stateful decap API for ml-kem (#257)

Co-authored-by: Karthikeyan Bhargavan <[email protected]> Co-authored-by: Franziskus Kiefer <[email protected]>
cryspen · May 8, 2024 · ea8277d · ea8277d
1 parent 2947036
commit ea8277d
Show file tree

Hide file tree

Showing 21 changed files with 1,961 additions and 443 deletions.
diff --git a/benchmarks/benches/kyber768.rs b/benchmarks/benches/kyber768.rs
@@ -22,6 +22,14 @@ pub fn comparisons_key_generation(c: &mut Criterion) {
         })
     });
 
+    group.bench_function("libcrux portable unpacked (external random)", |b| {
+        b.iter(|| {
+            let mut seed = [0; 64];
+            rng.fill_bytes(&mut seed);
+            let _tuple = libcrux::kem::kyber::kyber768::generate_key_pair_unpacked(seed);
+        })
+    });
+
     group.bench_function("libcrux portable (HACL-DRBG)", |b| {
         b.iter(|| {
             let (_secret_key, _public_key) =
@@ -151,6 +159,27 @@ pub fn comparisons_decapsulation(c: &mut Criterion) {
         )
     });
 
+    group.bench_function("libcrux portable unpacked", |b| {
+        b.iter_batched(
+            || {
+                let mut seed = [0; 64];
+                OsRng.fill_bytes(&mut seed);
+                let (sk_state, pubkey) =
+                    libcrux::kem::kyber::kyber768::generate_key_pair_unpacked(seed);
+
+                let mut rand = [0; 32];
+                OsRng.fill_bytes(&mut rand);
+                let (ciphertext, _) = libcrux::kem::kyber::kyber768::encapsulate(&pubkey, rand);
+                (sk_state, ciphertext)
+            },
+            |(sk_state, ciphertext)| {
+                let _shared_secret =
+                    libcrux::kem::kyber::kyber768::decapsulate_unpacked(&sk_state, &ciphertext);
+            },
+            BatchSize::SmallInput,
+        )
+    });
+
     group.bench_function("pqclean reference implementation", |b| {
         b.iter_batched(
             || {

diff --git a/kyber-c.yaml b/kyber-c.yaml
@@ -2,18 +2,49 @@ files:
   - name: libcrux_digest
     api:
       - [libcrux, digest]
+      - [libcrux, digest, "*"]
     include_in_h:
       - '"libcrux_hacl_glue.h"'
+
   - name: libcrux_platform
     api:
       - [libcrux_platform]
-  - name: libcrux_kyber
+
+  - name: libcrux_kyber512
+    api:
+      - [libcrux_kyber, kyber512]
+    include_in_c:
+      - '"libcrux_hacl_glue.h"'
+
+  - name: libcrux_kyber768
     api:
       - [libcrux_kyber, kyber768]
+    include_in_c:
+      - '"libcrux_hacl_glue.h"'
+
+  - name: libcrux_kyber1024
+    api:
+      - [libcrux_kyber, kyber1024]
+    include_in_c:
+      - '"libcrux_hacl_glue.h"'
+
+  - name: libcrux_kyber_common
     private:
       - [libcrux_kyber, "*"]
-    include_in_c:
+    include_in_h:
       - '"libcrux_hacl_glue.h"'
+    inline_static: true
+
   - name: core
     private:
       - [core, "*"]
+    # NOTE: putting Eurydice in core prevent eurydice from detecting spurious calls
+    # across C translation units from Eurydice to core (notably related to the
+    # result type), and thus prevents eurydice from flipping some result types
+    # being public, which pollutes the header.
+    # NOTE: putting Eurydice as public (api) is required, since some compilation
+    # passes produce calls to Eurydice.slice_to_array2 *after* reachability
+    # analysis, meaning that we cannot let reachability analysis eliminate
+    # Eurydice definitions on an as-needed basis
+    api:
+      - [Eurydice, "*"]
diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch
diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch