15];
                    q qVar = rVar.proofs[i15];
                    if (uVar5.reconstructSeeds(iArr4, 1, qVar.seedInfo, qVar.seedInfoLen, rVar.salt, i15) != 0) {
                        logger = LOG;
                        str = "Failed to reconstruct seeds for round " + i15;
                        break;
                    }
                } else {
                    u uVar6 = new u(this, this.numMPCParties, this.seedSizeBytes);
                    uVarArr[i15] = uVar6;
                    uVar6.generateSeeds(uVar4.getLeaf(i15), rVar.salt, i15);
                }
                i15++;
            } else {
                int i16 = this.numMPCParties - 1;
                byte[] bArr7 = new byte[MAX_AUX_BYTES];
                int i17 = 0;
                while (i17 < this.numMPCRounds) {
                    t tVar = new t(this);
                    tVarArr2[i17] = tVar;
                    byte[] bArr8 = bArr6;
                    int i18 = i17;
                    byte[] bArr9 = bArr7;
                    int i19 = i16;
                    createRandomTapes(tVar, uVarArr[i17].getLeaves(), uVarArr[i17].getLeavesOffset(), rVar.salt, i18);
                    if (contains(rVar.challengeC, this.numOpenedRounds, i18)) {
                        i9 = i18;
                        tVarArr = tVarArr2;
                        bArr2 = bArr9;
                        int i20 = rVar.challengeP[indexOf(rVar.challengeC, this.numOpenedRounds, i9)];
                        int i21 = i19;
                        int i22 = 0;
                        while (i22 < i21) {
                            if (i22 != i20) {
                                i11 = i21;
                                i12 = i22;
                                uVar2 = uVar3;
                                i13 = i20;
                                commit(bArr3[i9][i22], uVarArr[i9].getLeaf(i22), null, rVar.salt, i9, i12);
                            } else {
                                i11 = i21;
                                i12 = i22;
                                uVar2 = uVar3;
                                i13 = i20;
                            }
                            i22 = i12 + 1;
                            i20 = i13;
                            uVar3 = uVar2;
                            i21 = i11;
                        }
                        uVar = uVar3;
                        int i23 = i20;
                        int i24 = i21;
                        if (i24 != i23) {
                            i10 = i24;
                            commit(bArr3[i9][i24], uVarArr[i9].getLeaf(i24), rVar.proofs[i9].aux, rVar.salt, i9, i24);
                        } else {
                            i10 = i24;
                        }
                        System.arraycopy(rVar.proofs[i9].C, 0, bArr3[i9][i23], 0, this.digestSizeBytes);
                    } else {
                        tVarArr2[i18].computeAuxTape(null);
                        int i25 = i19;
                        int i26 = 0;
                        while (i26 < i25) {
                            commit(bArr3[i18][i26], uVarArr[i18].getLeaf(i26), null, rVar.salt, i18, i26);
                            i26++;
                            tVarArr2 = tVarArr2;
                            i25 = i25;
                        }
                        int i27 = i25;
                        i9 = i18;
                        tVarArr = tVarArr2;
                        getAuxBits(bArr9, tVarArr[i9]);
                        i10 = i27;
                        bArr2 = bArr9;
                        commit(bArr3[i9][i27], uVarArr[i9].getLeaf(i27), bArr9, rVar.salt, i9, i10);
                        uVar = uVar3;
                    }
                    i17 = i9 + 1;
                    tVarArr2 = tVarArr;
                    bArr7 = bArr2;
                    uVar3 = uVar;
                    bArr6 = bArr8;
                    i16 = i10;
                }
                int i28 = i16;
                t[] tVarArr3 = tVarArr2;
                u uVar7 = uVar3;
                byte[] bArr10 = bArr6;
                for (int i29 = 0; i29 < this.numMPCRounds; i29++) {
                    commit_h(bArr4[i29], bArr3[i29]);
                }
                int[] iArr5 = new int[this.stateSizeBits];
                int i30 = 0;
                while (true) {
                    int i31 = this.numMPCRounds;
                    if (i30 < i31) {
                        gVarArr[i30] = new g(this);
                        if (contains(rVar.challengeC, this.numOpenedRounds, i30)) {
                            int i32 = rVar.challengeP[indexOf(rVar.challengeC, this.numOpenedRounds, i30)];
                            int i33 = i28;
                            if (i32 != i33) {
                                tVarArr3[i30].setAuxBits(rVar.proofs[i30].aux);
                            }
                            System.arraycopy(rVar.proofs[i30].msgs, 0, gVarArr[i30].msgs[i32], 0, this.andSizeBytes);
                            org.bouncycastle.util.b.fill(tVarArr3[i30].tapes[i32], (byte) 0);
                            gVarArr[i30].unopened = i32;
                            byte[] bArr11 = new byte[this.stateSizeWords * 4];
                            byte[] bArr12 = rVar.proofs[i30].input;
                            System.arraycopy(bArr12, 0, bArr11, 0, bArr12.length);
                            int i34 = this.stateSizeWords;
                            int[] iArr6 = new int[i34];
                            org.bouncycastle.util.o.littleEndianToInt(bArr11, 0, iArr6, 0, i34);
                            i = i33;
                            if (simulateOnline(iArr6, tVarArr3[i30], iArr5, gVarArr[i30], iArr2, iArr) != 0) {
                                logger = LOG;
                                str = "MPC simulation failed for round " + i30 + ", signature invalid";
                                break;
                            }
                            commit_v(bArr5[i30], rVar.proofs[i30].input, gVarArr[i30]);
                        } else {
                            i = i28;
                            bArr5[i30] = null;
                        }
                        i30++;
                        i28 = i;
                    } else {
                        if (uVar7.addMerkleNodes(getMissingLeavesList(rVar.challengeC), i31 - this.numOpenedRounds, rVar.cvInfo, rVar.cvInfoLen) != 0 || (verifyMerkleTree = uVar7.verifyMerkleTree(bArr5, rVar.salt)) != 0) {
                            return -1;
                        }
                        HCP(bArr10, null, null, bArr4, uVar7.nodes[0], rVar.salt, iArr, iArr2, bArr);
                        if (subarrayEquals(rVar.challengeHash, bArr10, this.digestSizeBytes)) {
                            return verifyMerkleTree;
                        }
                        logger = LOG;
                        str = "Challenge does not match, signature invalid";
                    }
                }
            }
        }
        logger.fine(str);
        return -1;
    }

