From 2cd3bf1d1ebb706e7f1143c46df41e2301e9d490 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Wed, 24 Jan 2024 20:27:16 +0400 Subject: [PATCH 1/7] add `dudect` as git submodule based dependency Signed-off-by: Anjan Roy --- .gitmodules | 3 +++ dudect | 1 + 2 files changed, 4 insertions(+) create mode 160000 dudect diff --git a/.gitmodules b/.gitmodules index 8e85d6c..d3ed2b6 100644 --- a/.gitmodules +++ b/.gitmodules @@ -4,3 +4,6 @@ [submodule "gtest-parallel"] path = gtest-parallel url = https://github.com/google/gtest-parallel.git +[submodule "dudect"] + path = dudect + url = https://github.com/oreparaz/dudect.git diff --git a/dudect b/dudect new file mode 160000 index 0000000..a18fdee --- /dev/null +++ b/dudect @@ -0,0 +1 @@ +Subproject commit a18fdee2386b63466502e9cb273cb14226679b4b From 099328bd55ef0175521230de7cc3ac10cba7c72f Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 27 Jan 2024 17:01:00 +0400 Subject: [PATCH 2/7] add `dudect` based timing leakage detection tests for dilithium2 internal functions Signed-off-by: Anjan Roy --- tests/dudect/test_dilithium2.cpp | 118 +++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 tests/dudect/test_dilithium2.cpp diff --git a/tests/dudect/test_dilithium2.cpp b/tests/dudect/test_dilithium2.cpp new file mode 100644 index 0000000..a2972c7 --- /dev/null +++ b/tests/dudect/test_dilithium2.cpp @@ -0,0 +1,118 @@ +#include "dilithium2.hpp" +#include + +#define DUDECT_IMPLEMENTATION +#define DUDECT_VISIBLITY_STATIC +#include "dudect.h" + +constexpr size_t SEED_LEN = 32; // Byte length of seed(s) + +uint8_t +do_one_computation(uint8_t* const data) +{ + constexpr uint32_t α = dilithium2::γ2 << 1; + constexpr uint32_t m = (field::Q - 1u) / α; + constexpr size_t w1bw = std::bit_width(m - 1u); + + constexpr size_t doff0 = 0; + constexpr size_t doff1 = doff0 + 2 * SEED_LEN; + + std::array vec{}; + std::array vec_high{}; + std::array vec_low{}; + std::array vec_hint{}; + std::array encoded{}; + std::array decoded{}; + std::array encoded_hints{}; + std::array decoded_hints{}; + + auto seed = std::span(data + doff0, doff1 - doff0); + const uint16_t kappa = (static_cast(data[doff1 + 1]) << 8) | (static_cast(data[doff1 + 0]) << 0); + + uint8_t ret_val = 0; + + sampling::expand_mask(seed, kappa, vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::ntt(vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::intt(vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::highbits(vec, vec_high); + ret_val ^= static_cast(vec_high[0].raw() ^ vec_high[vec_high.size() - 1].raw()); + + polyvec::lowbits(vec, vec_low); + ret_val ^= static_cast(vec_low[0].raw() ^ vec_low[vec_low.size() - 1].raw()); + + polyvec::encode(vec_high, encoded); + ret_val ^= encoded[0] ^ encoded[encoded.size() - 1]; + + polyvec::decode(encoded, decoded); + ret_val ^= static_cast(decoded[0].raw() ^ decoded[decoded.size() - 1].raw()); + + const auto z_norm = polyvec::infinity_norm(vec); + ret_val ^= static_cast(z_norm.raw()); + + polyvec::make_hint(vec, vec_high, vec_hint); + ret_val ^= static_cast(vec_high[0].raw() ^ vec_hint[vec_hint.size() - 1].raw()); + + const auto count_1 = polyvec::count_1s(vec_hint); + ret_val ^= static_cast(count_1); + + bit_packing::encode_hint_bits(vec_hint, encoded_hints); + ret_val ^= encoded_hints[0] ^ encoded_hints[encoded_hints.size() - 