Misc changes.

cryspen · Jun 17, 2024 · 5ee6cd3 · 5ee6cd3
1 parent 95b1522
commit 5ee6cd3
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 6 deletions.
diff --git a/libcrux-ml-dsa/src/arithmetic.rs b/libcrux-ml-dsa/src/arithmetic.rs
@@ -246,9 +246,10 @@ pub(crate) fn make_hint_vector<const DIMENSION: usize, const GAMMA2: i32>(
         for j in 0..COEFFICIENTS_IN_RING_ELEMENT {
             hint_vector[i][j] =
                 make_hint::<GAMMA2>(low[i].coefficients[j], high[i].coefficients[j]);
-            if hint_vector[i][j] == true {
-                hints_of_one += 1;
-            }
+
+            // From https://doc.rust-lang.org/std/primitive.bool.html:
+            // "If you cast a bool into an integer, true will be 1 and false will be 0."
+            hints_of_one += hint_vector[i][j] as usize;
         }
     }
 

diff --git a/libcrux-ml-dsa/src/constants.rs b/libcrux-ml-dsa/src/constants.rs
@@ -23,3 +23,5 @@ pub(crate) const SIGNING_RANDOMNESS_SIZE: usize = 32;
 
 pub(crate) const MESSAGE_REPRESENTATIVE_SIZE: usize = 64;
 pub(crate) const MASK_SEED_SIZE: usize = 64;
+
+pub(crate) const VERIFIER_CHALLENGE_SEED_SIZE: usize = 32;
diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs
@@ -259,7 +259,19 @@ pub(crate) fn sign<
 
     let BETA = (ONES_IN_VERIFIER_CHALLENGE * ETA) as i32;
 
+    let mut attempt = 0;
+
     let (commitment_hash, signer_response, hint_vector) = loop {
+        attempt += 1;
+        if attempt >= 576 {
+            // Depending on the mode, one try has a chance between 1/7 and 1/4
+            // of succeeding.  Thus it is safe to say that 576 iterations
+            // are enough as (6/7)⁵⁷⁶ < 2⁻¹²⁸.
+            //
+            // TODO: Attribute to CIRCL.
+            panic!("At least 576 signing attempts were made; this should only happen 1 in 2^{{128}} times: something is wrong.")
+        }
+
         let mask = sample_mask_vector::<COLUMNS_IN_A, GAMMA1_EXPONENT>(
             into_padded_array(&mask_seed),
             &mut domain_separator_for_mask,
@@ -282,9 +294,12 @@ pub(crate) fn sign<
             H::<COMMITMENT_HASH_SIZE>(&hash_input[..])
         };
 
-        let verifier_challenge_as_ntt = ntt(sample_challenge_ring_element::<
-            ONES_IN_VERIFIER_CHALLENGE,
-        >(commitment_hash[0..32].try_into().unwrap()));
+        let verifier_challenge_as_ntt =
+            ntt(sample_challenge_ring_element::<ONES_IN_VERIFIER_CHALLENGE>(
+                commitment_hash[0..VERIFIER_CHALLENGE_SEED_SIZE]
+                    .try_into()
+                    .unwrap(),
+            ));
 
         let challenge_times_s1 =
             vector_times_ring_element::<COLUMNS_IN_A>(&s1_as_ntt, &verifier_challenge_as_ntt);