    private void wordToMsgs(int i, g gVar) {
        for (int i9 = 0; i9 < this.numMPCParties; i9++) {
            v.setBit(gVar.msgs[i9], gVar.pos, (byte) v.getBit(i, i9));
        }
        gVar.pos++;
    }

    private void xor_three(int[] iArr, int[] iArr2, int[] iArr3, int[] iArr4) {
        for (int i = 0; i < this.stateSizeWords; i++) {
            iArr[i] = (iArr2[i] ^ iArr3[i]) ^ iArr4[i];
        }
    }

    public void aux_mpc_sbox(int[] iArr, int[] iArr2, t tVar) {
        for (int i = 0; i < this.numSboxes * 3; i += 3) {
            int i9 = i + 2;
            int bitFromWordArray = v.getBitFromWordArray(iArr, i9);
            int i10 = i + 1;
            int bitFromWordArray2 = v.getBitFromWordArray(iArr, i10);
            int bitFromWordArray3 = v.getBitFromWordArray(iArr, i);
            int bitFromWordArray4 = v.getBitFromWordArray(iArr2, i9);
            int bitFromWordArray5 = v.getBitFromWordArray(iArr2, i10);
            aux_mpc_AND(bitFromWordArray, bitFromWordArray2, ((v.getBitFromWordArray(iArr2, i) ^ bitFromWordArray) ^ bitFromWordArray2) ^ bitFromWordArray3, tVar);
            aux_mpc_AND(bitFromWordArray2, bitFromWordArray3, bitFromWordArray4 ^ bitFromWordArray, tVar);
            aux_mpc_AND(bitFromWordArray3, bitFromWordArray, (bitFromWordArray5 ^ bitFromWordArray) ^ bitFromWordArray2, tVar);
        }
    }

    public void crypto_sign(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (picnic_sign(bArr3, bArr2, bArr)) {
            System.arraycopy(bArr2, 0, bArr, 4, bArr2.length);
        }
    }

    public void crypto_sign_keypair(byte[] bArr, byte[] bArr2, SecureRandom secureRandom) {
        int i = this.stateSizeWords;
        byte[] bArr3 = new byte[i * 4];
        byte[] bArr4 = new byte[i * 4];
        byte[] bArr5 = new byte[i * 4];
        picnic_keygen(bArr3, bArr4, bArr5, secureRandom);
        picnic_write_public_key(bArr4, bArr3, bArr);
        picnic_write_private_key(bArr5, bArr4, bArr3, bArr2);
    }

    public boolean crypto_sign_open(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        if (picnic_verify(bArr3, org.bouncycastle.util.b.copyOfRange(bArr2, 4, bArr.length + 4), bArr2, org.bouncycastle.util.o.littleEndianToInt(bArr2, 0)) == -1) {
            return false;
        }
        System.arraycopy(bArr2, 4, bArr, 0, bArr.length);
        return true;
    }

    public int getChallenge(byte[] bArr, int i) {
        return v.getCrumbAligned(bArr, i);
    }

    public int getPublicKeySize() {
        return this.CRYPTO_PUBLICKEYBYTES;
    }

    public int getSecretKeySize() {
        return this.CRYPTO_SECRETKEYBYTES;
    }

    public int getSignatureSize(int i) {
        return this.CRYPTO_BYTES + i;
    }

    public int getTrueSignatureSize() {
        return this.signatureLength;
    }

    public void matrix_mul(int[] iArr, int[] iArr2, int[] iArr3, int i) {
        matrix_mul_offset(iArr, 0, iArr2, 0, iArr3, i);
    }

    public void matrix_mul_offset(int[] iArr, int i, int[] iArr2, int i9, int[] iArr3, int i10) {
        int[] iArr4 = new int[16];
        int i11 = this.stateSizeWords;
        iArr4[i11 - 1] = 0;
        int i12 = this.stateSizeBits;
        int i13 = i12 / 32;
        int i14 = (i11 * 32) - i12;
        int bitPermuteStepSimple = d7.a.bitPermuteStepSimple(d7.a.bitPermuteStepSimple(d7.a.bitPermuteStepSimple((-1) >>> i14, 1431655765, 1), 858993459, 2), 252645135, 4);
        for (int i15 = 0; i15 < this.stateSizeBits; i15++) {
            int i16 = 0;
            for (int i17 = 0; i17 < i13; i17++) {
                i16 ^= iArr3[i10 + ((this.stateSizeWords * i15) + i17)] & iArr2[i9 + i17];
            }
            if (i14 > 0) {
                i16 ^= (iArr3[i10 + ((this.stateSizeWords * i15) + i13)] & iArr2[i9 + i13]) & bitPermuteStepSimple;
            }
            v.setBit(iArr4, i15, v.parity32(i16));
        }
        System.arraycopy(iArr4, 0, iArr, i, this.stateSizeWords);
    }

    public void mpc_AND_verify(int[] iArr, int[] iArr2, int[] iArr3, t tVar, w wVar, w wVar2) {
        byte bit = v.getBit(tVar.tapes[0], tVar.pos);
        byte bit2 = v.getBit(tVar.tapes[1], tVar.pos);
        int i = iArr[0];
        int i9 = iArr[1];
        int i10 = iArr2[0];
        int i11 = ((((i9 & i10) ^ (iArr2[1] & i)) ^ (i & i10)) ^ bit) ^ bit2;
        iArr3[0] = i11;
        v.setBit(wVar.communicatedBits, tVar.pos, (byte) i11);
        iArr3[1] = v.getBit(wVar2.communicatedBits, tVar.pos);
        tVar.pos++;
    }

    public void mpc_LowMC_verify(w wVar, w wVar2, t tVar, int[] iArr, int[] iArr2, int i) {
        org.bouncycastle.util.b.fill(iArr, 0, iArr.length, 0);
        mpc_xor_constant_verify(iArr, iArr2, 0, this.stateSizeWords, i);
        b KMatrix = this.lowmcConstants.KMatrix(this, 0);
        matrix_mul_offset(iArr, 0, wVar.inputShare, 0, KMatrix.getData(), KMatrix.getMatrixPointer());
        matrix_mul_offset(iArr, this.stateSizeWords, wVar2.inputShare, 0, KMatrix.getData(), KMatrix.getMatrixPointer());
        mpc_xor(iArr, iArr, 2);
        for (int i9 = 1; i9 <= this.numRounds; i9++) {
            b KMatrix2 = this.lowmcConstants.KMatrix(this, i9);
            matrix_mul_offset(iArr, 0, wVar.inputShare, 0, KMatrix2.getData(), KMatrix2.getMatrixPointer());
            matrix_mul_offset(iArr, this.stateSizeWords, wVar2.inputShare, 0, KMatrix2.getData(), KMatrix2.getMatrixPointer());
            mpc_substitution_verify(iArr, tVar, wVar, wVar2);
            int i10 = i9 - 1;
            b LMatrix = this.lowmcConstants.LMatrix(this, i10);
            int i11 = this.stateSizeWords;
            mpc_matrix_mul(iArr, i11 * 2, iArr, i11 * 2, LMatrix.getData(), LMatrix.getMatrixPointer(), 2);
            b RConstant = this.lowmcConstants.RConstant(this, i10);
            mpc_xor_constant_verify(iArr, RConstant.getData(), RConstant.getMatrixPointer(), this.stateSizeWords, i);
            mpc_xor(iArr, iArr, 2);
        }
        int i12 = this.stateSizeWords;
        System.arraycopy(iArr, i12 * 2, wVar.outputShare, 0, i12);
        int i13 = this.stateSizeWords;
        System.arraycopy(iArr, i13 * 3, wVar2.outputShare, 0, i13);
    }

    public void mpc_substitution_verify(int[] iArr, t tVar, w wVar, w wVar2) {
        int[] iArr2 = new int[2];
        int[] iArr3 = new int[2];
        int[] iArr4 = new int[2];
        int[] iArr5 = new int[2];
        int[] iArr6 = new int[2];
        int[] iArr7 = new int[2];
        int i = 0;
        while (i < this.numSboxes * 3) {
            for (int i9 = 0; i9 < 2; i9++) {
                int i10 = ((i9 + 2) * this.stateSizeWords * 32) + i;
                iArr2[i9] = v.getBitFromWordArray(iArr, i10 + 2);
                iArr3[i9] = v.getBitFromWordArray(iArr, i10 + 1);
                iArr4[i9] = v.getBitFromWordArray(iArr, i10);
            }
            int i11 = i;
            mpc_AND_verify(iArr2, iArr3, iArr5, tVar, wVar, wVar2);
            mpc_AND_verify(iArr3, iArr4, iArr6, tVar, wVar, wVar2);
            mpc_AND_verify(iArr4, iArr2, iArr7, tVar, wVar, wVar2);
            for (int i12 = 0; i12 < 2; i12++) {
                int i13 = ((i12 + 2) * this.stateSizeWords * 32) + i11;
                v.setBitInWordArray(iArr, i13 + 2, iArr2[i12] ^ iArr6[i12]);
                v.setBitInWordArray(iArr, i13 + 1, (iArr2[i12] ^ iArr3[i12]) ^ iArr7[i12]);
                v.setBitInWordArray(iArr, i13, ((iArr2[i12] ^ iArr3[i12]) ^ iArr4[i12]) ^ iArr5[i12]);
            }
            i = i11 + 3;
        }
    }

    public void prove(p pVar, int i, byte[] bArr, int i9, w[] wVarArr, byte[][] bArr2, byte[][] bArr3) {
        if (i == 0) {
            System.arraycopy(bArr, i9, pVar.seed1, 0, this.seedSizeBytes);
            int i10 = this.seedSizeBytes;
            System.arraycopy(bArr, i9 + i10, pVar.seed2, 0, i10);
        } else if (i == 1) {
            int i11 = this.seedSizeBytes;
            System.arraycopy(bArr, i9 + i11, pVar.seed1, 0, i11);
            int i12 = this.seedSizeBytes;
            System.arraycopy(bArr, (i12 * 2) + i9, pVar.seed2, 0, i12);
        } else {
            if (i != 2) {
                LOG.fine("Invalid challenge");
                throw new IllegalArgumentException("challenge");
            }
            int i13 = this.seedSizeBytes;
            System.arraycopy(bArr, (i13 * 2) + i9, pVar.seed1, 0, i13);
            System.arraycopy(bArr, i9, pVar.seed2, 0, this.seedSizeBytes);
        }
        if (i == 1 || i == 2) {
            System.arraycopy(wVarArr[2].inputShare, 0, pVar.inputShare, 0, this.stateSizeWords);
        }
        System.arraycopy(wVarArr[(i + 1) % 3].communicatedBits, 0, pVar.communicatedBits, 0, this.andSizeBytes);
        int i14 = (i + 2) % 3;
        System.arraycopy(bArr2[i14], 0, pVar.view3Commitment, 0, this.digestSizeBytes);
        if (this.transform == 1) {
            System.arraycopy(bArr3[i14], 0, pVar.view3UnruhG, 0, i == 0 ? this.UnruhGWithInputBytes : this.UnruhGWithoutInputBytes);
        }
    }

    public int serializeSignature(s sVar, byte[] bArr, int i) {
        p[] pVarArr = sVar.proofs;
        byte[] bArr2 = sVar.challengeBits;
        int numBytes = v.numBytes(this.numMPCRounds * 2) + 32;
        int i9 = this.numMPCRounds;
        int i10 = (((this.seedSizeBytes * 2) + this.stateSizeBytes + this.andSizeBytes + this.digestSizeBytes) * i9) + numBytes;
        if (this.transform == 1) {
            i10 += this.UnruhGWithoutInputBytes * i9;
        }
        if (this.CRYPTO_BYTES < i10) {
            return -1;
        }
        System.arraycopy(bArr2, 0, bArr, i, v.numBytes(i9 * 2));
        int numBytes2 = v.numBytes(this.numMPCRounds * 2) + i;
        System.arraycopy(sVar.salt, 0, bArr, numBytes2, 32);
        int i11 = numBytes2 + 32;
        for (int i12 = 0; i12 < this.numMPCRounds; i12++) {
            int challenge = getChallenge(bArr2, i12);
            System.arraycopy(pVarArr[i12].view3Commitment, 0, bArr, i11, this.digestSizeBytes);
            int i13 = i11 + this.digestSizeBytes;
            if (this.transform == 1) {
                int i14 = challenge == 0 ? this.UnruhGWithInputBytes : this.UnruhGWithoutInputBytes;
                System.arraycopy(pVarArr[i12].view3UnruhG, 0, bArr, i13, i14);
                i13 += i14;
            }
            System.arraycopy(pVarArr[i12].communicatedBits, 0, bArr, i13, this.andSizeBytes);
            int i15 = i13 + this.andSizeBytes;
            System.arraycopy(pVarArr[i12].seed1, 0, bArr, i15, this.seedSizeBytes);
            int i16 = this.seedSizeBytes;
            int i17 = i15 + i16;
            System.arraycopy(pVarArr[i12].seed2, 0, bArr, i17, i16);
            i11 = i17 + this.seedSizeBytes;
            if (challenge == 1 || challenge == 2) {
                org.bouncycastle.util.o.intToLittleEndian(pVarArr[i12].inputShare, 0, this.stateSizeWords, bArr, i11);
                i11 += this.stateSizeBytes;
            }
        }
        return i11 - i;
    }

    public boolean verifyProof(p pVar, w wVar, w wVar2, int i, byte[] bArr, int i9, byte[] bArr2, int[] iArr, t tVar) {
        boolean z;
        boolean z3;
        System.arraycopy(pVar.communicatedBits, 0, wVar2.communicatedBits, 0, this.andSizeBytes);
        tVar.pos = 0;
        if (i == 0) {
            z = true;
            boolean createRandomTape = createRandomTape(pVar.seed1, 0, bArr, i9, 0, bArr2, this.stateSizeBytes + this.andSizeBytes);
            org.bouncycastle.util.o.littleEndianToInt(bArr2, 0, wVar.inputShare);
            System.arraycopy(bArr2, this.stateSizeBytes, tVar.tapes[0], 0, this.andSizeBytes);
            z3 = createRandomTape && createRandomTape(pVar.seed2, 0, bArr, i9, 1, bArr2, this.stateSizeBytes + this.andSizeBytes);
            if (z3) {
                org.bouncycastle.util.o.littleEndianToInt(bArr2, 0, wVar2.inputShare);
                System.arraycopy(bArr2, this.stateSizeBytes, tVar.tapes[1], 0, this.andSizeBytes);
            }
        } else if (i == 1) {
            z = true;
            boolean createRandomTape2 = createRandomTape(pVar.seed1, 0, bArr, i9, 1, bArr2, this.stateSizeBytes + this.andSizeBytes);
            org.bouncycastle.util.o.littleEndianToInt(bArr2, 0, wVar.inputShare);
            System.arraycopy(bArr2, this.stateSizeBytes, tVar.tapes[0], 0, this.andSizeBytes);
            z3 = createRandomTape2 && createRandomTape(pVar.seed2, 0, bArr, i9, 2, tVar.tapes[1], this.andSizeBytes);
            if (z3) {
                System.arraycopy(pVar.inputShare, 0, wVar2.inputShare, 0, this.stateSizeWords);
            }
        } else {
            if (i != 2) {
                LOG.fine("Invalid Challenge!");
                LOG.fine("Failed to generate random tapes, signature verification will fail (but signature may actually be valid)");
                return false;
            }
            z = true;
            boolean createRandomTape3 = createRandomTape(pVar.seed1, 0, bArr, i9, 2, tVar.tapes[0], this.andSizeBytes);
            System.arraycopy(pVar.inputShare, 0, wVar.inputShare, 0, this.stateSizeWords);
            z3 = createRandomTape3 && createRandomTape(pVar.seed2, 0, bArr, i9, 0, bArr2, this.stateSizeBytes + this.andSizeBytes);
            if (z3) {
                org.bouncycastle.util.o.littleEndianToInt(bArr2, 0, wVar2.inputShare);
                System.arraycopy(bArr2, this.stateSizeBytes, tVar.tapes[1], 0, this.andSizeBytes);
            }
        }
        if (z3) {
            v.zeroTrailingBits(wVar.inputShare, this.stateSizeBits);
            v.zeroTrailingBits(wVar2.inputShare, this.stateSizeBits);
            mpc_LowMC_verify(wVar, wVar2, tVar, org.bouncycastle.util.o.littleEndianToInt(bArr2, 0, bArr2.length / 4), iArr, i);
            return z;
        }
        LOG.fine("Failed to generate random tapes, signature verification will fail (but signature may actually be valid)");
        return false;
    }

    public void xor_array(int[] iArr, int[] iArr2, int[] iArr3, int i) {
        for (int i9 = 0; i9 < this.stateSizeWords; i9++) {
            iArr[i9] = iArr2[i9] ^ iArr3[i9 + i];
        }
    }
}
