From da043be8c74b50f3d9e55a7c5c79e2e35822a55e Mon Sep 17 00:00:00 2001 From: mamonet Date: Fri, 13 Sep 2024 20:27:54 +0000 Subject: [PATCH 01/20] Make ntt panic free --- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 64 +++++++++++++------ .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 12 ++-- .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/ntt.rs | 33 +++++++++- 4 files changed, 85 insertions(+), 25 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 139ad22c3..ad3c98c01 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -26,6 +26,10 @@ let ntt_layer_int_vec_step in a, b <: (v_Vector & v_Vector) +let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + admit() + let ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -35,15 +39,16 @@ let ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round * 4) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -51,6 +56,12 @@ let ntt_at_layer_1_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1); + zetas_b_lemma (v zeta_i + 2); + zetas_b_lemma (v zeta_i + 3) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -96,15 +107,16 @@ let ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round * 2) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -112,6 +124,10 @@ let ntt_at_layer_2_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -149,15 +165,16 @@ let ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -165,6 +182,7 @@ let ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -188,6 +206,8 @@ let ntt_at_layer_3_ let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#push-options "--z3rlimit 200" + let ntt_at_layer_4_plus (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -197,30 +217,31 @@ let ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) = - let _:Prims.unit = - if true - then - let _:Prims.unit = Hax_lib.v_assert (layer >=. sz 4 <: bool) in - () - in let step:usize = sz 1 <>! layer <: usize) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in + let _:Prims.unit = + assert (v round < 8); + assert (v step >= 16 /\ v step <= 128); + assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) + in let zeta_i:usize = zeta_i +! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in + let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = @@ -234,6 +255,7 @@ let ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in let x, y:(v_Vector & v_Vector) = ntt_layer_int_vec_step #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -275,6 +297,8 @@ let ntt_at_layer_4_plus let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#pop-options + let ntt_at_layer_7_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -396,6 +420,8 @@ let ntt_binomially_sampled_ring_element in re +#push-options "--z3rlimit 200" + let ntt_vector_u (v_VECTOR_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -454,3 +480,5 @@ let ntt_vector_u (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in re + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 2e535adc9..de7c54c07 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -14,7 +14,9 @@ val ntt_layer_int_vec_step {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) - : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (v_Vector & v_Vector) + (requires Spec.Utils.is_i16b 3328 zeta_r) + (fun _ -> Prims.l_True) val ntt_at_layer_1_ (#v_Vector: Type0) @@ -23,7 +25,7 @@ val ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i < 64) (fun _ -> Prims.l_True) val ntt_at_layer_2_ @@ -33,7 +35,7 @@ val ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i < 96) (fun _ -> Prims.l_True) val ntt_at_layer_3_ @@ -43,7 +45,7 @@ val ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i < 112) (fun _ -> Prims.l_True) val ntt_at_layer_4_plus @@ -53,7 +55,7 @@ val ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v layer >= 4 /\ v layer <= 7 /\ v zeta_i + v (sz 128 >>! layer) < 128) (fun _ -> Prims.l_True) val ntt_at_layer_7_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 25b90a266..9cc09ff9e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -2,7 +2,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ - Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index d33d9c077..937715878 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -5,16 +5,26 @@ use crate::{ }; #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + admit()"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} < 64"))] pub(crate) fn ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4") }); *zeta_i += 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1); + zetas_b_lemma (v zeta_i + 2); + zetas_b_lemma (v zeta_i + 3)"); re.coefficients[round] = Vector::ntt_layer_1_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -28,16 +38,21 @@ pub(crate) fn ntt_at_layer_1( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} < 96"))] pub(crate) fn ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2") }); *zeta_i += 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1)"); re.coefficients[round] = Vector::ntt_layer_2_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -49,16 +64,20 @@ pub(crate) fn ntt_at_layer_2( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} < 112"))] pub(crate) fn ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); *zeta_i += 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); } @@ -66,6 +85,7 @@ pub(crate) fn ntt_at_layer_3( } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r"))] fn ntt_layer_int_vec_step( mut a: Vector, mut b: Vector, @@ -76,26 +96,36 @@ fn ntt_layer_int_vec_step( a = Vector::add(a, &t); (a, b) } + #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ + v ${*zeta_i} + v (sz 128 >>! $layer) < 128"))] pub(crate) fn ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, layer: usize, _initial_coefficient_bound: usize, ) { - debug_assert!(layer >= 4); let step = 1 << layer; + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); + hax_lib::fstar!("assert (v $round < 8); + assert (v $step >= 16 /\\ v $step <= 128); + assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i += 1; let offset = round * step * 2; + hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / 16; //FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / 16; //FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); let (x, y) = ntt_layer_int_vec_step( re.coefficients[j], re.coefficients[j + step_vec], @@ -141,6 +171,7 @@ pub(crate) fn ntt_binomially_sampled_ring_element( } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] pub(crate) fn ntt_vector_u( re: &mut PolynomialRingElement, ) { From 275e832d75ea7dd767196514e0934384e4935b84 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 14 Sep 2024 13:59:57 +0000 Subject: [PATCH 02/20] Make Invert_ntt panic free --- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 64 +++++++++++++++---- .../extraction/Libcrux_ml_kem.Invert_ntt.fsti | 16 +++-- .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/invert_ntt.rs | 36 +++++++++++ 4 files changed, 99 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 9ebede517..9158d0676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -29,6 +29,10 @@ let inv_ntt_layer_int_vec_step_reduce let b:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector a_minus_b zeta_r in a, b <: (v_Vector & v_Vector) +let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + admit() + let invert_ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -38,15 +42,16 @@ let invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round * 4) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -54,6 +59,12 @@ let invert_ntt_at_layer_1_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1); + zetas_b_lemma (v zeta_i - 2); + zetas_b_lemma (v zeta_i - 3) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -99,15 +110,16 @@ let invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round * 2) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -115,6 +127,10 @@ let invert_ntt_at_layer_2_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -152,15 +168,16 @@ let invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -168,6 +185,7 @@ let invert_ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -191,6 +209,8 @@ let invert_ntt_at_layer_3_ let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#push-options "--z3rlimit 200" + let invert_ntt_at_layer_4_plus (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -201,23 +221,30 @@ let invert_ntt_at_layer_4_plus (layer: usize) = let step:usize = sz 1 <>! layer <: usize) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in + let _:Prims.unit = + assert (v round < 8); + assert (v step >= 16 /\ v step <= 128); + assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) + in let zeta_i:usize = zeta_i -! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in + let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in @@ -233,6 +260,13 @@ let invert_ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in + let _:Prims.unit = + assume (Spec.Utils.is_i16b_array 28296 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add + re.f_coefficients.[ j ] + re.f_coefficients.[ j +! step_vec ]))) + in let x, y:(v_Vector & v_Vector) = inv_ntt_layer_int_vec_step_reduce #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -274,6 +308,10 @@ let invert_ntt_at_layer_4_plus let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#pop-options + +#push-options "--z3rlimit 200" + let invert_ntt_montgomery (v_K: usize) (#v_Vector: Type0) @@ -332,3 +370,5 @@ let invert_ntt_montgomery (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in re + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index ffe255831..020305bba 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -14,7 +14,12 @@ val inv_ntt_layer_int_vec_step_reduce {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) - : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (v_Vector & v_Vector) + (requires + Spec.Utils.is_i16b 3328 zeta_r /\ + Spec.Utils.is_i16b_array 28296 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add a b))) + (fun _ -> Prims.l_True) val invert_ntt_at_layer_1_ (#v_Vector: Type0) @@ -23,7 +28,7 @@ val invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i >= 64 && v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_at_layer_2_ @@ -33,7 +38,7 @@ val invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i >= 32 && v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_at_layer_3_ @@ -43,7 +48,7 @@ val invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i >= 16 && v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_at_layer_4_plus @@ -53,7 +58,8 @@ val invert_ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + v layer >= 4 /\ v layer <= 7 /\ v zeta_i - v (sz 128 >>! layer) >= 0 /\ v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_montgomery diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 9cc09ff9e..ffd0bb60c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,7 +1,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 12b60f3cf..196dd42d1 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -5,15 +5,25 @@ use crate::{ }; #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + admit()"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} >= 64 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4") }); *zeta_i -= 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1); + zetas_b_lemma (v zeta_i - 2); + zetas_b_lemma (v zeta_i - 3)"); re.coefficients[round] = Vector::inv_ntt_layer_1_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -27,15 +37,20 @@ pub(crate) fn invert_ntt_at_layer_1( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} >= 32 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2") }); *zeta_i -= 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1)"); re.coefficients[round] = Vector::inv_ntt_layer_2_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -47,15 +62,19 @@ pub(crate) fn invert_ntt_at_layer_2( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} >= 16 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); *zeta_i -= 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::inv_ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); } @@ -63,6 +82,9 @@ pub(crate) fn invert_ntt_at_layer_3( } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r /\\ + Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array + (Libcrux_ml_kem.Vector.Traits.f_add $a $b))"))] pub(crate) fn inv_ntt_layer_int_vec_step_reduce( mut a: Vector, mut b: Vector, @@ -73,7 +95,11 @@ pub(crate) fn inv_ntt_layer_int_vec_step_reduce( b = montgomery_multiply_fe::(a_minus_b, zeta_r); (a, b) } + #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ + v ${*zeta_i} - v (sz 128 >>! $layer) >= 0 /\\ v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, @@ -81,16 +107,25 @@ pub(crate) fn invert_ntt_at_layer_4_plus( ) { let step = 1 << layer; + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); + hax_lib::fstar!("assert (v $round < 8); + assert (v $step >= 16 /\\ v $step <= 128); + assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i -= 1; let offset = round * step * 2; + hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); + hax_lib::fstar!("assume (Spec.Utils.is_i16b_array 28296 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add re.f_coefficients.[j] re.f_coefficients.[j +! step_vec])))"); let (x, y) = inv_ntt_layer_int_vec_step_reduce( re.coefficients[j], re.coefficients[j + step_vec], @@ -104,6 +139,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus( } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] pub(crate) fn invert_ntt_montgomery( re: &mut PolynomialRingElement, ) { From d48d4d697507df5e20291a686cb910899981d1b0 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 25 Sep 2024 09:17:14 +0000 Subject: [PATCH 03/20] Make ind_cpar.rs panic-free --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 20 +++++------ .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 11 ++++--- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 2 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 33 ++++++++++--------- libcrux-ml-kem/src/invert_ntt.rs | 2 +- libcrux-ml-kem/src/ntt.rs | 2 +- 7 files changed, 37 insertions(+), 35 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 5bb6b9214..61940c321 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -297,8 +297,6 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = result in out -#push-options "--admit_smt_queries true" - let deserialize_then_decompress_u (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -357,9 +355,9 @@ let deserialize_then_decompress_u in u_as_ntt) in - u_as_ntt - -#pop-options + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_secret_key (v_K: usize) @@ -410,7 +408,7 @@ let deserialize_secret_key let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 200" let serialize_secret_key (v_K v_OUT_LEN: usize) @@ -467,7 +465,9 @@ let serialize_secret_key <: t_Array u8 v_OUT_LEN) in - out + let result:t_Array u8 v_OUT_LEN = out in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options @@ -544,8 +544,6 @@ let serialize_public_key let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let decrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) @@ -577,8 +575,6 @@ let decrypt_unpacked in Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message -#pop-options - let decrypt (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) @@ -610,7 +606,7 @@ let decrypt let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 200" let encrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 11fd6f8e5..3cfd73dbb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -221,7 +221,8 @@ val decrypt_unpacked (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ - v v_VECTOR_U_ENCODED_SIZE <= v v_CIPHERTEXT_SIZE) + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K) (fun _ -> Prims.l_True) val decrypt @@ -293,10 +294,12 @@ val encrypt_unpacked v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ - v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ + v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_LEN == Spec.MLKEM.v_C2_SIZE v_K /\ v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ - v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\ - v (Core.Slice.impl__len #u8 randomness) <= 33) + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE) (fun _ -> Prims.l_True) val encrypt diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 1d5eac9f3..eaa498a6a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -30,7 +30,7 @@ let inv_ntt_layer_int_vec_step_reduce a, b <: (v_Vector & v_Vector) let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = admit() let invert_ntt_at_layer_1_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 994ab8eb2..99a4f437a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -27,7 +27,7 @@ let ntt_layer_int_vec_step a, b <: (v_Vector & v_Vector) let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = admit() let ntt_at_layer_1_ diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index e00498e93..73539b09a 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -121,7 +121,8 @@ pub(crate) fn serialize_public_key_mut< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| @@ -461,17 +462,19 @@ fn compress_then_serialize_u< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ - v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\\ - v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\\ - v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\\ - v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\\ - v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\\ - v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\\ - v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\\ - v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\\ - v (${randomness.len()}) <= 33"))] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ + $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ + $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_LEN == Spec.MLKEM.v_C2_SIZE $K /\\ + $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -630,7 +633,7 @@ pub(crate) fn encrypt< /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] @@ -704,11 +707,11 @@ fn deserialize_secret_key( /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ - v $VECTOR_U_ENCODED_SIZE <= v $CIPHERTEXT_SIZE"))] + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K"))] pub(crate) fn decrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 9bcf07354..4db09d55d 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -6,7 +6,7 @@ use crate::{ #[inline(always)] #[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = admit()"))] #[hax_lib::requires(fstar!("v ${*zeta_i} >= 64 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_1( diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index aebcafde5..4107d8034 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -6,7 +6,7 @@ use crate::{ #[inline(always)] #[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = admit()"))] #[hax_lib::requires(fstar!("v ${*zeta_i} < 64"))] pub(crate) fn ntt_at_layer_1( From 2de5cca5ba4c18b8763e29bb49c0a777b3e441b9 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 25 Sep 2024 16:02:05 +0000 Subject: [PATCH 04/20] Update ind_cpa and matrix --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 70 ++++++++++--------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 34 +++++++-- .../extraction/Libcrux_ml_kem.Matrix.fsti | 10 ++- libcrux-ml-kem/src/ind_cpa.rs | 20 +++++- libcrux-ml-kem/src/matrix.rs | 10 ++- 5 files changed, 97 insertions(+), 47 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 61940c321..d10041393 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -421,49 +421,51 @@ let serialize_secret_key let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Folds.fold_enumerated_slice key - (fun out temp_1_ -> + (fun out i -> let out:t_Array u8 v_OUT_LEN = out in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key (v i))) out (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (out.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + let out:t_Array u8 v_OUT_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize + } <: - usize - } + Core.Ops.Range.t_Range usize ] <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Array u8 v_OUT_LEN) + t_Slice u8) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re + <: + t_Slice u8) + <: + t_Slice u8) + in + out) in let result:t_Array u8 v_OUT_LEN = out in let _:Prims.unit = admit () (* Panic freedom *) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 3cfd73dbb..34b5b8ade 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -143,7 +143,11 @@ val serialize_secret_key {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (t_Array u8 v_OUT_LEN) - (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) + (requires + Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key i))) (ensures fun res -> let res:t_Array u8 v_OUT_LEN = res in @@ -163,7 +167,10 @@ val serialize_public_key_mut (requires Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32) + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i))) (ensures fun serialized_future -> let serialized_future:t_Array u8 v_PUBLIC_KEY_SIZE = serialized_future in @@ -183,7 +190,10 @@ val serialize_public_key (requires Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32) + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i))) (ensures fun res -> let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in @@ -379,7 +389,23 @@ val generate_keypair_unpacked Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ length key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun temp_0_ -> + let private_key_future, public_key_future:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked + v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + temp_0_ + in + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key_future + .f_secret_as_ntt + i)) /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future + .f_t_as_ntt + i))) val generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 6947cb795..0520e4a48 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -54,7 +54,7 @@ val compute_ring_element_v let res_spec = to_spec_poly_t res in res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #v_K tt_spec r_spec) e2_spec) - m_spec)) + m_spec) /\ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res) /// Compute u := InvertNTT(Aᵀ ◦ r\u{302}) + e₁ val compute_vector_u @@ -75,7 +75,10 @@ val compute_vector_u let e_spec = to_spec_vector_t error_1_ in let res_spec = to_spec_vector_t res in res_spec == - Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec)) + Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index res i))) /// The following functions compute various expressions involving /// vectors and matrices. The computation of these expressions has been @@ -99,7 +102,8 @@ val compute_message let v_spec = to_spec_poly_t v in to_spec_poly_t res == Spec.MLKEM.(poly_sub v_spec - (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec)))) + (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec))) /\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res) val sample_matrix_A (v_K: usize) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 73539b09a..1dcb0d4c1 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -64,7 +64,9 @@ use unpacked::*; #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ - length $seed_for_a == sz 32"))] + length $seed_for_a == sz 32 /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))] #[hax_lib::ensures(|res| fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt)) @@ -94,7 +96,9 @@ pub(crate) fn serialize_public_key< #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ - length $seed_for_a == sz 32"))] + length $seed_for_a == sz 32 /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))] #[hax_lib::ensures(|res| fstar!("${serialized}_future == Seq.append (Spec.MLKEM.vector_encode_12 #$K @@ -124,7 +128,9 @@ pub(crate) fn serialize_public_key_mut< #[hax_lib::fstar::options("--z3rlimit 200")] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ - $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] + $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key i))"))] #[hax_lib::ensures(|res| fstar!("$res == Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)") @@ -136,6 +142,8 @@ pub(crate) fn serialize_secret_key + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key (v $i))") }); out[i * BYTES_PER_RING_ELEMENT..(i + 1) * BYTES_PER_RING_ELEMENT] .copy_from_slice(&serialize_uncompressed_ring_element(&re)); } @@ -291,6 +299,12 @@ fn sample_vector_cbd_then_ntt_out< $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))] +#[hax_lib::ensures(|_| fstar!(" + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${public_key}_future.f_t_as_ntt i)) +"))] pub(crate) fn generate_keypair_unpacked< const K: usize, const ETA1: usize, diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index fb15a7e99..881c86d4f 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -53,7 +53,8 @@ pub(crate) fn sample_matrix_A( v: &PolynomialRingElement, @@ -84,7 +85,8 @@ pub(crate) fn compute_message( let e2_spec = to_spec_poly_t $error_2 in let m_spec = to_spec_poly_t $message in let res_spec = to_spec_poly_t $res in - res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec)") + res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec) /\\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res") )] pub(crate) fn compute_ring_element_v( t_as_ntt: &[PolynomialRingElement; K], @@ -115,7 +117,9 @@ pub(crate) fn compute_ring_element_v( let r_spec = to_spec_vector_t $r_as_ntt in let e_spec = to_spec_vector_t $error_1 in let res_spec = to_spec_vector_t $res in - res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec)") + res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $res i))") )] pub(crate) fn compute_vector_u( a_as_ntt: &[[PolynomialRingElement; K]; K], From 772653d17c2e324ae37ff2c021cd6756e2978b5c Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 25 Sep 2024 16:39:14 +0000 Subject: [PATCH 05/20] Update serialize.rs --- .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst | 6 +++++- .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti | 7 ++++++- libcrux-ml-kem/src/serialize.rs | 5 +++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 3d92db16f..3d527ad48 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -820,7 +820,11 @@ let deserialize_ring_elements_reduced_out let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = deserialize_ring_elements_reduced v_K #v_Vector public_key deserialized_pk in - deserialized_pk + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + deserialized_pk + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_to_uncompressed_ring_element (#v_Vector: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index 2d1d64184..129fd3ced 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -212,7 +212,12 @@ val deserialize_ring_elements_reduced_out (requires Spec.MLKEM.is_rank v_K /\ Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + forall (i: nat). i < v v_K ==> coefficients_field_modulus_range (Seq.index result i)) val deserialize_to_uncompressed_ring_element (#v_Vector: Type0) diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index c8aa0a6f1..9e059baf7 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -135,10 +135,15 @@ fn deserialize_to_reduced_ring_element( /// /// This function MUST NOT be used on secret inputs. #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires( fstar!("Spec.MLKEM.is_rank v_K /\\ Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)") )] +#[hax_lib::ensures(|result| + fstar!("forall (i:nat). i < v $K ==> + coefficients_field_modulus_range (Seq.index $result i)") +)] pub(super) fn deserialize_ring_elements_reduced_out< const K: usize, Vector: Operations, From 89cc0d57afcaa654ba29bf5a8ad2b48414de5b6d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 26 Sep 2024 11:05:35 +0200 Subject: [PATCH 06/20] wip --- Cargo.lock | 10 +++++----- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst | 2 ++ ...ux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 2 ++ ...rux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst | 2 ++ ...ux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 2 ++ ...ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst | 2 ++ ...l_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst | 2 ++ ...Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti | 2 ++ .../Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 1 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 1 + .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 1 + .../Libcrux_ml_kem.Vector.Neon.Serialize.fsti | 1 + 35 files changed, 51 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e09691d28..1384219f6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" +source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" +source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" +source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72" dependencies = [ "proc-macro2", "quote", @@ -889,9 +889,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.158" +version = "0.2.159" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" +checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5" [[package]] name = "libcrux" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst index eb61caf4a..d1d2f4389 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti index 8bfe18d17..262eebc4e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index aa7ed17dd..c5f3a6c69 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index e9318afb7..2d0031d3b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst index 8efcffac2..930ccd9aa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti index 439a0aa0c..89e95e7d4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index c3b934ab1..dca261dd4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index cb0a837dd..e244a6ece 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst index 34e9c1232..a866771ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti index 104a43991..074e3d77e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 0b6792e08..333f8fbbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 38a2b4ebf..b62f5b8f2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst index ffac6fd7d..f7f20bea3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index 49c1dbd11..23a9ceb02 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst index d6f64c7c4..561f10648 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index fcf1e160b..57a9fbcbf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst index 8f88b6c36..acfa9cb43 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index 819b8ca9b..57f7005f1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst index f9b6fbea2..666bc08a2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index 4587380a4..1751d34e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst index 66e80f606..a46c591a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index 5e2097b02..8526e6637 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst index 663560c06..1cdaff422 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 50cd5de83..f4f9bd770 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst index b61a81021..9d4c2330b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 6a568c323..c337caec7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst index 34abe3ab9..4473ed5a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 69be1a61e..272b816b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst index 4a0e3212a..f5ca7487b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index b3944bd97..9a7f4ddd5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 2ebd27fbd..cbcca6519 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let deserialize_1_ (bytes: t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index 259bbee63..38500864f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1_ (bytes: t_Slice u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 27e5827cd..5fddc0daa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let deserialize_1_ (a: t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti index 5e9cf2737..0edca8f25 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1_ (a: t_Slice u8) From ebbbcbd22f7ac6dcc174bc11ac0f97506d2cb6cb Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 28 Sep 2024 12:49:21 +0200 Subject: [PATCH 07/20] proofs --- .../Libcrux_ml_kem.Vector.Avx2.fsti | 4 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 66 ++++++-- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 36 ++-- .../Libcrux_ml_kem.Vector.Portable.fst | 50 +++++- .../Libcrux_ml_kem.Vector.Portable.fsti | 158 +++++++++++------- .../Libcrux_ml_kem.Vector.Traits.fsti | 2 +- .../proofs/fstar/spec/Spec.Utils.fst | 4 +- libcrux-ml-kem/src/vector/avx2.rs | 4 +- libcrux-ml-kem/src/vector/portable.rs | 104 +++++++++--- libcrux-ml-kem/src/vector/portable/ntt.rs | 95 ++++++----- libcrux-ml-kem/src/vector/traits.rs | 4 +- 11 files changed, 364 insertions(+), 163 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 0a135cf42..ed5b74a59 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -406,8 +406,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); + Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs)); f_ntt_multiply_post = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 16b31ced7..0592fca44 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -173,18 +173,24 @@ let inv_ntt_layer_3_step #pop-options -#push-options "--z3rlimit 200 --split_queries always --query_stats" +#push-options "--z3rlimit 250 --split_queries always --query_stats --ext context_prune" let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) - (i j: usize) + (i: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in - let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in - let aj:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in - let bj:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in + let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in + let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in + let aj:i16 = + a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize + ] + in + let bj:i16 = + b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize + ] + in let _:Prims.unit = assert (Spec.Utils.is_i16b 3328 ai); assert (Spec.Utils.is_i16b 3328 bi); @@ -211,6 +217,8 @@ let ntt_multiply_binomials (v ai_bi_aj_bj * 169) % 3329; ( == ) { assert (v ai_bi_aj_bj == v ai_bi + v aj_bj_zeta) } ((v ai_bi + v aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v ai_bi == v ai * v bi) } + (((v ai * v bi) + v aj_bj_zeta) * 169) % 3329; ( == ) { assert (v aj_bj_zeta == v aj_bj * v zeta) } (((v ai * v bi) + (v aj_bj * v zeta)) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } @@ -241,6 +249,20 @@ let ntt_multiply_binomials let _:Prims.unit = assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 3328) ai_bj_aj_bi) in let _:Prims.unit = assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15) in let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bj_aj_bi in + let _:Prims.unit = + calc ( == ) { + v o1 % 3329; + ( == ) { () } + (v ai_bj_aj_bi * 169) % 3329; + ( == ) { assert (v ai_bj_aj_bi == v ai_bj + v aj_bi) } + ((v ai_bj + v aj_bi) * 169) % 3329; + ( == ) { assert (v ai_bj == v ai * v bj) } + ((v ai * v bj + v aj_bi) * 169) % 3329; + ( == ) { assert (v aj_bi == v aj * v bi) } + ((v ai * v bj + v aj * v bi) * 169) % 3329; + } + in + let v__out0:t_Array i16 (sz 16) = out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with @@ -248,7 +270,7 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i + (sz 2 *! i <: usize) o0 } <: @@ -261,12 +283,19 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - j + ((sz 2 *! i <: usize) +! sz 1 <: usize) o1 } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (Seq.index out.f_elements (2 * v i) == o0); + assert (Seq.index out.f_elements (2 * v i + 1) == o1); + assert (Spec.Utils.is_i16b_array 3328 out.f_elements); + assert (forall k. + (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index v__out0 k) + in let _:Prims.unit = admit () in out @@ -432,30 +461,35 @@ let ntt_multiply let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta0 (sz 0) (sz 1) out + ntt_multiply_binomials lhs rhs zeta0 (sz 0) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta0 (sz 2) (sz 3) out + ntt_multiply_binomials lhs rhs nzeta0 (sz 1) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta1 (sz 4) (sz 5) out + ntt_multiply_binomials lhs rhs zeta1 (sz 2) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta1 (sz 6) (sz 7) out + ntt_multiply_binomials lhs rhs nzeta1 (sz 3) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta2 (sz 8) (sz 9) out + ntt_multiply_binomials lhs rhs zeta2 (sz 4) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta2 (sz 10) (sz 11) out + ntt_multiply_binomials lhs rhs nzeta2 (sz 5) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta3 (sz 12) (sz 13) out + ntt_multiply_binomials lhs rhs zeta3 (sz 6) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta3 (sz 14) (sz 15) out + ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 344545f74..2608d7a54 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -56,6 +56,8 @@ val inv_ntt_layer_3_step let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in Spec.Utils.is_i16b_array 3328 result.f_elements) +[@@ "opaque_to_smt"] + /// Compute the product of two Kyber binomials with respect to the /// modulus `X² - zeta`. /// This function almost implements Algorithm 11 of the @@ -75,33 +77,27 @@ val inv_ntt_layer_3_step val ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) - (i j: usize) + (i: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires - v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ - Spec.Utils.is_i16b_array 3228 a.f_elements /\ Spec.Utils.is_i16b_array 3228 b.f_elements) + v i < 8 /\ Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 a.f_elements /\ + Spec.Utils.is_i16b_array 3328 b.f_elements /\ Spec.Utils.is_i16b_array 3328 out.f_elements) (ensures fun out_future -> let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in - Spec.Utils.is_i16b_array 3328 out.f_elements /\ + Spec.Utils.is_i16b_array 3328 out_future.f_elements /\ (forall k. - (k <> v i /\ k <> v j) ==> + (k < 2 * v i \/ k > 2 * v i + 1) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ - (let ai = Seq.index a.f_elements (v i) in - let aj = Seq.index a.f_elements (v j) in - let bi = Seq.index b.f_elements (v i) in - let bj = Seq.index b.f_elements (v j) in - let oi = Seq.index out_future.f_elements (v i) in - let oj = Seq.index out_future.f_elements (v j) in - let x, y = - Spec.MLKEM.Math.poly_base_case_multiply (v ai % 3329) - (v aj % 3329) - (v bi % 3329) - (v bj % 3329) - ((v zeta * 169) % 3329) - in - ((x * 169) % 3329 == v oi % 3329) /\ (y * 169) % 3329 == v oj % 3329)) + (let ai = Seq.index a.f_elements (2 * v i) in + let aj = Seq.index a.f_elements (2 * v i + 1) in + let bi = Seq.index b.f_elements (2 * v i) in + let bj = Seq.index b.f_elements (2 * v i + 1) in + let oi = Seq.index out_future.f_elements (2 * v i) in + let oj = Seq.index out_future.f_elements (2 * v i + 1) in + ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))) val ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -162,7 +158,7 @@ val ntt_multiply (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 lhs.f_elements /\ Spec.Utils.is_i16b_array 3228 rhs.f_elements + Spec.Utils.is_i16b_array 3328 lhs.f_elements /\ Spec.Utils.is_i16b_array 3328 rhs.f_elements ) (ensures fun result -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst index dbd72c7e0..0ca12f7ff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -10,6 +10,50 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--z3rlimit 300" +let deserialize_11_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a -#pop-options +let deserialize_5_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a + +let serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a + +let serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a + +let deserialize_1_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a + +let deserialize_10_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a + +let deserialize_12_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a + +let deserialize_4_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a + +let serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a + +let serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a + +let serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a + +let serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 2c4690115..064561e44 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -30,7 +30,91 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } -#push-options "--z3rlimit 200" +val deserialize_11_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 22) + (fun _ -> Prims.l_True) + +val deserialize_5_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 10) + (fun _ -> Prims.l_True) + +val serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_1_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 2) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)) + +val deserialize_10_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 20) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)) + +val deserialize_12_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 24) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)) + +val deserialize_4_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 8) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)) + +val serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 2)) + (requires Spec.MLKEM.serialize_pre 1 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 2) = out in + Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr a) out) + +val serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 20)) + (requires Spec.MLKEM.serialize_pre 10 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 20) = out in + Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 10 (impl.f_repr a) out) + +val serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 24)) + (requires Spec.MLKEM.serialize_pre 12 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 24) = out in + Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 12 (impl.f_repr a) out) + +val serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 8)) + (requires Spec.MLKEM.serialize_pre 4 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 8) = out in + Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 4 (impl.f_repr a) out) + +#push-options "--z3rlimit 400 --split_queries always" [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations @@ -453,8 +537,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); + Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs)); f_ntt_multiply_post = (fun @@ -492,23 +576,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 1 (impl.f_repr a) out); f_serialize_1_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = - assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) - in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a); f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); f_deserialize_1_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)); - f_deserialize_1_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); + f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a); f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -523,23 +597,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 4 (impl.f_repr a) out); f_serialize_4_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = - assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) - in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a); f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); f_deserialize_4_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)); - f_deserialize_4_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); + f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a); f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -552,15 +616,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = true); f_serialize_5_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a); f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10); f_deserialize_5_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_deserialize_5_ - = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a); + f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a); f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -575,22 +636,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 10 (impl.f_repr a) out); f_serialize_10_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a); f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20); f_deserialize_10_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)); - f_deserialize_10_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in - let _:Prims.unit = - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a - in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); + f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a); f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -603,15 +655,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = true); f_serialize_11_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a); f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22); f_deserialize_11_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_deserialize_11_ - = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a); + f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a); f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -626,22 +675,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 12 (impl.f_repr a) out); f_serialize_12_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a); f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24); f_deserialize_12_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)); - f_deserialize_12_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in - let _:Prims.unit = - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a - in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); + f_deserialize_12_ = (fun (a: t_Slice u8) -> deserialize_12_ a); f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index e2a2bbbe4..cb32321d0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -271,7 +271,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3228 (f_repr rhs) ==> + Spec.Utils.is_i16b_array 3328 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3328 (f_repr rhs) ==> pred }; f_ntt_multiply_post: lhs: v_Self -> diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index bfa2fcd9a..516901137 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -188,7 +188,9 @@ let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) - (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) + (ensures (range (v n1 * v n2) i32_inttype /\ + is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)) /\ + v ((cast n1 <: i32) *! (cast n2 <: i32)) == v n1 * v n2)) let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) = if v n1 = 0 || v n2 = 0 diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 907f14ecd..ade993f68 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -237,8 +237,8 @@ impl Operations for SIMD256Vector { #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 0c1d07d1e..b8e46b460 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -10,7 +10,6 @@ use arithmetic::*; use compress::*; use ntt::*; use sampling::*; -use serialize::*; use vector_type::*; pub(crate) use vector_type::PortableVector; @@ -22,7 +21,88 @@ impl crate::vector::traits::Repr for PortableVector { } } -#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 200""#)] +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] +fn serialize_1(a: PortableVector) -> [u8; 2] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); + serialize::serialize_1(a) +} + +#[hax_lib::requires(a.len() == 2)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] +fn deserialize_1(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a"); + serialize::deserialize_1(a) +} + +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] +fn serialize_4(a: PortableVector) -> [u8; 8] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); + serialize::serialize_4(a) +} + +#[hax_lib::requires(a.len() == 8)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] +fn deserialize_4(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a"); + serialize::deserialize_4(a) +} + +fn serialize_5(a: PortableVector) -> [u8; 10] { + serialize::serialize_5(a) +} + +#[hax_lib::requires(a.len() == 10)] +fn deserialize_5(a: &[u8]) -> PortableVector { + serialize::deserialize_5(a) +} + +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] +fn serialize_10(a: PortableVector) -> [u8; 20] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); + serialize::serialize_10(a) +} + +#[hax_lib::requires(a.len() == 20)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] +fn deserialize_10(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a"); + serialize::deserialize_10(a) +} + +fn serialize_11(a: PortableVector) -> [u8; 22] { + serialize::serialize_11(a) +} + +#[hax_lib::requires(a.len() == 22)] +fn deserialize_11(a: &[u8]) -> PortableVector { + serialize::deserialize_11(a) +} + +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] +fn serialize_12(a: PortableVector) -> [u8; 24] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); + serialize::serialize_12(a) +} + +#[hax_lib::requires(a.len() == 24)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] +fn deserialize_12(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a"); + serialize::deserialize_12(a) +} + +#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 400 --split_queries always""#)] #[hax_lib::fstar::after(interface, r#"#pop-options"#)] #[hax_lib::attributes] impl Operations for PortableVector { @@ -171,8 +251,8 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, @@ -188,32 +268,24 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { - hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); serialize_1(a) } #[requires(a.len() == 2)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] fn deserialize_1(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a"); deserialize_1(a) } #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { - hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); - serialize_4(a) + serialize_4(a) } #[requires(a.len() == 8)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] fn deserialize_4(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a"); deserialize_4(a) } @@ -229,15 +301,12 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] fn serialize_10(a: Self) -> [u8; 20] { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); serialize_10(a) } #[requires(a.len() == 20)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] fn deserialize_10(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a"); deserialize_10(a) } @@ -253,15 +322,12 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] fn serialize_12(a: Self) -> [u8; 24] { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); serialize_12(a) } #[requires(a.len() == 24)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] fn deserialize_12(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a"); deserialize_12(a) } diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 096c9fb7b..e96fac7e5 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -191,41 +191,35 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always --query_stats")] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ - Spec.Utils.is_i16b_array 3228 ${a}.f_elements /\\ - Spec.Utils.is_i16b_array 3228 ${b}.f_elements "))] +#[hax_lib::fstar::options("--z3rlimit 250 --split_queries always --query_stats --ext context_prune")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] +#[hax_lib::requires(fstar!("v i < 8 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array 3328 ${a}.f_elements /\\ + Spec.Utils.is_i16b_array 3328 ${b}.f_elements /\\ + Spec.Utils.is_i16b_array 3328 ${out}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" - Spec.Utils.is_i16b_array 3328 ${out}.f_elements /\\ - (forall k. (k <> v $i /\\ k <> v $j) ==> + Spec.Utils.is_i16b_array 3328 ${out}_future.f_elements /\\ + (forall k. (k < 2 * v $i \\/ k > 2 * v $i + 1) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ - (let ai = Seq.index ${a}.f_elements (v $i) in - let aj = Seq.index ${a}.f_elements (v $j) in - let bi = Seq.index ${b}.f_elements (v $i) in - let bj = Seq.index ${b}.f_elements (v $j) in - let oi = Seq.index out_future.f_elements (v $i) in - let oj = Seq.index out_future.f_elements (v $j) in - let (x,y) = - Spec.MLKEM.Math.poly_base_case_multiply - (v ai % 3329) - (v aj % 3329) - (v bi % 3329) - (v bj % 3329) - ((v zeta * 169) % 3329) in - ((x * 169) % 3329 == v oi % 3329) /\\ - (y * 169) % 3329 == v oj % 3329)))"))] + (let ai = Seq.index ${a}.f_elements (2 * v $i) in + let aj = Seq.index ${a}.f_elements (2 * v $i + 1) in + let bi = Seq.index ${b}.f_elements (2 * v $i) in + let bj = Seq.index ${b}.f_elements (2 * v $i + 1) in + let oi = Seq.index out_future.f_elements (2 * v $i) in + let oj = Seq.index out_future.f_elements (2 * v $i + 1) in + ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))"))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, zeta: FieldElementTimesMontgomeryR, i: usize, - j: usize, out: &mut PortableVector, ) { - let ai = a.elements[i]; - let bi = b.elements[i]; - let aj = a.elements[j]; - let bj = b.elements[j]; + let ai = a.elements[2*i]; + let bi = b.elements[2*i]; + let aj = a.elements[2*i+1]; + let bj = b.elements[2*i+1]; hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 $ai); assert(Spec.Utils.is_i16b 3328 $bi); assert(Spec.Utils.is_i16b 3328 $aj); @@ -250,6 +244,8 @@ pub(crate) fn ntt_multiply_binomials( (v $ai_bi_aj_bj * 169) % 3329; ( == ) { assert(v $ai_bi_aj_bj == v $ai_bi + v $aj_bj_zeta) } ((v $ai_bi + v $aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v $ai_bi == v $ai * v $bi) } + (((v $ai * v $bi) + v $aj_bj_zeta) * 169) % 3329; ( == ) { assert (v $aj_bj_zeta == v $aj_bj * v $zeta) } (((v $ai * v $bi) + (v $aj_bj * v $zeta)) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } @@ -277,8 +273,26 @@ pub(crate) fn ntt_multiply_binomials( hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) "); hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)"); let o1 = montgomery_reduce_element(ai_bj_aj_bi); - out.elements[i] = o0; - out.elements[j] = o1; + hax_lib::fstar!("calc ( == ) { + v $o1 % 3329; + ( == ) { () } + (v $ai_bj_aj_bi * 169) % 3329; + ( == ) { assert(v $ai_bj_aj_bi == v $ai_bj + v $aj_bi) } + ((v $ai_bj + v $aj_bi) * 169) % 3329; + ( == ) { assert (v ai_bj == v ai * v bj) } + ((v ai * v bj + v aj_bi) * 169) % 3329; + ( == ) { assert (v aj_bi == v aj * v bi) } + ((v ai * v bj + v aj * v bi) * 169) % 3329; + }"); + let _out0 = out.elements; + out.elements[2*i] = o0; + out.elements[2*i+1] = o1; + hax_lib::fstar!("assert (Seq.index out.f_elements (2 * v i) == o0); + assert (Seq.index out.f_elements (2 * v i + 1) == o1); + assert (Spec.Utils.is_i16b_array 3328 out.f_elements); + assert (forall k. (k <> 2 * v i /\\ k <> 2 * v i + 1) ==> + Seq.index out.f_elements k == + Seq.index ${_out0} k)"); hax_lib::fstar!("admit()"); } @@ -303,8 +317,8 @@ pub(crate) fn ntt_multiply_binomials( Spec.Utils.is_i16b 1664 $zeta1 /\\ Spec.Utils.is_i16b 1664 $zeta2 /\\ Spec.Utils.is_i16b 1664 $zeta3 /\\ - Spec.Utils.is_i16b_array 3228 ${lhs}.f_elements /\\ - Spec.Utils.is_i16b_array 3228 ${rhs}.f_elements "))] + Spec.Utils.is_i16b_array 3328 ${lhs}.f_elements /\\ + Spec.Utils.is_i16b_array 3328 ${rhs}.f_elements "))] #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn ntt_multiply( lhs: &PortableVector, @@ -323,14 +337,19 @@ pub(crate) fn ntt_multiply( hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta2)"); hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta3)"); let mut out = zero(); - ntt_multiply_binomials(lhs, rhs, zeta0, 0, 1, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta0, 2, 3, &mut out); - ntt_multiply_binomials(lhs, rhs, zeta1, 4, 5, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta1, 6, 7, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, zeta0, 0, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, nzeta0, 1, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, zeta1, 2, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, nzeta1, 3, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); hax_lib::fstar!("admit()"); - ntt_multiply_binomials(lhs, rhs, zeta2, 8, 9, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta2, 10, 11, &mut out); - ntt_multiply_binomials(lhs, rhs, zeta3, 12, 13, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta3, 14, 15, &mut out); + ntt_multiply_binomials(lhs, rhs, zeta2, 4, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta2, 5, &mut out); + ntt_multiply_binomials(lhs, rhs, zeta3, 6, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta3, 7, &mut out); out } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 3dd66ac97..61679a724 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -123,8 +123,8 @@ pub trait Operations: Copy + Clone + Repr { #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array 3228 (f_repr ${lhs}) /\\ - Spec.Utils.is_i16b_array 3228 (f_repr ${rhs}) "))] + Spec.Utils.is_i16b_array 3328 (f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3328 (f_repr ${rhs}) "))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; From 9b1f1c3f5be9024f199d3fe10a83bee0df4d60ad Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 28 Sep 2024 15:49:17 +0200 Subject: [PATCH 08/20] removed some lax --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 7 +++++-- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 8 ++++++-- libcrux-ml-kem/src/vector/portable/ntt.rs | 16 +++++++++++----- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 0592fca44..19ff0314d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -296,7 +296,7 @@ let ntt_multiply_binomials assert (forall k. (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index v__out0 k) in - let _:Prims.unit = admit () in + let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in out #pop-options @@ -478,19 +478,22 @@ let ntt_multiply ntt_multiply_binomials lhs rhs nzeta1 (sz 3) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in - let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta2 (sz 4) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs nzeta2 (sz 5) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta3 (sz 6) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in out #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 2608d7a54..6da365a34 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -88,7 +88,7 @@ val ntt_multiply_binomials let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in Spec.Utils.is_i16b_array 3328 out_future.f_elements /\ (forall k. - (k < 2 * v i \/ k > 2 * v i + 1) ==> + (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ (let ai = Seq.index a.f_elements (2 * v i) in let aj = Seq.index a.f_elements (2 * v i + 1) in @@ -104,7 +104,11 @@ val ntt_step (zeta: i16) (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) + (requires + v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\ + Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ i ] /\ + Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ j ]) (ensures fun vec_future -> let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index e96fac7e5..9e36238f1 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -3,7 +3,10 @@ use super::vector_type::*; #[inline(always)] #[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\ + Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[i] /\\ + Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[j]"))] #[hax_lib::ensures(|result| fstar!("(forall k. (k <> v i /\\ k <> v j) ==> Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ @@ -191,6 +194,7 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::fstar::options("--z3rlimit 250 --split_queries always --query_stats --ext context_prune")] #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] #[hax_lib::requires(fstar!("v i < 8 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ @@ -199,8 +203,8 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab Spec.Utils.is_i16b_array 3328 ${out}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" Spec.Utils.is_i16b_array 3328 ${out}_future.f_elements /\\ - (forall k. (k < 2 * v $i \\/ k > 2 * v $i + 1) ==> - Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ + (forall k. (k <> 2 * v $i /\\ k <> 2 * v $i + 1) ==> + Seq.index ${out}_future.f_elements k == Seq.index ${out}.f_elements k) /\\ (let ai = Seq.index ${a}.f_elements (2 * v $i) in let aj = Seq.index ${a}.f_elements (2 * v $i + 1) in let bi = Seq.index ${b}.f_elements (2 * v $i) in @@ -293,7 +297,6 @@ pub(crate) fn ntt_multiply_binomials( assert (forall k. (k <> 2 * v i /\\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index ${_out0} k)"); - hax_lib::fstar!("admit()"); } // #[inline(always)] @@ -346,10 +349,13 @@ pub(crate) fn ntt_multiply( hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, nzeta1, 3, &mut out); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); - hax_lib::fstar!("admit()"); ntt_multiply_binomials(lhs, rhs, zeta2, 4, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, nzeta2, 5, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, zeta3, 6, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, nzeta3, 7, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); out } From deedd5af119a03fd9c48e667bcd888d85a330e67 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 28 Sep 2024 19:00:50 +0000 Subject: [PATCH 09/20] Update invert_ntt --- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 75 ++++++++++------ .../extraction/Libcrux_ml_kem.Invert_ntt.fsti | 61 ++++++++++--- .../Libcrux_ml_kem.Vector.Traits.fsti | 26 +++--- .../proofs/fstar/spec/Spec.Utils.fst | 3 + libcrux-ml-kem/src/invert_ntt.rs | 88 ++++++++++++++----- libcrux-ml-kem/src/vector/traits.rs | 24 ++--- 6 files changed, 196 insertions(+), 81 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index eaa498a6a..f2af36e02 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -42,6 +42,8 @@ let invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -51,7 +53,16 @@ let invert_ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 4) + v zeta_i == v v__zeta_i_init - v round * 4 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -87,6 +98,10 @@ let invert_ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 3 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -101,6 +116,7 @@ let invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -110,7 +126,16 @@ let invert_ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 2) + v zeta_i == v v__zeta_i_init - v round * 2 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -142,6 +167,10 @@ let invert_ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -156,6 +185,7 @@ let invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -165,7 +195,16 @@ let invert_ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round) + v zeta_i == v v__zeta_i_init - v round /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -192,12 +231,16 @@ let invert_ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) -#push-options "--z3rlimit 200" +#push-options "--admit_smt_queries true" let invert_ntt_at_layer_4_plus (#v_Vector: Type0) @@ -209,30 +252,23 @@ let invert_ntt_at_layer_4_plus (layer: usize) = let step:usize = sz 1 <>! layer <: usize) - (fun temp_0_ round -> + (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - v zeta_i == v v__zeta_i_init - v round) + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in - let _:Prims.unit = - assert (v round < 8); - assert (v step >= 16 /\ v step <= 128); - assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) - in let zeta_i:usize = zeta_i -! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in @@ -248,13 +284,6 @@ let invert_ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in - let _:Prims.unit = - assume (Spec.Utils.is_i16b_array 28296 - (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add - re.f_coefficients.[ j ] - re.f_coefficients.[ j +! step_vec ]))) - in let x, y:(v_Vector & v_Vector) = inv_ntt_layer_int_vec_step_reduce #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -298,8 +327,6 @@ let invert_ntt_at_layer_4_plus #pop-options -#push-options "--z3rlimit 200" - let invert_ntt_montgomery (v_K: usize) (#v_Vector: Type0) @@ -358,5 +385,3 @@ let invert_ntt_montgomery (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in re - -#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index cc73de23e..d83521180 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -16,11 +16,35 @@ val inv_ntt_layer_int_vec_step_reduce (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) (requires - Spec.Utils.is_i16b 3328 zeta_r /\ + Spec.Utils.is_i16b 1664 zeta_r /\ + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array b) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i))) /\ + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array b) i))) /\ Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add a b))) (fun _ -> Prims.l_True) +[@@ "opaque_to_smt"] + let invert_ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + +[@@ "opaque_to_smt"] + let invert_ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + val invert_ntt_at_layer_1_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -28,8 +52,14 @@ val invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i >= 64 && v zeta_i <= 128) - (fun _ -> Prims.l_True) + (requires v zeta_i == 128 /\ invert_ntt_re_range_1 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + invert_ntt_re_range_2 re_future /\ v zeta_i_future == 64) val invert_ntt_at_layer_2_ (#v_Vector: Type0) @@ -38,8 +68,14 @@ val invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i >= 32 && v zeta_i <= 128) - (fun _ -> Prims.l_True) + (requires v zeta_i == 64 /\ invert_ntt_re_range_2 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + invert_ntt_re_range_2 re_future /\ v zeta_i_future == 32) val invert_ntt_at_layer_3_ (#v_Vector: Type0) @@ -48,8 +84,14 @@ val invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i >= 16 && v zeta_i <= 128) - (fun _ -> Prims.l_True) + (requires v zeta_i == 32 /\ invert_ntt_re_range_2 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + invert_ntt_re_range_2 re_future /\ v zeta_i_future == 16) val invert_ntt_at_layer_4_plus (#v_Vector: Type0) @@ -58,8 +100,7 @@ val invert_ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires - v layer >= 4 /\ v layer <= 7 /\ v zeta_i - v (sz 128 >>! layer) >= 0 /\ v zeta_i <= 128) + (requires v layer >= 4 /\ v layer <= 7) (fun _ -> Prims.l_True) val invert_ntt_montgomery @@ -68,5 +109,5 @@ val invert_ntt_montgomery {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires invert_ntt_re_range_1 re) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index e2a2bbbe4..0625533bb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -183,7 +183,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr a) ==> pred }; f_ntt_layer_1_step_post: a: v_Self -> @@ -192,7 +192,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 6 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) (f_repr out)}; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -201,10 +201,10 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr a) ==> pred }; f_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr out)}; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) @@ -212,10 +212,11 @@ class t_Operations (v_Self: Type0) = { f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0 - { Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (f_repr a) ==> + { Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) (f_repr a) ==> pred }; f_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr out)}; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) @@ -225,7 +226,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array (4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr a) ==> pred }; f_inv_ntt_layer_1_step_post: a: v_Self -> @@ -234,7 +235,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -243,19 +244,20 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array 3328 (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> pred }; f_inv_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: - Type0{Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred}; + Type0 + {Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> pred}; f_inv_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index bfa2fcd9a..8c8b55946 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -159,6 +159,9 @@ let is_i16b_array (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i1 let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = forall i. i < v r ==> is_i16b_array l (Seq.index x i) let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i) +[@ "opaque_to_smt"] +let is_i16b_array_opaque (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i16b l (Seq.index x i) + let is_i32b (l:nat) (x:i32) = is_intb l (v x) let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i) diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 4db09d55d..62d6a5947 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -5,20 +5,42 @@ use crate::{ }; #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma +#[hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = - admit()"))] -#[hax_lib::requires(fstar!("v ${*zeta_i} >= 64 && v ${*zeta_i} <= 128"))] + admit()")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let invert_ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let invert_ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 128 /\\ + invert_ntt_re_range_1 $re"))] +#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 64"))] pub(crate) fn invert_ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i - 1); @@ -32,22 +54,33 @@ pub(crate) fn invert_ntt_at_layer_1( get_zeta (*zeta_i - 3), ); *zeta_i -= 3; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} >= 32 && v ${*zeta_i} <= 128"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 64 /\\ + invert_ntt_re_range_2 $re "))] +#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 32"))] pub(crate) fn invert_ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i - 1)"); @@ -57,32 +90,53 @@ pub(crate) fn invert_ntt_at_layer_2( get_zeta (*zeta_i - 1), ); *zeta_i -= 1; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} >= 16 && v ${*zeta_i} <= 128"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 32 /\\ + invert_ntt_re_range_2 $re"))] +#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 16"))] pub(crate) fn invert_ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r /\\ +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i))) /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i))) /\\ Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add $a $b))"))] pub(crate) fn inv_ntt_layer_int_vec_step_reduce( @@ -97,9 +151,8 @@ pub(crate) fn inv_ntt_layer_int_vec_step_reduce( } #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200")] -#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ - v ${*zeta_i} - v (sz 128 >>! $layer) >= 0 /\\ v ${*zeta_i} <= 128"))] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7"))] pub(crate) fn invert_ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, @@ -107,25 +160,16 @@ pub(crate) fn invert_ntt_at_layer_4_plus( ) { let step = 1 << layer; - let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); - hax_lib::fstar!("assert (v $round < 8); - assert (v $step >= 16 /\\ v $step <= 128); - assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i -= 1; let offset = round * step * 2; - hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); - hax_lib::fstar!("assume (Spec.Utils.is_i16b_array 28296 - (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add re.f_coefficients.[j] re.f_coefficients.[j +! step_vec])))"); let (x, y) = inv_ntt_layer_int_vec_step_reduce( re.coefficients[j], re.coefficients[j + step_vec], @@ -139,7 +183,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus( } #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("invert_ntt_re_range_1 $re"))] pub(crate) fn invert_ntt_montgomery( re: &mut PolynomialRingElement, ) { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 3dd66ac97..94a43526a 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -95,30 +95,30 @@ pub trait Operations: Copy + Clone + Repr { // NTT #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+6*3328) (f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ - Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (11207+3*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta/\\ - Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ From 1c3c00c7ed90ef5ca81d00903118fa7f934d1adc Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 28 Sep 2024 23:51:12 +0200 Subject: [PATCH 10/20] removed some lax --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 4 ++- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 25 ++++++++++++++++++- libcrux-ml-kem/src/vector/portable/ntt.rs | 13 +++++++++- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 19ff0314d..8f1101bd9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -494,6 +494,8 @@ let ntt_multiply ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in - out + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 6da365a34..f6c15db23 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -167,4 +167,27 @@ val ntt_multiply (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - Spec.Utils.is_i16b_array 3328 result.f_elements) + Spec.Utils.is_i16b_array 3328 result.f_elements /\ + (let zetas = + Seq.seq_of_list [ + v zeta0; + - v zeta0; + v zeta1; + - v zeta1; + v zeta2; + - v zeta2; + v zeta3; + - v zeta3 + ] + in + (forall (i: nat). + i < 8 ==> + (let ai = Seq.index lhs.f_elements (2 * i) in + let aj = Seq.index lhs.f_elements (2 * i + 1) in + let bi = Seq.index rhs.f_elements (2 * i) in + let bj = Seq.index rhs.f_elements (2 * i + 1) in + let oi = Seq.index result.f_elements (2 * i) in + let oj = Seq.index result.f_elements (2 * i + 1) in + ((v oi % 3329) == + (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))))) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 9e36238f1..002203745 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -315,6 +315,7 @@ pub(crate) fn ntt_multiply_binomials( // } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta0 /\\ Spec.Utils.is_i16b 1664 $zeta1 /\\ @@ -322,7 +323,17 @@ pub(crate) fn ntt_multiply_binomials( Spec.Utils.is_i16b 1664 $zeta3 /\\ Spec.Utils.is_i16b_array 3328 ${lhs}.f_elements /\\ Spec.Utils.is_i16b_array 3328 ${rhs}.f_elements "))] -#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\ + (let zetas = Seq.seq_of_list [v zeta0; - v zeta0; v zeta1; - v zeta1; v zeta2; - v zeta2; v zeta3; - v zeta3] in + (forall (i:nat). i < 8 ==> + (let ai = Seq.index lhs.f_elements (2 * i) in + let aj = Seq.index lhs.f_elements (2 * i + 1) in + let bi = Seq.index rhs.f_elements (2 * i) in + let bj = Seq.index rhs.f_elements (2 * i + 1) in + let oi = Seq.index result.f_elements (2 * i) in + let oj = Seq.index result.f_elements (2 * i + 1) in + ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))))"))] pub(crate) fn ntt_multiply( lhs: &PortableVector, rhs: &PortableVector, From 6a84ae46c78181a1f2d4912060c653d8eaef393e Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 29 Sep 2024 08:11:21 +0000 Subject: [PATCH 11/20] Update generic ntt.rs --- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 85 +++++++++--- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 114 ++++++++++++++-- .../proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/ntt.rs | 129 ++++++++++++++++-- 4 files changed, 286 insertions(+), 43 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 99a4f437a..d5a455351 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -39,6 +39,8 @@ let ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -48,7 +50,16 @@ let ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 4) + v zeta_i == v v__zeta_i_init + v round * 4 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -84,6 +95,10 @@ let ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 3 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -98,6 +113,8 @@ let ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -107,7 +124,16 @@ let ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 2) + v zeta_i == v v__zeta_i_init + v round * 2 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -139,6 +165,10 @@ let ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -153,6 +183,8 @@ let ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let _:Prims.unit = reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -162,7 +194,16 @@ let ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round) + v zeta_i == v v__zeta_i_init + v round /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -189,12 +230,16 @@ let ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) -#push-options "--z3rlimit 200" +#push-options "--admit_smt_queries true" let ntt_at_layer_4_plus (#v_Vector: Type0) @@ -210,26 +255,20 @@ let ntt_at_layer_4_plus let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 128 >>! layer <: usize) - (fun temp_0_ round -> + (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - v zeta_i == v v__zeta_i_init + v round) + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in - let _:Prims.unit = - assert (v round < 8); - assert (v step >= 16 /\ v step <= 128); - assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) - in let zeta_i:usize = zeta_i +! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = @@ -243,7 +282,6 @@ let ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in let x, y:(v_Vector & v_Vector) = ntt_layer_int_vec_step #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -287,6 +325,8 @@ let ntt_at_layer_4_plus #pop-options +#push-options "--admit_smt_queries true" + let ntt_at_layer_7_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -295,17 +335,22 @@ let ntt_at_layer_7_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in + let _:Prims.unit = assert (v step == 8) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) step - (fun re temp_1_ -> + (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let _:usize = temp_1_ in - true) + let j:usize = j in + (v j < 8 ==> + (forall (i: nat). + (i >= v j /\ i < 8) ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in + let _:Prims.unit = reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #v_Vector) in let t:v_Vector = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve @@ -353,6 +398,10 @@ let ntt_at_layer_7_ let hax_temp_output:Prims.unit = () <: Prims.unit in re +#pop-options + +#push-options "--z3rlimit 200" + let ntt_binomially_sampled_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -408,6 +457,8 @@ let ntt_binomially_sampled_ring_element in re +#pop-options + #push-options "--z3rlimit 200" let ntt_vector_u diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 1da9107ed..487f928cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -15,9 +15,35 @@ val ntt_layer_int_vec_step (a b: v_Vector) (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) - (requires Spec.Utils.is_i16b 3328 zeta_r) + (requires + Spec.Utils.is_i16b 1664 zeta_r /\ + (let t = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe b zeta_r in + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\ + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))) (fun _ -> Prims.l_True) +[@@ "opaque_to_smt"] + let ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + +[@@ "opaque_to_smt"] + let ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + val ntt_at_layer_1_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -25,8 +51,21 @@ val ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i < 64) - (fun _ -> Prims.l_True) + (requires v zeta_i == 63 /\ ntt_re_range_2 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_1 re_future /\ v zeta_i_future == 127) + +[@@ "opaque_to_smt"] + let ntt_re_range_3 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) val ntt_at_layer_2_ (#v_Vector: Type0) @@ -35,8 +74,21 @@ val ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i < 96) - (fun _ -> Prims.l_True) + (requires v zeta_i == 31 /\ ntt_re_range_3 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_2 re_future /\ v zeta_i_future == 63) + +[@@ "opaque_to_smt"] + let ntt_re_range_4 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) val ntt_at_layer_3_ (#v_Vector: Type0) @@ -45,8 +97,14 @@ val ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i < 112) - (fun _ -> Prims.l_True) + (requires v zeta_i == 15 /\ ntt_re_range_4 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_3 re_future /\ v zeta_i_future == 31) val ntt_at_layer_4_plus (#v_Vector: Type0) @@ -55,15 +113,46 @@ val ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v layer >= 4 /\ v layer <= 7 /\ v zeta_i + v (sz 128 >>! layer) < 128) - (fun _ -> Prims.l_True) + (requires + v layer >= 4 /\ v layer <= 7 /\ + ((v layer == 4 ==> v zeta_i == 7) /\ (v layer == 5 ==> v zeta_i == 3) /\ + (v layer == 6 ==> v zeta_i == 1) /\ (v layer == 7 ==> v zeta_i == 0))) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_4 re_future /\ (v layer == 4 ==> v zeta_i_future == 15) /\ + (v layer == 5 ==> v zeta_i_future == 7) /\ (v layer == 6 ==> v zeta_i_future == 3) /\ + (v layer == 7 ==> v zeta_i_future == 1)) + +[@@ "opaque_to_smt"] + let ntt_layer_7_pre (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re_0 re_1: v_Vector) = + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\ + (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i)))) val ntt_at_layer_7_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + forall i. + i < 8 ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])) (fun _ -> Prims.l_True) val ntt_binomially_sampled_ring_element @@ -71,7 +160,10 @@ val ntt_binomially_sampled_ring_element {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + forall i. + i < 8 ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])) (fun _ -> Prims.l_True) val ntt_vector_u diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 6f87406db..bd794d873 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,6 +1,7 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ + Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 4107d8034..0e190f789 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -8,18 +8,40 @@ use crate::{ #[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = admit()"))] -#[hax_lib::requires(fstar!("v ${*zeta_i} < 64"))] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 63 /\\ + ntt_re_range_2 $re"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_1 ${re}_future /\\ + v ${*zeta_i}_future == 127"))] pub(crate) fn ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i + 1); @@ -33,23 +55,41 @@ pub(crate) fn ntt_at_layer_1( get_zeta (*zeta_i + 3), ); *zeta_i += 3; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} < 96"))] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_3 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 31 /\\ + ntt_re_range_3 $re"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 63"))] pub(crate) fn ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i + 1)"); @@ -59,33 +99,62 @@ pub(crate) fn ntt_at_layer_2( get_zeta (*zeta_i + 1), ); *zeta_i += 1; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} < 112"))] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_4 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 15 /\\ + ntt_re_range_4 $re"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_3 ${re}_future /\\ + v ${*zeta_i}_future == 31"))] pub(crate) fn ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\ + (let t = ${montgomery_multiply_fe::} $b $zeta_r in + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"))] fn ntt_layer_int_vec_step( mut a: Vector, mut b: Vector, @@ -98,9 +167,17 @@ fn ntt_layer_int_vec_step( } #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ - v ${*zeta_i} + v (sz 128 >>! $layer) < 128"))] + ((v $layer == 4 ==> v ${*zeta_i} == 7) /\\ + (v $layer == 5 ==> v ${*zeta_i} == 3) /\\ + (v $layer == 6 ==> v ${*zeta_i} == 1) /\\ + (v $layer == 7 ==> v ${*zeta_i} == 0))"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_4 ${re}_future /\\ + (v $layer == 4 ==> v ${*zeta_i}_future == 15) /\\ + (v $layer == 5 ==> v ${*zeta_i}_future == 7) /\\ + (v $layer == 6 ==> v ${*zeta_i}_future == 3) /\\ + (v $layer == 7 ==> v ${*zeta_i}_future == 1)"))] pub(crate) fn ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, @@ -113,19 +190,13 @@ pub(crate) fn ntt_at_layer_4_plus( // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); - hax_lib::fstar!("assert (v $round < 8); - assert (v $step >= 16 /\\ v $step <= 128); - assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i += 1; let offset = round * step * 2; - hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / 16; //FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / 16; //FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); let (x, y) = ntt_layer_int_vec_step( re.coefficients[j], re.coefficients[j + step_vec], @@ -139,11 +210,36 @@ pub(crate) fn ntt_at_layer_4_plus( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +//We should make the loops inside this function `opaque_to_smt` to get it work +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_layer_7_pre (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re_0 re_1: v_Vector) = + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\\ + (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))")] +#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ]) + (${re}.f_coefficients.[ sz i +! sz 8 ])"))] pub(crate) fn ntt_at_layer_7(re: &mut PolynomialRingElement) { let step = VECTORS_IN_RING_ELEMENT / 2; + hax_lib::fstar!("assert (v $step == 8)"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..step { + hax_lib::loop_invariant!(|j: usize| { fstar!("(v j < 8 ==> + (forall (i:nat). (i >= v j /\\ i < 8) ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))") }); + hax_lib::fstar!("reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #$:Vector)"); let t = Vector::multiply_by_constant(re.coefficients[j + step], -1600); re.coefficients[j + step] = Vector::sub(re.coefficients[j], &t); re.coefficients[j] = Vector::add(re.coefficients[j], &t); @@ -152,6 +248,9 @@ pub(crate) fn ntt_at_layer_7(re: &mut PolynomialRingElement< } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ]) + (${re}.f_coefficients.[ sz i +! sz 8 ])"))] pub(crate) fn ntt_binomially_sampled_ring_element( re: &mut PolynomialRingElement, ) { From ac15d167e84c89f6a25552ba888fe36d3e984cff Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 10:40:04 +0200 Subject: [PATCH 12/20] in-ntt --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 37 +++++++++++++++---- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 12 ++++-- libcrux-ml-kem/src/vector/portable/ntt.rs | 35 ++++++++++++++++-- 3 files changed, 69 insertions(+), 15 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 8f1101bd9..b95ef9999 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -12,18 +12,35 @@ let inv_ntt_step (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -! (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) in - let o0:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((vec - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) +! - (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) - <: - i16) + let a_plus_b:i16 = + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) +! + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + in + let _:Prims.unit = + assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))); + assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) in + let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element a_plus_b in let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta in + let _:Prims.unit = + calc ( == ) { + v o0 % 3329; + ( == ) { () } + v a_plus_b % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329; + }; + calc ( == ) { + v o1 % 3329; + ( == ) { () } + (v a_minus_b * v zeta * 169) % 3329; + ( == ) { () } + ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) % + 3329; + } + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -50,6 +67,10 @@ let inv_ntt_step <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (Seq.index vec.f_elements (v i) == o0); + assert (Seq.index vec.f_elements (v j) == o1) + in vec #push-options "--z3rlimit 200" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index f6c15db23..9af9a8feb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -9,7 +9,7 @@ val inv_ntt_step (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires - v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + v i < 16 /\ v j < 16 /\ v i <> v j /\ Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (4 * 3328) vec.f_elements) (ensures fun vec_future -> @@ -19,7 +19,13 @@ val inv_ntt_step (k <> v i /\ k <> v j) ==> Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ (Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ - Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j)))) + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j))) /\ + ((v (Seq.index vec_future.f_elements (v i)) % 3329) == + (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329) /\ + ((v (Seq.index vec_future.f_elements (v j)) % 3329) == + ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * + 169) % + 3329)) val inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -105,7 +111,7 @@ val ntt_step (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires - v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + v i < 16 /\ v j < 16 /\ v i <> v j /\ Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\ Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ i ] /\ Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ j ]) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 002203745..df6fcdf98 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -3,7 +3,8 @@ use super::vector_type::*; #[inline(always)] #[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ + Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\ Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[i] /\\ Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[j]"))] @@ -78,19 +79,45 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe } #[inline(always)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ + Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\ (forall k. (k <> v i /\\ k <> v j) ==> Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ (Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ - Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)))"))] + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j))) /\\ + ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == + (v (Seq.index ${vec}.f_elements (v j)) + v (Seq.index ${vec}.f_elements (v i))) % 3329) /\\ + ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == + ((v (Seq.index ${vec}.f_elements (v j)) - v (Seq.index ${vec}.f_elements (v i))) + * v ${zeta} * 169) % 3329)"))] pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let a_minus_b = vec.elements[j] - vec.elements[i]; - let o0 = barrett_reduce_element(vec.elements[i] + vec.elements[j]); + let a_plus_b = vec.elements[j] + vec.elements[i]; + hax_lib::fstar!("assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))); + assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i)))"); + let o0 = barrett_reduce_element(a_plus_b); let o1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + hax_lib::fstar!(" + calc (==) { + v o0 % 3329; + (==) { } + v a_plus_b % 3329; + (==) { } + (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329; + }; + calc (==) { + v o1 % 3329; + (==) { } + (v a_minus_b * v zeta * 169) % 3329; + (==) { } + ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) % 3329; + }"); vec.elements[i] = o0; vec.elements[j] = o1; + hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == o0); + assert (Seq.index vec.f_elements (v j) == o1)"); } #[inline(always)] From 5f23a82afe8d971fa23fa424e9675a9898e6a8e0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 14:09:45 +0200 Subject: [PATCH 13/20] ntt --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 57 +++++++++++++++++-- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 14 ++++- libcrux-ml-kem/src/vector/portable/ntt.rs | 42 ++++++++++++-- 3 files changed, 102 insertions(+), 11 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index b95ef9999..06bc6c676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -322,8 +322,6 @@ let ntt_multiply_binomials #pop-options -#push-options "--admit_smt_queries true" - let ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -336,6 +334,51 @@ let ntt_step i16) zeta in + let _:Prims.unit = + assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) + in + let a_minus_t:i16 = + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t + in + let _:Prims.unit = + calc ( == ) { + v a_minus_t % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) - v t) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v i))) (v t) 3329 } + (v (Seq.index vec.f_elements (v i)) - (v t % 3329)) % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) - + ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) % + 3329; + ( == ) { Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v i))) + (v (Seq.index vec.f_elements (v j)) * v zeta * 169) + 3329 } + (v (Seq.index vec.f_elements (v i)) - (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329; + } + in + let a_plus_t:i16 = + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t + in + let _:Prims.unit = + calc ( == ) { + v a_plus_t % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) + v t) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v i))) (v t) 3329 } + (v (Seq.index vec.f_elements (v i)) + (v t % 3329)) % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) + + ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) % + 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v i))) + (v (Seq.index vec.f_elements (v j)) * v zeta * 169) + 3329 } + (v (Seq.index vec.f_elements (v i)) + (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329; + } + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -344,7 +387,7 @@ let ntt_step Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements j - ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t <: i16) + a_minus_t } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -357,15 +400,17 @@ let ntt_step Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t <: i16) + a_plus_t } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (Seq.index vec.f_elements (v i) == a_plus_t); + assert (Seq.index vec.f_elements (v j) == a_minus_t) + in vec -#pop-options - #push-options "--z3rlimit 100" let ntt_layer_1_step diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 9af9a8feb..39df6b636 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Portable.Ntt open Core open FStar.Mul +[@@ "opaque_to_smt"] + val inv_ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -105,6 +107,8 @@ val ntt_multiply_binomials ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\ ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))) +[@@ "opaque_to_smt"] + val ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -125,7 +129,15 @@ val ntt_step (Spec.Utils.is_i16b b vec.f_elements.[ i ] /\ Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> (Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ i ] /\ - Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ]))) + Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ])) /\ + ((v (Seq.index vec_future.f_elements (v i)) % 3329) == + (v (Seq.index vec.f_elements (v i)) + + (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329) /\ + ((v (Seq.index vec_future.f_elements (v j)) % 3329) == + (v (Seq.index vec.f_elements (v i)) - + (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329)) val ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index df6fcdf98..afebb9e01 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -2,7 +2,7 @@ use super::arithmetic::*; use super::vector_type::*; #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\ @@ -13,11 +13,44 @@ use super::vector_type::*; (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==> (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\ - Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j]))"))] + Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j])) /\\ + ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == + (v (Seq.index ${vec}.f_elements (v $i)) + (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329) /\\ + ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == + (v (Seq.index ${vec}.f_elements (v $i)) - (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329)"))] pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); - vec.elements[j] = vec.elements[i] - t; - vec.elements[i] = vec.elements[i] + t; + hax_lib::fstar!("assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))"); + let a_minus_t = vec.elements[i] - t; + hax_lib::fstar!(" + calc (==) { + v $a_minus_t % 3329; + (==) {} + (v (Seq.index vec.f_elements (v i)) - v ${t}) % 3329; + (==) {Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v $i))) (v $t) 3329} + (v (Seq.index vec.f_elements (v $i)) - (v $t % 3329)) % 3329; + (==) {} + (v (Seq.index vec.f_elements (v i)) - ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329; + (==) {Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329} + (v (Seq.index vec.f_elements (v $i)) - (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329; + }"); + let a_plus_t = vec.elements[i] + t; + hax_lib::fstar!(" + calc (==) { + v a_plus_t % 3329; + (==) {} + (v (Seq.index vec.f_elements (v $i)) + v $t) % 3329; + (==) {Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v $i))) (v $t) 3329} + (v (Seq.index vec.f_elements (v $i)) + (v $t % 3329)) % 3329; + (==) {} + (v (Seq.index vec.f_elements (v $i)) + ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329; + (==) {Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329} + (v (Seq.index vec.f_elements (v $i)) + (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329; + }"); + vec.elements[j] = a_minus_t; + vec.elements[i] = a_plus_t; + hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == a_plus_t); + assert (Seq.index vec.f_elements (v j) == a_minus_t)"); } #[inline(always)] @@ -79,6 +112,7 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe } #[inline(always)] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] From 96c8bf61eefd0db931b9e1f288745608f8719353 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 15:20:45 +0200 Subject: [PATCH 14/20] ntt-spec --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 11 +++-------- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 17 +++++++++++++++++ libcrux-ml-kem/src/vector/portable/ntt.rs | 15 ++++----------- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 39df6b636..aac63b526 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -20,14 +20,9 @@ val inv_ntt_step (forall k. (k <> v i /\ k <> v j) ==> Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ - (Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ - Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j))) /\ - ((v (Seq.index vec_future.f_elements (v i)) % 3329) == - (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329) /\ - ((v (Seq.index vec_future.f_elements (v j)) % 3329) == - ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * - 169) % - 3329)) + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j)) /\ + Spec.Utils.inv_ntt_spec vec.f_elements (v zeta) (v i) (v j) vec_future.f_elements) val inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 516901137..37ddaf07d 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -470,3 +470,20 @@ let lemma_shift_right_15_i16 (x:i16): Rust_primitives.Integers.mk_int_v_lemma #i16_inttype 0s; Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (-1s); () + +val ntt_spec #len (vec_in: t_Array i16 len) (zeta: int) (i: nat{i < v len}) (j: nat{j < v len}) + (vec_out: t_Array i16 len) : Type0 +let ntt_spec vec_in zeta i j vec_out = + ((v (Seq.index vec_out i) % 3329) == + ((v (Seq.index vec_in i) + (v (Seq.index vec_in j) * zeta * 169)) % 3329)) /\ + ((v (Seq.index vec_out j) % 3329) == + ((v (Seq.index vec_in i) - (v (Seq.index vec_in j) * zeta * 169)) % 3329)) + +val inv_ntt_spec #len (vec_in: t_Array i16 len) (zeta: int) (i: nat{i < v len}) (j: nat{j < v len}) + (vec_out: t_Array i16 len) : Type0 +let inv_ntt_spec vec_in zeta i j vec_out = + ((v (Seq.index vec_out i) % 3329) == + ((v (Seq.index vec_in j) + v (Seq.index vec_in i)) % 3329)) /\ + ((v (Seq.index vec_out j) % 3329) == + (((v (Seq.index vec_in j) - v (Seq.index vec_in i)) * zeta * 169) % 3329)) + diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index afebb9e01..35abf02ce 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -14,10 +14,7 @@ use super::vector_type::*; Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==> (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\ Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j])) /\\ - ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == - (v (Seq.index ${vec}.f_elements (v $i)) + (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329) /\\ - ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == - (v (Seq.index ${vec}.f_elements (v $i)) - (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329)"))] + Spec.Utils.ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))] pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); hax_lib::fstar!("assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))"); @@ -119,13 +116,9 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\ (forall k. (k <> v i /\\ k <> v j) ==> Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ - (Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ - Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j))) /\\ - ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == - (v (Seq.index ${vec}.f_elements (v j)) + v (Seq.index ${vec}.f_elements (v i))) % 3329) /\\ - ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == - ((v (Seq.index ${vec}.f_elements (v j)) - v (Seq.index ${vec}.f_elements (v i))) - * v ${zeta} * 169) % 3329)"))] + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)) /\\ + Spec.Utils.inv_ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))] pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let a_minus_b = vec.elements[j] - vec.elements[i]; let a_plus_b = vec.elements[j] + vec.elements[i]; From 3d6773fd2529615810907a1213ab85761ac15b4b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 16:17:20 +0200 Subject: [PATCH 15/20] spec-utils --- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 8c8b55946..7830cfe11 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -189,6 +189,7 @@ let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = lemma_abs_bound (n1 * n2) (b1 * b2) #pop-options +#push-options "--z3rlimit 200" val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) @@ -204,6 +205,7 @@ let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) = lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2; lemma_mult_le_right b2 (abs (v n1)) b1; lemma_abs_bound (v n1 * v n2) (b1 * b2) +#pop-options val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) From 0e1943ac02e87b0a0f08a6b0dff97932b196f845 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 22:21:29 +0200 Subject: [PATCH 16/20] verifies --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 8 ++-- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 37 +++++++++++++------ .../extraction/Libcrux_ml_kem.Matrix.fst | 18 ++++++--- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 37 +++++++++++++------ .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 9 +---- .../Libcrux_ml_kem.Vector.Traits.fsti | 26 ++++++------- .../proofs/fstar/spec/Spec.Utils.fst | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/invert_ntt.rs | 28 +++++++++----- libcrux-ml-kem/src/matrix.rs | 6 +-- libcrux-ml-kem/src/ntt.rs | 28 +++++++++----- libcrux-ml-kem/src/variant.rs | 4 +- libcrux-ml-kem/src/vector/traits.rs | 24 ++++++------ 13 files changed, 137 insertions(+), 92 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index d10041393..4821be2e5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -101,6 +101,8 @@ let sample_ring_element_cbd let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--admit_smt_queries true" + let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -183,13 +185,13 @@ let sample_vector_cbd_then_ntt in re_as_ntt) in - let result:u8 = domain_separator in - let _:Prims.unit = admit () (* Panic freedom *) in - let hax_temp_output:u8 = result in + let hax_temp_output:u8 = domain_separator in re_as_ntt, hax_temp_output <: (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) +#pop-options + let sample_vector_cbd_then_ntt_out (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index f2af36e02..7293e04c6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -29,10 +29,6 @@ let inv_ntt_layer_int_vec_step_reduce let b:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector a_minus_b zeta_r in a, b <: (v_Vector & v_Vector) -let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = - admit() - let invert_ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -71,10 +67,9 @@ let invert_ntt_at_layer_1_ let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1); - zetas_b_lemma (v zeta_i - 2); - zetas_b_lemma (v zeta_i - 3) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -98,6 +93,11 @@ let invert_ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 3 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -144,8 +144,9 @@ let invert_ntt_at_layer_2_ let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -167,6 +168,11 @@ let invert_ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -212,7 +218,11 @@ let invert_ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -231,6 +241,11 @@ let invert_ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 276b16735..227ecb785 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -105,6 +105,8 @@ let compute_As_plus_e let hax_temp_output:Prims.unit = result in tt_as_ntt +#push-options "--admit_smt_queries true" + let compute_ring_element_v (v_K: usize) (#v_Vector: Type0) @@ -144,10 +146,12 @@ let compute_ring_element_v let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl_2__add_message_error_reduce #v_Vector error_2_ message result in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in - let _:Prims.unit = admit () (* Panic freedom *) in result +#pop-options + +#push-options "--admit_smt_queries true" + let compute_vector_u (v_K: usize) (#v_Vector: Type0) @@ -247,10 +251,12 @@ let compute_vector_u in result) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let _:Prims.unit = admit () (* Panic freedom *) in result +#pop-options + +#push-options "--admit_smt_queries true" + let compute_message (v_K: usize) (#v_Vector: Type0) @@ -291,10 +297,10 @@ let compute_message let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in - let _:Prims.unit = admit () (* Panic freedom *) in result +#pop-options + let sample_matrix_A (v_K: usize) (#v_Vector #v_Hasher: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index d5a455351..5d86ce050 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -26,10 +26,6 @@ let ntt_layer_int_vec_step in a, b <: (v_Vector & v_Vector) -let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = - admit() - let ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -68,10 +64,9 @@ let ntt_at_layer_1_ let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1); - zetas_b_lemma (v zeta_i + 2); - zetas_b_lemma (v zeta_i + 3) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -95,6 +90,11 @@ let ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 3 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -142,8 +142,9 @@ let ntt_at_layer_2_ let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -165,6 +166,11 @@ let ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -211,7 +217,11 @@ let ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -230,6 +240,11 @@ let ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index aac63b526..1b1a575e4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -125,14 +125,7 @@ val ntt_step Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> (Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ i ] /\ Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ])) /\ - ((v (Seq.index vec_future.f_elements (v i)) % 3329) == - (v (Seq.index vec.f_elements (v i)) + - (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % - 3329) /\ - ((v (Seq.index vec_future.f_elements (v j)) % 3329) == - (v (Seq.index vec.f_elements (v i)) - - (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % - 3329)) + Spec.Utils.ntt_spec vec.f_elements (v zeta) (v i) (v j) vec_future.f_elements) val ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index fa9558579..cb32321d0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -183,7 +183,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr a) ==> pred }; f_ntt_layer_1_step_post: a: v_Self -> @@ -192,7 +192,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 6 * 3328) (f_repr out)}; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -201,10 +201,10 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr a) ==> pred }; f_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr out)}; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) @@ -212,11 +212,10 @@ class t_Operations (v_Self: Type0) = { f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0 - { Spec.Utils.is_i16b 1664 zeta /\ - Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) (f_repr a) ==> + { Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (f_repr a) ==> pred }; f_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr out)}; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) @@ -226,7 +225,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array (4 * 3328) (f_repr a) ==> pred }; f_inv_ntt_layer_1_step_post: a: v_Self -> @@ -235,7 +234,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -244,20 +243,19 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> + Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred }; f_inv_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: - Type0 - {Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> pred}; + Type0{Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred}; f_inv_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 686503ffe..54fb8b3be 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -160,7 +160,7 @@ let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = fora let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i) [@ "opaque_to_smt"] -let is_i16b_array_opaque (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i16b l (Seq.index x i) +let is_i16b_array_opaque (l:nat) (x:t_Slice i16) = is_i16b_array l x let is_i32b (l:nat) (x:i32) = is_intb l (v x) let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 1dcb0d4c1..81aa3e1e8 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -187,7 +187,7 @@ fn sample_ring_element_cbd< /// Sample a vector of ring elements from a centered binomial distribution and /// convert them into their NTT representations. #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA == Spec.MLKEM.v_ETA1 $K /\\ diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 62d6a5947..49fa7fea5 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -5,9 +5,6 @@ use crate::{ }; #[inline(always)] -#[hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = - admit()")] #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] let invert_ntt_re_range_2 (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -42,10 +39,9 @@ pub(crate) fn invert_ntt_at_layer_1( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1); - zetas_b_lemma (v zeta_i - 2); - zetas_b_lemma (v zeta_i - 3)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::inv_ntt_layer_1_step( re.coefficients[round], get_zeta (*zeta_i), @@ -54,6 +50,9 @@ pub(crate) fn invert_ntt_at_layer_1( get_zeta (*zeta_i - 3), ); *zeta_i -= 3; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -82,14 +81,18 @@ pub(crate) fn invert_ntt_at_layer_2( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::inv_ntt_layer_2_step( re.coefficients[round], get_zeta (*zeta_i), get_zeta (*zeta_i - 1), ); *zeta_i -= 1; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -118,9 +121,14 @@ pub(crate) fn invert_ntt_at_layer_3( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 881c86d4f..855b45891 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -45,7 +45,7 @@ pub(crate) fn sample_matrix_A( /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| fstar!("let open Libcrux_ml_kem.Polynomial in @@ -109,7 +109,7 @@ pub(crate) fn compute_ring_element_v( /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| fstar!("let open Libcrux_ml_kem.Polynomial in diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 0e190f789..b3aa4087e 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -5,9 +5,6 @@ use crate::{ }; #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = - admit()"))] #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] let ntt_re_range_2 (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -43,10 +40,9 @@ pub(crate) fn ntt_at_layer_1( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1); - zetas_b_lemma (v zeta_i + 2); - zetas_b_lemma (v zeta_i + 3)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::ntt_layer_1_step( re.coefficients[round], get_zeta (*zeta_i), @@ -55,6 +51,9 @@ pub(crate) fn ntt_at_layer_1( get_zeta (*zeta_i + 3), ); *zeta_i += 3; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -91,14 +90,18 @@ pub(crate) fn ntt_at_layer_2( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::ntt_layer_2_step( re.coefficients[round], get_zeta (*zeta_i), get_zeta (*zeta_i + 1), ); *zeta_i += 1; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -135,9 +138,14 @@ pub(crate) fn ntt_at_layer_3( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+4*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs index 5ccee1f83..0ce3c7182 100644 --- a/libcrux-ml-kem/src/variant.rs +++ b/libcrux-ml-kem/src/variant.rs @@ -12,13 +12,13 @@ use crate::{constants::CPA_PKE_KEY_GENERATION_SEED_SIZE, hash_functions::Hash, M #[hax_lib::attributes] pub(crate) trait Variant { #[requires(shared_secret.len() == 32)] - #[ensures(|res| fstar!("$res == $shared_secret"))] // FIX: Only true for ML-KEM, not Kyber + #[ensures(|res| fstar!("$res == $shared_secret"))] // We only have post-conditions for ML-KEM, not Kyber fn kdf>( shared_secret: &[u8], ciphertext: &MlKemCiphertext, ) -> [u8; 32]; #[requires(randomness.len() == 32)] - #[ensures(|res| fstar!("$res == $randomness"))] // FIX: Only true for ML-KEM, not Kyber + #[ensures(|res| fstar!("$res == $randomness"))] // We only have post-conditions for ML-KEM, not Kyber fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32]; #[requires(seed.len() == 32)] fn cpa_keygen_seed>(seed: &[u8]) -> [u8; 64]; diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 26a570f59..61679a724 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -95,30 +95,30 @@ pub trait Operations: Copy + Clone + Repr { // NTT #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+6*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ - Spec.Utils.is_i16b_array_opaque (11207+3*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta/\\ - Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ From 585fd7dafa4714ffdbfb08bb7e7c71a5975a6da1 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 29 Sep 2024 20:24:42 +0000 Subject: [PATCH 17/20] c code --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 40 +- .../c/internal/libcrux_mlkem_avx2.h | 34 +- .../c/internal/libcrux_mlkem_portable.h | 34 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 40 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 914 +++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1074 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 49 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 18 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 655 +++++----- .../cg/libcrux_mlkem768_avx2_types.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 799 ++++++------ .../cg/libcrux_mlkem768_portable_types.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 4 +- 42 files changed, 2096 insertions(+), 1869 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index dc4e2de87..9561d6d0d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 +F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 +Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 159a636f7..948c453a8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1( uint8_t value[1568U]); /** @@ -82,7 +82,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61( uint8_t value[3168U]); /** @@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0( uint8_t value[1184U]); /** @@ -120,7 +120,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60( uint8_t value[2400U]); /** @@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af( uint8_t value[800U]); /** @@ -158,7 +158,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6( uint8_t value[1632U]); /** @@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_121( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1( uint8_t value[1088U]); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_401( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -228,7 +228,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_120( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0( uint8_t value[768U]); /** @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_400( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -274,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe( +uint8_t *libcrux_ml_kem_types_as_slice_fd_12( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -321,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b( uint8_t value[1568U]); /** @@ -344,7 +344,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_40( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae( libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 4e09fe0de..b6f562f22 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -41,7 +41,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -51,7 +51,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_701( +bool libcrux_ml_kem_ind_cca_validate_private_key_e11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -69,7 +69,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -90,7 +90,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -116,7 +116,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f1( +void libcrux_ml_kem_ind_cca_decapsulate_6f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -128,7 +128,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -138,7 +138,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_700( +bool libcrux_ml_kem_ind_cca_validate_private_key_e10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -156,7 +156,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -177,7 +177,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -203,7 +203,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f0( +void libcrux_ml_kem_ind_cca_decapsulate_6f0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -215,7 +215,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -225,7 +225,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_70( +bool libcrux_ml_kem_ind_cca_validate_private_key_e1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -242,7 +242,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2( uint8_t randomness[64U]); /** @@ -264,7 +264,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -290,7 +290,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f( +void libcrux_ml_kem_ind_cca_decapsulate_6f( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index e94b99f4e..cebf41ef3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -46,7 +46,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -56,7 +56,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ae( +bool libcrux_ml_kem_ind_cca_validate_private_key_c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -95,7 +95,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_191( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -133,7 +133,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -143,7 +143,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_b4( +bool libcrux_ml_kem_ind_cca_validate_private_key_90( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -161,7 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -182,7 +182,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -208,7 +208,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_190( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -220,7 +220,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -230,7 +230,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_33( +bool libcrux_ml_kem_ind_cca_validate_private_key_94( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -269,7 +269,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_19( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 01f450745..d244bab2b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index bf6cd4dc8..c24be2163 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d429ee70b..8608e9d62 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_core.h" @@ -80,7 +80,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -100,7 +100,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -135,7 +135,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -155,7 +155,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -190,7 +190,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -210,7 +210,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -225,7 +225,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_121( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -257,7 +257,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -276,7 +276,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_401( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -308,7 +308,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_120( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -322,7 +322,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -341,7 +341,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_400( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -373,7 +373,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe( +uint8_t *libcrux_ml_kem_types_as_slice_fd_12( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -427,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -465,7 +465,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_40( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae( libcrux_ml_kem_types_MlKemCiphertext_1f *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 53e88573a..46b59cbf7 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 2dd639ec9..3612507c1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 3fca09119..cf2b6c42a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_510( +static void decapsulate_2c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_7f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6f0(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_510( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_510(private_key, ciphertext, ret); + decapsulate_2c0(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_d10( +static tuple_21 encapsulate_ad0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_a10(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d10(uu____0, copy_of_randomness); + return encapsulate_ad0(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b80( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c70( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b80(copy_of_randomness); + return generate_keypair_c70(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_650( +static KRML_MUSTINLINE bool validate_private_key_d10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e10(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_650( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_650(private_key, ciphertext); + return validate_private_key_d10(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_3e0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_520(public_key); +static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_4a0(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e0(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_3e0(public_key->value); + return validate_public_key_e90(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index ae31b1f2d..4b70a98fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f4fbc294f..4d65cde05 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem1024_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_831( +static void decapsulate_e51( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_191(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_831( void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_831(private_key, ciphertext, ret); + decapsulate_e51(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_951( +static tuple_21 encapsulate_1f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_661(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8a1(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_951(uu____0, copy_of_randomness); + return encapsulate_1f1(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_d11( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e31( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_281(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d11(copy_of_randomness); + return generate_keypair_e31(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_da1( +static KRML_MUSTINLINE bool validate_private_key_a41( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ae(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_c0(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da1( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_da1(private_key, ciphertext); + return validate_private_key_a41(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_bf1(public_key); +static KRML_MUSTINLINE bool validate_public_key_101(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_071(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_e91(public_key->value); + return validate_public_key_101(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1ab4a88d8..54017b446 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index ca35791e9..b37a698b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index ca848abb4..1be10624b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_51(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_2c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_7f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6f(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_51(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_51(private_key, ciphertext, ret); + decapsulate_2c(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_d1( +static tuple_ec encapsulate_ad( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_a1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d1(uu____0, copy_of_randomness); + return encapsulate_ad(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b8( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c7( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b8(copy_of_randomness); + return generate_keypair_c7(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_65( +static KRML_MUSTINLINE bool validate_private_key_d1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e1(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_65( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_65(private_key, ciphertext); + return validate_private_key_d1(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_3e(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); +static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_4a(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_3e(public_key->value); + return validate_public_key_e9(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index d116b682f..cb75e6d2f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index cd3750a98..5ac7cbf18 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_830( +static void decapsulate_e50( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_190(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_830( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_830(private_key, ciphertext, ret); + decapsulate_e50(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_950( +static tuple_ec encapsulate_1f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_660(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8a0(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_950(uu____0, copy_of_randomness); + return encapsulate_1f0(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d10( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_e30( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d10(copy_of_randomness); + return generate_keypair_e30(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_da0( +static KRML_MUSTINLINE bool validate_private_key_a40( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_b4(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_90(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da0( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_da0(private_key, ciphertext); + return validate_private_key_a40(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_bf0(public_key); +static KRML_MUSTINLINE bool validate_public_key_100(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_070(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_e90(public_key->value); + return validate_public_key_100(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 594ed03d2..1b124a20f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 0556cf23a..e4da7ff00 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4975abb16..c00a10115 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_511( +static void decapsulate_2c1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_7f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6f1(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_511( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_511(private_key, ciphertext, ret); + decapsulate_2c1(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_d11( +static tuple_3c encapsulate_ad1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_a11(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d11(uu____0, copy_of_randomness); + return encapsulate_ad1(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_b81( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c71( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d21(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b81(copy_of_randomness); + return generate_keypair_c71(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_651( +static KRML_MUSTINLINE bool validate_private_key_d11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e11(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_651( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_651(private_key, ciphertext); + return validate_private_key_d11(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_3e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_521(public_key); +static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_4a1(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e1(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_3e1(public_key->value); + return validate_public_key_e91(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 25e02719b..7bd1569ee 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index ac4156303..ebf808267 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_83( +static void decapsulate_e5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_19(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_83( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_83(private_key, ciphertext, ret); + decapsulate_e5(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_95( +static tuple_3c encapsulate_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_66(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8a(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_95(uu____0, copy_of_randomness); + return encapsulate_1f(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d1( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d1(copy_of_randomness); + return generate_keypair_e3(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_da( +static KRML_MUSTINLINE bool validate_private_key_a4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_33(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_94(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_da(private_key, ciphertext); + return validate_private_key_a4(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_bf(public_key); +static KRML_MUSTINLINE bool validate_public_key_10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_07(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_e9(public_key->value); + return validate_public_key_10(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2ac8e4939..c88640dc9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b89434a12..99c09a651 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1068,7 +1068,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dc(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_d7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -1088,7 +1088,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -1102,7 +1102,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dc(ring_element); + deserialize_to_reduced_ring_element_d7(ring_element); deserialized_pk[i0] = uu____0; } } @@ -1113,15 +1113,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_001( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_ef_05();); - deserialize_ring_elements_reduced_531(public_key, deserialized_pk); + deserialize_ring_elements_reduced_e71(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -1130,7 +1134,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_65(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_1f(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1143,8 +1147,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_85(__m256i vector) { - return shift_right_65(vector); +static __m256i shift_right_09_c7(__m256i vector) { + return shift_right_1f(vector); } /** @@ -1153,8 +1157,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_3f(__m256i a) { - __m256i t = shift_right_09_85(a); +static __m256i to_unsigned_representative_b5(__m256i a) { + __m256i t = shift_right_09_c7(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1166,8 +1170,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_7b(__m256i a) { - return to_unsigned_representative_3f(a); +static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_88(__m256i a) { + return to_unsigned_representative_b5(a); } /** @@ -1176,13 +1180,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2c( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_field_modulus_7b(re->coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_88(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1202,7 +1206,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_991( +static KRML_MUSTINLINE void serialize_secret_key_051( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1220,11 +1224,13 @@ static KRML_MUSTINLINE void serialize_secret_key_991( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2c(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -1235,13 +1241,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_6c1( +static KRML_MUSTINLINE void serialize_public_key_mut_071( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_991(t_as_ntt, ret); + serialize_secret_key_051(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1258,11 +1264,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_ca1( +static KRML_MUSTINLINE void serialize_public_key_e51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_071(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -1276,15 +1282,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_cc1( + deserialize_ring_elements_reduced_out_001( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_ca1( + serialize_public_key_e51( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1314,7 +1320,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_701( +bool libcrux_ml_kem_ind_cca_validate_private_key_e11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1426,7 +1432,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_751( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_101( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2089,7 +2095,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_ba( +static KRML_MUSTINLINE void ntt_at_layer_3_bc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2105,7 +2111,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_89( +static KRML_MUSTINLINE void ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2123,7 +2129,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_d7( +static KRML_MUSTINLINE void ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2148,7 +2154,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_a9( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2164,17 +2170,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ef( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ba(&zeta_i, re); - ntt_at_layer_2_89(&zeta_i, re); - ntt_at_layer_1_d7(&zeta_i, re); - poly_barrett_reduce_ef_a9(re); + ntt_at_layer_3_bc(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_ef_dc(re); } /** @@ -2185,7 +2191,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_081( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -2204,7 +2210,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);); return domain_separator; } @@ -2227,7 +2233,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -2236,7 +2242,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b01(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_081(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2262,7 +2268,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_ef_b2(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_05(); for (size_t i = (size_t)0U; @@ -2292,7 +2298,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_4f1( +static KRML_MUSTINLINE void add_to_ring_element_ef_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2312,7 +2318,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_79(__m256i v) { +static __m256i to_standard_domain_c1(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2328,14 +2334,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_34( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_79(self->coefficients[j]); + to_standard_domain_c1(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2348,7 +2354,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d1( +static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -2375,10 +2381,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_4f1(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2391,12 +2397,12 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_a41( +static void generate_keypair_unpacked_4a1( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_751(key_generation_seed, hashed); + cpa_keygen_seed_d8_101(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2416,17 +2422,17 @@ static void generate_keypair_unpacked_a41( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b01(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_081(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_811(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_2d1(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_671(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -2447,18 +2453,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6a1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_471( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_3c1(); IndCpaPublicKeyUnpacked_a0 public_key = default_8d_891(); - generate_keypair_unpacked_a41(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_ca1( + serialize_public_key_e51( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_991(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_051(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2482,7 +2488,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_1f1( +static KRML_MUSTINLINE void serialize_kem_secret_key_711( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2538,7 +2544,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2547,13 +2553,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_6a1(ind_cpa_keypair_randomness); + generate_keypair_471(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_1f1( + serialize_kem_secret_key_711( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2562,13 +2568,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee0( - uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_780( + uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key)); } /** @@ -2581,7 +2587,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_641(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c51(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2666,7 +2672,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_f7( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_a3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2687,7 +2693,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_98( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2706,7 +2712,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_fe( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_d7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2723,7 +2729,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_75(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_2d(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); @@ -2738,7 +2744,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2753,7 +2759,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_75( + inv_ntt_layer_int_vec_step_reduce_2d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2770,18 +2776,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8f1( +static KRML_MUSTINLINE void invert_ntt_montgomery_801( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f7(&zeta_i, re); - invert_ntt_at_layer_2_98(&zeta_i, re); - invert_ntt_at_layer_3_fe(&zeta_i, re); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a9(re); + invert_ntt_at_layer_1_a3(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_d7(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_dc(re); } /** @@ -2795,7 +2801,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_dd( +static KRML_MUSTINLINE void add_error_reduce_ef_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2816,14 +2822,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_dd1( +static KRML_MUSTINLINE void compute_vector_u_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_05();); + result[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2843,16 +2849,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_4f1(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_311(&result[i1], &product); } - invert_ntt_montgomery_8f1(&result0[i1]); - add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_801(&result[i1]); + add_error_reduce_ef_05(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2864,7 +2866,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_08(__m256i vec) { +static __m256i decompress_1_20(__m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, @@ -2878,7 +2880,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { +deserialize_then_decompress_message_12(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -2887,7 +2889,7 @@ deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_08(coefficient_compressed);); + re.coefficients[i0] = decompress_1_20(coefficient_compressed);); return re; } @@ -2903,7 +2905,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_ef_79( +add_message_error_reduce_ef_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2930,7 +2932,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_771( +compute_ring_element_v_511( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -2938,10 +2940,10 @@ compute_ring_element_v_771( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_4f1(&result, &product);); - invert_ntt_montgomery_8f1(&result); - result = add_message_error_reduce_ef_79(error_2, message, result); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); + invert_ntt_montgomery_801(&result); + result = add_message_error_reduce_ef_b9(error_2, message, result); return result; } @@ -2952,7 +2954,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_43(__m256i vector) { +compress_ciphertext_coefficient_44(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -2999,8 +3001,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_76(__m256i vector) { - return compress_ciphertext_coefficient_43(vector); +static __m256i compress_09_c6(__m256i vector) { + return compress_ciphertext_coefficient_44(vector); } /** @@ -3009,14 +3011,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_2b0( +static KRML_MUSTINLINE void compress_then_serialize_10_170( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_76(to_unsigned_field_modulus_7b(re->coefficients[i0])); + compress_09_c6(to_unsigned_field_modulus_88(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3036,7 +3038,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_430(__m256i vector) { +compress_ciphertext_coefficient_440(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3083,8 +3085,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_760(__m256i vector) { - return compress_ciphertext_coefficient_430(vector); +static __m256i compress_09_c60(__m256i vector) { + return compress_ciphertext_coefficient_440(vector); } /** @@ -3094,10 +3096,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_2b0(re, uu____0); + compress_then_serialize_10_170(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3110,7 +3112,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_421( +static void compress_then_serialize_u_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3126,7 +3128,7 @@ static void compress_then_serialize_u_421( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_9e0(&re, ret); + compress_then_serialize_ring_element_u_b00(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3139,7 +3141,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_431(__m256i vector) { +compress_ciphertext_coefficient_441(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3186,8 +3188,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_761(__m256i vector) { - return compress_ciphertext_coefficient_431(vector); +static __m256i compress_09_c61(__m256i vector) { + return compress_ciphertext_coefficient_441(vector); } /** @@ -3196,14 +3198,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_a4( +static KRML_MUSTINLINE void compress_then_serialize_4_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_761(to_unsigned_field_modulus_7b(re.coefficients[i0])); + compress_09_c61(to_unsigned_field_modulus_88(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3220,7 +3222,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_432(__m256i vector) { +compress_ciphertext_coefficient_442(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3267,8 +3269,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_762(__m256i vector) { - return compress_ciphertext_coefficient_432(vector); +static __m256i compress_09_c62(__m256i vector) { + return compress_ciphertext_coefficient_442(vector); } /** @@ -3277,14 +3279,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_03( +static KRML_MUSTINLINE void compress_then_serialize_5_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_762(to_unsigned_representative_3f(re.coefficients[i0])); + compress_09_c62(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3301,9 +3303,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d10( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_a4(re, out); + compress_then_serialize_4_06(re, out); } /** @@ -3323,7 +3325,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_031(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -3332,7 +3334,7 @@ static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_811(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3356,25 +3358,25 @@ static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key, sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_dd1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_3c1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_12(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_771(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_511(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_421( + compress_then_serialize_u_e81( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d10( + compress_then_serialize_ring_element_v_f20( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3397,10 +3399,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b41(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_891(); - deserialize_ring_elements_reduced_531( + deserialize_ring_elements_reduced_e71( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -3415,7 +3417,7 @@ static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_a41(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_031(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3430,7 +3432,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_161(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_dc1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3457,11 +3459,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_641( + entropy_preprocess_d8_c51( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -3471,7 +3473,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( size_t); uint8_t ret[32U]; H_a9_411(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3485,19 +3487,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_451(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_161(shared_secret, shared_secret_array); + kdf_d8_dc1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3516,7 +3518,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_6c(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_fe(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -3534,7 +3536,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_541( +static KRML_MUSTINLINE void deserialize_secret_key_0d1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -3551,7 +3553,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_541( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_6c(secret_bytes); + deserialize_to_uncompressed_ring_element_fe(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3570,7 +3572,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_79(__m256i vector) { +decompress_ciphertext_coefficient_8f(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3614,8 +3616,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_c6(__m256i vector) { - return decompress_ciphertext_coefficient_79(vector); +static __m256i decompress_ciphertext_coefficient_09_c1(__m256i vector) { + return decompress_ciphertext_coefficient_8f(vector); } /** @@ -3625,7 +3627,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_c7(Eurydice_slice serialized) { +deserialize_then_decompress_10_47(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); LowStar_Ignore_ignore( Eurydice_slice_len( @@ -3638,7 +3640,7 @@ deserialize_then_decompress_10_c7(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c6(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c1(coefficient); } return re; } @@ -3650,7 +3652,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_790(__m256i vector) { +decompress_ciphertext_coefficient_8f0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3694,8 +3696,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_c60(__m256i vector) { - return decompress_ciphertext_coefficient_790(vector); +static __m256i decompress_ciphertext_coefficient_09_c10(__m256i vector) { + return decompress_ciphertext_coefficient_8f0(vector); } /** @@ -3705,7 +3707,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_d5(Eurydice_slice serialized) { +deserialize_then_decompress_11_a8(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -3713,7 +3715,7 @@ deserialize_then_decompress_11_d5(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c60(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c10(coefficient); } return re; } @@ -3725,8 +3727,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_790(Eurydice_slice serialized) { - return deserialize_then_decompress_10_c7(serialized); +deserialize_then_decompress_ring_element_u_d30(Eurydice_slice serialized) { + return deserialize_then_decompress_10_47(serialized); } /** @@ -3735,17 +3737,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_b70( +static KRML_MUSTINLINE void ntt_vector_u_090( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ba(&zeta_i, re); - ntt_at_layer_2_89(&zeta_i, re); - ntt_at_layer_1_d7(&zeta_i, re); - poly_barrett_reduce_ef_a9(re); + ntt_at_layer_3_bc(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_ef_dc(re); } /** @@ -3756,7 +3758,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_251( +static KRML_MUSTINLINE void deserialize_then_decompress_u_411( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -3779,11 +3781,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_251( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes); - ntt_vector_u_b70(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes); + ntt_vector_u_090(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -3794,7 +3800,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_791(__m256i vector) { +decompress_ciphertext_coefficient_8f1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3838,8 +3844,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_c61(__m256i vector) { - return decompress_ciphertext_coefficient_791(vector); +static __m256i decompress_ciphertext_coefficient_09_c11(__m256i vector) { + return decompress_ciphertext_coefficient_8f1(vector); } /** @@ -3849,7 +3855,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_75(Eurydice_slice serialized) { +deserialize_then_decompress_4_98(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -3857,7 +3863,7 @@ deserialize_then_decompress_4_75(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c61(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c11(coefficient); } return re; } @@ -3869,7 +3875,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_792(__m256i vector) { +decompress_ciphertext_coefficient_8f2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3913,8 +3919,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_c62(__m256i vector) { - return decompress_ciphertext_coefficient_792(vector); +static __m256i decompress_ciphertext_coefficient_09_c12(__m256i vector) { + return decompress_ciphertext_coefficient_8f2(vector); } /** @@ -3924,7 +3930,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_f8(Eurydice_slice serialized) { +deserialize_then_decompress_5_45(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -3933,7 +3939,7 @@ deserialize_then_decompress_5_f8(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_c62(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_c12(re.coefficients[i0]); } return re; } @@ -3945,8 +3951,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_b90(Eurydice_slice serialized) { - return deserialize_then_decompress_4_75(serialized); +deserialize_then_decompress_ring_element_v_860(Eurydice_slice serialized) { + return deserialize_then_decompress_4_98(serialized); } /** @@ -3961,7 +3967,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_ef_da(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_73(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3983,17 +3989,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d1( +compute_message_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_4f1(&result, &product);); - invert_ntt_montgomery_8f1(&result); - result = subtract_reduce_ef_da(v, result); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); + invert_ntt_montgomery_801(&result); + result = subtract_reduce_ef_73(v, result); return result; } @@ -4003,12 +4009,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_dd( +static KRML_MUSTINLINE void compress_then_serialize_message_83( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_field_modulus_7b(re.coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_88(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4033,18 +4039,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_9d1(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_461(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_251(ciphertext, u_as_ntt); + deserialize_then_decompress_u_411(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_b90( + deserialize_then_decompress_ring_element_v_860( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_83(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4058,10 +4064,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_541(secret_key, secret_as_ntt); + deserialize_secret_key_0d1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4072,7 +4078,7 @@ static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_9d1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_461(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4124,7 +4130,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f1( +void libcrux_ml_kem_ind_cca_decapsulate_6f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4142,7 +4148,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_751(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4164,7 +4170,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_163(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4174,17 +4180,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_b41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_161(Eurydice_array_to_slice( + kdf_d8_dc1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_161(shared_secret0, shared_secret1); + kdf_d8_dc1(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_401(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4199,7 +4205,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -4213,7 +4219,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dc(ring_element); + deserialize_to_reduced_ring_element_d7(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4224,15 +4230,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_000( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_ef_05();); - deserialize_ring_elements_reduced_53(public_key, deserialized_pk); + deserialize_ring_elements_reduced_e7(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -4243,7 +4253,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_99( +static KRML_MUSTINLINE void serialize_secret_key_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4261,11 +4271,13 @@ static KRML_MUSTINLINE void serialize_secret_key_99( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2c(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + uint8_t result[1536U]; + memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); } /** @@ -4276,13 +4288,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_6c( +static KRML_MUSTINLINE void serialize_public_key_mut_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_99(t_as_ntt, ret); + serialize_secret_key_05(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4299,11 +4311,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_ca( +static KRML_MUSTINLINE void serialize_public_key_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_07(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -4317,15 +4329,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_cc0( + deserialize_ring_elements_reduced_out_000( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_ca( + serialize_public_key_e5( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4355,7 +4367,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_700( +bool libcrux_ml_kem_ind_cca_validate_private_key_e10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -4475,7 +4487,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_75( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_10( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4945,7 +4957,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_08( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4964,7 +4976,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);); return domain_separator; } @@ -4987,7 +4999,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -4996,7 +5008,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b0(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_08(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5021,7 +5033,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_4f( +static KRML_MUSTINLINE void add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5041,7 +5053,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d( +static KRML_MUSTINLINE void compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -5068,10 +5080,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_4f(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5084,12 +5096,12 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_a4( +static void generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_01 *private_key, IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_75(key_generation_seed, hashed); + cpa_keygen_seed_d8_10(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5109,17 +5121,17 @@ static void generate_keypair_unpacked_a4( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b0(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_08(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_81(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_2d(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_67(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -5140,18 +5152,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6a0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_470( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_01 private_key = default_1a_3c(); IndCpaPublicKeyUnpacked_01 public_key = default_8d_89(); - generate_keypair_unpacked_a4(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_ca( + serialize_public_key_e5( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5175,7 +5187,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_1f0( +static KRML_MUSTINLINE void serialize_kem_secret_key_710( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5231,7 +5243,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5240,13 +5252,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_6a0(ind_cpa_keypair_randomness); + generate_keypair_470(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_1f0( + serialize_kem_secret_key_710( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5255,13 +5267,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee1( - uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_781( + uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key)); } /** @@ -5274,7 +5286,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_640(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c50(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5347,18 +5359,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8f( +static KRML_MUSTINLINE void invert_ntt_montgomery_80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f7(&zeta_i, re); - invert_ntt_at_layer_2_98(&zeta_i, re); - invert_ntt_at_layer_3_fe(&zeta_i, re); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a9(re); + invert_ntt_at_layer_1_a3(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_d7(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_dc(re); } /** @@ -5367,14 +5379,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_dd( +static KRML_MUSTINLINE void compute_vector_u_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_05();); + result[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5394,16 +5406,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_4f(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_31(&result[i1], &product); } - invert_ntt_montgomery_8f(&result0[i1]); - add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_80(&result[i1]); + add_error_reduce_ef_05(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5416,7 +5424,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_77( +compute_ring_element_v_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5424,10 +5432,10 @@ compute_ring_element_v_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_4f(&result, &product);); - invert_ntt_montgomery_8f(&result); - result = add_message_error_reduce_ef_79(error_2, message, result); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); + invert_ntt_montgomery_80(&result); + result = add_message_error_reduce_ef_b9(error_2, message, result); return result; } @@ -5437,14 +5445,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_17( +static KRML_MUSTINLINE void compress_then_serialize_11_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_760(to_unsigned_representative_3f(re->coefficients[i0])); + compress_09_c60(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5462,10 +5470,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_17(re, uu____0); + compress_then_serialize_11_b8(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5478,7 +5486,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_42( +static void compress_then_serialize_u_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5494,7 +5502,7 @@ static void compress_then_serialize_u_42( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_9e(&re, ret); + compress_then_serialize_ring_element_u_b0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5507,9 +5515,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d1( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_03(re, out); + compress_then_serialize_5_7a(re, out); } /** @@ -5529,7 +5537,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_03(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5537,7 +5545,7 @@ static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_81(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5561,25 +5569,25 @@ static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key, sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_dd(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_3c(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_12(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_77(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_51(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_42( + compress_then_serialize_u_e8( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d1( + compress_then_serialize_ring_element_v_f2( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5602,10 +5610,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b40(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_89(); - deserialize_ring_elements_reduced_53( + deserialize_ring_elements_reduced_e7( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5620,7 +5628,7 @@ static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_a4(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_03(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5635,7 +5643,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_160(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_dc0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5662,11 +5670,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_640( + entropy_preprocess_d8_c50( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5676,7 +5684,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( size_t); uint8_t ret[32U]; H_a9_41(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5690,19 +5698,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_45(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_160(shared_secret, shared_secret_array); + kdf_d8_dc0(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5720,7 +5728,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_540( +static KRML_MUSTINLINE void deserialize_secret_key_0d0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -5737,7 +5745,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_540( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_6c(secret_bytes); + deserialize_to_uncompressed_ring_element_fe(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -5756,8 +5764,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_79(Eurydice_slice serialized) { - return deserialize_then_decompress_11_d5(serialized); +deserialize_then_decompress_ring_element_u_d3(Eurydice_slice serialized) { + return deserialize_then_decompress_11_a8(serialized); } /** @@ -5766,17 +5774,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_b7( +static KRML_MUSTINLINE void ntt_vector_u_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ba(&zeta_i, re); - ntt_at_layer_2_89(&zeta_i, re); - ntt_at_layer_1_d7(&zeta_i, re); - poly_barrett_reduce_ef_a9(re); + ntt_at_layer_3_bc(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_ef_dc(re); } /** @@ -5787,7 +5795,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_25( +static KRML_MUSTINLINE void deserialize_then_decompress_u_41( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -5810,11 +5818,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_25( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_79(u_bytes); - ntt_vector_u_b7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d3(u_bytes); + ntt_vector_u_09(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -5825,8 +5837,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_b9(Eurydice_slice serialized) { - return deserialize_then_decompress_5_f8(serialized); +deserialize_then_decompress_ring_element_v_86(Eurydice_slice serialized) { + return deserialize_then_decompress_5_45(serialized); } /** @@ -5836,17 +5848,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d( +compute_message_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_4f(&result, &product);); - invert_ntt_montgomery_8f(&result); - result = subtract_reduce_ef_da(v, result); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); + invert_ntt_montgomery_80(&result); + result = subtract_reduce_ef_73(v, result); return result; } @@ -5860,18 +5872,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_9d(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_46(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_25(ciphertext, u_as_ntt); + deserialize_then_decompress_u_41(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_b9( + deserialize_then_decompress_ring_element_v_86( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_83(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5885,10 +5897,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_540(secret_key, secret_as_ntt); + deserialize_secret_key_0d0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5899,7 +5911,7 @@ static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_9d(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_46(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5939,7 +5951,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f0( +void libcrux_ml_kem_ind_cca_decapsulate_6f0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5957,7 +5969,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_750(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5979,7 +5991,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_16(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5989,17 +6001,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_b40(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_160(Eurydice_array_to_slice( + kdf_d8_dc0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_160(shared_secret0, shared_secret1); + kdf_d8_dc0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_40(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6014,7 +6026,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -6028,7 +6040,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dc(ring_element); + deserialize_to_reduced_ring_element_d7(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6039,15 +6051,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_00( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_ef_05();); - deserialize_ring_elements_reduced_530(public_key, deserialized_pk); + deserialize_ring_elements_reduced_e70(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -6058,7 +6074,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_990( +static KRML_MUSTINLINE void serialize_secret_key_050( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6076,11 +6092,13 @@ static KRML_MUSTINLINE void serialize_secret_key_990( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2c(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + memcpy(result, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -6091,13 +6109,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_6c0( +static KRML_MUSTINLINE void serialize_public_key_mut_070( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_990(t_as_ntt, ret); + serialize_secret_key_050(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6114,11 +6132,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_ca0( +static KRML_MUSTINLINE void serialize_public_key_e50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_070(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -6132,15 +6150,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_cc( + deserialize_ring_elements_reduced_out_00( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_ca0( + serialize_public_key_e50( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6170,7 +6188,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_70( +bool libcrux_ml_kem_ind_cca_validate_private_key_e1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -6276,7 +6294,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_750( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_100( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6739,7 +6757,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_080( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6758,7 +6776,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_d70( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);); return domain_separator; } @@ -6781,7 +6799,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -6790,7 +6808,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b00(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_080(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -6815,7 +6833,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_4f0( +static KRML_MUSTINLINE void add_to_ring_element_ef_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6835,7 +6853,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d0( +static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -6862,10 +6880,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_4f0(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6878,12 +6896,12 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_a40( +static void generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_d6 *private_key, IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_750(key_generation_seed, hashed); + cpa_keygen_seed_d8_100(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6903,17 +6921,17 @@ static void generate_keypair_unpacked_a40( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b00(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_080(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_810(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_2d0(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_670(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -6934,18 +6952,18 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6a( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_47( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_3c0(); IndCpaPublicKeyUnpacked_d6 public_key = default_8d_890(); - generate_keypair_unpacked_a40(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_ca0( + serialize_public_key_e50( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_990(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_050(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6969,7 +6987,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_1f( +static KRML_MUSTINLINE void serialize_kem_secret_key_71( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7024,7 +7042,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7034,13 +7052,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_6a(ind_cpa_keypair_randomness); + generate_keypair_47(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_1f( + serialize_kem_secret_key_71( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7049,13 +7067,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -7068,7 +7086,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c5(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7187,18 +7205,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8f0( +static KRML_MUSTINLINE void invert_ntt_montgomery_800( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f7(&zeta_i, re); - invert_ntt_at_layer_2_98(&zeta_i, re); - invert_ntt_at_layer_3_fe(&zeta_i, re); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a9(re); + invert_ntt_at_layer_1_a3(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_d7(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_dc(re); } /** @@ -7207,14 +7225,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_dd0( +static KRML_MUSTINLINE void compute_vector_u_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_05();); + result[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7234,16 +7252,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_4f0(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_310(&result[i1], &product); } - invert_ntt_montgomery_8f0(&result0[i1]); - add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_800(&result[i1]); + add_error_reduce_ef_05(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7256,7 +7270,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_770( +compute_ring_element_v_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7264,10 +7278,10 @@ compute_ring_element_v_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_4f0(&result, &product);); - invert_ntt_montgomery_8f0(&result); - result = add_message_error_reduce_ef_79(error_2, message, result); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); + invert_ntt_montgomery_800(&result); + result = add_message_error_reduce_ef_b9(error_2, message, result); return result; } @@ -7280,7 +7294,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_420( +static void compress_then_serialize_u_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7296,7 +7310,7 @@ static void compress_then_serialize_u_420( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_9e0(&re, ret); + compress_then_serialize_ring_element_u_b00(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7319,7 +7333,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_030(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7327,7 +7341,7 @@ static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_810(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7351,25 +7365,25 @@ static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key, sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_dd0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_3c0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_12(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_770(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_510(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_420( + compress_then_serialize_u_e80( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d10( + compress_then_serialize_ring_element_v_f20( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7392,10 +7406,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_890(); - deserialize_ring_elements_reduced_530( + deserialize_ring_elements_reduced_e70( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -7410,7 +7424,7 @@ static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_a40(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_030(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7425,7 +7439,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_16(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_dc(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7452,11 +7466,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_64( + entropy_preprocess_d8_c5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -7466,7 +7480,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( size_t); uint8_t ret[32U]; H_a9_410(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7480,19 +7494,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_450(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_16(shared_secret, shared_secret_array); + kdf_d8_dc(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7510,7 +7524,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_54( +static KRML_MUSTINLINE void deserialize_secret_key_0d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -7527,7 +7541,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_54( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_6c(secret_bytes); + deserialize_to_uncompressed_ring_element_fe(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -7547,7 +7561,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_250( +static KRML_MUSTINLINE void deserialize_then_decompress_u_410( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -7570,11 +7584,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_250( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes); - ntt_vector_u_b70(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes); + ntt_vector_u_090(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, u_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -7585,17 +7603,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d0( +compute_message_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_4f0(&result, &product);); - invert_ntt_montgomery_8f0(&result); - result = subtract_reduce_ef_da(v, result); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); + invert_ntt_montgomery_800(&result); + result = subtract_reduce_ef_73(v, result); return result; } @@ -7609,18 +7627,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_9d0(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_460(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_250(ciphertext, u_as_ntt); + deserialize_then_decompress_u_410(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_b90( + deserialize_then_decompress_ring_element_v_860( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_83(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7634,10 +7652,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_54(secret_key, secret_as_ntt); + deserialize_secret_key_0d(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7648,7 +7666,7 @@ static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_9d0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_460(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7688,7 +7706,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f( +void libcrux_ml_kem_ind_cca_decapsulate_6f( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7706,7 +7724,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7728,7 +7746,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_161(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7738,16 +7756,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_16(Eurydice_array_to_slice((size_t)32U, + kdf_d8_dc(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_16(shared_secret0, shared_secret1); + kdf_d8_dc(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_400(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 42cc1517c..43910f900 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 9c539cfa1..b55505b93 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_mlkem_portable.h" @@ -199,6 +199,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[21U] = r11_21.f10; } +void libcrux_ml_kem_vector_portable_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -206,7 +212,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); + libcrux_ml_kem_vector_portable_serialize_11(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -299,13 +305,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); + return libcrux_ml_kem_vector_portable_deserialize_11(a); } KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( @@ -1190,8 +1201,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( vec->elements[j], zeta); - vec->elements[j] = vec->elements[i] - t; - vec->elements[i] = vec->elements[i] + t; + int16_t a_minus_t = vec->elements[i] - t; + int16_t a_plus_t = vec->elements[i] + t; + vec->elements[j] = a_minus_t; + vec->elements[i] = a_plus_t; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1300,8 +1313,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + int16_t a_plus_b = vec->elements[j] + vec->elements[i]; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - vec->elements[i] + vec->elements[j]); + a_plus_b); int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); @@ -1415,12 +1429,11 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t ai = a->elements[i]; - int16_t bi = b->elements[i]; - int16_t aj = a->elements[j]; - int16_t bj = b->elements[j]; + size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t ai = a->elements[(size_t)2U * i]; + int16_t bi = b->elements[(size_t)2U * i]; + int16_t aj = a->elements[(size_t)2U * i + (size_t)1U]; + int16_t bj = b->elements[(size_t)2U * i + (size_t)1U]; int32_t ai_bi = (int32_t)ai * (int32_t)bi; int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; int16_t aj_bj = @@ -1437,8 +1450,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( ai_bj_aj_bi); - out->elements[i] = o0; - out->elements[j] = o1; + int16_t _out0[16U]; + memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t)); + out->elements[(size_t)2U * i] = o0; + out->elements[(size_t)2U * i + (size_t)1U] = o1; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1452,22 +1467,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0, + (size_t)0U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0, + (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1, + (size_t)2U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1, + (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2, + (size_t)4U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2, + (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3, + (size_t)6U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3, + (size_t)7U, &out); return out; } @@ -1507,6 +1522,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( ret[1U] = result1; } +void libcrux_ml_kem_vector_portable_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1514,7 +1535,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_1_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); + libcrux_ml_kem_vector_portable_serialize_1(a, ret); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1601,13 +1622,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); + return libcrux_ml_kem_vector_portable_deserialize_1(a); } KRML_MUSTINLINE uint8_t_x4 @@ -1657,6 +1683,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[7U] = result4_7.f3; } +void libcrux_ml_kem_vector_portable_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1664,7 +1696,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); + libcrux_ml_kem_vector_portable_serialize_4(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -1734,13 +1766,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); + return libcrux_ml_kem_vector_portable_deserialize_4(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1788,6 +1825,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[9U] = r5_9.f4; } +void libcrux_ml_kem_vector_portable_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1795,7 +1838,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_5_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); + libcrux_ml_kem_vector_portable_serialize_5(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -1876,13 +1919,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); + return libcrux_ml_kem_vector_portable_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1956,6 +2004,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[19U] = r15_19.f4; } +void libcrux_ml_kem_vector_portable_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1963,7 +2017,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); + libcrux_ml_kem_vector_portable_serialize_10(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -2052,13 +2106,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); + return libcrux_ml_kem_vector_portable_deserialize_10(a); } KRML_MUSTINLINE uint8_t_x3 @@ -2126,6 +2185,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[23U] = r21_23.thd; } +void libcrux_ml_kem_vector_portable_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -2133,7 +2198,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_12_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); + libcrux_ml_kem_vector_portable_serialize_12(a, ret); } KRML_MUSTINLINE int16_t_x2 @@ -2191,13 +2256,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); + return libcrux_ml_kem_vector_portable_deserialize_12(a); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( @@ -2318,7 +2388,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_a5(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_01(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -2340,7 +2410,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_75( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2354,7 +2424,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a5(ring_element); + deserialize_to_reduced_ring_element_01(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2365,15 +2435,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_531( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_ef_1b();); - deserialize_ring_elements_reduced_da(public_key, deserialized_pk); + deserialize_ring_elements_reduced_75(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -2383,7 +2457,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +shift_right_38(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2402,8 +2476,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_9d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_95(v); +shift_right_0d_6b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_38(v); } /** @@ -2413,10 +2487,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_7c( +to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_9d(a); + shift_right_0d_6b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2430,10 +2504,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_field_modulus_b0( +to_unsigned_field_modulus_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - to_unsigned_representative_7c(a); + to_unsigned_representative_9f(a); return result; } @@ -2443,14 +2517,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8b( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_field_modulus_b0(re->coefficients[i0]); + to_unsigned_field_modulus_c4(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2470,7 +2544,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_5a( +static KRML_MUSTINLINE void serialize_secret_key_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2488,11 +2562,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8b(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + uint8_t result[1536U]; + memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); } /** @@ -2503,13 +2579,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_3c( +static KRML_MUSTINLINE void serialize_public_key_mut_12( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_5a(t_as_ntt, ret); + serialize_secret_key_1d(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2526,11 +2602,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_07( +static KRML_MUSTINLINE void serialize_public_key_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_3c(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_12(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -2544,15 +2620,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_531( + deserialize_ring_elements_reduced_out_fa1( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_07( + serialize_public_key_e9( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2582,7 +2658,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ae( +bool libcrux_ml_kem_ind_cca_validate_private_key_c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -2702,7 +2778,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_57( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e4( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -3355,7 +3431,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_d0( +static KRML_MUSTINLINE void ntt_at_layer_3_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3373,7 +3449,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_76( +static KRML_MUSTINLINE void ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3392,7 +3468,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_5d( +static KRML_MUSTINLINE void ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3418,7 +3494,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_17( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3436,17 +3512,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d8( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_36( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { ntt_at_layer_7_97(re); size_t zeta_i = (size_t)1U; ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d0(&zeta_i, re); - ntt_at_layer_2_76(&zeta_i, re); - ntt_at_layer_1_5d(&zeta_i, re); - poly_barrett_reduce_ef_17(re); + ntt_at_layer_3_b8(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_ef_b4(re); } /** @@ -3458,7 +3534,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3477,7 +3553,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);); return domain_separator; } @@ -3501,7 +3577,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -3510,7 +3586,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b1(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_f7(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3536,7 +3612,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_ef_45(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_1b(); for (size_t i = (size_t)0U; @@ -3568,7 +3644,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_5d( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3593,7 +3669,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_bf( +to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3610,14 +3686,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_73(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3632,7 +3708,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_c7( +static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -3659,10 +3735,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_5d(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3675,12 +3751,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_e9( +static void generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_42 *private_key, IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_57(key_generation_seed, hashed); + cpa_keygen_seed_d8_e4(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3700,17 +3776,17 @@ static void generate_keypair_unpacked_e9( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b1(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_f7(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_44(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_c7(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f0(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -3731,18 +3807,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_501( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_081( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_42 private_key = default_1a_e9(); IndCpaPublicKeyUnpacked_42 public_key = default_8d_d1(); - generate_keypair_unpacked_e9(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_07( + serialize_public_key_e9( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3766,7 +3842,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d4( +static KRML_MUSTINLINE void serialize_kem_secret_key_50( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3822,7 +3898,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3831,13 +3907,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_501(ind_cpa_keypair_randomness); + generate_keypair_081(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d4( + serialize_kem_secret_key_50( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3846,13 +3922,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee1( - uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_781( + uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key)); } /** @@ -3865,7 +3941,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_b3(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3883,7 +3959,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_7f(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_ef_1b();); @@ -3951,7 +4027,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_08( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_19( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3972,7 +4048,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_91( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3991,7 +4067,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_41( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_77( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4011,7 +4087,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_13( + inv_ntt_layer_int_vec_step_reduce_97( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4031,7 +4107,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4046,7 +4122,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_13( + inv_ntt_layer_int_vec_step_reduce_97( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4063,18 +4139,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_55( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_08(&zeta_i, re); - invert_ntt_at_layer_2_91(&zeta_i, re); - invert_ntt_at_layer_3_41(&zeta_i, re); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_17(re); + invert_ntt_at_layer_1_19(&zeta_i, re); + invert_ntt_at_layer_2_f7(&zeta_i, re); + invert_ntt_at_layer_3_77(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_b4(re); } /** @@ -4088,7 +4164,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_4d( +static KRML_MUSTINLINE void add_error_reduce_ef_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4112,14 +4188,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_b8( +static KRML_MUSTINLINE void compute_vector_u_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_1b();); + result[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4139,16 +4215,12 @@ static KRML_MUSTINLINE void compute_vector_u_b8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_5d(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a(&result[i1], &product); } - invert_ntt_montgomery_55(&result0[i1]); - add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c(&result[i1]); + add_error_reduce_ef_da(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4161,7 +4233,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_78(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +decompress_1_4a(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = @@ -4179,7 +4251,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { +deserialize_then_decompress_message_5e(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4190,7 +4262,7 @@ deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_78(coefficient_compressed); + decompress_1_4a(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4207,7 +4279,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_ef_21( +add_message_error_reduce_ef_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4237,7 +4309,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1e( +compute_ring_element_v_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4245,10 +4317,10 @@ compute_ring_element_v_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_5d(&result, &product);); - invert_ntt_montgomery_55(&result); - result = add_message_error_reduce_ef_21(error_2, message, result); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); + invert_ntt_montgomery_8c(&result); + result = add_message_error_reduce_ef_5c(error_2, message, result); return result; } @@ -4258,7 +4330,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_61(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4279,9 +4351,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fe( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_61(a); + return compress_6a(a); } /** @@ -4290,7 +4362,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_610(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4312,8 +4384,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fe0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_610(a); +compress_0d_830(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_6a0(a); } /** @@ -4322,14 +4394,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_a9( +static KRML_MUSTINLINE void compress_then_serialize_11_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fe0(to_unsigned_representative_7c(re->coefficients[i0])); + compress_0d_830(to_unsigned_representative_9f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4347,10 +4419,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b5( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_a9(re, uu____0); + compress_then_serialize_11_00(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4363,7 +4435,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_cd( +static void compress_then_serialize_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4379,7 +4451,7 @@ static void compress_then_serialize_u_cd( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b5(&re, ret); + compress_then_serialize_ring_element_u_39(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4391,7 +4463,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_611(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4413,8 +4485,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fe1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_611(a); +compress_0d_831(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_6a1(a); } /** @@ -4423,14 +4495,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_06( +static KRML_MUSTINLINE void compress_then_serialize_4_df( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fe1(to_unsigned_field_modulus_b0(re.coefficients[i0])); + compress_0d_831(to_unsigned_field_modulus_c4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4446,7 +4518,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_612(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4468,8 +4540,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fe2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_612(a); +compress_0d_832(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_6a2(a); } /** @@ -4478,14 +4550,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_69( +static KRML_MUSTINLINE void compress_then_serialize_5_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_fe2(to_unsigned_representative_7c(re.coefficients[i0])); + compress_0d_832(to_unsigned_representative_9f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4502,9 +4574,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_69(re, out); + compress_then_serialize_5_51(re, out); } /** @@ -4525,7 +4597,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_43(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4533,7 +4605,7 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_44(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4543,7 +4615,7 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_7f(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_23(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4557,25 +4629,25 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_d2(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e3(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1e(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_95(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_cd( + compress_then_serialize_u_54( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_cf( + compress_then_serialize_ring_element_v_ce( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4599,10 +4671,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_d1(); - deserialize_ring_elements_reduced_da( + deserialize_ring_elements_reduced_75( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4617,7 +4689,7 @@ static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_c3(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_43(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4632,7 +4704,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_19(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_a6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4659,11 +4731,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_62( + entropy_preprocess_d8_b3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4673,7 +4745,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( size_t); uint8_t ret[32U]; H_f1_d5(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4687,19 +4759,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_4b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_45(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_19(shared_secret, shared_secret_array); + kdf_d8_a6(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4718,7 +4790,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_07(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_a4(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4738,7 +4810,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_121( +static KRML_MUSTINLINE void deserialize_secret_key_831( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -4755,7 +4827,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_121( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_07(secret_bytes); + deserialize_to_uncompressed_ring_element_a4(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -4774,7 +4846,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a( +decompress_ciphertext_coefficient_fe( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4799,9 +4871,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea( +decompress_ciphertext_coefficient_0d_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a(v); + return decompress_ciphertext_coefficient_fe(v); } /** @@ -4811,7 +4883,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_5c(Eurydice_slice serialized) { +deserialize_then_decompress_10_40(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( @@ -4828,7 +4900,7 @@ deserialize_then_decompress_10_5c(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_ea(coefficient); + decompress_ciphertext_coefficient_0d_78(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4841,7 +4913,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a0( +decompress_ciphertext_coefficient_fe0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4866,9 +4938,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea0( +decompress_ciphertext_coefficient_0d_780( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a0(v); + return decompress_ciphertext_coefficient_fe0(v); } /** @@ -4878,7 +4950,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_77(Eurydice_slice serialized) { +deserialize_then_decompress_11_0a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -4888,7 +4960,7 @@ deserialize_then_decompress_11_77(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_ea0(coefficient); + decompress_ciphertext_coefficient_0d_780(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4901,8 +4973,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_cd(Eurydice_slice serialized) { - return deserialize_then_decompress_11_77(serialized); +deserialize_then_decompress_ring_element_u_58(Eurydice_slice serialized) { + return deserialize_then_decompress_11_0a(serialized); } /** @@ -4911,17 +4983,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_2c( +static KRML_MUSTINLINE void ntt_vector_u_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d0(&zeta_i, re); - ntt_at_layer_2_76(&zeta_i, re); - ntt_at_layer_1_5d(&zeta_i, re); - poly_barrett_reduce_ef_17(re); + ntt_at_layer_3_b8(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_ef_b4(re); } /** @@ -4932,7 +5004,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_bb( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -4955,11 +5027,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd(u_bytes); - ntt_vector_u_2c(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_58(u_bytes); + ntt_vector_u_f1(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -4970,7 +5046,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a1( +decompress_ciphertext_coefficient_fe1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4995,9 +5071,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea1( +decompress_ciphertext_coefficient_0d_781( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a1(v); + return decompress_ciphertext_coefficient_fe1(v); } /** @@ -5007,7 +5083,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_b1(Eurydice_slice serialized) { +deserialize_then_decompress_4_dd(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -5017,7 +5093,7 @@ deserialize_then_decompress_4_b1(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_ea1(coefficient); + decompress_ciphertext_coefficient_0d_781(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5030,7 +5106,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a2( +decompress_ciphertext_coefficient_fe2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5055,9 +5131,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea2( +decompress_ciphertext_coefficient_0d_782( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a2(v); + return decompress_ciphertext_coefficient_fe2(v); } /** @@ -5067,7 +5143,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_7b(Eurydice_slice serialized) { +deserialize_then_decompress_5_e7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5077,7 +5153,7 @@ deserialize_then_decompress_5_7b(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_ea2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_782(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5090,8 +5166,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_ce(Eurydice_slice serialized) { - return deserialize_then_decompress_5_7b(serialized); +deserialize_then_decompress_ring_element_v_87(Eurydice_slice serialized) { + return deserialize_then_decompress_5_e7(serialized); } /** @@ -5106,7 +5182,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_ef_92(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_59(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5131,17 +5207,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_82( +compute_message_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_5d(&result, &product);); - invert_ntt_montgomery_55(&result); - result = subtract_reduce_ef_92(v, result); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); + invert_ntt_montgomery_8c(&result); + result = subtract_reduce_ef_59(v, result); return result; } @@ -5151,13 +5227,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_15( +static KRML_MUSTINLINE void compress_then_serialize_message_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_field_modulus_b0(re.coefficients[i0]); + to_unsigned_field_modulus_c4(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5183,18 +5259,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_c9(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_ee(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_bb(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ce( + deserialize_then_decompress_ring_element_v_87( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_82(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_fc(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_ee(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5208,10 +5284,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5f1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_121(secret_key, secret_as_ntt); + deserialize_secret_key_831(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5222,7 +5298,7 @@ static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_c9(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ee(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5274,7 +5350,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_191( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5292,7 +5368,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_191( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_dc1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5f1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5314,7 +5390,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_191( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9f(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5324,17 +5400,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_191( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_4b1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_19(Eurydice_array_to_slice((size_t)32U, + kdf_d8_a6(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_19(shared_secret0, shared_secret1); + kdf_d8_a6(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_40(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5349,7 +5425,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_750( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -5363,7 +5439,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a5(ring_element); + deserialize_to_reduced_ring_element_01(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5374,15 +5450,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_530( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_ef_1b();); - deserialize_ring_elements_reduced_da0(public_key, deserialized_pk); + deserialize_ring_elements_reduced_750(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, deserialized_pk, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -5393,7 +5473,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_5a0( +static KRML_MUSTINLINE void serialize_secret_key_1d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5411,11 +5491,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8b(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + memcpy(result, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -5426,13 +5508,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_3c0( +static KRML_MUSTINLINE void serialize_public_key_mut_120( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_5a0(t_as_ntt, ret); + serialize_secret_key_1d0(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5449,11 +5531,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_070( +static KRML_MUSTINLINE void serialize_public_key_e90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_3c0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_120(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -5467,15 +5549,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_530( + deserialize_ring_elements_reduced_out_fa0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_070( + serialize_public_key_e90( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5505,7 +5587,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_b4( +bool libcrux_ml_kem_ind_cca_validate_private_key_90( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -5611,7 +5693,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_36( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6061,7 +6143,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6080,7 +6162,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_6b0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);); return domain_separator; } @@ -6104,7 +6186,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -6113,7 +6195,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b10(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_f70(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6138,7 +6220,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_5d0( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6162,7 +6244,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_c70( +static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -6189,10 +6271,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_5d0(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6205,12 +6287,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_e90( +static void generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_ae *private_key, IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_36(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6230,17 +6312,17 @@ static void generate_keypair_unpacked_e90( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b10(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_f70(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_c70(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f00(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -6261,18 +6343,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_500( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_080( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_ae private_key = default_1a_e90(); IndCpaPublicKeyUnpacked_ae public_key = default_8d_d10(); - generate_keypair_unpacked_e90(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_070( + serialize_public_key_e90( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_5a0(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6296,7 +6378,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a1( +static KRML_MUSTINLINE void serialize_kem_secret_key_4a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6352,7 +6434,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6361,13 +6443,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_500(ind_cpa_keypair_randomness); + generate_keypair_080(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_a1( + serialize_kem_secret_key_4a( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6376,13 +6458,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -6395,7 +6477,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_89(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_9c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6445,7 +6527,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_7f0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_ef_1b();); @@ -6501,18 +6583,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_550( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_08(&zeta_i, re); - invert_ntt_at_layer_2_91(&zeta_i, re); - invert_ntt_at_layer_3_41(&zeta_i, re); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_17(re); + invert_ntt_at_layer_1_19(&zeta_i, re); + invert_ntt_at_layer_2_f7(&zeta_i, re); + invert_ntt_at_layer_3_77(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_b4(re); } /** @@ -6521,14 +6603,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_b80( +static KRML_MUSTINLINE void compute_vector_u_d20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_1b();); + result[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6548,16 +6630,12 @@ static KRML_MUSTINLINE void compute_vector_u_b80( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_5d0(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a0(&result[i1], &product); } - invert_ntt_montgomery_550(&result0[i1]); - add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c0(&result[i1]); + add_error_reduce_ef_da(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6570,7 +6648,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1e0( +compute_ring_element_v_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6578,10 +6656,10 @@ compute_ring_element_v_1e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_5d0(&result, &product);); - invert_ntt_montgomery_550(&result); - result = add_message_error_reduce_ef_21(error_2, message, result); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); + invert_ntt_montgomery_8c0(&result); + result = add_message_error_reduce_ef_5c(error_2, message, result); return result; } @@ -6591,14 +6669,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_470( +static KRML_MUSTINLINE void compress_then_serialize_10_c50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fe(to_unsigned_field_modulus_b0(re->coefficients[i0])); + compress_0d_83(to_unsigned_field_modulus_c4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6618,10 +6696,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b50( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_390( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_470(re, uu____0); + compress_then_serialize_10_c50(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6634,7 +6712,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_cd0( +static void compress_then_serialize_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6650,7 +6728,7 @@ static void compress_then_serialize_u_cd0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b50(&re, ret); + compress_then_serialize_ring_element_u_390(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6663,9 +6741,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_06(re, out); + compress_then_serialize_4_df(re, out); } /** @@ -6686,7 +6764,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_430(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6695,7 +6773,7 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = - sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6705,7 +6783,7 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_7f0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_230(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6719,25 +6797,25 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_d20(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e3(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1e0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_950(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_cd0( + compress_then_serialize_u_540( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_cf0( + compress_then_serialize_ring_element_v_ce0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6761,10 +6839,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_d10(); - deserialize_ring_elements_reduced_da0( + deserialize_ring_elements_reduced_750( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -6779,7 +6857,7 @@ static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_c30(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_430(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -6794,7 +6872,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_ab(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_f4(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6821,11 +6899,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_89( + entropy_preprocess_d8_9c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6835,7 +6913,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( size_t); uint8_t ret[32U]; H_f1_d50(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6849,19 +6927,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_4b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_450(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_ab(shared_secret, shared_secret_array); + kdf_d8_f4(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6879,7 +6957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_120( +static KRML_MUSTINLINE void deserialize_secret_key_830( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -6896,7 +6974,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_120( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_07(secret_bytes); + deserialize_to_uncompressed_ring_element_a4(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -6915,8 +6993,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_cd0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5c(serialized); +deserialize_then_decompress_ring_element_u_580(Eurydice_slice serialized) { + return deserialize_then_decompress_10_40(serialized); } /** @@ -6925,17 +7003,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_2c0( +static KRML_MUSTINLINE void ntt_vector_u_f10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d0(&zeta_i, re); - ntt_at_layer_2_76(&zeta_i, re); - ntt_at_layer_1_5d(&zeta_i, re); - poly_barrett_reduce_ef_17(re); + ntt_at_layer_3_b8(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_ef_b4(re); } /** @@ -6946,7 +7024,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -6969,11 +7047,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes); - ntt_vector_u_2c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes); + ntt_vector_u_f10(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, u_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -6984,8 +7066,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_ce0(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b1(serialized); +deserialize_then_decompress_ring_element_v_870(Eurydice_slice serialized) { + return deserialize_then_decompress_4_dd(serialized); } /** @@ -6995,17 +7077,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_820( +compute_message_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_5d0(&result, &product);); - invert_ntt_montgomery_550(&result); - result = subtract_reduce_ef_92(v, result); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); + invert_ntt_montgomery_8c0(&result); + result = subtract_reduce_ef_59(v, result); return result; } @@ -7019,18 +7101,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c90(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_ee0(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_bb0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ce0( + deserialize_then_decompress_ring_element_v_870( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_820(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_fc0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_ee(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7044,10 +7126,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5f0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_120(secret_key, secret_as_ntt); + deserialize_secret_key_830(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7058,7 +7140,7 @@ static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_c90(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ee0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7098,7 +7180,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_190( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7116,7 +7198,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_190( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_dc0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5f0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7138,7 +7220,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_190( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9f1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7148,17 +7230,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_190( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_4b0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_ab(Eurydice_array_to_slice((size_t)32U, + kdf_d8_f4(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_ab(shared_secret0, shared_secret1); + kdf_d8_f4(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_400(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7173,7 +7255,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_751( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -7187,7 +7269,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a5(ring_element); + deserialize_to_reduced_ring_element_01(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7198,15 +7280,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_53( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_ef_1b();); - deserialize_ring_elements_reduced_da1(public_key, deserialized_pk); + deserialize_ring_elements_reduced_751(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -7217,7 +7303,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_5a1( +static KRML_MUSTINLINE void serialize_secret_key_1d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7235,11 +7321,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8b(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -7250,13 +7338,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_3c1( +static KRML_MUSTINLINE void serialize_public_key_mut_121( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_5a1(t_as_ntt, ret); + serialize_secret_key_1d1(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7273,11 +7361,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_071( +static KRML_MUSTINLINE void serialize_public_key_e91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_3c1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_121(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -7291,15 +7379,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_53( + deserialize_ring_elements_reduced_out_fa( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_071( + serialize_public_key_e91( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7329,7 +7417,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_33( +bool libcrux_ml_kem_ind_cca_validate_private_key_94( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -7441,7 +7529,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_d1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_a4( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7880,7 +7968,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -7899,7 +7987,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);); return domain_separator; } @@ -7923,7 +8011,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7932,7 +8020,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b11(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_f71(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -7957,7 +8045,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_5d1( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7981,7 +8069,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_c71( +static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -8008,10 +8096,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_5d1(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8024,12 +8112,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_e91( +static void generate_keypair_unpacked_861( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_f8 *private_key, IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_d1(key_generation_seed, hashed); + cpa_keygen_seed_d8_a4(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8049,17 +8137,17 @@ static void generate_keypair_unpacked_e91( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b11(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_f71(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_c71(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f01(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -8080,18 +8168,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_50( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_08( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_e91(); IndCpaPublicKeyUnpacked_f8 public_key = default_8d_d11(); - generate_keypair_unpacked_e91(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_071( + serialize_public_key_e91( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5a1(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8115,7 +8203,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b0( +static KRML_MUSTINLINE void serialize_kem_secret_key_c0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8171,7 +8259,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8180,13 +8268,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_50(ind_cpa_keypair_randomness); + generate_keypair_08(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_b0( + serialize_kem_secret_key_c0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8195,13 +8283,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee0( - uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_780( + uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key)); } /** @@ -8214,7 +8302,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_a9(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_05(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8232,7 +8320,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_7f1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_ef_1b();); @@ -8288,18 +8376,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_551( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_08(&zeta_i, re); - invert_ntt_at_layer_2_91(&zeta_i, re); - invert_ntt_at_layer_3_41(&zeta_i, re); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_17(re); + invert_ntt_at_layer_1_19(&zeta_i, re); + invert_ntt_at_layer_2_f7(&zeta_i, re); + invert_ntt_at_layer_3_77(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_b4(re); } /** @@ -8308,14 +8396,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_b81( +static KRML_MUSTINLINE void compute_vector_u_d21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_1b();); + result[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8335,16 +8423,12 @@ static KRML_MUSTINLINE void compute_vector_u_b81( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_5d1(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a1(&result[i1], &product); } - invert_ntt_montgomery_551(&result0[i1]); - add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c1(&result[i1]); + add_error_reduce_ef_da(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8357,7 +8441,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1e1( +compute_ring_element_v_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8365,10 +8449,10 @@ compute_ring_element_v_1e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_5d1(&result, &product);); - invert_ntt_montgomery_551(&result); - result = add_message_error_reduce_ef_21(error_2, message, result); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); + invert_ntt_montgomery_8c1(&result); + result = add_message_error_reduce_ef_5c(error_2, message, result); return result; } @@ -8381,7 +8465,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_cd1( +static void compress_then_serialize_u_541( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8397,7 +8481,7 @@ static void compress_then_serialize_u_cd1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b50(&re, ret); + compress_then_serialize_ring_element_u_390(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8421,7 +8505,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_431(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -8431,7 +8515,7 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = - sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8441,7 +8525,7 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_7f1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_231(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8455,25 +8539,25 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_d21(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e3(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1e1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_951(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_cd1( + compress_then_serialize_u_541( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_cf0( + compress_then_serialize_ring_element_v_ce0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8497,10 +8581,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_d11(); - deserialize_ring_elements_reduced_da1( + deserialize_ring_elements_reduced_751( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -8515,7 +8599,7 @@ static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_c31(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_431(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8530,7 +8614,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_b7(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_8d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8557,11 +8641,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_a9( + entropy_preprocess_d8_05( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8571,7 +8655,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( size_t); uint8_t ret[32U]; H_f1_d51(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8585,19 +8669,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_4b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_451(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_b7(shared_secret, shared_secret_array); + kdf_d8_8d(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8615,7 +8699,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_12( +static KRML_MUSTINLINE void deserialize_secret_key_83( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -8632,7 +8716,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_12( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_07(secret_bytes); + deserialize_to_uncompressed_ring_element_a4(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -8652,7 +8736,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -8675,11 +8759,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes); - ntt_vector_u_2c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes); + ntt_vector_u_f10(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -8690,17 +8778,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_821( +compute_message_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_5d1(&result, &product);); - invert_ntt_montgomery_551(&result); - result = subtract_reduce_ef_92(v, result); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); + invert_ntt_montgomery_8c1(&result); + result = subtract_reduce_ef_59(v, result); return result; } @@ -8714,18 +8802,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c91(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_ee1(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_bb1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ce0( + deserialize_then_decompress_ring_element_v_870( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_821(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_fc1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_ee(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8739,10 +8827,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5f(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_12(secret_key, secret_as_ntt); + deserialize_secret_key_83(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8753,7 +8841,7 @@ static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_c91(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ee1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8793,7 +8881,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_19( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8811,7 +8899,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_19( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_dc(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8833,7 +8921,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_19( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9f3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -8843,16 +8931,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_19( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_4b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_b7(Eurydice_array_to_slice((size_t)32U, + kdf_d8_8d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_b7(shared_secret0, shared_secret1); + kdf_d8_8d(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_401(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c9875da03..f6b926cc0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem_portable_H @@ -74,6 +74,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -99,6 +103,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -421,8 +428,7 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out); + size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_multiply( @@ -444,6 +450,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -455,6 +465,9 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -476,6 +489,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -490,6 +507,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -512,6 +532,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -526,6 +550,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -540,6 +567,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -554,6 +585,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -574,6 +608,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -593,6 +631,9 @@ int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 6e2ab7015..426a4f6a6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index d854d460d..79b702c22 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 7da61a71e..d8b5a67ab 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1e2de3251..950cc2aba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 5cf30d99e..c0f445770 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 362ca6ad1..c5d577d1d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index dc4e2de87..9561d6d0d 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 +F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 +Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index dcf4fd6fe..95ad567ef 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_76( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_24( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -245,7 +245,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_5a_67(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_5a_af(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -279,7 +279,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_3a_ee(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_3a_78(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -295,7 +295,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_7f_af(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_7f_e6(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -359,7 +359,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_8c(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_96(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -376,7 +376,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_02( +static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_60( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -428,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_e7( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 898681bb4..8ea31d766 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 053e1683b..b28ba871c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1236,7 +1236,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_23(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ff(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -1248,7 +1248,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1269,7 +1269,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1287,7 +1287,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1310,7 +1310,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a8(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -1322,7 +1322,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1374,9 +1374,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( vector); } @@ -1388,7 +1388,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_86( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_58( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1404,7 +1404,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_86( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( coefficient); } return re; @@ -1418,7 +1418,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1470,9 +1470,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( vector); } @@ -1484,7 +1484,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_33( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1495,7 +1495,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( coefficient); } return re; @@ -1509,9 +1509,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_58(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1586,7 +1586,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_bc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1605,7 +1605,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_89( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1625,7 +1625,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1652,7 +1652,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1669,7 +1669,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U, @@ -1680,13 +1680,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96( (size_t)3U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ba(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_bc(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_89(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re); } /** @@ -1699,7 +1699,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1724,12 +1724,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_96(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_b5(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, u_as_ntt, + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -1741,7 +1745,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1793,9 +1797,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( vector); } @@ -1807,7 +1811,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1818,7 +1822,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( coefficient); } return re; @@ -1832,7 +1836,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1884,9 +1888,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( vector); } @@ -1898,7 +1902,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_9b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1909,7 +1913,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( re.coefficients[i0]); } return re; @@ -1923,9 +1927,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9(serialized); } /** @@ -1941,7 +1945,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_ef_b2( +libcrux_ml_kem_polynomial_ntt_multiply_ef_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = @@ -1974,7 +1978,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -1995,7 +1999,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2019,7 +2023,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2041,7 +2045,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2062,7 +2066,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); @@ -2081,7 +2085,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2096,7 +2100,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2114,22 +2118,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re); } /** @@ -2145,7 +2149,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_ef_23( +libcrux_ml_kem_polynomial_subtract_reduce_ef_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2169,7 +2173,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_ee( +libcrux_ml_kem_matrix_compute_message_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2178,12 +2182,12 @@ libcrux_ml_kem_matrix_compute_message_ee( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_23(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_a0(v, result); return result; } @@ -2194,7 +2198,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2208,9 +2212,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_c1( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_0f( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(vector); } /** @@ -2221,8 +2225,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_c1(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_0f(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2236,8 +2240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(__m256i a) { - return libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(a); +libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(__m256i a) { + return libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(a); } /** @@ -2248,12 +2252,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_db( +libcrux_ml_kem_serialize_compress_then_serialize_message_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2280,20 +2284,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_ee(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2308,11 +2312,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_3a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2324,7 +2328,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2418,7 +2422,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -2442,7 +2446,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2456,7 +2460,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63( ring_element); deserialized_pk[i0] = uu____0; } @@ -2937,7 +2941,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_f4(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -3128,7 +3132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; @@ -3138,13 +3142,13 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef( (size_t)11207U + (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ba( + libcrux_ml_kem_ntt_ntt_at_layer_3_bc( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_89( + libcrux_ml_kem_ntt_ntt_at_layer_2_c2( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_d7( + libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re); } /** @@ -3157,7 +3161,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3179,7 +3183,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]); } return domain_separator; } @@ -3194,7 +3198,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3203,7 +3207,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3228,7 +3232,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_92(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_0d(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -3242,7 +3246,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3320,7 +3324,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_c6(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_8e(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -3336,7 +3340,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3358,14 +3362,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + result[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3386,18 +3390,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(&result0[i1], - &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_e3(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -3410,7 +3409,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_06( +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_8f( __m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); @@ -3426,7 +3425,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_44( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -3437,7 +3436,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_06(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_8f(coefficient_compressed); } return re; } @@ -3455,7 +3454,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3483,7 +3482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_5b( +libcrux_ml_kem_matrix_compute_ring_element_v_de( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3493,12 +3492,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_5b( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4( error_2, message, result); return