1]; + + bit_packing::decode_hint_bits(encoded_hints, decoded_hints); + ret_val ^= static_cast(decoded_hints[0].raw() ^ decoded_hints[decoded_hints.size() - 1].raw()); + + return ret_val; +} + +void +prepare_inputs(dudect_config_t* const c, uint8_t* const input_data, uint8_t* const classes) +{ + randombytes(input_data, c->number_measurements * c->chunk_size); + + for (size_t i = 0; i < c->number_measurements; i++) { + classes[i] = randombit(); + if (classes[i] == 0) { + std::memset(input_data + i * c->chunk_size, 0x00, c->chunk_size); + } + } +} + +dudect_state_t +test_dilithium2() +{ + constexpr size_t chunk_size = 2 * SEED_LEN + 2 + SEED_LEN; + constexpr size_t number_measurements = 1e5; + + dudect_config_t config = { + chunk_size, + number_measurements, + }; + dudect_ctx_t ctx; + dudect_init(&ctx, &config); + + dudect_state_t state = DUDECT_NO_LEAKAGE_EVIDENCE_YET; + while (state == DUDECT_NO_LEAKAGE_EVIDENCE_YET) { + state = dudect_main(&ctx); + } + + dudect_free(&ctx); + + printf("Detected timing leakage in \"%s\", defined in file \"%s\"\n", __func__, __FILE_NAME__); + return state; +} + +int +main() +{ + if (test_dilithium2() != DUDECT_NO_LEAKAGE_EVIDENCE_YET) { + return EXIT_FAILURE; + } + + return EXIT_SUCCESS; +} From e34418d70e3997088536f864b6a83085bbadae3d Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 27 Jan 2024 17:02:11 +0400 Subject: [PATCH 3/7] add make recipe for ease of building timing leakage detection tests Signed-off-by: Anjan Roy --- Makefile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Makefile b/Makefile index 54f1e7f..4ecec37 100644 --- a/Makefile +++ b/Makefile @@ -7,20 +7,26 @@ ASAN_FLAGS = -g -O1 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsaniti UBSAN_FLAGS = -g -O1 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize=undefined # From https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html SHA3_INC_DIR = ./sha3/include +DUDECT_INC_DIR = ./dudect/src I_FLAGS = -I ./include DEP_IFLAGS = -I $(SHA3_INC_DIR) +DUDECT_DEP_IFLAGS = $(DEP_IFLAGS) -I $(DUDECT_INC_DIR) SRC_DIR = include DILITHIUM_SOURCES := $(wildcard $(SRC_DIR)/*.hpp) BUILD_DIR = build ASAN_BUILD_DIR = $(BUILD_DIR)/asan UBSAN_BUILD_DIR = $(BUILD_DIR)/ubsan +DUDECT_BUILD_DIR = $(BUILD_DIR)/dudect TEST_DIR = tests +DUDECT_TEST_DIR = $(TEST_DIR)/dudect TEST_SOURCES := $(wildcard $(TEST_DIR)/*.cpp) TEST_OBJECTS := $(addprefix $(BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(TEST_SOURCES)))) ASAN_TEST_OBJECTS := $(addprefix $(ASAN_BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(TEST_SOURCES)))) UBSAN_TEST_OBJECTS := $(addprefix $(UBSAN_BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.o,$(TEST_SOURCES)))) +DUDECT_TEST_SOURCES := $(wildcard $(DUDECT_TEST_DIR)/*.cpp) +DUDECT_TEST_BINARIES := $(addprefix $(DUDECT_BUILD_DIR)/, $(notdir $(patsubst %.cpp,%.out,$(DUDECT_TEST_SOURCES)))) TEST_LINK_FLAGS = -lgtest -lgtest_main TEST_BINARY = $(BUILD_DIR)/test.out ASAN_TEST_BINARY = $(ASAN_BUILD_DIR)/test.out @@ -38,6 +44,9 @@ PERF_BINARY = $(BUILD_DIR)/perf.out all: test +$(DUDECT_BUILD_DIR): + mkdir -p $@ + $(ASAN_BUILD_DIR): mkdir -p $@ @@ -53,6 +62,9 @@ $(SHA3_INC_DIR): $(GTEST_PARALLEL): $(SHA3_INC_DIR) git submodule update --init +$(DUDECT_INC_DIR): $(GTEST_PARALLEL) + git submodule update --init + $(BUILD_DIR)/%.o: $(TEST_DIR)/%.cpp $(BUILD_DIR) $(SHA3_INC_DIR) $(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) -c $< -o $@ @@ -71,6 +83,9 @@ $(ASAN_TEST_BINARY): $(ASAN_TEST_OBJECTS) $(UBSAN_TEST_BINARY): $(UBSAN_TEST_OBJECTS) $(CXX) $(UBSAN_FLAGS) $^ $(TEST_LINK_FLAGS) -o $@ +$(DUDECT_BUILD_DIR)/%.out: $(DUDECT_TEST_DIR)/%.cpp $(DUDECT_BUILD_DIR) $(SHA3_INC_DIR) $(SUBTLE_INC_DIR) $(DUDECT_INC_DIR) + $(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DUDECT_DEP_IFLAGS) -lm $(LINK_FLAGS) $< -o $@ + test: $(TEST_BINARY) $(GTEST_PARALLEL) $(GTEST_PARALLEL) $< --print_test_times @@ -80,6 +95,8 @@ asan_test: $(ASAN_TEST_BINARY) $(GTEST_PARALLEL) ubsan_test: $(UBSAN_TEST_BINARY) $(GTEST_PARALLEL) $(GTEST_PARALLEL) $< --print_test_times +dudect_test_build: $(DUDECT_TEST_BINARIES) + $(BUILD_DIR)/%.o: $(BENCHMARK_DIR)/%.cpp $(BUILD_DIR) $(SHA3_INC_DIR) $(CXX) $(CXX_FLAGS) $(WARN_FLAGS) $(OPT_FLAGS) $(I_FLAGS) $(DEP_IFLAGS) -c $< -o $@ From ef4dbd6dfad9184719a3a6f1284570f98b5064c7 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 27 Jan 2024 17:14:56 +0400 Subject: [PATCH 4/7] add `dudect` based timing leakage detection tests for dilithium3 internal functions Signed-off-by: Anjan Roy --- tests/dudect/test_dilithium3.cpp | 118 +++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 tests/dudect/test_dilithium3.cpp diff --git a/tests/dudect/test_dilithium3.cpp b/tests/dudect/test_dilithium3.cpp new file mode 100644 index 0000000..eb321e9 --- /dev/null +++ b/tests/dudect/test_dilithium3.cpp @@ -0,0 +1,118 @@ +#include "dilithium3.hpp" +#include + +#define DUDECT_IMPLEMENTATION +#define DUDECT_VISIBLITY_STATIC +#include "dudect.h" + +constexpr size_t SEED_LEN = 32; // Byte length of seed(s) + +uint8_t +do_one_computation(uint8_t* const data) +{ + constexpr uint32_t α = dilithium3::γ2 << 1; + constexpr uint32_t m = (field::Q - 1u) / α; + constexpr size_t w1bw = std::bit_width(m - 1u); + + constexpr size_t doff0 = 0; + constexpr size_t doff1 = doff0 + 2 * SEED_LEN; + + std::array vec{}; + std::array vec_high{}; + std::array vec_low{}; + std::array vec_hint{}; + std::array encoded{}; + std::array decoded{}; + std::array encoded_hints{}; + std::array decoded_hints{}; + + auto seed = std::span(data + doff0, doff1 - doff0); + const uint16_t kappa = (static_cast(data[doff1 + 1]) << 8) | (static_cast(data[doff1 + 0]) << 0); + + uint8_t ret_val = 0; + + sampling::expand_mask(seed, kappa, vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::ntt(vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::intt(vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::highbits(vec, vec_high); + ret_val ^= static_cast(vec_high[0].raw() ^ vec_high[vec_high.size() - 1].raw()); + + polyvec::lowbits(vec, vec_low); + ret_val ^= static_cast(vec_low[0].raw() ^ vec_low[vec_low.size() - 1].raw()); + + polyvec::encode(vec_high, encoded); + ret_val ^= encoded[0] ^ encoded[encoded.size() - 1]; + + polyvec::decode(encoded, decoded); + ret_val ^= static_cast(decoded[0].raw() ^ decoded[decoded.size() - 1].raw()); + + const auto z_norm = polyvec::infinity_norm(vec); + ret_val ^= static_cast(z_norm.raw()); + + polyvec::make_hint(vec, vec_high, vec_hint); + ret_val ^= static_cast(vec_high[0].raw() ^ vec_hint[vec_hint.size() - 1].raw()); + + const auto count_1 = polyvec::count_1s(vec_hint); + ret_val ^= static_cast(count_1); + + bit_packing::encode_hint_bits(vec_hint, encoded_hints); + ret_val ^= encoded_hints[0] ^ encoded_hints[encoded_hints.size() - 1]; + + bit_packing::decode_hint_bits(encoded_hints, decoded_hints); + ret_val ^= static_cast(decoded_hints[0].raw() ^ decoded_hints[decoded_hints.size() - 1].raw()); + + return ret_val; +} + +void +prepare_inputs(dudect_config_t* const c, uint8_t* const input_data, uint8_t* const classes) +{ + randombytes(input_data, c->number_measurements * c->chunk_size); + + for (size_t i = 0; i < c->number_measurements; i++) { + classes[i] = randombit(); + if (classes[i] == 0) { + std::memset(input_data + i * c->chunk_size, 0x00, c->chunk_size); + } + } +} + +dudect_state_t +test_dilithium3() +{ + constexpr size_t chunk_size = 2 * SEED_LEN + 2 + SEED_LEN; + constexpr size_t number_measurements = 1e5; + + dudect_config_t config = { + chunk_size, + number_measurements, + }; + dudect_ctx_t ctx; + dudect_init(&ctx, &config); + + dudect_state_t state = DUDECT_NO_LEAKAGE_EVIDENCE_YET; + while (state == DUDECT_NO_LEAKAGE_EVIDENCE_YET) { + state = dudect_main(&ctx); + } + + dudect_free(&ctx); + + printf("Detected timing leakage in \"%s\", defined in file \"%s\"\n", __func__, __FILE_NAME__); + return state; +} + +int +main() +{ + if (test_dilithium3() != DUDECT_NO_LEAKAGE_EVIDENCE_YET) { + return EXIT_FAILURE; + } + + return EXIT_SUCCESS; +} From 13bd164bc6d28c4a195c63eb5422e99a3ad40897 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 27 Jan 2024 17:35:09 +0400 Subject: [PATCH 5/7] add `dudect` based timing leakage detection tests for dilithium5 internal functions Signed-off-by: Anjan Roy --- tests/dudect/test_dilithium5.cpp | 118 +++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 tests/dudect/test_dilithium5.cpp diff --git a/tests/dudect/test_dilithium5.cpp b/tests/dudect/test_dilithium5.cpp new file mode 100644 index 0000000..62fd56f --- /dev/null +++ b/tests/dudect/test_dilithium5.cpp @@ -0,0 +1,118 @@ +#include "dilithium5.hpp" +#include + +#define DUDECT_IMPLEMENTATION +#define DUDECT_VISIBLITY_STATIC +#include "dudect.h" + +constexpr size_t SEED_LEN = 32; // Byte length of seed(s) + +uint8_t +do_one_computation(uint8_t* const data) +{ + constexpr uint32_t α = dilithium5::γ2 << 1; + constexpr uint32_t m = (field::Q - 1u) / α; + constexpr size_t w1bw = std::bit_width(m - 1u); + + constexpr size_t doff0 = 0; + constexpr size_t doff1 = doff0 + 2 * SEED_LEN; + + std::array vec{}; + std::array vec_high{}; + std::array vec_low{}; + std::array vec_hint{}; + std::array encoded{}; + std::array decoded{}; + std::array encoded_hints{}; + std::array decoded_hints{}; + + auto seed = std::span(data + doff0, doff1 - doff0); + const uint16_t kappa = (static_cast(data[doff1 + 1]) << 8) | (static_cast(data[doff1 + 0]) << 0); + + uint8_t ret_val = 0; + + sampling::expand_mask(seed, kappa, vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::ntt(vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::intt(vec); + ret_val ^= static_cast(vec[0].raw() ^ vec[vec.size() - 1].raw()); + + polyvec::highbits(vec, vec_high); + ret_val ^= static_cast(vec_high[0].raw() ^ vec_high[vec_high.size() - 1].raw()); + + polyvec::lowbits(vec, vec_low); + ret_val ^= static_cast(vec_low[0].raw() ^ vec_low[vec_low.size() - 1].raw()); + + polyvec::encode(vec_high, encoded); + ret_val ^= encoded[0] ^ encoded[encoded.size() - 1]; + + polyvec::decode(encoded, decoded); + ret_val ^= static_cast(decoded[0].raw() ^ decoded[decoded.size() - 1].raw()); + + const auto z_norm = polyvec::infinity_norm(vec); + ret_val ^= static_cast(z_norm.raw()); + + polyvec::make_hint(vec, vec_high, vec_hint); + ret_val ^= static_cast(vec_high[0].raw() ^ vec_hint[vec_hint.size() - 1].raw()); + + const auto count_1 = polyvec::count_1s(vec_hint); + ret_val ^= static_cast(count_1); + + bit_packing::encode_hint_bits(vec_hint, encoded_hints); + ret_val ^= encoded_hints[0] ^ encoded_hints[encoded_hints.size() - 1]; + + bit_packing::decode_hint_bits(encoded_hints, decoded_hints); + ret_val ^= static_cast(decoded_hints[0].raw() ^ decoded_hints[decoded_hints.size() - 1].raw()); + + return ret_val; +} + +void +prepare_inputs(dudect_config_t* const c, uint8_t* const input_data, uint8_t* const classes) +{ + randombytes(input_data, c->number_measurements * c->chunk_size); + + for (size_t i = 0; i < c->number_measurements; i++) { + classes[i] = randombit(); + if (classes[i] == 0) { + std::memset(input_data + i * c->chunk_size, 0x00, c->chunk_size); + } + } +} + +dudect_state_t +test_dilithium5() +{ + constexpr size_t chunk_size = 2 * SEED_LEN + 2 + SEED_LEN; + constexpr size_t number_measurements = 1e5; + + dudect_config_t config = { + chunk_size, + number_measurements, + }; + dudect_ctx_t ctx; + dudect_init(&ctx, &config); + + dudect_state_t state = DUDECT_NO_LEAKAGE_EVIDENCE_YET; + while (state == DUDECT_NO_LEAKAGE_EVIDENCE_YET) { + state = dudect_main(&ctx); + } + + dudect_free(&ctx); + + printf("Detected timing leakage in \"%s\", defined in file \"%s\"\n", __func__, __FILE_NAME__); + return state; +} + +int +main() +{ + if (test_dilithium5() != DUDECT_NO_LEAKAGE_EVIDENCE_YET) { + return EXIT_FAILURE; + } + + return EXIT_SUCCESS; +} From 8b902627daa0c39a2b6124be9fdc0bd885bba4ce Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 27 Jan 2024 18:11:54 +0400 Subject: [PATCH 6/7] mention about `dudect` -based timing leakage tests in README Signed-off-by: Anjan Roy --- README.md | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 90decca..d5cf27e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ > [!CAUTION] -> This Dilithium implementation is conformant with Dilithium [specification](https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf) and I also try to make it constant-time but be informed that it is not yet audited. **If you consider using it in production, be careful !** +> This Dilithium implementation is conformant with Dilithium specification @ https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf. I also try to make it timing leakage free, using `dudect` (see https://github.com/oreparaz/dudect) -based tests, but be informed that this implementation is not yet audited. *If you consider using it in production, be careful !* # dilithium CRYSTALS-Dilithium: Post-Quantum Digital Signature Algorithm @@ -89,6 +89,45 @@ PASSED TESTS (13/13): 365 ms: build/test.out Dilithium.ArithmeticOverZq ``` +You can run timing leakage tests, using `dudect`, execute following + +> [!NOTE] +> `dudect` is integrated into this library implementation of Dilithium DSA to find any sort of timing leakages. It checks for constant-timeness of most of the vital internal functions. Though it doesn't check constant-timeness of functions which use uniform rejection sampling, such as expansion of public matrix `A` or sampling of the vectors `s1`, `s2` or hashing to a ball etc. + +```bash +# Can only be built and run on x86_64 machine. +make dudect_test_build -j + +# Before running the constant-time tests, it's a good idea to put all CPU cores on "performance" mode. +# You may find the guide @ https://github.com/google/benchmark/blob/main/docs/reducing_variance.md helpful. + +timeout 10m taskset -c 0 ./build/dudect/test_dilithium2.out +timeout 10m taskset -c 0 ./build/dudect/test_dilithium3.out +timeout 10m taskset -c 0 ./build/dudect/test_dilithium5.out +``` + +> [!TIP] +> `dudect` documentation says if `t` statistic is `< 10`, we're *probably* good, yes **probably**. You may want to read `dudect` documentation @ https://github.com/oreparaz/dudect. Also you might find the original paper @ https://ia.cr/2016/1123 interesting. + +```bash +... +meas: 48.38 M, max t: +2.77, max tau: 3.99e-04, (5/tau)^2: 1.57e+08. For the moment, maybe constant time. +meas: 48.48 M, max t: +2.73, max tau: 3.93e-04, (5/tau)^2: 1.62e+08. For the moment, maybe constant time. +meas: 48.57 M, max t: +2.76, max tau: 3.96e-04, (5/tau)^2: 1.59e+08. For the moment, maybe constant time. +meas: 48.67 M, max t: +2.78, max tau: 3.99e-04, (5/tau)^2: 1.57e+08. For the moment, maybe constant time. +meas: 48.76 M, max t: +2.79, max tau: 3.99e-04, (5/tau)^2: 1.57e+08. For the moment, maybe constant time. +meas: 48.85 M, max t: +2.78, max tau: 3.97e-04, (5/tau)^2: 1.58e+08. For the moment, maybe constant time. +meas: 48.95 M, max t: +2.79, max tau: 3.98e-04, (5/tau)^2: 1.58e+08. For the moment, maybe constant time. +meas: 49.05 M, max t: +2.77, max tau: 3.95e-04, (5/tau)^2: 1.60e+08. For the moment, maybe constant time. +meas: 49.14 M, max t: +2.69, max tau: 3.84e-04, (5/tau)^2: 1.70e+08. For the moment, maybe constant time. +meas: 49.24 M, max t: +2.75, max tau: 3.92e-04, (5/tau)^2: 1.62e+08. For the moment, maybe constant time. +meas: 49.33 M, max t: +2.73, max tau: 3.89e-04, (5/tau)^2: 1.65e+08. For the moment, maybe constant time. +meas: 49.43 M, max t: +2.76, max tau: 3.93e-04, (5/tau)^2: 1.62e+08. For the moment, maybe constant time. +meas: 49.52 M, max t: +2.76, max tau: 3.92e-04, (5/tau)^2: 1.63e+08. For the moment, maybe constant time. +meas: 49.62 M, max t: +2.79, max tau: 3.97e-04, (5/tau)^2: 1.59e+08. For the moment, maybe constant time. +meas: 49.71 M, max t: +2.78, max tau: 3.94e-04, (5/tau)^2: 1.61e+08. For the moment, maybe constant time. +``` + ## Benchmarking Benchmarking key generation, signing and verification algorithms for various instantiations of Dilithium digital signature scheme can be done, by issuing From fe32d26e6a848776a9e6891a77eda85df5a92567 Mon Sep 17 00:00:00 2001 From: Anjan Roy Date: Sat, 27 Jan 2024 22:12:38 +0400 Subject: [PATCH 7/7] format `dudect` -based test translation units Signed-off-by: Anjan Roy --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4ecec37..a10fae6 100644 --- a/Makefile +++ b/Makefile @@ -119,5 +119,5 @@ perf: $(PERF_BINARY) clean: rm -rf $(BUILD_DIR) -format: $(DILITHIUM_SOURCES) $(TEST_SOURCES) $(BENCHMARK_SOURCES) $(BENCHMARK_HEADERS) +format: $(DILITHIUM_SOURCES) $(TEST_SOURCES) $(DUDECT_TEST_SOURCES) $(BENCHMARK_SOURCES) $(BENCHMARK_HEADERS) clang-format -i $^