result; } @@ -3511,7 +3510,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3566,9 +3565,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a6( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( vector); } @@ -3580,14 +3579,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_34( +libcrux_ml_kem_serialize_compress_then_serialize_10_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a6( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3609,7 +3608,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3664,9 +3663,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a60( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( vector); } @@ -3678,14 +3677,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_47( +libcrux_ml_kem_serialize_compress_then_serialize_11_65( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a60( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3706,10 +3705,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_34(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_b4(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3723,7 +3722,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3739,7 +3738,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3754,7 +3753,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3809,9 +3808,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a61( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( vector); } @@ -3823,14 +3822,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_c3( +libcrux_ml_kem_serialize_compress_then_serialize_4_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e1( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a61( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3849,7 +3848,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3904,9 +3903,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a62( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( vector); } @@ -3918,14 +3917,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_de( +libcrux_ml_kem_serialize_compress_then_serialize_5_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_4e2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_a62( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -3945,9 +3944,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_c3(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out); } /** @@ -3968,7 +3967,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_32( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3976,7 +3975,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -3986,7 +3985,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4001,27 +4000,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_43(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_cf(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_44( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_5b( + libcrux_ml_kem_matrix_compute_ring_element_v_de( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4045,13 +4044,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_e7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4067,7 +4066,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4084,7 +4083,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_16( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_dc( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4116,7 +4115,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4134,7 +4133,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4158,7 +4157,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( @@ -4169,18 +4168,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_16( + libcrux_ml_kem_variant_kdf_d8_dc( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_16(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_dc(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4210,10 +4209,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret); } /** @@ -4227,7 +4226,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, ciphertext, ret); } @@ -4242,7 +4241,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_64( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_c5( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4285,11 +4284,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_64( + libcrux_ml_kem_variant_entropy_preprocess_d8_c5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4300,7 +4299,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4315,20 +4314,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_16(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_dc(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4360,14 +4359,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_a7(uu____0, copy_of_randomness); } /** @@ -4385,7 +4384,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( uu____0, copy_of_randomness); } @@ -4421,7 +4420,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_75( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_10( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4444,7 +4443,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_79( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4463,14 +4462,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_79( + libcrux_ml_kem_vector_traits_to_standard_domain_c1( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4485,7 +4484,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -4513,12 +4512,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4533,12 +4532,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_10(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4558,7 +4557,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4566,11 +4565,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_2d( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -4588,13 +4587,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -4616,7 +4615,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4634,11 +4633,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -4650,13 +4651,13 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_99(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4674,11 +4675,11 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -4699,20 +4700,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_6a(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_47(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4738,7 +4739,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4795,7 +4796,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4804,13 +4805,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_6a(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_47(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4819,13 +4820,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -4841,12 +4842,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness); } /** @@ -4858,7 +4859,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( copy_of_randomness); } @@ -4874,7 +4875,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_20( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -4885,7 +4886,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_76(ciphertext), + libcrux_ml_kem_types_as_slice_d4_24(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -4919,7 +4920,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4937,7 +4938,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4961,7 +4962,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( @@ -4972,18 +4973,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f5( + libcrux_ml_kem_variant_kdf_33_20( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_f5(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_20(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5017,10 +5018,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret); } /** @@ -5034,7 +5035,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( private_key, ciphertext, ret); } @@ -5049,7 +5050,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_e7( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_d3( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_41(randomness, ret); } @@ -5074,11 +5075,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a70( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_e7( + libcrux_ml_kem_variant_entropy_preprocess_33_d3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5089,7 +5090,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5104,20 +5105,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_f5(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_20(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5152,14 +5153,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_a70(uu____0, copy_of_randomness); } /** @@ -5177,7 +5178,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( uu____0, copy_of_randomness); } @@ -5192,7 +5193,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_39( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_9f(key_generation_seed, ret); } @@ -5207,12 +5208,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_39(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5232,7 +5233,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5240,11 +5241,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_2d( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -5268,21 +5269,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_6a0( +libcrux_ml_kem_ind_cpa_generate_keypair_470( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5315,7 +5316,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5324,13 +5325,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_6a0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_470(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5339,13 +5340,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -5362,12 +5363,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness); } /** @@ -5379,7 +5380,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( copy_of_randomness); } @@ -5392,7 +5393,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3a( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5418,10 +5419,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_3a(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e5(private_key, ciphertext); } @@ -5434,7 +5435,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( private_key, ciphertext); } @@ -5446,7 +5447,7 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_4b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_1a( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -5459,17 +5460,21 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -5482,16 +5487,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c0( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_84( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5510,9 +5515,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c0(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_84(public_key); } /** @@ -5523,7 +5528,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( public_key->value); } @@ -5549,11 +5554,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_81( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5583,7 +5588,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( @@ -5595,11 +5600,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_32( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5636,10 +5641,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(key_pair, ciphertext, ret); } /** @@ -5653,7 +5658,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( private_key, ciphertext, ret); } @@ -5676,7 +5681,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5704,7 +5709,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5714,7 +5719,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5748,7 +5753,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5756,7 +5761,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(uu____0, copy_of_randomness); } @@ -5777,7 +5782,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( uu____0, copy_of_randomness); } @@ -5797,7 +5802,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_59(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_dd(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -5816,7 +5821,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -5836,7 +5841,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_8d_ae( +libcrux_ml_kem_polynomial_clone_8d_55( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5863,7 +5868,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -5873,19 +5878,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_ae( + libcrux_ml_kem_polynomial_clone_8d_55( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -5898,7 +5903,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -5934,13 +5939,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(copy_of_randomness, out); } /** @@ -5953,7 +5958,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( copy_of_randomness, key_pair); } @@ -5970,7 +5975,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_44(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); lit.public_key_hash[0U] = 0U; @@ -6022,7 +6027,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_2c(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_b9(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6060,7 +6065,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_44()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_f9()}); } /** @@ -6069,7 +6074,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_2c(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_b9(); } /** @@ -6078,7 +6083,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_44(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(); } /** @@ -6099,10 +6104,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -6127,10 +6132,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( &self->public_key, serialized); } @@ -6142,7 +6147,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b(key_pair, serialized); } @@ -6159,7 +6164,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6196,11 +6201,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_69( +libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6224,7 +6229,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6237,8 +6242,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_69( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b(key_pair)); pk[0U] = uu____0; } @@ -6249,7 +6254,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf(public_key, serialized); } @@ -6267,13 +6272,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -6293,7 +6298,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -6314,11 +6319,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b(public_key, unpacked_public_key); } @@ -6330,7 +6335,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 1e215bec0..b40c9731a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 3d23894e4..b32c976d7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_portable_H @@ -250,6 +250,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[21U] = r11_21.f10; } +static inline void libcrux_ml_kem_vector_portable_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -257,7 +263,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); + libcrux_ml_kem_vector_portable_serialize_11(a, ret); } typedef struct int16_t_x8_s { @@ -361,13 +367,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); + return libcrux_ml_kem_vector_portable_deserialize_11(a); } static KRML_MUSTINLINE void @@ -1271,8 +1282,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( vec->elements[j], zeta); - vec->elements[j] = vec->elements[i] - t; - vec->elements[i] = vec->elements[i] + t; + int16_t a_minus_t = vec->elements[i] - t; + int16_t a_plus_t = vec->elements[i] + t; + vec->elements[j] = a_minus_t; + vec->elements[i] = a_plus_t; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1381,8 +1394,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + int16_t a_plus_b = vec->elements[j] + vec->elements[i]; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - vec->elements[i] + vec->elements[j]); + a_plus_b); int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); @@ -1497,12 +1511,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t ai = a->elements[i]; - int16_t bi = b->elements[i]; - int16_t aj = a->elements[j]; - int16_t bj = b->elements[j]; + size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t ai = a->elements[(size_t)2U * i]; + int16_t bi = b->elements[(size_t)2U * i]; + int16_t aj = a->elements[(size_t)2U * i + (size_t)1U]; + int16_t bj = b->elements[(size_t)2U * i + (size_t)1U]; int32_t ai_bi = (int32_t)ai * (int32_t)bi; int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; int16_t aj_bj = @@ -1519,8 +1532,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( ai_bj_aj_bi); - out->elements[i] = o0; - out->elements[j] = o1; + int16_t _out0[16U]; + memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t)); + out->elements[(size_t)2U * i] = o0; + out->elements[(size_t)2U * i + (size_t)1U] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1534,22 +1549,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0, + (size_t)0U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0, + (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1, + (size_t)2U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1, + (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2, + (size_t)4U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2, + (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3, + (size_t)6U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3, + (size_t)7U, &out); return out; } @@ -1590,6 +1605,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_1( ret[1U] = result1; } +static inline void libcrux_ml_kem_vector_portable_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1597,7 +1618,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); + libcrux_ml_kem_vector_portable_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1684,13 +1705,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); + return libcrux_ml_kem_vector_portable_deserialize_1(a); } typedef struct uint8_t_x4_s { @@ -1748,6 +1774,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[7U] = result4_7.f3; } +static inline void libcrux_ml_kem_vector_portable_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1755,7 +1787,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); + libcrux_ml_kem_vector_portable_serialize_4(a, ret); } static KRML_MUSTINLINE int16_t_x8 @@ -1825,13 +1857,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); + return libcrux_ml_kem_vector_portable_deserialize_4(a); } typedef struct uint8_t_x5_s { @@ -1888,6 +1925,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[9U] = r5_9.f4; } +static inline void libcrux_ml_kem_vector_portable_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1895,7 +1938,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); + libcrux_ml_kem_vector_portable_serialize_5(a, ret); } static KRML_MUSTINLINE int16_t_x8 @@ -1976,13 +2019,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); + return libcrux_ml_kem_vector_portable_deserialize_5(a); } static KRML_MUSTINLINE uint8_t_x5 @@ -2057,6 +2105,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[19U] = r15_19.f4; } +static inline void libcrux_ml_kem_vector_portable_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -2064,7 +2118,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); + libcrux_ml_kem_vector_portable_serialize_10(a, ret); } static KRML_MUSTINLINE int16_t_x8 @@ -2153,13 +2207,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); + return libcrux_ml_kem_vector_portable_deserialize_10(a); } typedef struct uint8_t_x3_s { @@ -2234,6 +2293,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[23U] = r21_23.thd; } +static inline void libcrux_ml_kem_vector_portable_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -2241,7 +2306,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); + libcrux_ml_kem_vector_portable_serialize_12(a, ret); } typedef struct int16_t_x2_s { @@ -2304,13 +2369,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); + return libcrux_ml_kem_vector_portable_deserialize_12(a); } static KRML_MUSTINLINE size_t @@ -2486,7 +2556,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_57(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_97(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -2497,7 +2567,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2519,7 +2589,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2537,7 +2607,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2559,7 +2629,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_46(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -2570,7 +2640,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2595,9 +2665,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe( v); } @@ -2608,7 +2678,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2627,7 +2697,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78( coefficient); re.coefficients[i0] = uu____0; } @@ -2641,7 +2711,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2666,9 +2736,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0( v); } @@ -2679,7 +2749,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_6f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2691,7 +2761,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780( coefficient); re.coefficients[i0] = uu____0; } @@ -2705,9 +2775,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2785,7 +2855,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2805,7 +2875,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_76( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2826,7 +2896,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2854,7 +2924,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2872,7 +2942,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U, @@ -2883,13 +2953,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62( (size_t)3U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_d0(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_b8(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_76(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_5d(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re); } /** @@ -2901,7 +2971,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2926,12 +2996,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_62(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_7c(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -2942,7 +3016,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2967,9 +3041,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1( v); } @@ -2980,7 +3054,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_87( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2992,7 +3066,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781( coefficient); re.coefficients[i0] = uu____0; } @@ -3006,7 +3080,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3031,9 +3105,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2( v); } @@ -3044,7 +3118,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_df( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_34( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -3056,7 +3130,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_df( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3070,9 +3144,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized); } /** @@ -3087,7 +3161,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_ef_45( +libcrux_ml_kem_polynomial_ntt_multiply_ef_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = @@ -3121,7 +3195,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3145,7 +3219,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3168,7 +3242,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3189,7 +3263,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3211,7 +3285,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3232,7 +3306,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3247,7 +3321,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3264,22 +3338,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re); } /** @@ -3294,7 +3368,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_ef_3d( +libcrux_ml_kem_polynomial_subtract_reduce_ef_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,7 +3394,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_d5( +libcrux_ml_kem_matrix_compute_message_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3329,12 +3403,12 @@ libcrux_ml_kem_matrix_compute_message_d5( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_55(v, result); return result; } @@ -3344,7 +3418,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_95( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_38( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3364,9 +3438,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_9d( +libcrux_ml_kem_vector_portable_shift_right_0d_6b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_38(v); } /** @@ -3376,10 +3450,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( +libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_9d(a); + libcrux_ml_kem_vector_portable_shift_right_0d_6b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3393,10 +3467,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( +libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(a); + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(a); return result; } @@ -3407,13 +3481,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_b1( +libcrux_ml_kem_serialize_compress_then_serialize_message_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3441,20 +3515,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_d5(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_9f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_b1(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3468,11 +3542,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_0d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3484,7 +3558,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3573,7 +3647,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -3598,7 +3672,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -3612,7 +3686,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53( ring_element); deserialized_pk[i0] = uu____0; } @@ -4083,7 +4157,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_55(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -4253,7 +4327,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { libcrux_ml_kem_ntt_ntt_at_layer_7_97(re); size_t zeta_i = (size_t)1U; @@ -4263,13 +4337,13 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8( (size_t)11207U + (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_d0( + libcrux_ml_kem_ntt_ntt_at_layer_3_b8( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_76( + libcrux_ml_kem_ntt_ntt_at_layer_2_34( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_5d( + libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re); } /** @@ -4282,7 +4356,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4304,7 +4378,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]); } return domain_separator; } @@ -4319,7 +4393,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4328,7 +4402,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4353,7 +4427,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b7(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_44(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -4367,7 +4441,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4442,7 +4516,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_a1(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_9f(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -4457,7 +4531,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4481,14 +4555,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ec( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + result[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4509,18 +4583,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(&result0[i1], - &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_7b(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4533,7 +4602,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_d4( +libcrux_ml_kem_vector_traits_decompress_1_a8( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4552,7 +4621,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -4565,7 +4634,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_d4(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_a8(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4583,7 +4652,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4613,7 +4682,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_c6( +libcrux_ml_kem_matrix_compute_ring_element_v_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4623,12 +4692,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_c6( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45( error_2, message, result); return result; } @@ -4639,7 +4708,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_61( +libcrux_ml_kem_vector_portable_compress_compress_6a( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4662,9 +4731,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe( +libcrux_ml_kem_vector_portable_compress_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_61(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a(a); } /** @@ -4674,15 +4743,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_9d( +libcrux_ml_kem_serialize_compress_then_serialize_10_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fe( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_vector_portable_compress_0d_83( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4702,7 +4771,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_610( +libcrux_ml_kem_vector_portable_compress_compress_6a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4725,9 +4794,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe0( +libcrux_ml_kem_vector_portable_compress_0d_830( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_610(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a0(a); } /** @@ -4737,15 +4806,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_63( +libcrux_ml_kem_serialize_compress_then_serialize_11_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fe0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( + libcrux_ml_kem_vector_portable_compress_0d_830( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4765,10 +4834,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_9d(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_86(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4781,7 +4850,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4797,7 +4866,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4810,7 +4879,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_611( +libcrux_ml_kem_vector_portable_compress_compress_6a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4833,9 +4902,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe1( +libcrux_ml_kem_vector_portable_compress_0d_831( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_611(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a1(a); } /** @@ -4845,15 +4914,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_32( +libcrux_ml_kem_serialize_compress_then_serialize_4_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fe1( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_vector_portable_compress_0d_831( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4870,7 +4939,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_612( +libcrux_ml_kem_vector_portable_compress_compress_6a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4893,9 +4962,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe2( +libcrux_ml_kem_vector_portable_compress_0d_832( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_612(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a2(a); } /** @@ -4905,15 +4974,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_14( +libcrux_ml_kem_serialize_compress_then_serialize_5_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_fe2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( + libcrux_ml_kem_vector_portable_compress_0d_832( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4932,9 +5001,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_32(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_56(re, out); } /** @@ -4955,7 +5024,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4963,7 +5032,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -4973,7 +5042,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4988,27 +5057,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_90(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_ec(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c6( + libcrux_ml_kem_matrix_compute_ring_element_v_aa( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5032,13 +5101,13 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_a5(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5054,7 +5123,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5070,7 +5139,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b7( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_8d( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5101,7 +5170,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5119,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5143,7 +5212,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( @@ -5154,18 +5223,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_b7( + libcrux_ml_kem_variant_kdf_d8_8d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_b7(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_8d(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5195,10 +5264,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1a(private_key, ciphertext, ret); } /** @@ -5211,7 +5280,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce( private_key, ciphertext, ret); } @@ -5225,7 +5294,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_a9( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_05( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5266,11 +5335,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_a9( + libcrux_ml_kem_variant_entropy_preprocess_d8_05( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5281,7 +5350,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5296,20 +5365,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_b7(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_8d(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5340,14 +5409,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_49(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_4e(uu____0, copy_of_randomness); } /** @@ -5364,7 +5433,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db( uu____0, copy_of_randomness); } @@ -5398,7 +5467,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5421,7 +5490,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_bf( +libcrux_ml_kem_vector_traits_to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5439,7 +5508,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5447,7 +5516,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_bf( + libcrux_ml_kem_vector_traits_to_standard_domain_73( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5463,7 +5532,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -5491,12 +5560,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5510,12 +5579,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5535,7 +5604,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5543,11 +5612,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_c7( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -5564,14 +5633,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5592,7 +5661,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5610,11 +5679,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -5625,13 +5696,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5648,11 +5719,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_07( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -5672,20 +5743,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_50(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_08(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5710,7 +5781,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5766,7 +5837,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5775,13 +5846,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_50(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_08(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5790,13 +5861,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -5812,12 +5883,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness); } /** @@ -5828,7 +5899,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3( copy_of_randomness); } @@ -5843,7 +5914,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ff( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5854,7 +5925,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_76(ciphertext), + libcrux_ml_kem_types_as_slice_d4_24(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5887,7 +5958,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5905,7 +5976,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5929,7 +6000,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( @@ -5940,18 +6011,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_de( + libcrux_ml_kem_variant_kdf_33_ff( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_de(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_ff(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5985,10 +6056,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1a0(private_key, ciphertext, ret); } /** @@ -6001,7 +6072,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6( private_key, ciphertext, ret); } @@ -6015,7 +6086,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_47( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_57( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_d5(randomness, ret); } @@ -6039,11 +6110,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_47( + libcrux_ml_kem_variant_entropy_preprocess_33_57( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6054,7 +6125,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6069,20 +6140,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_de(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_ff(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6117,14 +6188,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_490(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_4e0(uu____0, copy_of_randomness); } /** @@ -6141,7 +6212,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2( uu____0, copy_of_randomness); } @@ -6155,7 +6226,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_de( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_f9( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_87(key_generation_seed, ret); } @@ -6169,12 +6240,12 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_de(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_f9(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6194,7 +6265,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -6202,11 +6273,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_c7( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -6229,21 +6300,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_500( +libcrux_ml_kem_ind_cpa_generate_keypair_080( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6275,7 +6346,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6284,13 +6355,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_500(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_080(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6299,13 +6370,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -6321,12 +6392,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness); } /** @@ -6338,7 +6409,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28( copy_of_randomness); } @@ -6350,7 +6421,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_fd( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_96( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6375,10 +6446,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_96(private_key, ciphertext); } @@ -6390,7 +6461,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5( private_key, ciphertext); } @@ -6402,7 +6473,7 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_bc( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_16( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -6414,17 +6485,21 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, deserialized_pk, + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -6436,16 +6511,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_f6( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6463,9 +6538,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_f6(public_key); } /** @@ -6475,7 +6550,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6( public_key->value); } @@ -6501,11 +6576,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_be( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6535,7 +6610,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( @@ -6547,11 +6622,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6587,10 +6662,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(key_pair, ciphertext, ret); } /** @@ -6604,7 +6679,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57( private_key, ciphertext, ret); } @@ -6627,7 +6702,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6655,7 +6730,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6665,7 +6740,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6698,7 +6773,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6706,7 +6781,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(uu____0, copy_of_randomness); } @@ -6726,7 +6801,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91( uu____0, copy_of_randomness); } @@ -6745,7 +6820,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_42(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_08(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -6763,7 +6838,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -6782,7 +6857,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_8d_26( +libcrux_ml_kem_polynomial_clone_8d_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6811,7 +6886,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6821,19 +6896,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_26( + libcrux_ml_kem_polynomial_clone_8d_ef( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6846,7 +6921,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -6881,13 +6956,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(copy_of_randomness, out); } /** @@ -6900,7 +6975,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26( copy_of_randomness, key_pair); } @@ -6916,7 +6991,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); lit.public_key_hash[0U] = 0U; @@ -6967,7 +7042,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_35(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_27(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7005,7 +7080,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_6e()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fa()}); } /** @@ -7013,7 +7088,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_35(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_27(); } /** @@ -7021,7 +7096,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(); } /** @@ -7041,10 +7116,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -7068,10 +7143,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( &self->public_key, serialized); } @@ -7082,7 +7157,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7(key_pair, serialized); } @@ -7098,7 +7173,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7134,11 +7209,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( +libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7161,7 +7236,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7173,8 +7248,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c(key_pair)); pk[0U] = uu____0; } @@ -7185,7 +7260,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70(public_key, serialized); } @@ -7208,7 +7283,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -7228,7 +7303,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -7248,7 +7323,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -7264,7 +7339,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index c283eae80..7f5d57201 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 2e9dfdbc9..55e780301 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index cd92309a3..0d652a9d7 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_portable_H From 2ac0798983cf39a0173c994df496711726e32ac8 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 29 Sep 2024 21:41:22 +0000 Subject: [PATCH 18/20] wip --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 388 ++++++++------ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 56 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 487 ++++++++++-------- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 34 +- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 655 insertions(+), 446 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 9561d6d0d..d393ef31c 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 -Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 +Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 948c453a8..9c0e8828e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b6f562f22..cd446e37c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index cebf41ef3..c67068ba0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index d244bab2b..2f2a3e44e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c24be2163..6ee3decbd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 8608e9d62..1cbf9e303 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 46b59cbf7..788f288e4 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 3612507c1..cdea86609 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index cf2b6c42a..a62e4b058 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_2c0( +static void decapsulate_150( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_6f0(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_2c0( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_2c0(private_key, ciphertext, ret); + decapsulate_150(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ad0( +static tuple_21 encapsulate_9e0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ad0(uu____0, copy_of_randomness); + return encapsulate_9e0(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c70( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_010( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c70(copy_of_randomness); + return generate_keypair_010(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_d10( +static KRML_MUSTINLINE bool validate_private_key_840( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e10(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_d10( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_d10(private_key, ciphertext); + return validate_private_key_840(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_e30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_4a0(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_e90(public_key->value); + return validate_public_key_e30(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 4b70a98fa..037013ac3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 4d65cde05..96788b0a9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 54017b446..9a9d19aa3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index b37a698b1..bc9966b87 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 1be10624b..92728c869 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem512_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_2c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_15(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_6f(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_2c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_2c(private_key, ciphertext, ret); + decapsulate_15(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_ad( +static tuple_ec encapsulate_9e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ad(uu____0, copy_of_randomness); + return encapsulate_9e(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c7( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_01( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c7(copy_of_randomness); + return generate_keypair_01(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_d1( +static KRML_MUSTINLINE bool validate_private_key_84( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e1(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_d1( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_d1(private_key, ciphertext); + return validate_private_key_84(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_e3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_4a(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_e9(public_key->value); + return validate_public_key_e3(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index cb75e6d2f..9a569226e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 5ac7cbf18..b8c676f21 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 1b124a20f..d77580778 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e4da7ff00..a6116f34c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index c00a10115..e40e70dc4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem768_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_2c1( +static void decapsulate_151( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_6f1(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_2c1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_2c1(private_key, ciphertext, ret); + decapsulate_151(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ad1( +static tuple_3c encapsulate_9e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ad1(uu____0, copy_of_randomness); + return encapsulate_9e1(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c71( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_011( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c71(copy_of_randomness); + return generate_keypair_011(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_d11( +static KRML_MUSTINLINE bool validate_private_key_841( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e11(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_d11( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_d11(private_key, ciphertext); + return validate_private_key_841(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_e31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_4a1(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_e91(public_key->value); + return validate_public_key_e31(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 7bd1569ee..aaf21051e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index ebf808267..5b18705f9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index c88640dc9..3e1a2fe82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 99c09a651..4893a5ab2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_mlkem_avx2.h" @@ -164,7 +164,8 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { __m256i t0 = mm256_mulhi_epi16( vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t1 = mm256_add_epi16(t0, mm256_set1_epi16((int16_t)512)); + __m256i t512 = mm256_set1_epi16((int16_t)512); + __m256i t1 = mm256_add_epi16(t0, t512); __m256i quotient = mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = mm256_mullo_epi16( quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -522,8 +523,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = mm_movemask_epi8(msbs); - ret[0U] = (uint8_t)bits_packed; - ret[1U] = (uint8_t)(bits_packed >> 8U); + uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)}; + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** @@ -536,34 +537,35 @@ void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsb_to_msb); +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b) { + __m256i coefficients = + mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + __m256i coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768)); return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + (int16_t)a, (int16_t)b); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -572,15 +574,27 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x) { + int16_t n0 = (int16_t)1 << (uint32_t)n; + return mm256_madd_epi16( + x, mm256_set_epi16(n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1)); +} + KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector); __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_2_combined, mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, @@ -617,37 +631,47 @@ void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7) { + __m256i coefficients = mm256_set_epi16(b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, + b2, b2, b1, b1, b0, b0); + __m256i coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); __m256i coefficients_in_lsb = mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); return mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + (int16_t)b0, (int16_t)b1, (int16_t)b2, (int16_t)b3, (int16_t)b4, + (int16_t)b5, (int16_t)b6, (int16_t)b7); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -707,6 +731,22 @@ void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128(__m128i lower, + __m128i upper) { + return mm256_inserti128_si256((int32_t)1, mm256_castsi128_si256(lower), upper, + __m256i); +} + KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { __m128i coefficients = @@ -726,11 +766,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients_loaded = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + coefficients, coefficients); __m256i coefficients0 = mm256_shuffle_epi8( - coefficients_loaded0, + coefficients_loaded, mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, @@ -757,16 +797,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1)); +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector); __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, @@ -783,11 +818,23 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; + uint8_t serialized[32U] = {0U}; mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), upper_8); @@ -811,31 +858,40 @@ void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, - 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, - 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); - return mm256_and_si256(coefficients2, +libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U)); + __m256i coefficients1 = mm256_srli_epi16((int32_t)6, coefficients0, __m256i); + return mm256_and_si256(coefficients1, mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + Eurydice_slice lower_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t); + Eurydice_slice upper_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + mm_loadu_si128(lower_coefficients), mm_loadu_si128(upper_coefficients)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -884,16 +940,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1)); +KRML_MUSTINLINE core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(12U, vector); __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, @@ -912,6 +963,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); @@ -937,30 +1000,39 @@ void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); + __m256i coefficients1 = mm256_srli_epi16((int32_t)4, coefficients0, __m256i); + return mm256_and_si256(coefficients1, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); +} + KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); __m128i lower_coefficients = mm_loadu_si128( Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, - 4U, 3U, 2U, 1U, 1U, 0U)); __m128i upper_coefficients = mm_loadu_si128( Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, - 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); - return mm256_and_si256(coefficients2, - mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + lower_coefficients, upper_coefficients); } /** @@ -2954,7 +3026,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_44(__m256i vector) { +compress_ciphertext_coefficient_76(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3001,8 +3073,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_c6(__m256i vector) { - return compress_ciphertext_coefficient_44(vector); +static __m256i compress_09_70(__m256i vector) { + return compress_ciphertext_coefficient_76(vector); } /** @@ -3018,7 +3090,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_170( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_c6(to_unsigned_field_modulus_88(re->coefficients[i0])); + compress_09_70(to_unsigned_field_modulus_88(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3038,7 +3110,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_440(__m256i vector) { +compress_ciphertext_coefficient_760(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3085,8 +3157,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_c60(__m256i vector) { - return compress_ciphertext_coefficient_440(vector); +static __m256i compress_09_700(__m256i vector) { + return compress_ciphertext_coefficient_760(vector); } /** @@ -3141,7 +3213,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_441(__m256i vector) { +compress_ciphertext_coefficient_761(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3188,8 +3260,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_c61(__m256i vector) { - return compress_ciphertext_coefficient_441(vector); +static __m256i compress_09_701(__m256i vector) { + return compress_ciphertext_coefficient_761(vector); } /** @@ -3205,7 +3277,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_06( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_c61(to_unsigned_field_modulus_88(re.coefficients[i0])); + compress_09_701(to_unsigned_field_modulus_88(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3222,7 +3294,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_442(__m256i vector) { +compress_ciphertext_coefficient_762(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3269,8 +3341,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_c62(__m256i vector) { - return compress_ciphertext_coefficient_442(vector); +static __m256i compress_09_702(__m256i vector) { + return compress_ciphertext_coefficient_762(vector); } /** @@ -3286,7 +3358,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_7a( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_c62(to_unsigned_representative_b5(re.coefficients[i0])); + compress_09_702(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3572,7 +3644,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f(__m256i vector) { +decompress_ciphertext_coefficient_6c(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3616,8 +3688,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_c1(__m256i vector) { - return decompress_ciphertext_coefficient_8f(vector); +static __m256i decompress_ciphertext_coefficient_09_0f(__m256i vector) { + return decompress_ciphertext_coefficient_6c(vector); } /** @@ -3640,7 +3712,7 @@ deserialize_then_decompress_10_47(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f(coefficient); } return re; } @@ -3652,7 +3724,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f0(__m256i vector) { +decompress_ciphertext_coefficient_6c0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3696,8 +3768,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_c10(__m256i vector) { - return decompress_ciphertext_coefficient_8f0(vector); +static __m256i decompress_ciphertext_coefficient_09_0f0(__m256i vector) { + return decompress_ciphertext_coefficient_6c0(vector); } /** @@ -3715,7 +3787,7 @@ deserialize_then_decompress_11_a8(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c10(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f0(coefficient); } return re; } @@ -3800,7 +3872,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f1(__m256i vector) { +decompress_ciphertext_coefficient_6c1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3844,8 +3916,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_c11(__m256i vector) { - return decompress_ciphertext_coefficient_8f1(vector); +static __m256i decompress_ciphertext_coefficient_09_0f1(__m256i vector) { + return decompress_ciphertext_coefficient_6c1(vector); } /** @@ -3863,7 +3935,7 @@ deserialize_then_decompress_4_98(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c11(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f1(coefficient); } return re; } @@ -3875,7 +3947,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f2(__m256i vector) { +decompress_ciphertext_coefficient_6c2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3919,8 +3991,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_c12(__m256i vector) { - return decompress_ciphertext_coefficient_8f2(vector); +static __m256i decompress_ciphertext_coefficient_09_0f2(__m256i vector) { + return decompress_ciphertext_coefficient_6c2(vector); } /** @@ -3939,7 +4011,7 @@ deserialize_then_decompress_5_45(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_c12(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_0f2(re.coefficients[i0]); } return re; } @@ -5452,7 +5524,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_b8( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_c60(to_unsigned_representative_b5(re->coefficients[i0])); + compress_09_700(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 43910f900..ce38cd383 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem_avx2_H @@ -234,6 +234,12 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, uint8_t ret[2U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); @@ -243,6 +249,15 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes); +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +__m256i libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x); + void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, uint8_t ret[8U]); @@ -252,6 +267,14 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, uint8_t ret[8U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); @@ -271,6 +294,18 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, uint8_t ret[10U]); +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +__m256i libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + __m128i lower, __m128i upper); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); @@ -280,6 +315,15 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes); +typedef struct core_core_arch_x86___m128i_x2_s { + __m128i fst; + __m128i snd; +} core_core_arch_x86___m128i_x2; + +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector); + void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, uint8_t ret[20U]); @@ -290,6 +334,9 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, uint8_t ret[20U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); @@ -318,6 +365,10 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes); +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector); + void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, uint8_t ret[24U]); @@ -328,6 +379,9 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, uint8_t ret[24U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index b55505b93..3bc08594b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index f6b926cc0..b375e1f09 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 426a4f6a6..ee291c40e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 79b702c22..65d87344a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index d8b5a67ab..67f5d174c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 950cc2aba..a20e6c410 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index c0f445770..360ff4122 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c5d577d1d..2fc24f7d1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 9561d6d0d..d393ef31c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 -Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 +Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 95ad567ef..1a0b95675 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8ea31d766..443142103 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index b28ba871c..686aabb0d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_avx2_H @@ -204,8 +204,8 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { __m256i t0 = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16( - t0, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + __m256i t512 = libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512); + __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16(t0, t512); __m256i quotient = libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = @@ -636,8 +636,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( (int32_t)1, lsb_to_msb, __m128i); __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - ret[0U] = (uint8_t)bits_packed; - ret[1U] = (uint8_t)(bits_packed >> 8U); + uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)}; + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** @@ -652,35 +652,38 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + (int16_t)a, (int16_t)b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -691,16 +694,29 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x) { + int16_t n0 = (int16_t)1 << (uint32_t)n; + return libcrux_intrinsics_avx2_mm256_madd_epi16( + x, libcrux_intrinsics_avx2_mm256_set_epi16( + n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1)); +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector); __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi8( @@ -739,31 +755,19 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0); __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients, shift_lsbs_to_msbs); + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( @@ -771,6 +775,30 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { ((int16_t)1 << 4U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + (int16_t)b0, (int16_t)b1, (int16_t)b2, (int16_t)b3, (int16_t)b4, + (int16_t)b5, (int16_t)b6, (int16_t)b7); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -837,6 +865,24 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128(__m128i lower, + __m128i upper) { + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, libcrux_intrinsics_avx2_mm256_castsi128_si256(lower), upper, + __m256i); +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { @@ -858,11 +904,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + coefficients, coefficients); __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, + coefficients_loaded, libcrux_intrinsics_avx2_mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, @@ -892,17 +937,17 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } +typedef struct core_core_arch_x86___m128i_x2_s { + __m128i fst; + __m128i snd; +} core_core_arch_x86___m128i_x2; + KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); +static inline core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector); __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( @@ -921,11 +966,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; + uint8_t serialized[32U] = {0U}; libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), @@ -952,37 +1010,46 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_10_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, +libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)6, coefficients1, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients0, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + Eurydice_slice lower_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t); + Eurydice_slice upper_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + libcrux_intrinsics_avx2_mm_loadu_si128(lower_coefficients), + libcrux_intrinsics_avx2_mm_loadu_si128(upper_coefficients)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -1039,16 +1106,11 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); +static KRML_MUSTINLINE core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(12U, vector); __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, @@ -1068,6 +1130,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); @@ -1097,37 +1172,45 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_12_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, +libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients1, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients0, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + lower_coefficients, upper_coefficients); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -1322,7 +1405,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1374,9 +1457,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72( vector); } @@ -1404,7 +1487,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_58( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64( coefficient); } return re; @@ -1418,7 +1501,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1470,9 +1553,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720( vector); } @@ -1495,7 +1578,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_33( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640( coefficient); } return re; @@ -1745,7 +1828,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1797,9 +1880,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721( vector); } @@ -1822,7 +1905,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641( coefficient); } return re; @@ -1836,7 +1919,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1888,9 +1971,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722( vector); } @@ -1913,7 +1996,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_9b( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642( re.coefficients[i0]); } return re; @@ -3510,7 +3593,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3565,9 +3648,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a6( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e( vector); } @@ -3585,7 +3668,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_b4( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a6( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb( libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3608,7 +3691,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3663,9 +3746,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a60( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0( vector); } @@ -3683,7 +3766,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_65( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a60( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb0( libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3753,7 +3836,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3808,9 +3891,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a61( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1( vector); } @@ -3828,7 +3911,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_ea( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a61( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb1( libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re.coefficients[i0])); uint8_t bytes[8U]; @@ -3848,7 +3931,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3903,9 +3986,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a62( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2( vector); } @@ -3923,7 +4006,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_47( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_a62( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_eb2( libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4209,7 +4292,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret); @@ -4226,7 +4309,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10(private_key, ciphertext, ret); } @@ -4359,7 +4442,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -4384,7 +4467,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd( uu____0, copy_of_randomness); } @@ -4842,7 +4925,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -4859,7 +4942,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd( copy_of_randomness); } @@ -5018,7 +5101,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret); @@ -5035,7 +5118,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e( private_key, ciphertext, ret); } @@ -5153,7 +5236,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -5178,7 +5261,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1( uu____0, copy_of_randomness); } @@ -5363,7 +5446,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5380,7 +5463,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f( copy_of_randomness); } @@ -5419,7 +5502,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e5(private_key, @@ -5435,7 +5518,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( private_key, ciphertext); } @@ -5515,7 +5598,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_84(public_key); } @@ -5528,7 +5611,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( public_key->value); } @@ -5641,7 +5724,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(key_pair, ciphertext, ret); @@ -5658,7 +5741,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad( private_key, ciphertext, ret); } @@ -5753,7 +5836,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5782,7 +5865,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62( uu____0, copy_of_randomness); } @@ -5939,7 +6022,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ @@ -5958,7 +6041,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64( copy_of_randomness, key_pair); } @@ -5975,7 +6058,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_a5(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); lit.public_key_hash[0U] = 0U; @@ -6027,7 +6110,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_b9(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_e3(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6065,7 +6148,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_f9()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_a5()}); } /** @@ -6074,7 +6157,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_b9(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_e3(); } /** @@ -6083,7 +6166,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_a5(); } /** @@ -6104,7 +6187,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07( @@ -6132,10 +6215,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91( &self->public_key, serialized); } @@ -6147,7 +6230,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(key_pair, serialized); } @@ -6164,7 +6247,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6201,11 +6284,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( +libcrux_ml_kem_ind_cca_unpacked_clone_28_e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6229,7 +6312,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6242,8 +6325,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_e1( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c(key_pair)); pk[0U] = uu____0; } @@ -6254,7 +6337,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(public_key, serialized); } @@ -6319,7 +6402,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { @@ -6335,7 +6418,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index b40c9731a..162259dd8 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index b32c976d7..091d5acc2 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_portable_H @@ -6991,7 +6991,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_e8(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); lit.public_key_hash[0U] = 0U; @@ -7042,7 +7042,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_27(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7080,7 +7080,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fa()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_e8()}); } /** @@ -7088,7 +7088,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_27(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_e2(); } /** @@ -7096,7 +7096,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_e8(); } /** @@ -7116,7 +7116,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12( @@ -7143,10 +7143,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80( &self->public_key, serialized); } @@ -7157,7 +7157,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair, serialized); } @@ -7173,7 +7173,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7209,11 +7209,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( +libcrux_ml_kem_ind_cca_unpacked_clone_28_68( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7236,7 +7236,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7248,8 +7248,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_68( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9(key_pair)); pk[0U] = uu____0; } @@ -7260,7 +7260,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 7f5d57201..f381a6d12 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 55e780301..872af5692 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 0d652a9d7..ef344518f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_portable_H From 101ed40d91c5676bc4071a5985bd9361103dbfab Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 30 Sep 2024 00:11:22 +0200 Subject: [PATCH 19/20] arith --- .../extraction/Libcrux_ml_kem.Variant.fsti | 243 ++++++++++++++++++ .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 4 +- .../Libcrux_ml_kem.Vector.Portable.fst | 59 +++++ libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 4 +- 4 files changed, 306 insertions(+), 4 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti new file mode 100644 index 000000000..943518133 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti @@ -0,0 +1,243 @@ +module Libcrux_ml_kem.Variant +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + () + +/// Implements [`Variant`], to perform the ML-KEM-specific actions +/// during encapsulation and decapsulation. +/// Specifically, +/// * during key generation, the seed hash is domain separated (this is a difference from the FIPS 203 IPD and Kyber) +/// * during encapsulation, the initial randomness is used without prior hashing, +/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. +type t_MlKem = | MlKem : t_MlKem + +/// This trait collects differences in specification between ML-KEM +/// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the +/// NIST PQ competition. +/// cf. FIPS 203, Appendix C +class t_Variant (v_Self: Type0) = { + f_kdf_pre: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + shared_secret: t_Slice u8 -> + ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred}; + f_kdf_post: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + shared_secret: t_Slice u8 -> + ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> + res: t_Array u8 (sz 32) + -> pred: Type0{pred ==> res == shared_secret}; + f_kdf: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 -> + x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> Prims.Pure (t_Array u8 (sz 32)) + (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) + (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); + f_entropy_preprocess_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + randomness: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred}; + f_entropy_preprocess_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + randomness: t_Slice u8 -> + res: t_Array u8 (sz 32) + -> pred: Type0{pred ==> res == randomness}; + f_entropy_preprocess: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 32)) + (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) + (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result); + f_cpa_keygen_seed_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + seed: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. sz 32 ==> pred}; + f_cpa_keygen_seed_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + t_Array u8 (sz 64) + -> Type0; + f_cpa_keygen_seed: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 64)) + (f_cpa_keygen_seed_pre v_K #v_Hasher #i4 x0) + (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i4 x0 result) +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: t_Variant t_MlKem = + { + f_kdf_pre + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32); + f_kdf_post + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (res: t_Array u8 (sz 32)) + -> + res == shared_secret); + f_kdf + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in + out); + f_entropy_preprocess_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32); + f_entropy_preprocess_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + (res: t_Array u8 (sz 32)) + -> + res == randomness); + f_entropy_preprocess + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in + out); + f_cpa_keygen_seed_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32); + f_cpa_keygen_seed_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + (out: t_Array u8 (sz 64)) + -> + true); + f_cpa_keygen_seed + = + fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (seed.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + key_generation_seed + <: + t_Slice u8) + in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + (cast (v_K <: usize) <: u8) + in + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (seed <: t_Slice u8) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index c6edc5b32..14c6d47e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -85,7 +85,7 @@ let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in result -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 200" let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let t0:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -184,7 +184,7 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 200" let montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst new file mode 100644 index 000000000..0ca12f7ff --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -0,0 +1,59 @@ +module Libcrux_ml_kem.Vector.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in + () + +let deserialize_11_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a + +let deserialize_5_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a + +let serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a + +let serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a + +let deserialize_1_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a + +let deserialize_10_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a + +let deserialize_12_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a + +let deserialize_4_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a + +let serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a + +let serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a + +let serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a + +let serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 7f6d7e6b3..1032ee28d 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -137,7 +137,7 @@ const BARRETT_MULTIPLIER: i16 = 20159; /// See Section 3.2 of the implementation notes document for an explanation /// of this code. #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ (forall i. i < 16 ==> v (get_lane $result i) % 3329 == @@ -170,7 +170,7 @@ pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { } #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 constant")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ (forall i. i < 16 ==> v (get_lane $result i) % 3329 == From de526510678123df66653574e4259c9fe54b4cc9 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 29 Sep 2024 22:36:57 +0000 Subject: [PATCH 20/20] verifies --- .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 14c6d47e2..e1c2e554d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -85,7 +85,7 @@ let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in result -#push-options "--z3rlimit 200" +#push-options "--z3rlimit 200 --split_queries always" let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let t0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =